System's Security Research:
So you enjoy spending time making your systems work more efficiently. You connect all the pipes, you aim properly all the pointers. You will even brush the bits if you need to. You will make it perfect, even though it is totally against all those boring software engineering rules. Yes, there is so much to do that you can't afford to waste any time documenting stuff in a fancy way once the code already speaks for itself. Yes, you are a real hacker. And yes, we are looking for real hackers.
We are a small research group from the University of Campinas with topics that range through areas such as network security, compilers, computer architecture, assembly languages, software memory and code flow corruption. We work together with the Computer System's Laboratory (LSC) and researchers from Brown and Columbia University (USA). Some of our project are:
1 - Control Flow Integrity (CFI) mechanisms - we want to make sure that the code running is going through the instructions it is supposed to. nope, there is no control-flow corruption. we won't let the dark side use the force to corrupt our pointers nor we will let them choke the return pointers in our stack. Binary code instrumentation is our light-saber here. We basically instrument code in many ways to assure that whenever a control flow happens, it goes through the bright path. How do we do that? Well, llvm, gcc, qemu, pin… name a tool… we got it :-)
2 - Memory protection through hardware enhancements - many hardware resources exist to enhance the way you use your memory. Some of them are not even focused on security, but this is the most beautiful part about this project. The idea here is to identify how we can rethink the ways of using these guys so they become good watchdogs and are capable of defending your system against memory attacks. We got some interesting ideas, but we need your creativity to exploit that.
3 - System Design Exploitation - some system's designs are conceptually wrong. Specially in what concerns security, some systems are insufficient and may be prone to or introduce new attack methods. A researcher here must have a scent for disaster, being able to spot weakness and bugs in systems. The idea consists in identifying how to induce situations in which these systems would fail, crashing or working unexpectedly providing privileges to the attacker.
4 - Side-Channel attacks - sometimes information is leaked from unexpected sources. For example, it is possible to understand different aspects of a certain computation if you are able to observe how the temperature varies in the processor or how its cache responds. The idea here is using available system resources to reach unavailable information, such as cryptographic keys or passwords.
5 - Dynamic Binary Translation (DBT) security - we have some ideas on how to explore security on the DBT context. Some of these ideas are focused on attacking DBT engines. Some are projects that focus on the use of translation context inherent to DBT's for preventing security exploits. We have ongoing projects related to these topics that use the open-source project QEMU, but we also want to expand our experiments to the pin platform.
6 - Pick more than one - of course that all these topics are somehow correlated. So feel free to combine them and come with a new idea that connects different dots.
7 - Your own crazy security idea - we are willing to hear whatever you have to say about security. Sometimes the best ideas comes from someone who has a different perspective, so come and contribute with your experience or out-of-the-box thinking!
Considering all these topics, It is better if you do know some C, Operating Systems and Computer architecture, but the only hard requirement is true bravery to tackle these problems insistently!
What are you waiting for? Get in touch so we can start hacking!