Regions Are Types, Types Are Policy, and Other Ramblings

Explore innovative approaches to software hardening in this 40-minute conference talk from NorthSec 2020. Delve into the concept of using types beyond traditional compiler and interpreter applications to implement policies across address spaces. Learn how semantically related objects grouped in memory can be leveraged for enhanced security measures. Discover the potential of assigning types to memory regions as a basis for practical access control policies. Follow the speaker's journey in retroactively hardening a U-Boot bootloader instance, modeling its intentions, and creating a mediating access control policy. Understand how typed region-based hardening can be applied to various software types, protecting against both low-level memory vulnerabilities and high-level logic-based attacks. Gain insights into the speaker's background in studying weird machines in application linkers and loaders, and their current focus on system bootstrap loaders as a senior security researcher.