The Munich Computer Systems Research Laboratory, μCSRL for short, is a research lab at the National Cyber Defense Research Institute CODE at the Universität der Bundeswehr, München, directed by Stefan Brunthaler. This web page hosts all public artifacts of the research group, including blog posts, essays, source code, and tools.
As of Q4 2024, μCSRL conducts the following research projects.
Bundles our research activities in automated vulnerability identification via fuzzing. Our objective for this project is the investigation of combinatorial optimization of fuzzing on clusters. To support this project, we have a state-of-the-art fuzzing cluster with 1,200+ CPUs.
Bundles our research activities in software diversification. Our recent milestones include:
The goal of this line of research is to mitigate advanced code-reuse attacks, such as both direct and indirect JIT-ROP, COOP, AOCR, and PIROP. Broadly speaking, the idea is to combine software diversity with so-called, execute-only memory (XOM). Prof. Brunthaler co-authored one of the most highly cited articles in this area, called Readcator, which used the first hardware-supported XOM with advanced code diversification, including code-pointer hiding. Due to emergent security problems of code-pointer hiding, which resulted in the Address-Oblivious Code Reuse (AOCR) attack, our research group continued improving diversification techniques to mitigate even the most-advanced code reuse attacks. In 2023, we were able to publish this defense, R2C - Reactive and Reflective Camouflage, which to the best of our knowledge, is the only effective and efficient defense to date.
Besides code-reuse attacks, we published the first paper aimed at preventing Rowhammer attacks with principles underlying software diversity. Similarly, we published a defense against timing-based cache side-channels through our discovery of a new defense called control-flow diversity.
We are actively investigating how to address supply-chain attacks at compile time through developing our own compiler infrastructure. This compiler combines our state-of-the-art software diversification techniques and offers support for C and multiple backends.
We examine novel techniques in decompiling programs, i.e., the process of producing source code from programs in binary form.
Bundles our research activities in interpreter optimization. Our present research efforts deal with purely-interpretative optimizations, i.e., trying to avoid dynamic code generation altogether. The key insight of Prof. Brunthaler’s work from 2010 until 2014 was that an interpreter can do pretty much the same things as a JIT compiler. A series of optimizations addressed various shortcomings in isolation, such as providing type feedback via inline caching, or eliminating reference count operations. Later on, these techniques were combined to also eliminate the overhead of operating on boxed objects (see Multi-Level Quickening). Multi-level quickening provided substantial speedups of up to 5.5x, but did not convince the reviewers in 2012, 2013, and 2014.
At present, Python adopted the former optimization techniques, i.e., the quickening-based inline caching, since version 3.10, and will adopt the latter technique in future versions. As a result, this line of research, although academically unsuccessful, is used by millions of people on a daily basis.
Understanding and Improving Coverage Tracking with AFL++ (Registered Report)
Vasil Sarafov, David Markvica, Felix Berlakovich, Matthias Bernad, Stefan Brunthaler.
In FUZZING ‘24: 3rd International Fuzzing Workshop (preprint, more)
Cross Module Quickening - The Curious Case of C Extensions
Felix Berlakovich, Stefan Brunthaler.
In ECOOP ‘24: 38th European Conference on Object-Oriented Programming (preprint)
HOBBIT: Hashed OBject Based InTegrity
Matthias Bernad, Stefan Brunthaler.
In ECOOP ‘24: 38th European Conference on Object-Oriented Programming (preprint)
GlueZilla: Efficient and Scalable Software to Hardware Binding using Rowhammer
Ruben Mechelinck, Daniel Dorfmeister, Bernhard Fischer, Stijn Volckaert, Stefan Brunthaler.
In DIMVA ‘24: 21st Conference on Detection of Intrusions and Malware & Vulnerability Assessment
R2C: AOCR-Resilient Diversity with Reactive and Reflective Camouflage
Felix Berlakovich, Stefan Brunthaler.
In EuroSys ‘23: Proceedings of the Eighteenth European Conference on Computer Systems (source, artifact)
Note: This paper extends prior work of the Readactor system to mitigate AOCR and PIROP attacks.
(Acceptance rate: 16.2%)
Look Ma, no constants: practical constant blinding in GraalVM
Felix Berlakovich, Matthias Neugschwandtner, Gergö Barany.
In EuroSec ‘22: Proceedings of the 15th European Workshop on Systems Security
Towards efficient and verified virtual machines for dynamic languages
Martin Desharnais, Stefan Brunthaler.
In CPP ‘21: Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs
The following essays are available: