Thesis Defense Friday, 1 May at 10:30 am in Johnson 102: The "ptrace" Solution to Stack Integrity Attacks in GNU/Linux Systems
Open MSc thesis defense by Erick Leon. All are welcome.
Security in Information Technologies is an ever-changing field due to the fact that threats appear constantly with newer, more complex methods of attack as time goes on. Constant updates are therefore necessary on the systems which perform the operations, as well as the knowledge-pool of the personnel in charge of their security. With that in mind, it is also imperative to establish that while a team of human resources may be in charge of a system, they cannot realistically overview and monitor every single operation of it in order to detect anomalies or incidents that could jeopardize individual operations or in some cases, the entire system. As such, we argue that countermeasures against potential threats and attacks should be performed by the system itself while allowing it to remain useful. In addition, precise and concise notifications should be issued to the human resources in charge of such systems whenever threats and attacks are detected. That is the basis for our work: allow protection of a system while minimizing operational impact and issue proper notifications with precise data to the human resources.
The work outlined in this thesis addresses issues with cyber attack techniques that make use of certain logical address manipulations such as buffer overflows and code injection in GNU/Linux systems. The development of the solution explained in this document picks up where others left off, and so is mainly based on an earlier approach that was left at a proof-of-concept stage. We take this approach to a real-world scenario while attempting to remain true to the previous statements about the protection of systems and how feasible it can be.
Specifically, we develop a working, tested code that evaluates an executing process under GNU/Linux environments and whenever a call opcode has been detected, it stores and manages the corresponding stack pointer, which then gets validated once a ret opcode is found. This is performed during execution-time, which makes it a valuable tool to intercept buffer overflow attacks in real-time.
Hack Sherbrooke (24-26 April)
We are proud to announce a regional competition taking place on our campus. Hack Sherbrooke is an event organized by SocieTIC, in collaboration with the City of Sherbrooke and the CS department at Bishop's, will take place from Friday, 24 April to Sunday, 26 April.
If you enjoy developing apps please join our teams now! Up to 80 participants are expected from various post-secondary educational institutions in the region, as well as from the public in general. There are many prizes to be won!
Here is our poster.
Communicating Multi-Stack Visibly Pushdown Processes by Davidson Madudu (20 March at 1:30 pm in Johnson 102)
Visibly Pushdown Languages (VPLs) were proposed as a formalism to model and verify concurrent and recursive systems. However, the lack of closure under shuffle for VPLs makes them unsuitable for the specification and verification of such complex systems. On the other hand, Multi-stack Visibly Pushdown Languages (MvPLs) appear to give a more realistic expression of concurrency and recursion in computational systems. Unfortunately, they have a similar limitation to VPL, as they also lack closure under shuffle. However, by relaxing the rigid restrictions placed on the input alphabet of MvPLs in its original definition, and by introducing a natural renaming process, we get closure under shuffle and still retain all existing closure properties. With this result in mind, we propose an MvPL-based compositional specification and verification for complex computational systems.
Bitcoin-Based Decentralized Carbon Emissions Trading Infrastructure Model by Davor Svetinovic (26 February at 2 pm in the Cleghorn Room)
This talk presents a system-of-systems architecture model for a Decentralized Carbon Emissions Trading Infrastructure (D-CETI) with focus on privacy and system security goals. The structure and behavior are implemented as a solution to the problem of trading carbon emissions anonymously among the trading agents. Privacy and security of the trading agents and their carbon credits are the main requirements behind the architecture of D-CETI. The decentralized structure of multiple systems and distributed behavior are the two main features of D-CETI that distinguish it from the traditional carbon trading schemes and protocols. D-CETI is based on Bitcoin, a peer-to-peer digital currency with no central authority, and Open Transactions, a system that simplifies the use of cryptography in financial transactions. The architecture of D-CETI is evaluated and compared with the architecture of five other carbon emissions trading platforms.
Davor Svetinovic is an Associate Professor at Masdar Institute of Science and Technology, UAE. He received his PhD (2006) and MMath (2002) in Computer Science from University of Waterloo, and his BSc (2000) in Computer Science and Mathematics at Bishop's University. Previously, he worked as a visiting researcher at Massachusetts Institute of Technology, and as a postdoctoral researcher at Lero – the Irish Software Engineering Center as well as at the Vienna University of Technology. His current research interests include: software engineering, strategic requirements engineering, systems architecture with emphasis on smart grids, and sustainable development from the systems security perspective.
After his presentation Dr. Svetinovic will hold an informational session on graduate studies and research opportunities at the Masdar Institute of Science and Technology.
Thesis Defense Friday, 31 October at 2 pm in Johnson 102: Parallel Communicating Grammar Systems with Context-Free Components Are Really Turing Complete
Open MSc thesis defense by Mary Sarah Ruth Wilkin. All are welcome.
Parallel Communicating Grammar Systems (PCGS) were introduced as a language-theoretic treatment of concurrent systems. A PCGS extends the concept of a grammar to a structure that consists of several grammars working in parallel, communicating with each other, and so contributing to the generation of strings.
PCGS are generally more powerful than a single grammar of the same type. PCGS with context-free components (CF-PCGS) in particular were shown to be Turing complete. However, this result holds only when a non-standard mean of communication (which we call broadcast communication) is used. We expand the original construction that showed Turing completeness so that broadcast communication is eliminated at the expense of introducing a significant number of additional, helper component grammars. We thus show that CF-PCGS in their original definition are indeed Turing complete. We introduce in the process several techniques that may be usable in other constructions and may be capable of eliminating broadcast communication in general.
We also show how an earlier result proving that CF-PCGS only generate context-sensitive languages is incorrect. We discover that this proof relies of coverability trees for CF-PCGS, but that such coverability trees do not contain enough information to support the proof. We are also able to conclude that coverability trees are not really useful in any pursuit other than the one already considered in the paper that introduces them (namely, determining the decidability of certain decision problems over PCGS).
Undergraduate Capstone Open Source Projects
If you are interested in getting real experience building a substantial software system as part of a distributed team, you'll be interested in UCOSP!
UCOSP is a senior undergraduate course, which has been running since September 2008. In this course, teams of students from several schools work together on an open-source software project. Each student registers in the appropriate course at his or her home institution (in our case this course would be either CS 404 or CS 408) and works in tandem with their peers from across the country. During one intensive weekend early in the course, students travel to meet face-to-face and work together.
This course exposes students to the tools, working practices, and issues that are now routine in global software development. Just as importantly, it enables them to get to know their peers from across the country. UCOSP is sponsored by Canadian CS Department Chairs and several industrial partners.
If you are interested in being involved, please contact Dr. Stefan D Bruda, who is the faculty partner for UCOSP at Bishop's.