BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Memento EPFL// BEGIN:VEVENT SUMMARY:IC Talk: Cyber Attacks and Defenses: Trends\, Challenges\, and Out look DTSTART:20220228T160000 DTEND:20220228T170000 DTSTAMP:20260510T022802Z UID:a36f0ff1fcf8dd00867fa4759efb75a4beea238b31479c62b39f7ea9 CATEGORIES:Conferences - Seminars DESCRIPTION:By: Michael Franz - University of California\, Irvine\n\nAbstr act\nA cyber attacker needs to find only one way in\, while defenders need to guard a lot of ground. Adversaries can fully debug and perfect their a ttacks on their own computers\, exactly replicating the environment that they will later be targeting. This is the situation today\, which has been exacerbated by an increasing trend towards a software "monoculture" (in which there are only two major desktop operating systems and two major pho ne operating systems\, one major office software suite\, and so on).\n\nOn e possible defense is software diversity\, which raises the bar to attacke rs. A lot of academic and industrial research has been investigating such software diversity\, from simple ASLR (address space layout randomization ) to more complex whole-program randomization. In the latter\, a diversifi cation engine automatically generates a large number of different version s of the same program\, potentially one unique version for every computer. These all behave in exactly the same way from the perspective of the end- user\, but they implement their functionality in subtly different ways. As a result\, a specific attack will succeed on only a small fraction of tar gets and a large number of different attack vectors would be needed to ta ke over a significant percentage of them. Because an attacker has no way o f knowing a priori which specific attack will succeed on which specific t arget\, this method also very significantly increases the cost of attacks directed at specific targets.\n\nUnfortunately\, attackers have now starte d assembling their attacks on the target itself\, circumventing diversity. Hence\, in the arms race between attackers and defenders\, we are alread y at the point where yet another set of defenses is needed\, before the pr evious one is even fully deployed across the software industry. \n\nMy ta lk will present a time-line of attacks and defenses\, clearly illustrating a "cat and mouse game" in which defenses are almost always reactive to at tacks that have already happened. I will discuss my vision of how to get ahead of the attackers\, and close by stating why\, in spite of the bleak situation today\, I am confident that we will eventually be able to stop most kinds of low-level cyber attacks completely.\n\nBio\nMichael Franz is a Chancellor's Professor at the University of California\, Irvine (UCI) a nd the director of its Secure Systems and Software Laboratory. He is a Pro fessor of Computer Science in UCI's Donald Bren School of Information and Computer Sciences and a Professor of Electrical Engineering and Computer Science (by courtesy) in UCI's Henry Samueli School of Engineering. He is a Fellow of the AAAS\, ACM\, IEEE\, and IFIP\, a recipient of ACM's Charl es P. Thacker Breakthrough in Computing Award\, the IEEE Computer Society 's Technical Achievement Award\, and a Humboldt Research Award.\n\nProf. F ranz was an early pioneer in the areas of mobile code and dynamic compilat ion. He created an early just-in-time compilation system\, contributed to the theory and practice of continuous compilation and optimization\, and co-invented the trace compilation technology that eventually became the Ja vaScript engine in Mozilla’s Firefox browser. He has graduated 35 Ph.D. students as their primary advisor. Franz received a Dr. sc. techn. degree in Computer Science and a Dipl. Informatik-Ing. ETH degree\, both from t he Swiss Federal Institute of Technology\, ETH Zurich.\n\nMore information \n  LOCATION:BC 420 https://plan.epfl.ch/?room==BC%20420 https://epfl.zoom.us/ j/66255076688?pwd=SXlMd1EvdHRlQnZqTCtoZkExZWlBZz09 STATUS:CONFIRMED END:VEVENT END:VCALENDAR