Fernando Vaño, PhD
Introduction
My name is Fernando Vañó García. I am an experienced engineer with +8 years in the field. I hold a PhD in Cybersecurity and my main research interests include mobile devices, memory management in cloud computing systems, critical infrastructures and virtualization technologies. During my academic journey, I have participated in many cybersecurity research projects. I am author of many research articles on computer security and cloud computing. I contributed on several occasions as a reviewer for international scientific conferences and reputable scientific journals.
Nevertheless, my professional background is not strictly academic. I have a strong affinity for the engineering aspects of cybersecurity, allowing me to maintain a comprehensive understanding of the subjects I research. This balance of academia and practical skills provides me with a broad professional profile. I am adept at both designing and implementing complex technical projects and delivering high-level documentation.
While I have honed my expertise in cybersecurity and cloud computing through my academic research and publications, it’s the eight years of applied engineering experience that truly rounds out my professional capabilities. This extensive period has been critical in developing a robust understanding of both the theoretical and practical aspects of the field.
I have experience in various high-level programming languages, including C and Python, and I have built a good understanding of software design principles and architecture. This, paired with my familiarity with assembly (mainly ARM and x86), underpins my capabilities in reverse engineering. Additionally, I am quite comfortable managing Linux systems, configuring userland services (e.g., systemd, networking, firewall), and working with Docker containers. Additionally, I have worked on different parts of the Linux kernel (e.g. KSM and bootloader), which were reflected in different academic publications.
Post-academic roles have allowed me to showcase my leadership capabilities. I have managed and mentored development teams, effectively juggled multiple projects, and consistently met deadlines. While I am autonomous and self-motivated, I also value and respond well to constructive feedback. My ability to quickly master new technologies adds to my versatility in professional settings.
In summary, my capabilities are a blend of in-depth academic insights and practical technical skills, making me a valuable asset for a wide range of cybersecurity challenges.
Expertise: Engineer and PhD with +8 years experience, specialized in mobile devices, cloud computing (IaaS), and virtualization.
Skills: C, Python, Android, ARM TrustZone, Docker, Linux, Exploiting, Reverse Engineering, Virtualization
Roles: System Engineer, Security Engineer, Vulnerability Researcher, Software Developer.
Work Ethic: Quick learner, multi-disciplinary, persistent, and problem-solver. Open to constructive feedback.
Professional Career
- 2024 - currentSoftware Engineer
- 2021 - 2023Lead Security Researcher
- 2017 - 2020
- 2016 – 2017Research Associate
Publications and Conferences
- Nov, 2022
- Fernando Vano-Garcia, Hector Marco
- AbstractSmartphones have become essential devices for carrying out many daily activities, including security-sensitive tasks such as authentication and payments. The security of sensitive data in modern mobile devices relies on hardware-enabled Trusted Execution Environments, amongst which ARM TrustZone is one of the most widely used. Qualcomm Secure Execution Environment (QSEE) is one of the most widespread commercial TEE solutions in the smartphone space, used by many devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series.
In order to audit the QSEE environment, security researchers have to face distinct challenges. On the one hand, the software components of QSEE (i.e., trusted operating system and trusted applications) are not open sourced and can be quite complex, which requires a considerable extent of reverse engineering efforts to conduct analysis and to assess their security. On the other hand, to the best of our knowledge, there are no publicly available emulators for QSEE Trusted Applications that assist in debugging and auditing their code.
In this talk, we shared the knowledge we obtained from a careful reverse engineering examination of different QSEE Trusted Applications and operating systems (QSEE-OS), showing the different versions of QSEE-OS and the differences regarding how trusted applications are loaded in each of the QSEE-OS versions. Besides, we will present the different tools we have developed throughout our research to assist in the security evaluation of QSEE, including a debugger for QSEE Trusted Applications fully integrated with GDB and Ghidra and a coverage-based fuzzer for QSEE Trusted Applications. Such tools are essential for us to better understand the internals and behaviour of the trusted applications, to find attack surfaces and to identify vulnerable code for further analyzing and fuzzing.
- Aug, 2020
- Fernando Vano-Garcia, Hector Marco
- DOI: 10.1109/ACCESS.2020.3019774
- Podcast
- AbstractGiven the significance that the cloud paradigm has in modern society, it is extremely important to provide security to users at all levels, especially at the most fundamental ones since these are the most sensitive and potentially harmful in the event of an attack. However, the cloud computing paradigm brings new challenges in which security mechanisms are weakened or deactivated to improve profitability and exploitation of the available resources.
Kernel randomization is an important security mechanism that is currently present in all main operating systems. Function-Granular Kernel Randomization is a new step that aims to be the future of the kernel randomization, because it provides much more security than current kernel randomization approaches. Unfortunately, function-granular kernel randomization also impacts significantly on the performance and potential benefits of memory deduplication. In this paper, we analyse the impact of function-granular kernel randomization on memory deduplication revealing why it cannot offer maximum security and shareability of memory simultaneously. We also discuss the reasons why having a full position independent kernel code counter-intuitively does not solve the problem introducing a challenge to kernel randomization designers.
To solve these problems, we propose a function-granular kernel randomization modification for cloud systems that enables full function-granular kernel randomization while reduces memory deduplication cancellations to almost zero. The proposed approach forces guest kernels of the same tenant to have the same random memory layout of memory regions with high impact on deduplication, ensuring a high rate of deduplicated pages while the kernel randomization is fully enabled. Our approach enables cloud providers to have both, high levels of security and an efficient use of resources.
- Mar, 2020
- Fernando Vano-Garcia, Hector Marco
- DOI: 10.1109/ACCESS.2020.2984414
- Podcast
- AbstractDue to the impracticability of generating true randomness by running deterministic algorithms in computers, boot-loaders and operating systems undergo the lack of enough supplies of entropy at boot- time. This problem remains a challenge and affects all computer systems, including virtualization technologies. Unfortunately, this situation leads to undesired side effects, affecting the security of important kernel components and causing large blocking waits in the start-up of userland processes. For example, SSHD is delayed up to 4 minutes.
In this paper, we analyze the boot-time entropy starvation problem, performing a comprehensive analysis of the Linux kernel boot process revealing that the problem not only affects userland applications but up to 33 kernel functions at boot time. Those functions are weakly fed by random numbers from a non-initialized CSPRNG. To overcome this problem, we propose E-Boot, a novel technique that provides high-quality random numbers to guest virtual machines. E-Boot is the first technique that completely satisfies the entropy demand of virtualized boot-loaders and operating systems at boot time. We have implemented E-Boot in Linux v5.3 and our experiments show that it effectively solves the boot-time entropy starvation problem. Our proposal successfully feeds bootloaders and boot time Linux kernel hardening techniques with high- quality random numbers, reducing also to zero the number of userspace blocks and delays. The total time overhead introduced by E-Boot is around 2 μs and has zero memory overhead, since the memory is freed before the kernel boot ends, which makes E-boot a practical solution for cloud systems.
- Nov, 2019
- Fernando Vano-Garcia, Hector Marco
- DOI: 10.1016/j.jpdc.2019.11.008
- Podcast
- AbstractCloud computing has completely changed our lives. This technology dramatically impacted on how we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. To provide a secure cloud computing architecture, the highest possible level of protection must be applied. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain a better performance and resources exploitation. Kernel ASLR (KASLR) is a widely adopted protection technique present in all modern operating systems. KASLR is a very effective technique that thwarts unknown attacks but unfortunately its randomness have a significant impact on memory deduplication savings. Both techniques are very desired by the industry, the first one because of the high level of security that it provides and the latter to obtain better performance and resources exploitation.
In this paper, we propose KASLR-MT, a new Linux kernel randomization approach compatible with memory deduplication. We identify why the most widely and effective technique used to mitigate attacks at kernel level, KASLR, fails to provide protection and shareability at the same time. We analyze the current Linux kernel randomization and how it affects to the shared memory of each kernel region. Then, based on the analysis, we propose KASLR-MT, the first effective and practical Kernel ASLR memory protection that maximizes the memory deduplication savings rate while providing a strong security. Our tests reveal that KASLR-MT is not intrusive, very scalable and provides strong protection without sacrificing the shareability.
- Nov, 2018
- Fernando Vano-Garcia, Hector Marco
- DOI: 10.1109/NCA.2018.8548338
- Podcast
- AbstractCloud computing dramatically impacted the way we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. The highest possible level of protection must be applied in order to provide a secure cloud computing architecture. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain better performance and resources exploitation. An important case is the memory deduplication mechanism which is canceled by the address space layout randomization (ASLR) protection technique.
In this paper, we present a precise analysis of the impact on the memory deduplication technique when kernel randomization is enabled. Our experiments show that the memory overhead to run 24 kernels is increased by 534% (from 613 MiB to 3.9 GiB) when kernel ASLR is enabled.DOI: 10.1109/NCA.2018.8548338 Abstract - Cloud computing dramatically impacted the way we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. The highest possible level of protection must be applied in order to provide a secure cloud computing architecture. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain better performance and resources exploitation. An important case is the memory deduplication mechanism which is canceled by the address space layout randomization (ASLR) protection technique. In this paper, we present a precise analysis of the impact on the memory deduplication technique when kernel randomization is enabled. Our experiments show that the memory overhead to run 24 kernels is increased by 534% (from 613 MiB to 3.9 GiB) when kernel ASLR is enabled.
- Nov, 2018
- Fernando Vano-Garcia, Hector Marco
- Podcast
- AbstractMemory deduplication allows cloud infrastructure providers to increase the profit of memory resources by taking advantage of the redundant nature of virtual machines footprint. Although it is an important feature to manage the memory resources of a cloud system efficiently, unfortunately, it enables different types of side-channel attacks which, in practice, means disabling memory deduplication. In this paper, we present Slicedup, a tenant-aware memory deduplication mechanism that prevents side-channel attacks. Our proposal enables cloud providers to get the deduplication saving benefits while preventing side-channel attacks among tenants. Since Slicedup is a design-solution, it can be implemented in any operating system, regardless of its version, architecture or any other system dependence. Finally, we show how Slicedup prevents side-channel attacks while providing similar memory savings when the number of tenants per physical host is low.
Education
- 2017 - 2020
- 2015 - 2016Master in Cybersecurity
- Project Title: Configuration, extension and implantation of a Honeypot
- Tutor: Sergio Pastrana
- 2010 - 2015Bachelor’s Degree,Computer Engineering