advanced systems security hardware security
play

Advanced Systems Security: Hardware Security Trent Jaeger Systems - PowerPoint PPT Presentation

Nov 14, 2022 •241 likes •703 views

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

  1. Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: � Hardware Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  2. Security Problems • We have discussed lots of security problems Malware on your computer ‣ Attacks on memory errors ‣ Return-oriented attacks ‣ Compromised software ‣ Compromised operating systems, etc. ‣ • Is there any way new hardware features could prevent some attack vectors? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2

  3. Hardware Features • ARM TrustZone Restrict execution of compromised operating systems ‣ • Intel Processor Trace (IPT) Track control flow events ‣ • Intel Memory Protection Extensions (MPX) Check and enforce memory bounds ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3

  4. Goals • Restrict kernel to only execute approved code • Monitor kernel operations to enforce security Even when the kernel has been compromised • Systems and Internet Infrastructure Security (SIIS) Laboratory Page 22

  5. Execution Integrity • All programs run approved code in expected ways Lifetime Code Integrity ‣ Even if compromised • Restrict execution to approved code only • Control-Flow Integrity ‣ Mediate indirect branches in programs • Reject those that are unexpected • Systems and Internet Infrastructure Security (SIIS) Laboratory Page 23

  6. Lifetime Kernel Code Integrity 0xFFFFFFFF kernel space .bss R/W .data .text R/X .init 0xC0000000 0xBFFFFFFF R/W user space 0x00000000 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 24

  7. Attack on Permissions • Tamper with permissions 0xFFFFFFFF kernel space .bss R/W /X .data .text R/X /W .init 0xC0000000 0xBFFFFFFF R/W /X user space 0x00000000 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 25

  8. Attack on Mappings • Tamper with mappings virtual pages data page #m physical frames code page #n code page #n-1 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 26

  9. Goal Systems and Internet Infrastructure Security (SIIS) Laboratory Page 27

  10. Background: TrustZone • Resources are partitioned into two distinct worlds Physical memory, interrupts, peripherals, etc. ‣ • Each world has its autonomy over its own resources • Secure world can access normal world resources, but not vice versa • Run in time-sliced fashion Systems and Internet Infrastructure Security (SIIS) Laboratory Page 28

  11. ARM TrustZone S PROBE Placement • Main limitation is that Trusted Computing technologies are • Recall the specific attacks designed only to build proofs of system boot ‣ Change to a different set of page tables that are under attacker’s control • instrument all instructions that can be potentially used to switch the page table root ‣ Modify page table entries in place • write-protect the whole page tables and instrument the first instruction in page fault handler Systems and Internet Infrastructure Security Laboratory (SIIS) Page � 13 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 29

  12. SPROBES Invariants • S1 : Execution of user space code from the kernel must never be allowed. • S2 : W ⊕ X protection employed by the operating system must always be enabled. • S3 : The page table base address must always correspond to a legitimate page table. • S4 : Any modification to the page table entry must not make a kernel code page writable or make a kernel data page executable. • S5 : MMU must be kept enabled to ensure all existing memory protections function properly. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 30

  13. S PROBE Mechanism • We need an instrumentation mechanism that enables the secure world to be notified upon events of its choice in the normal world normal world secure world push {r1-r3} sprobe_handler() stmia sp!,r10 { ... check_kernel(); restore_insn(); smc #0 mov pc,lr return_to_ns(); } Systems and Internet Infrastructure Security (SIIS) Laboratory Page 31

  14. S PROBE Placement Normal World Kernel Space exception_vector_table: reset: b init ... abort: b abort_handler page tables … … mcr p15,0,r0,c1,c0,0; SCTLR add pc,sl,#16 ... mcr p15,0,r0,c2,c0,0; TTBRx bne 0xc0008068 ... mcr p15,0,r0,c2,c0,2; TTBCR subs pc,r1,#4 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 32

  15. Evaluation • Setup Linux 2.6.38 in the normal world ‣ Fast Models 8.1 for emulation ‣ • 12 S PROBES are inserted into the Linux kernel 6 for enforcing W ⊕ X protection and MMU Enable ‣ (S2+S5) 4 for monitoring changes to page table root (S3) ‣ 1 for monitoring changes to page table configuration (S4) ‣ 1 for monitoring modifications to page table entries (S4) ‣ Reject page table entries with wrong user/kernel bits (S1) ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 33

  16. Evaluation • Setup S PROBES Type Hit Frequency Overheads Linux 2.6.38 in the normal world ‣ 1 N/A 0% Fast Models 8.1 for emulation ‣ 2 313,836 1.8% • 12 S PROBES are inserted into the Linux kernel 3 N/A 0% 4 85,982 6.5% 6 for enforcing W ⊕ X protection ‣ 4 for monitoring changes to page table root ‣ 1 for monitoring changes to page table configuration ‣ 1 for monitoring modifications to page table entries ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 34

  17. A Little Bit More… • Samsung has implemented the same idea and deployed this technique on millions of devices [CCS 2014] Systems and Internet Infrastructure Security (SIIS) Laboratory Page 35

  18. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 36

  19. Another Problem • Return-oriented attacks Can hardware help detect those attacks? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 46

  20. Intel Processor Trace • A new hardware feature that enables efficient recording of control-flow and timing information about software execution (3-5% overhead) Initially available on the Broadwell processor ‣ Fully implemented on the Skylake processor ‣ • At each control choice, record a packet in memory Conditional branches ‣ Indirect call ‣ Returns ‣ • Enough to reconstruct the actual control flow Systems and Internet Infrastructure Security (SIIS) Laboratory Page 47

  21. Intel PT Example Basic Blocks Trace Packets A F PGE A jmp D syscall TNT B Taken jcc E Not Taken End C TIP F call *rax D PGD 0 jcc B E ret Systems and Internet Infrastructure Security (SIIS) Laboratory Page 49

  22. System Overview User Space Kernel Space Systems and Internet Infrastructure Security (SIIS) Laboratory Page 50

  23. System Overview User Space Kernel Space Systems and Internet Infrastructure Security (SIIS) Laboratory Page 51

  24. System Overview User Space Kernel Space Systems and Internet Infrastructure Security (SIIS) Laboratory Page 52

  25. System Overview User Space Kernel Space Systems and Internet Infrastructure Security (SIIS) Laboratory Page 53

  26. System Overview User Space Kernel Space Systems and Internet Infrastructure Security (SIIS) Laboratory Page 54

  27. System Overview User Space Kernel Space Systems and Internet Infrastructure Security (SIIS) Laboratory Page 55

  28. System Overview User Space Kernel Space Systems and Internet Infrastructure Security (SIIS) Laboratory Page 56

  29. System Overview User Space Kernel Space Systems and Internet Infrastructure Security (SIIS) Laboratory Page 57

  30. What To Do? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 58

  31. CFI Policies • Coarse-grained Policy Check if the targets of indirect control transfers are valid ‣ Requires decoding the trace packets to find each target ‣ • Fine-grained Policy Check if the source and destination are a legitimate pair ‣ Requires control-flow recovery to identify source ‣ • Stateful Policy Check if an indirect control transfer is legitimate based on ‣ the program state (e.g., shadow stack) Requires sequential processing if state spans trace buffers ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 59

  32. CFI Policies • Coarse-grained Policy Check if the targets of indirect control transfers are valid ‣ Requires decoding the trace packets to find each target ‣ • Fine-grained Policy Check if the source and destination are a legitimate pair ‣ Requires control-flow recovery to identify source ‣ • Stateful Policy Check if an indirect control transfer is legitimate based on ‣ the program state (e.g., shadow stack) Requires sequential processing if state spans trace buffers ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 60

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Linux Security Modules Trent

872 views • 30 slides
Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security Kernels Trent Jaeger

555 views • 35 slides
CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems Security Trent Jaeger Systems and

651 views • 28 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

589 views • 23 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

420 views • 24 slides
Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Multics Trent Jaeger Systems and

569 views • 33 slides
Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Virtual Machine Systems Trent

783 views • 43 slides
Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Capability Systems Trent Jaeger

622 views • 36 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB https://github.com/secworks IT security Embedded systems ASIC, FPGA Biometrics Open Crypto Hardware CPU design Assembly hacking Hardware Security

896 views • 50 slides
Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Why W3C needs to Remain Neutral and Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just: Image source: halfelf.org It is about decentralizing ID validation and key storage (my religion)

522 views • 16 slides
Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER / engineers Hardware security for embedded systems: memory and communication protection Arithmetic Tradeoffs on Performance/Cost/Security secure

310 views • 14 slides
Speculative Taint Tracking Lindsey McAllister 6.888 Fall 2020 Whats the Point? A system that

Speculative Taint Tracking Lindsey McAllister 6.888 Fall 2020 Whats the Point? A system that

Speculative Taint Tracking Lindsey McAllister 6.888 Fall 2020 Whats the Point? A system that efficiently protects against transient side-channel attacks by executing and selectively forwarding an instruction if it cannot forward a covert

411 views • 21 slides
arXiv:1801.01207 What is meltdown? Meltdown is a hardware exploit that allows unprivileged user to

arXiv:1801.01207 What is meltdown? Meltdown is a hardware exploit that allows unprivileged user to

arXiv:1801.01207 What is meltdown? Meltdown is a hardware exploit that allows unprivileged user to access system memory . Meltdown takes advantage of speculative execution , in particular its ability to meltdown security barrier

369 views • 8 slides
1.3. MINOS KERNEL 79 System Startup OS Initializer (we!) RPI (2) VC / firmware Initialize

1.3. MINOS KERNEL 79 System Startup OS Initializer (we!) RPI (2) VC / firmware Initialize

1.3. MINOS KERNEL 79 System Startup OS Initializer (we!) RPI (2) VC / firmware Initialize hardware Set stack registers for all processor modes Copy boot image to RAM Setup free heap list and module list Jump to OS boot image

286 views • 28 slides
CS149: Elements of Computer Science Data representation 0=low, 1=high 1. Format (b) More

CS149: Elements of Computer Science Data representation 0=low, 1=high 1. Format (b) More

CS149: Elements of Computer Science Data representation 0=low, 1=high 1. Format (b) More intermediate levels = higher (a) Computers use binary system to error rate represent information (c) Rationale is underlying (b) Bit = binary digit, or

1.12k views • 54 slides
Meltdown an and Sp Spectre vu vuln lnerabili litie ies th the ch chall llenge is is up!

Meltdown an and Sp Spectre vu vuln lnerabili litie ies th the ch chall llenge is is up!

2/21/2018 Meltdown an and Sp Spectre vu vuln lnerabili litie ies th the ch chall llenge is is up! Jos van Eijndhoven Synopsys {040CODERS.nl} Meetup 20180215 Jos van Eijndhoven Profession: IC design tools, Hobby: Processor design

545 views • 15 slides
SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security

SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security

SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security Sanjeev Das , Jan Werner, Manos Antonakakis, Michalis Polychronakis, and Fabian Monrose SoK: The Challenges, Pitfalls, and Perils of Using Hardware

529 views • 28 slides
Lecture 23: Cache, Memory, Security Todays topics: Caching policies Main memory

Lecture 23: Cache, Memory, Security Todays topics: Caching policies Main memory

Lecture 23: Cache, Memory, Security Todays topics: Caching policies Main memory system Hardware security intro 1 Cache Misses On a write miss, you may either choose to bring the block into the cache (write-allocate) or

460 views • 11 slides
IMPROVE YOUR SECURITY POSTURE A RED TEAM PERSPECTIVE TIM MEDIN tim@redsiege.com BE LAZY NOT

IMPROVE YOUR SECURITY POSTURE A RED TEAM PERSPECTIVE TIM MEDIN tim@redsiege.com BE LAZY NOT

IMPROVE YOUR SECURITY POSTURE A RED TEAM PERSPECTIVE TIM MEDIN tim@redsiege.com BE LAZY NOT APT JUST PT EQUIFAX CIS CONTROL 1 & 2 INVENTORY PHISHING 101 WEB FILTER UNKNOWN NEW UNCATEGORIZED FINDING A DOMAIN STOP ATTACHMENTS

1.11k views • 31 slides

More recommend