Webinar on "Placement New Attacks, Function-based Attacks and Graph HMAC" - Samgacchadhwam Series webinar 12

Date/s: 10 Jun 2020

Organising Partners: CySeck & Ciphense

CySecK – as part of Samgacchadhwam series of webinars – is conducting a free webinar for students / faculty / working professionals on the topic “Placement New Attacks, Function-based Attacks and Graph HMAC”. This webinar is in partnership with Ciphense.

Date : 10th June 2020

Time – 5:00 to 6:30 pm

Speaker: Dr. Ashish Kundu

Abstract: In this talk, we shall deliver three mini-talks: one on an attack on C++ code, another on memory attacks due to untrusted functions, and another on the integrity of graph-structured data. The first one discovers a vulnerability in C++ and attacks based on it: is a class of buffer overflow attacks that occur due to the “placement new” expression in C++. We discovered the vulnerability of “Placement new”, which facilitates placement of an object/array at a specific memory location. Unfortunately, buffer overflows due to “placement new” have neither been studied in the literature nor been incorporated in any tool designed to detect and/or address buffer overflows. Based on our paper on this work, GCC has released a patch to address placement-new vulnerability. The second one discovers a vulnerability due to untrusted functions and attacks based on it: is a class of memory access attacks due to untrusted functions. These attacks often exploit the fact that sensitive data are stored unencrypted in process memory and can be accessed by any function executing within the same process, including untrusted third party library functions. This talk presents StackVault, a kernel-based system to prevent sensitive stack-based data from being accessed in an unauthorized manner by intra-process functions. Stack-based data includes data on stack as well as data pointed to by pointer variables on stack. The third one solves an important problem in data security: presents a set of cryptographic algorithms for computing Hash-based Message Authentication Code (HMAC) for graph-structured data. Graphs are used for representing and understanding objects and their relationships for numerous applications such as social networks, semantic webs, and biological networks. Integrity assurance of data and query results for graph databases is an essential security requirement.

In this paper, we propose two efficient integrity verification schemes-HMACs for graphs (gHMAC) for two-party data sharing, and redactable HMACs for graphs (rgHMAC) for third-party data sharing, such as a cloud-based graph database service. We compute one HMAC value for both the schemes and two other verification objects for rgHMAC scheme that are shared with the verifier.

Note : The session will be followed by Q&A and assessment test.

Certificate will be given to those who clear the assessment test.