Thread-Level Attack-Surface Reduction for Enhanced Security

Explore a groundbreaking approach to cybersecurity in this 22-minute conference talk from LCTES 2023. Delve into Thread-Level Attack-Surface Reduction (TLASR), a dynamic, context-aware method that significantly reduces the attack surface in multi-threaded applications. Learn how TLASR eliminates unused code on a thread level, utilizing the mmview Linux extension to support multiple text-segment views within a single process. Discover the impressive results achieved in popular applications like MariaDB, Memcached, OpenSSH, and Bash, where executable code visible from a single thread was reduced by 84 to 98.4 percent. Understand how this technique decreases ROP gadgets by 78–97%, rendering auto-ROP utilities ineffective and eliminating most CVE-related functions in glibc. Gain insights into the potential of TLASR for enhancing software security and mitigating buffer-overflow exploits through return-oriented programming.

[LCTES'23] Thread-Level Attack-Surface Reduction