IEEE Symposium on Security and Privacy

Last updated

IEEE Symposium on Security and Privacy
AbbreviationIEEE S&P, IEEE SSP
Discipline Computer security and privacy
Publication details
Publisher IEEE
History1980–present
FrequencyAnnual

The IEEE Symposium on Security and Privacy (IEEE S&P, IEEE SSP), also known as the Oakland Conference, is an annual conference focusing on topics related to computer security and privacy. The conference was founded in 1980 by Stan Ames and George Davida and is considered to be among the top conferences in the field. [1] [2] The conference has a single track, meaning that all presentations and sessions are held sequentially in one venue. The conference also follows a double-blind review process, where both the authors' and reviewers' identities are concealed from each other to ensure impartiality and fairness during peer review process.

Contents

The conference started as a small workshop where researchers exchanged ideas on computer security and privacy, with an early emphasis on theoretical research. During these initial years, there was a divide between cryptographers and system security researchers, with cryptographers often leaving sessions focused on systems security. This issue was eventually addressed by combining cryptography and system security discussions in the same sessions. In 2011, the conference moved to San Francisco due to venue size concerns.

The conference has a low acceptance rate due to it having only a single track. The review process for the conference tends to evaluate the papers on a variety of criteria with a focus on novelty. In 2022, researchers interviewed reviewers from top security conferences like IEEE S&P and found that the review process of the conferences was exploitable due to inconsistent reviewing standards across reviewers. The reviewers recommended mentoring new reviewer with a focus on reviewing quality to mitigate this issue.

In 2021, researchers from the University of Minnesota submitted a paper to the conference where they tried to introduce bugs into the Linux kernel, a widely-used operating system component without Institutional Review Board (IRB) approval. The paper was accepted and was scheduled to be published, however, after criticism from the Linux kernel community, the authors of the paper retracted the paper and issued a public apology. In response to this incident, IEEE S&P committed to adding a ethics review step in their paper review process and improving their documentation surrounding ethics declarations in research papers.

History

The conference was initially conceived by researchers Stan Ames and George Davida in 1980 as a small workshop for discussing computer security and privacy. This workshop gradually evolved into a larger gathering within the field. Held initially at Claremont Resort, the first few iterations of the event witnessed a division between cryptographers and systems security researchers. Discussions during these early iterations predominantly focused on theoretical research, neglecting practical implementation considerations. [3] This division persisted, to the extent that cryptographers would often leave sessions focused on systems security topics. [4] In response, subsequent iterations of the conference integrated panels that encompassed both cryptography and systems security discussions within the same sessions. Over time, the conference's attendance grew, leading to a relocation to San Francisco in 2011 due to venue capacity limitations. [3]

Structure

IEEE Symposium on Security and Privacy considers papers from a wide range of topics related to computer security and privacy. Every year, a list of topics of interest is published by the program chairs of the conference which changes based on the trends in the field. In past meetings, IEEE Symposium on Security and Privacy have considered papers from topics like web security, online abuse, blockchain security, hardware security, malware analysis and artificial intelligence. [5] The conference follows a single-track model for its proceedings, meaning only one session takes place at any given time. This approach deviates from the multi-track format commonly used in other security and privacy conferences, where multiple sessions on different topics run concurrently. [3] Papers submitted for consideration to the conference reviewed using a double-blind process to ensure fairness. [6] However, this model constrains the conference in the number of papers it can accept, resulting in a low acceptance rate often in the single digits, unlike conferences which may have rates in the range of 15 to 20 percent. [3] In 2023, IEEE Symposium on Security and Privacy introduced a Research Ethics Committee that would screen papers submitted to the conference and flag instances of potential ethical violations in the submitted papers. [7]

In 2022, a study conducted by Ananta Soneji et al. showed that review processes of top security conferences, including the IEEE Symposium on Security and Privacy were exploitable. The researchers interviewed 21 reviewers about the criteria they used to judge papers during the review process. Among these reviewers, 19 identified novelty—whether the paper advanced the research problem or the state of the art—as their primary criterion. Nine reviewers also emphasized the importance of technical soundness in the implementation, while seven mentioned the need for a self-contained and complete evaluation, ensuring all identified areas were thoroughly explored. Additionally, six reviewers highlighted the importance of clear and effective writing in their assessments. Based on these interviews, the researchers identified a lack of objective criteria for paper evaluation and noted a degree of randomness among reviews provided by conference reviewers as the major weaknesses of the peer review process used by the conferences. To remediate this, the researchers recommended mentoring new reviewers with a focus on enhancing review quality rather than other productivity metrics. They acknowledged an initiative by IEEE S&P allowing PhD students and postdoctoral researchers to shadow reviewers on the program committee but also pointed out findings from a 2017 report suggesting that these students tended to be more critical in their assessments compared to experienced reviewers since they were not graded on review quality. [2]

Controversy

In 2021, researchers from the University of Minnesota submitted a paper titled "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits" [8] to the 42nd iteration of a conference. [9] [10] They aimed to highlight vulnerabilities in the review process of Linux kernel patches, and the paper was accepted for presentation in 2021. [10] The Linux kernel is a widely used open-source operating system component that forms the core of the Linux operating system, [8] which is a popular choice in servers and in consumer-oriented devices like the Steam Deck, [11] Android and ChromeOS. [12] Their methods involved writing patches for existing trivial bugs in the Linux kernel in ways such that they intentionally introduced security bugs into the software. [13] Four patches were submitted by the researchers under pseudonyms, three of which were rejected by their respective code reviewers who correctly identified the buggy code. [14] The fourth patch was merged, however, during a subsequent investigation it was found that the researchers had misunderstood the way the code worked and had submitted a valid fix. [15] This attempt at including bugs was done without Institutional Review Board (IRB) approval. [16] [15] Despite undergoing review by the conference, this breach of ethical responsibilities was not detected during the paper's review process. [10] This incident sparked criticism from the Linux community and the broader cybersecurity community. [16] [17] [18] Greg Kroah-Hartman, one of the lead maintainers of the kernel, banned both the researchers and the university from making further contributions to the Linux project, ultimately leading the authors and the university to retract the paper [8] and issue an apology to the community of Linux kernel developers. [9] [18] In response to this incident, IEEE S&P committed to adding a ethics review step in their paper review process and improving their documentation surrounding ethics declarations in research papers. [10]

Related Research Articles

The Linux kernel mailing list (LKML) is the main electronic mailing list for Linux kernel development, where the majority of the announcements, discussions, debates, and flame wars over the kernel take place. Many other mailing lists exist to discuss the different subsystems and ports of the Linux kernel, but LKML is the principal communication channel among Linux kernel developers. It is a very high-volume list, usually receiving about 1,000 messages each day, most of which are kernel code patches.

<span class="mw-page-title-main">Gernot Heiser</span> Australian computer scientist

Gernot Heiser is a Scientia Professor and the John Lions Chair for operating systems at UNSW Sydney, where he leads the Trustworthy Systems group (TS).

<span class="mw-page-title-main">Completely Fair Scheduler</span> Linux process scheduler

The Completely Fair Scheduler (CFS) was a process scheduler that was merged into the 2.6.23 release of the Linux kernel. It was the default scheduler of the tasks of the SCHED_NORMAL class and handled CPU resource allocation for executing processes, aiming to maximize overall CPU utilization while also maximizing interactive performance.

<span class="mw-page-title-main">Linux kernel</span> Free Unix-like operating system kernel

The Linux kernel is a free and open source, UNIX-like kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the kernel for the GNU operating system (OS) which was created to be a free replacement for Unix. Since the late 1990s, it has been included in many operating system distributions, many of which are called Linux. One such Linux kernel operating system is Android which is used in many mobile and embedded devices.

SCHED_DEADLINE EDF-based task scheduler in the Linux kernel

SCHED_DEADLINE is a CPU scheduler available in the Linux kernel since version 3.14, based on the earliest deadline first (EDF) and constant bandwidth server (CBS) algorithms, supporting resource reservations: each task scheduled under such policy is associated with a budget Q, and a period P, corresponding to a declaration to the kernel that Q time units are required by that task every P time units, on any processor. This makes SCHED_DEADLINE particularly suitable for real-time applications, like multimedia or industrial control, where P corresponds to the minimum time elapsing between subsequent activations of the task, and Q corresponds to the worst-case execution time needed by each activation of the task.

In computer science, dynamic software updating (DSU) is a field of research pertaining to upgrading programs while they are running. DSU is not currently widely used in industry. However, researchers have developed a wide variety of systems and techniques for implementing DSU. These systems are commonly tested on real-world programs.

<span class="mw-page-title-main">Smack (software)</span> Linux kernel security module

Smack is a Linux kernel security module that protects data and process interaction from malicious manipulation using a set of custom mandatory access control (MAC) rules, with simplicity as its main design goal. It has been officially merged since the Linux 2.6.25 release, it was the main access control mechanism for the MeeGo mobile Operating System. It is also used to sandbox HTML5 web applications in the Tizen architecture, in the commercial Wind River Linux solutions for embedded device development, in Philips Digital TV products., and in Intel's Ostro OS for IoT devices.

kGraft is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that contains the desired patches, kGraft aims to maximize the system uptime and availability. At the same time, kGraft allows kernel-related security updates to be applied without deferring them to scheduled downtimes. Internally, kGraft allows entire functions in a running kernel to be replaced with their patched versions, doing that safely by selectively using original versions of functions to ensure per-process consistency while the live patching is performed.

kpatch is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that contains the desired patches, kpatch aims to maximize the system uptime and availability. At the same time, kpatch allows kernel-related security updates to be applied without deferring them to scheduled downtimes. Internally, kpatch allows entire functions in a running kernel to be replaced with their patched versions, doing that safely by stopping all running processes while the live patching is performed.

KernelCare is a live kernel patching service that provides security patches and bugfixes for a range of popular Linux kernels that can be installed without rebooting the system.

Sigreturn-oriented programming (SROP) is a computer security exploit technique that allows an attacker to execute code in presence of security measures such as non-executable memory and code signing. It was presented for the first time at the 35th IEEE Symposium on Security and Privacy in 2014 where it won the best student paper award. This technique employs the same basic assumptions behind the return-oriented programming (ROP) technique: an attacker controlling the call stack, for example through a stack buffer overflow, is able to influence the control flow of the program through simple instruction sequences called gadgets. The attack works by pushing a forged sigcontext structure on the call stack, overwriting the original return address with the location of a gadget that allows the attacker to call the sigreturn system call. Often just a single gadget is needed to successfully put this attack into effect. This gadget may reside at a fixed location, making this attack simple and effective, with a setup generally simpler and more portable than the one needed by the plain return-oriented programming technique.

<span class="mw-page-title-main">Kernel page-table isolation</span>

Kernel page-table isolation is a Linux kernel feature that mitigates the Meltdown security vulnerability and improves kernel hardening against attempts to bypass kernel address space layout randomization (KASLR). It works by better isolating user space and kernel space memory. KPTI was merged into Linux kernel version 4.15, and backported to Linux kernels 4.14.11, 4.9.75, and 4.4.110. Windows and macOS released similar updates. KPTI does not address the related Spectre vulnerability.

<span class="mw-page-title-main">Meltdown (security vulnerability)</span> Microprocessor security vulnerability

Meltdown is one of the two original speculative execution CPU vulnerabilities. Meltdown affects Intel x86 microprocessors, IBM Power microprocessors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so.

<span class="mw-page-title-main">Spectre (security vulnerability)</span> Processor security vulnerability

Spectre is one of the two original speculative execution CPU vulnerabilities, which involve microarchitectural side-channel attacks. These affect modern microprocessors that perform branch prediction and other forms of speculation. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.

Intel 5-level paging, referred to simply as 5-level paging in Intel documents, is a processor extension for the x86-64 line of processors. It extends the size of virtual addresses from 48 bits to 57 bits by adding an additional level to x86-64's multilevel page tables, increasing the addressable virtual memory from 256 TB to 128 PB. The extension was first implemented in the Ice Lake processors.

io_uring is a Linux kernel system call interface for storage device asynchronous I/O operations addressing performance issues with similar interfaces provided by functions like read /write or aio_read /aio_write etc. for operations on data accessed by file descriptors.

Mathias Payer is a Liechtensteiner computer scientist. His research is invested in software and system security. He is Associate Professor at the École Polytechnique Fédérale de Lausanne (EPFL) and head of the HexHive research group.

The booting process of Android devices starts at the power-on of the SoC and ends at the visibility of the home screen, or special modes like recovery and fastboot. The boot process of devices that run Android is influenced by the firmware design of the SoC manufacturers.

Syzkaller is a software fuzzing framework that has been used for fuzzing the Linux kernel. It also supports other kernels.

<span class="mw-page-title-main">Shuah Khan</span> American software engineer

Shuah Khan is an American software engineer recognized for her contributions to the Linux kernel. In 2019, she became the first female Linux Foundation Fellow, joining notable figures such as Linus Torvalds and Greg Kroah-Hartman as the third fellow at the time.

References

  1. Carver, Jeffrey C.; Burcham, Morgan; Kocak, Sedef Akinli; Bener, Ayse; Felderer, Michael; Gander, Matthias; King, Jason; Markkula, Jouni; Oivo, Markku; Sauerwein, Clemens; Williams, Laurie (2016-04-19). "Establishing a baseline for measuring advancement in the science of security: An analysis of the 2015 IEEE security & privacy proceedings". Proceedings of the Symposium and Bootcamp on the Science of Security. ACM. pp. 38–51. doi:10.1145/2898375.2898380. ISBN   978-1-4503-4277-3.
  2. 1 2 Soneji, Ananta; Kokulu, Faris Bugra; Rubio-Medrano, Carlos; Bao, Tiffany; Wang, Ruoyu; Shoshitaishvili, Yan; Doupé, Adam (2022-05-01). ""Flawed, but like democracy we don't have a better system": The Experts' Insights on the Peer Review Process of Evaluating Security Papers". 2022 IEEE Symposium on Security and Privacy (SP). IEEE. pp. 1845–1862. doi:10.1109/SP46214.2022.9833581. ISBN   978-1-6654-1316-9.
  3. 1 2 3 4 Neumann, Peter G.; Peisert, Sean; Schaefer, Marvin (2014-05-01). "The IEEE Symposium on Security and Privacy, in Retrospect". IEEE Security & Privacy. 12 (3): 15–17. doi:10.1109/MSP.2014.59. ISSN   1540-7993.
  4. Neumann, Peter G.; Bishop, Matt; Peisert, Sean; Schaefer, Marv (2010). "Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy". 2010 IEEE Symposium on Security and Privacy. IEEE. pp. 3–13. doi:10.1109/sp.2010.43. ISBN   978-1-4244-6894-2.
  5. "IEEE Symposium on Security and Privacy 2023". sp2023.ieee-security.org. Retrieved 2024-08-25.
  6. "IEEE Symposium on Security and Privacy 2024". sp2024.ieee-security.org. Retrieved 2024-05-06.
  7. "Message from the Program Chairs". 2023 IEEE Symposium on Security and Privacy (SP). IEEE. 2023-05-01. pp. 34–35. doi:10.1109/SP46215.2023.10179462. ISBN   978-1-6654-9336-9.
  8. 1 2 3 Chin, Monica (2021-04-30). "How a university got itself banned from the Linux kernel". The Verge. Retrieved 2024-05-12.
  9. 1 2 Salter, Jim (2021-04-26). "Linux kernel team rejects University of Minnesota researchers' apology". Ars Technica. Retrieved 2024-05-12.
  10. 1 2 3 4 "IEEE S&P'21 Program Committee Statement Regarding The "Hypocrite Commits" Paper" (PDF). IEEE SSP . 6 May 2021. Retrieved 22 August 2024.
  11. Dexter, Alan (2021-08-09). "This is why Valve is switching from Debian to Arch for Steam Deck's Linux OS". PC Gamer. Retrieved 2024-08-25.
  12. "Linux has over 3% of the desktop market? It's more complicated than that". ZDNET. Retrieved 2024-08-25.
  13. "Greg Kroah-Hartman bans University of Minnesota from Linux development for deliberately buggy patches". ZDNET. Retrieved 2024-05-12.
  14. "An update on the UMN affair [LWN.net]". lwn.net. Retrieved 2024-08-22.
  15. 1 2 "Report on University of Minnesota Breach-of-Trust Incident - Kees Cook". lore.kernel.org. Retrieved 2024-08-22.
  16. 1 2 "The Linux Foundation's demands to the University of Minnesota for its bad Linux patches security project". ZDNET. Retrieved 2024-05-12.
  17. "Intentionally buggy commits for fame—and papers [LWN.net]". lwn.net. Retrieved 2024-08-22.
  18. 1 2 "University of Minnesota security researchers apologize for deliberately buggy Linux patches". ZDNET. Retrieved 2024-08-22.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.