Overview
Cyber-attacks are estimated to cost the world economy more than $400 billion annualy. From botnets to advanced persistent threats to targeted attacks, system vulnerabilities in combination with a successful exploit can grant an attacker unauthorized access to a computing system, entailing the possibility to exfiltrate sensitive data of valuable individuals, companies, and critical infrastructures.
Zero-day exploits can be used to leverage unknown vulnerabilities in order to gain access in a stealthy way to systems believed to be secure. And they are very valuable, being traded for considerable sums in the upper six-digit range, which reflects the months of work that it takes highly skilled professionals to develop a working exploit.
Visit our blog here.
“Our goal is to protect trusted systems by reducing the probability of compromise and increasing the cost of crafting exploits, while staying within performance targets and usability requirements.”
—Anil Kurmus, IBM scientist
Proactive defense
To address the increasingly complex task of securing modern systems, we follow a three-pronged strategy
Finding vulnerabilities from the code base
We use static and dynamic program analysis methods such as fuzz testing to discover vulnerabilities before attackers do.
Preventing vulnerabilities from being reachable
Bugs in the code that are not available to the attacker cannot turn into vulnerabilities. Using attack surface reduction, we limit the exposed APIs and code paths to the absolute minimum.
Preventing exploitation of reachable vulnerabilities
We harden programs to make them more robust so that attackers cannot make use of bugs to craft an exploit.
Ask the experts

Alessandro Sorniotti
IBM Research scientist

Andrea Mambretti
Security Researcher

Anil Kurmus
IBM Research scientist

Kevin Tavukciyan
Security Researcher
Publications
[1] A. Mambretti, M. Neugschwandtner, A., E. Kirda, W. Robertson, A. Kurmus
“Speculator: A Tool to Analyze Speculative Execution Attacks and Mitigations”
To appear in: Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC’19).
[2] A. Bhattacharyya, A. Sandulescu, M. Neugschwandtner, A. Sorniotti, B. Falsafi, M. Payer, A. Kurmus
“SMoTherSpectre: exploiting speculative execution through port contention”
To appear in: Proceedings of the 26th ACM Conference on Computer and Communications Security (ACM CCS’19) 2019.
[3] A. Mambretti, A. Sandulescu, M. Neugschwandtner, A. Sorniotti, A. Kurmus
“Two methods for exploiting speculative control flow hijacks”
In: Proceedings of the 13th USENIX Workshop on Offensive Technologies (WOOT’19) 2019.
[4] M. Neugschwandtner, A. Sorniotti, A. Kurmus
“Memory Categorization: Separating Attacker-Controlled Data”
In: Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA’19) 2019.
[5] A. Kurmus, N. Ioannou, M. Neugschwandtner, N. Papandreou, T. Parnel
“Is there a ‘rowhammer’ for MLC NAND flash SSDs? An analysis of filesystem attack vectors”
In: Proceedings of the Workshop on Offensive Technologies (WOOT’17) 2017.
[6] N. Weichbrodt, A. Kurmus, P. Pietzuch, Rüdiger Kapitza
“AsyncShock: Exploiting synchronisation bugs in Intel SGX enclaves”
In: Proceedings of the European Symposium on Research in Computer Security (ESORICS’16) 2016.
[7] M. Neugschwandtner, A. Beitler, A. Kurmus
“A transparent defense against USB eavesdropping attacks”
In: Proceedings of the 9th European Workshop on System Security (EUROSEC’16) 2016.
[8] M. Neugschwandtner, C. Mulliner, W. Robertson, E. Kirda
“Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices”
In: Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST’16) 2016.
[9] C. Mulliner, M. Neugschwandtner
“Breaking Payloads with Runtime Code Stripping and Image Freezing”
In: Proceedings of 18th Black Hat USA, 2015.
[10] M. Neugschwandtner, P. Milani Comparetti, I. Haller, H. Bos
“Nanoprobing Binaries for Buffer Overreads”
In: Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY’15) 2015.
[11] A. Kurmus, R. Zippel
“A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel”
In: Proceedings of the ACM Conference on Computer and Communications Security (CCS’14) 2014.
[12] A. Kurmus, S. Dechand, R. Kapitza
“Quantifiable Run-time Kernel Attack Surface Reduction”
In: Proceedings of the 10th International Conference on Detection of Intrusions and Malware, Vulnerability Assessment (DIMVA’14) 2014.
[13] J. Zaddach, A. Kurmus, D. Balzarotti, E.-O. Blass, A. Francillon, T. Goodspeed, M. Gupta, I. Koltsidas
“Implementation and Implications of a Stealth Hard-Drive Backdoor”
In: Proceedings of Annual Computer Security Applications Conference (ACSAC’13) Best student paper award, 2013.
[14] A. Kurmus, R. Tartler, D. Dorneanu, B. Heinloth, V. Rothberg, A. Ruprecht, W. Schröder-Preikschat, D. Lohmann and R. Kapitza
“Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring”
In: Proceedings of the 20th Network and Distributed System Security Symposium (NDSS’13) 2013.
[15] A. Kurmus, A. Sorniotti, R. Kapitza
“Attack Surface Reduction For Commodity OS Kernels”
In: Proceedings of the 4th European Workshop on System Security (EUROSEC’11) 2011.