IEEE Secure Development Conference
& IEEE Digital Privacy Workshop

October 7 - 10, 2024
Carnegie Mellon University Software Engineering Institute
Pittsburgh, PA

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy


Posted on: April 29th, 2024 by SecDev

Frank Piessens
KU Leuven

The Cross-layer Nature of Cybersecurity

Bio: Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium. His research field is software and systems security. He has worked both on attack techniques, as well as on defenses.
On the defense side, he has contributed to formal verification techniques for C-like languages, the enforcement of information flow security, countermeasures for memory safety related vulnerabilities, and the design and implementation of embedded security architectures.
On the attack side, he has contributed to the discovery of several transient execution attacks, and to the development of exploitation techniques for memory safety vulnerabilities. Frank has served on the program committee of numerous security and software conferences including ACM CCS, Usenix Security, IEEE Security & Privacy, and ACM POPL. He acted as program chair for the International Conference on Principles of Security and Trust (POST 2016), for the IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019), and for the IEEE Secure Development Conference (SecDev 2021 & 2022).

Abstract: Computer systems are constructed by layering abstractions on top of one another, allowing engineers to focus on the parts of the system in which they have expertise. For example, hardware engineers and software engineers can work relatively independently from one another. This layered design approach has been remarkably successful and offers several advantages. It enables portability and software reuse, while also supporting effective management of complexity. However, layered designs also present significant security challenges. Software that is theoretically secure at one level of abstraction (sometimes even provably secure) can still be vulnerable in practice due to implementation details in lower abstraction layers. In this talk, we will explore the importance of cross-layer security issues using both historical examples and recent developments. We will conclude by discussing a principled approach to addressing cross-layer security problems in secure development that relies on providing more detailed specifications for lower layers that encompass not only functionality but also security properties.