Skip to main content

Open-source prototyping for systems security research

In this poster the experience of applying free and open-source principles in low-level computer security research is shared. It also gives an overview of successful prototypes maintained over the past decade across various layers of the systems stack.

Published onMay 06, 2024
Open-source prototyping for systems security research
·

Abstract

Computer scientists commonly produce source code artifacts when prototyping novel hardware or software technologies. From an open science perspective, it is essential to make these artifacts publicly available, allowing peers to reproduce, build upon, and critically assess the work beyond the concise research article. This poster presents our experiences with applying free and open-source software (FOSS) paradigms to research in systems security. We provide an overview of several successful open-source projects situated at different layers of the systems stack that we maintained over the past decade.

  1. The Sancus secure processor is an example of a successful long-term (10+ years) project that we continued to maintain and improve across individual PhDs and research projects, serving as the primary vehicle for a long list of follow-up publications and master theses, both within KU Leuven and beyond.

  2. The open-source SGX-Step framework is an example of a high-impact research artifact (2023 Cybersecurity Artifacts Competition and Impact Award) that received code contributions from independent researchers and continues to be widely utilized around the world to investigate security limitations in off-the-shelf Intel processors. SGX-Step has directly led to architectural changes in recent Intel processors.

  3. As a spiritual successor of the Sancus project, we are currently developing Proteus, an extensible open-source processor based on the modern and open RISC-V architecture. Proteus allows rapid development of hardware extensions, and has already been used as the implementation base of multiple publications at high-impact venues.

  4. We extended a large and widely used open-source compiler called LLVM to apply security mitigations to programs and to support novel hardware extensions.

  5. Finally, we extended the open-source Binsec/Rel and angr/Pandora program-analysis tools to automatically detect new classes of vulnerabilities. In doing so, we made special efforts towards usability to encourage external adoption. We also used these tools to analyze existing, widely used open-source software. This line of work led to concrete impact, including verified cryptographic primitives and bugs that were patched upstream.

Poster

Download poster

Comments
0
comment
No comments here
Why not start the discussion?