CPS and RDNS meetup: Cristiano Santos & Jorge Martins

Speakers: Cristiano Santos (LASIGE, DI/FCUL) & Jorge Martins (LASIGE, DI/FCUL)
Date: May 31, 2023, 12h00
Where: C6.3.27

Talk 1: Adding Access Pattern Privacy to Confidential State Machine Replication
Abstract: A Byzantine Fault-Tolerant (BFT) state machine replication environment allows keeping integrity and availability even if a fraction of the replicas fail arbitrarily. Moreover, confidentiality can be achieved on these systems, using protocols such as COBRA DPSS. Despite this, access patterns can still be leaked to a potential attacker. The proposed architecture builds a system that allows for Byzantine Fault Tolerant State Machine Replication with Integrity, Availability, Confidentiality, and Access Pattern Privacy. To achieve this, this work applies Oblivious RAM to a BFT SMR environment enabling another layer of protection, while also developing new ways to manage concurrency while reading and writing on an ORAM.

Talk 2: Code Privacy in Detection of Web Vulnerabilities
Abstract: The security of web applications continues to be challenging, and hence it is crucial to identify vulnerabilities in the source code of such applications, to remove them before an attacker can exploit them.
Current static analysis tools focus on detecting vulnerabilities by analyzing unprotected code of the web application. However, this analysis can also be executed by an attacker with a similar tool as long as he can access the unprotected code. Therefore, it is desirable to have a system that can turn the analysis of the code more difficult for the attacker, but, at the same time, without affecting the work of static analyzers trying to find vulnerabilities in source code so that the developers can correct them. Due to this, it is beneficial to have a system that can maintain the code privacy by protecting it with cryptographic techniques, while still being able to detect vulnerabilities over the encrypted code.
This dissertation offers a solution that combines source code static analysis with searchable symmetric encryption to detect input validation vulnerabilities of web applications, such as XSS and SQL injection, in encrypted PHP code, allowing developers to protect their codebase from malicious third parties while simultaneously discovering vulnerabilities in it. Our solution was validated through experimental evaluation by testing with seven open-source web applications and the results were compared with two traditional static analysis tools. The results showed that our solution is capable of identifying both XSS and SQLi vulnerabilities with a greater precision than the tools we compared the solution to.