Our goal is to protect trusted systems by reducing the probability of compromise and increasing the cost of crafting exploits, while staying within performance budgets and usability requirements.
Cyber-attacks are estimated to cost the world economy more than $400 billion annually. From botnets to advanced persistent threats to targeted attacks, system vulnerabilities in combination with a successful exploit can grant an attacker unauthorized access to a computing system, entailing the possibility to exfiltrate sensitive data of valuable individuals or companies, incapacitate critical infrastructures, or compromise code repositories to spread to new targets.
Zero-day exploits can be used to leverage unknown vulnerabilities in order to gain access, in a stealthy way, to systems believed to be secure. And they are very valuable, being traded for considerable sums in the upper six-digit range, which reflects the months of work that it takes highly skilled professionals to develop a working exploit.
We focus on systems security research, looking both at novel attacks and defenses to prevent systems from bein exploited. We use methods such as program analysis and fuzzing, and develop tools to aid ourselves and the systems security community in our research. We are particularly interested in the security of operating systems, programming languages, and the software/hardware interface.
Visit and subscribe to our blog to stay up-to-date with our latest research.
To address the increasingly complex task of securing modern systems, we follow a three-pronged strategy:
Finding vulnerabilities and exploiting them
We find novel classes of attacks, and deepen our collective knowledge of existing attacks and exploitation, to guide prevention efforts.
Preventing vulnerabilities and their exploitation
We either remove bugs, or prevent them from being reachable, or harden systems such that attackers cannot make craft an exploit.
Methods and Tools
To support the previous two categories, we develop new methods and tools that help in finding and preventing vulnerabilities, as well as measurement and evaluation of the security posture of a system.
Transient Execution Attacks
At the boundary between software and hardware, transient execution attacks on modern CPUs open a new attack surface on today’s complex systems. We find novel attacks, deepen our knowledge of exploitation of these attacks, and develop tooling to support prevention efforts.
Linux Attack Surface Reduction
We develop techniques to reduce the attack surface of today’s complex OSes, ubiquitous in the cloud and mobile platforms.
Publications and Research Areas
Collaborations are fundamental to successful research projects. The researchers working on Systems security at IBM come from academic backgrounds, and foster collaborations with academia and industry.
- A. Mambretti, M. Neugschwandtner, A., E. Kirda, W. Robertson, A. Kurmus
“Speculator: A Tool to Analyze Speculative Execution Attacks and Mitigations”
To appear in: Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC’19).
- A. Bhattacharyya, A. Sandulescu, M. Neugschwandtner, A. Sorniotti, B. Falsafi, M. Payer, A. Kurmus
“SMoTherSpectre: exploiting speculative execution through port contention”
To appear in: Proceedings of the 26th ACM Conference on Computer and Communications Security (ACM CCS’19) 2019.
- A. Mambretti, A. Sandulescu, M. Neugschwandtner, A. Sorniotti, A. Kurmus
“Two methods for exploiting speculative control flow hijacks”
In: Proceedings of the 13th USENIX Workshop on Offensive Technologies (WOOT’19) 2019.
- M. Neugschwandtner, A. Sorniotti, A. Kurmus
“Memory Categorization: Separating Attacker-Controlled Data”
In: Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA’19) 2019.
- A. Kurmus, N. Ioannou, M. Neugschwandtner, N. Papandreou, T. Parnel
“Is there a ‘rowhammer’ for MLC NAND flash SSDs? An analysis of filesystem attack vectors”
In: Proceedings of the Workshop on Offensive Technologies (WOOT’17) 2017.
- N. Weichbrodt, A. Kurmus, P. Pietzuch, Rüdiger Kapitza
“AsyncShock: Exploiting synchronisation bugs in Intel SGX enclaves”
In: Proceedings of the European Symposium on Research in Computer Security (ESORICS’16) 2016.
- M. Neugschwandtner, A. Beitler, A. Kurmus
“A transparent defense against USB eavesdropping attacks”
In: Proceedings of the 9th European Workshop on System Security (EUROSEC’16) 2016.
- M. Neugschwandtner, C. Mulliner, W. Robertson, E. Kirda
“Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices”
In: Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST’16) 2016.
- C. Mulliner, M. Neugschwandtner
“Breaking Payloads with Runtime Code Stripping and Image Freezing”
In: Proceedings of 18th Black Hat USA, 2015.
- M. Neugschwandtner, P. Milani Comparetti, I. Haller, H. Bos
“Nanoprobing Binaries for Buffer Overreads”
In: Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY’15) 2015.
- A. Kurmus, R. Zippel
“A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel”
In: Proceedings of the ACM Conference on Computer and Communications Security (CCS’14) 2014.
- A. Kurmus, S. Dechand, R. Kapitza
“Quantifiable Run-time Kernel Attack Surface Reduction”
In: Proceedings of the 10th International Conference on Detection of Intrusions and Malware, Vulnerability Assessment (DIMVA’14) 2014.
-  J. Zaddach, A. Kurmus, D. Balzarotti, E.-O. Blass, A. Francillon, T. Goodspeed, M. Gupta, I. Koltsidas
“Implementation and Implications of a Stealth Hard-Drive Backdoor”
In: Proceedings of Annual Computer Security Applications Conference (ACSAC’13) Best student paper award, 2013.
- A. Kurmus, R. Tartler, D. Dorneanu, B. Heinloth, V. Rothberg, A. Ruprecht, W. Schröder-Preikschat, D. Lohmann and R. Kapitza
“Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring”
In: Proceedings of the 20th Network and Distributed System Security Symposium (NDSS’13) 2013.
- A. Kurmus, A. Sorniotti, R. Kapitza
“Attack Surface Reduction For Commodity OS Kernels”
In: Proceedings of the 4th European Workshop on System Security (EUROSEC’11) 2011.