Abstract: Runtime integrity assessments of software can be done using cyclic networks of monitors that periodically compute checksums of the code in memory. One problem is that these checkers are comparatively easy to spot: programs usually don’t read their own code. Oblivious hashing has been proposed as a more stealthy technique to perform state inspection for integrity assessments – but is restricted to input-independent parts of the code. We present an extension of oblivious hashing that can check larger parts of the code, and report on recent work on how to combine self-checksumming with oblivious hashing for the checkers themselves.

Bio: Alexander Pretschner is a full professor of software and systems engineering at Technische Universität München; scientific director of fortiss, the research and technology transfer institute of the Free State of Bavaria; the speaker of the board of the newly founded Bavarian Research Institute for Digital Transformation (formerly the Munich Center for Internet Research); and a member of the board of directors of the Center for Digital Technology and Management. Research interests include all facets of software and systems engineering, with special emphasis on software quality, testing, and security.

Alexander has previously held positions of a full professor at Karlsruhe Institute of Technology, of an associate adjunct professor at TU Kaiserslautern along with a group management position at the Fraunhofer Institute for Experimental Software Engineering in Kaiserslautern, and of a senior researcher at ETH Zurich. PhD degree from TUM, MS degrees in informatics from RWTH Aachen University and the University of Kansas. Awards include two IBM faculty awards, a Google Focused Research award, a Google Research award, several best paper awards, and a Fulbright scholarship.