Aravind Machiry, University of California, Santa Barbara – “Securing Modern Systems”
Modern systems are mainly composed of IoT devices and Smartphones.
Most of these devices use ARM processors, which, along with flexible licensing, have new security architecture features, such as ARM TrustZone, that enables execution of secure applications in an entrusted environment. Furthermore, well-supported, extensible,
open-source embedded operating systems like Android allow the
manufactures to quickly customize their operating system with device drivers, thus reducing the time-to-market.
Unfortunately, the proliferation of device vendors and race to the
market has resulted in poor quality low-level system software
containing critical security vulnerabilities. Furthermore, the patches for these vulnerabilities get merged into the end-products with a significant delay resulting in the Patch Gap, which causes the privacy and security of billions of users to be at risk.
In this talk, I will show that the existing techniques are inadequate to find the security issues and how, with certain
well-defined optimizations, we can precisely find security issues.
Second, I will present my solution to the problem of Patch Gap by
showing a principled approach to port patches to vendor product
repositories automatically. Finally, I will present my ongoing work to automatically port C to Checked C, which provides a low overhead, backward-compatible, and memory-safe C alternative that could be used on modern systems to prevent security vulnerabilities.
Aravind Machiry is a Ph.D. candidate in Computer Science at the
University of California, Santa Barbara. He is a recipient of various awards, such as the Symantec Research Labs Fellowship and UCSB Graduate Division Dissertation Fellowship. His work spans across various aspects of System security and Program analysis. His research resulted in various Open-source security tools and
several Common Vulnerability Exposures (CVEs) in critical system
software such as kernel drivers, Trusted Execution Environments, and bootloaders. His research is also academically recognized with awards such as Distinguished Paper Award, Internet Defense Prize, an invitation to present at CSAW Applied Research Competition.
Previously, Aravind received his Master’s degree in Information
Security from the Georgia Institute of Technology.