Researchers from the Georgia Institute of Technology College of Computing developed a new cyber security analysis method that discovered 11 previously unknown Internet browser security flaws. Their findings were honored with the Internet Defense Prize, an award presented by Facebook in partnership with USENIX this week at the 24th USENIX Security Symposium.
Ph.D. students Byoungyoung Lee and Chengyu Song, with Professors Taesoo Kim and Wenke Lee, of Georgia Tech received $100,000 from Facebook to continue their research and increase its impact to make the Internet safer.
Their research, “Type Casting Verification: Stopping an Emerging Attack Vector,” explores vulnerabilities in C++ programs (such as Chrome and Firefox) that result from “bad casting” or “type confusion.” Bad casting enables an attacker to corrupt the memory in a browser so that it follows a malicious logic instead of proper instructions. The researchers developed a new, proprietary detection tool called CAVER to catch them. CAVER is a run-time detection tool with 7.6 percent – 64.6 percent overhead on browser performance (Chrome and Firefox, respectively). The 11 vulnerabilities identified by Georgia Tech have been confirmed and fixed by vendors.
“It is time for the Internet community to start addressing the more difficult, deeper security problems,” says Wenke Lee, professor in the School of Computer Science and an adviser to the team. “The security research community has…