- This event has passed.
March 14 2:00 pm - 3:00 pm EDT
Title: Challenges and Advances in Low-Level Security
Speaker: Alex Gantmann, Qualcomm Technologies
Date: Thursday, March 14, 2019
Time: 2:00pm – 3:00pm
Location: Northeastern University, 655 Interdisciplinary Science & Engineering Complex, 805 Columbus Ave, Boston MA, 02120
In this talk I will discuss some of the challenges we encounter in a large scale real-world product security program and then go into details of a new architectural development that I am particularly proud of — Pointer Authentication on ARM. The pointer authentication scheme, proposed by the Qualcomm Product Security team and introduced by ARM as part of the ARMv8.3-A architecture, is a security primitive that makes it much harder for an attacker to successfully exploit memory corruption vulnerabilities to achieve code execution. I will go over the details of the Pointer Authentication mechanism, its security analysis, and discuss the implementation of some software security countermeasures, such as stack protection and control flow integrity, using the Pointer Authentication primitives.
About the Speaker
Alex Gantman is a product security executive with over 20 years of experience leading global organizations to deliver secure and reliable products at scale. Currently serving as Vice President of Engineering for Qualcomm Technologies Inc., Alex has led the establishment and evolution of a broad-scale product security practice at Qualcomm, covering thousands of products, tens of millions of lines of code, and tens of thousands of engineers across the globe. He is a founding organizer of the Qualcomm Product Security Initiative (2006) and the Qualcomm Mobile Security Summit — a premier industry conference focused on security of connected devices. Alex received Bachelor’s (1998) and Master’s (2001) degrees in Computer Science from the University of California, San Diego. He holds over 45 patents and is a recognized subject matter expert in hardware, software, and systems security across a wide range of domains, including mobile, automotive, IoT, healthcare, and payments.