automated software protection for the masses against side
play

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL - PowerPoint PPT Presentation

Oct 06, 2023 •216 likes •535 views

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

  1. Nicolas Belleville Damien Couroussé Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas

  2. INTRODUCTION • Focus on power/EM based side channel attacks • Objective: solution usable by anybody (not only security experts) on any code (not only block ciphers) • Software countermeasures • Masking • Automated masking for ANY code is hard • Masking scheme depends on underlying code • Hard to be efficient in terms of execution time for any code • Hiding • Generic principle • Do not remove leakage, but make it harder to exploit | 2 PHISIC 2018 | Belleville Nicolas

  3. INTRODUCTION • Focus on power/EM based side channel attacks • Objective: solution usable by anybody (not only security experts) on any code (not only block ciphers) • Software countermeasures • Masking • Automated masking for ANY code is hard • Masking scheme depends on underlying code • Hard to be efficient in terms of execution time for any code • Hiding • Generic principle • Do not remove leakage, but make it harder to exploit Code polymorphism: ability to change the observable behaviour of a software component without changing its functional properties | 3 PHISIC 2018 | Belleville Nicolas

  4. CODE POLYMORPHISM USING SPECIALISED DYNAMIC CODE GENERATION • Objective: making the executed code vary → use a generator to regenerate the code regularly • Performs code transformations guided by randomness • Produces a different code at every generation • Generators are specialized • Each function to be secured has its own generator • A generator works on an assembly-level representation of the function • Code transformations related to this representation: • Instructions shuffling • Register shuffling • Semantic equivalent • Insertion of noise instructions | 4 PHISIC 2018 | Belleville Nicolas

  5. PROBLEMS TO ANSWER • How to write a generator? • Runtime code generation is usually expensive • Is specialization capable of lowering the cost? • Runtime code generation needs W and X permissions • Code size varies from one generation to another • Semantic equivalent • Insertion of noise instructions | 5 PHISIC 2018 | Belleville Nicolas

  6. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: • Start from a C file • Produce a new C file with polymorphism countermeasure applied to target functions Main idea: For each targetted function: - get a sequence of instructions - construct a generator from that - modify the sequence of instructions dynamically | 6 PHISIC 2018 | Belleville Nicolas

  7. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: • Start from a C file • Produce a new C file with polymorphism countermeasure applied to target functions int f_critical(int a, int b) { File.c int c = a^b; a = a+b; a = a % c; return a; } | 7 PHISIC 2018 | Belleville Nicolas

  8. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: • Start from a C file • Produce a new C file with polymorphism countermeasure applied to target functions int f_critical(int a, int b) { File.c int c = a^b; a = a+b; a = a % c; User annotates critical functions return a; } | 8 PHISIC 2018 | Belleville Nicolas

  9. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: • Start from a C file • Produce a new C file with polymorphism countermeasure applied to target functions #pragma odo_polymorphic int f_critical(int a, int b) { File.c int c = a^b; a = a+b; a = a % c; return a; } | 9 PHISIC 2018 | Belleville Nicolas

  10. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: • Start from a C file • Produce a new C file with polymorphism countermeasure applied to target functions #pragma odo_polymorphic int f_critical(int a, int b) { File.c int c = a^b; a = a+b; User chooses the polymorphism a = a % c; configuration return a; } | 10 PHISIC 2018 | Belleville Nicolas

  11. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: • Start from a C file • Produce a new C file with polymorphism countermeasure applied to target functions #pragma odo_polymorphic int f_critical(int a, int b) { File.c int c = a^b; a = a+b; File is compiled with our a = a % c; modified compiler return a; } | 11 PHISIC 2018 | Belleville Nicolas

  12. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: code code_f[CODE_SIZE]; • Start from a C file void SGPC_f_critical() { • Produce a new C file with polymorphism countermeasure applied to target raise_interrupt_rm_X_add_W(code_f); functions reg_t r[] = {0,1,2,3,4,5,6,...,12,13,14,15}; push_T2_callee_saved_registers(); eor_T2(r[4], r[1], r[0]); add_T2(r[0], r[1], r[0]); sdiv_T2(r[1], r[0], r[4]); File.c mls_T2(r[0], r[1], r[4], r[0]); pop_T2_callee_saved_registers(); raise_interrupt_rm_W_add_X(code_f); } int f_critical(int a, int b) { if (SHOULD_BE_REGENERATED()) SGPC_f_critical(); return code_f(a, b); } | 12 PHISIC 2018 | Belleville Nicolas

  13. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: code code_f[CODE_SIZE]; • Start from a C file void SGPC_f_critical() { • Produce a new C file with polymorphism countermeasure applied to target raise_interrupt_rm_X_add_W(code_f); functions reg_t r[] = {0,1,2,3,4,5,6,...,12,13,14,15}; push_T2_callee_saved_registers(); eor_T2(r[4], r[1], r[0]); add_T2(r[0], r[1], r[0]); sdiv_T2(r[1], r[0], r[4]); File.c mls_T2(r[0], r[1], r[4], r[0]); pop_T2_callee_saved_registers(); raise_interrupt_rm_W_add_X(code_f); } int f_critical(int a, int b) { if (SHOULD_BE_REGENERATED()) SGPC_f_critical(); return code_f(a, b); } | 13 PHISIC 2018 | Belleville Nicolas

  14. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: code code_f[CODE_SIZE]; • Start from a C file void SGPC_f_critical() { • Produce a new C file with polymorphism countermeasure applied to target raise_interrupt_rm_X_add_W(code_f); functions reg_t r[] = {0,1,2,3,4,5,6,...,12,13,14,15}; push_T2_callee_saved_registers(); eor_T2(r[4], r[1], r[0]); add_T2(r[0], r[1], r[0]); sdiv_T2(r[1], r[0], r[4]); File.c mls_T2(r[0], r[1], r[4], r[0]); pop_T2_callee_saved_registers(); raise_interrupt_rm_W_add_X(code_f); } int f_critical(int a, int b) { if (SHOULD_BE_REGENERATED()) SGPC_f_critical(); return code_f(a, b); } | 14 PHISIC 2018 | Belleville Nicolas

  15. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: code code_f[CODE_SIZE]; • Start from a C file void SGPC_f_critical() { • Produce a new C file with polymorphism countermeasure applied to target raise_interrupt_rm_X_add_W(code_f); functions reg_t r[] = {0,1,2,3,4,5,6,...,12,13,14,15}; push_T2_callee_saved_registers(); eor_T2(r[4], r[1], r[0]); add_T2(r[0], r[1], r[0]); sdiv_T2(r[1], r[0], r[4]); File.c mls_T2(r[0], r[1], r[4], r[0]); pop_T2_callee_saved_registers(); raise_interrupt_rm_W_add_X(code_f); } int f_critical(int a, int b) { if (SHOULD_BE_REGENERATED()) SGPC_f_critical(); return code_f(a, b); } | 15 PHISIC 2018 | Belleville Nicolas

  16. AUTOMATIC APPLICATION OF CODE POLYMORPHISM • Objective: code code_f[CODE_SIZE]; • Start from a C file void SGPC_f_critical() { • Produce a new C file with polymorphism countermeasure applied to target raise_interrupt_rm_X_add_W(code_f); functions reg_t r[] = {0,1,2,3,4,5,6,...,12,13,14,15}; push_T2_callee_saved_registers(); eor_T2(r[4], r[1], r[0]); add_T2(r[0], r[1], r[0]); sdiv_T2(r[1], r[0], r[4]); File.c mls_T2(r[0], r[1], r[4], r[0]); pop_T2_callee_saved_registers(); raise_interrupt_rm_W_add_X(code_f); } int f_critical(int a, int b) { if (SHOULD_BE_REGENERATED()) SGPC_f_critical(); return code_f(a, b); } | 16 PHISIC 2018 | Belleville Nicolas

  17. CODE TRANSFORMATIONS USED AT RUNTIME • Register shuffling ● Permutation among all equivalent registers • Instruction shuffling ● Shuffling of independent instructions (use/def register analysis) • Use of semantic equivalent ● Random choice between sequences of instructions equivalent to the original instructions ● Semantic equivalents available for a limited number of instructions ● Ex: a xor b <=> (a xor r) xor (b xor r) • Insertion of noise instructions ● Useless instructions among frequently used ones (xor, sub, load, add) ● A probability model determines the number of noise instructions to be inserted (possibly 0) ● One insertion in between each pair of original instructions | 17 PHISIC 2018 | Belleville Nicolas

  18. REMAINING PROBLEMS • Memory write and execute permissions ● Code generation → both write and execute permissions on a memory segment → could be exploited to mount an attack • Code size varies ● Allocated memory should be large enough ● But not too large! PHISIC 2018 | Belleville Nicolas

  19. MANAGEMENT OF MEMORY PERMISSIONS • W and X permissions required for dynamic code generation • Use the specialisation of generator to change permissions • For each secured function, only one generator allowed to write in allocated buffer • Interrupt raised to change memory permissions between W only and X only ● When generation begins: X only to W only ● When generation ends: W only to X only ● Interrupt handler knows which generator is associated with which memory zone | 19 PHISIC 2018 | Belleville Nicolas

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

715 views • 53 slides
Software Protection Evaluation Bjorn De Sutter ISSISP 2017 Paris 1 Software Protection

Software Protection Evaluation Bjorn De Sutter ISSISP 2017 Paris 1 Software Protection

Software Protection Evaluation Bjorn De Sutter ISSISP 2017 Paris 1 Software Protection Evaluation Four criteria (Collberg et al) Potency : confusion, complexity, manual effort Resilience : resistance against (automated) tools

839 views • 68 slides
Automated Segmentation of Suspicious Breast Masses from Ultrasound Images Viksit Kumar, Jeremy

Automated Segmentation of Suspicious Breast Masses from Ultrasound Images Viksit Kumar, Jeremy

Automated Segmentation of Suspicious Breast Masses from Ultrasound Images Viksit Kumar, Jeremy Webb, Adriana Gregory, Mostafa Fatemi, Azra Alizad GTC 2018, San Jose, USA SIGNIFICANCE Breast cancer is most common and leading cause of death in

303 views • 13 slides
Towards Automated Software Project Planning Extending Palladio for the Simulation of Software

Towards Automated Software Project Planning Extending Palladio for the Simulation of Software

KPD Symposium 2013 Position Paper Towards Automated Software Project Planning Extending Palladio for the Simulation of Software Processes Oliver Hummel &amp; Robert Heinrich sdq.ipd.kit.edu SOFTWARE DESIGN AND QUALITY GROUP INSTITUTE FOR

233 views • 11 slides
Searching for the Best Tests An Introduction to Automated Software Testing with

Searching for the Best Tests An Introduction to Automated Software Testing with

Searching for the Best Tests An Introduction to Automated Software Testing with Search-Based Techniques Gregory M. Kapfhammer Department of Computer Science Allegheny College March 31, 2015 Software is Everywhere Software is

1.71k views • 144 slides
Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad Ureche, Cristian Zamfir, George Candea School of Computer and Communication Sciences Automated Software Testing Automated Industrial Techniques

1.25k views • 59 slides
The Business Side of a Software Architect Tomer Peretz, Orbotech About Me Chief Software

The Business Side of a Software Architect Tomer Peretz, Orbotech About Me Chief Software

The Business Side of a Software Architect Tomer Peretz, Orbotech About Me Chief Software Architect at Orbotech Presidency member at ILTAM 2 | The business side of a software architect Orbotech in the Electronics Value Chain Today Flat

464 views • 24 slides
Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and Algorithms Martin Monperrus, Ph.D. version of Oct 15, 2012 Creative Commons Attribution License Copying and modifying are authorized as long as

818 views • 34 slides
Aspects of neutrino masses Jessica Turner UCL 13 December 2019 Outline Neutrino masses and

Aspects of neutrino masses Jessica Turner UCL 13 December 2019 Outline Neutrino masses and

Aspects of neutrino masses Jessica Turner UCL 13 December 2019 Outline Neutrino masses and mixing Consequences of neutrino masses Neutrino masses from gravity, what has been done Neutrino masses from gravity: the Schwinger Dyson

741 views • 52 slides
S V V .lu software verification &amp; validation Automated Software Testing in Cyber-Physical

S V V .lu software verification &amp; validation Automated Software Testing in Cyber-Physical

S V V .lu software verification &amp; validation Automated Software Testing in Cyber-Physical Systems Lionel Briand NUS, Singapore, 2019 Dependable Breakfast 2 SnT Center: Mandate 3 SnT Center: Overview 101 M 287 employees 51

1.36k views • 94 slides
Automated Software Transplantation ( ISSTA 2015 ) Earl T. Mark Yue Alexandru Justyna Barr

Automated Software Transplantation ( ISSTA 2015 ) Earl T. Mark Yue Alexandru Justyna Barr

Automated Software Transplantation ( ISSTA 2015 ) Earl T. Mark Yue Alexandru Justyna Barr Harman Jia Marginean Petke CREST, University College London Justyna Petke Automated Software Transplantation Genetic Improvement of Software

418 views • 22 slides
Neutral Networks of Real-World Programs and their Application to Automated Software Evolution

Neutral Networks of Real-World Programs and their Application to Automated Software Evolution

Neutral Networks of Real-World Programs and their Application to Automated Software Evolution Eric Schulte Department of Computer Science University of New Mexico Albuquerque, NM July 2014 Neutral Networks and Automated Software Evolution

1.51k views • 147 slides
Playing with Binary Analysis Deobfuscation of VM based software protection Jonathan Salwan,

Playing with Binary Analysis Deobfuscation of VM based software protection Jonathan Salwan,

Playing with Binary Analysis Deobfuscation of VM based software protection Jonathan Salwan, Sbastien Bardin and Marie-Laure Potet SSTIC 2017 Topic Binary protection Virtualization-based software protection Automatic

933 views • 72 slides
Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science

Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science

Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science &amp; Engineering University of Washington Joint work with David Notkin July 2004 Motivation Existing automated test generation tools are

638 views • 43 slides
Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia

Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia

Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia Marginean Petke CREST, University College London Alexandru Marginean Automated Software Transplantation Humies 2016 Why Autotransplantation?

1.06k views • 87 slides
Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia

Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia

Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia Marginean Petke CREST, University College London Alexandru Marginean Automated Software Transplantation Why Autotransplantation? ~100 players

593 views • 20 slides
ENHANCING SCIENTIFIC COMPUTATION USING A VARIABLE PRECISION FPU WITH A RISC-V PROCESSOR Y.Durand,

ENHANCING SCIENTIFIC COMPUTATION USING A VARIABLE PRECISION FPU WITH A RISC-V PROCESSOR Y.Durand,

ENHANCING SCIENTIFIC COMPUTATION USING A VARIABLE PRECISION FPU WITH A RISC-V PROCESSOR Y.Durand, C.Fabre, A. Bocco, T. Trevisan | IMPRENUM Project | Oct 2019 | 1 USE CASES FOR (LARGE) VARIABLE PRECISION Applications Techniques &amp; Kernels

317 views • 8 slides
Side-Channel Analysis on Blinded Regular Scalar Multiplications Benoit Feix Mylne Roussellet

Side-Channel Analysis on Blinded Regular Scalar Multiplications Benoit Feix Mylne Roussellet

Side-Channel Analysis on Blinded Regular Scalar Multiplications Benoit Feix Mylne Roussellet Alexandre Venelli Thales Communications &amp; Security Target of our paper 2 / 2 / Elliptic Curve Cryptosystems (ECC) implemented on

471 views • 46 slides
A sampled sine wave 1.0 0.5

A sampled sine wave 1.0 0.5

A sampled sine wave 1.0 0.5 r(t) 0.0 0.5

917 views • 6 slides
Contents 1. CARRIOCAS Challenges and Project presentation Cliquez pour modifier le style du titre

Contents 1. CARRIOCAS Challenges and Project presentation Cliquez pour modifier le style du titre

CA lcul R parti sur R seau I nternet O ptique CA pacit S urmultiplie* Grid vs. Cloud Computing and Why This Should Concern the Optical Networking Community OFC/NFOEC 2009 Virtualizing and Scheduling Network resource for Emerging

418 views • 18 slides
X-Ray Magnetic Circular Dichroism: basic concepts and applications for 3d transition metals

X-Ray Magnetic Circular Dichroism: basic concepts and applications for 3d transition metals

X-Ray Magnetic Circular Dichroism: basic concepts and applications for 3d transition metals Stefania PIZZINI Laboratoire Louis Nel CNRS- Grenoble I) - Basic concepts of XAS and XMCD - XMCD at L 2,3 edges of 3d metals II) - Examples and

521 views • 32 slides
Ins GAM Dr. Camille SALINESI Centre de Recherche en Informatique Universit Paris1

Ins GAM Dr. Camille SALINESI Centre de Recherche en Informatique Universit Paris1

Ins GAM Dr. Camille SALINESI Centre de Recherche en Informatique Universit Paris1 Panthon Sorbonne 1 A Requirement-driven Approach for Designing Data Warehouses RE/WS RE/WS Strategies RE/DW Strategies cu_DW systems 2

418 views • 17 slides
The Cost of Monotonicity in Distributed Graph Searching David Ilcinkas 1 Nicolas Nisse 2 David

The Cost of Monotonicity in Distributed Graph Searching David Ilcinkas 1 Nicolas Nisse 2 David

The Cost of Monotonicity in Distributed Graph Searching David Ilcinkas 1 Nicolas Nisse 2 David Soguet 2 1 Universit du Qubec en Outaouais, Canada. 2 LRI, Universit Paris-Sud, France. Opodis, December 2007 1 Graph searching problem Goal:

742 views • 72 slides
Smooth Path Planning for Cars Thierry Fraichard Dubins/Reeds &amp; Shepp Car Kinematics = y

Smooth Path Planning for Cars Thierry Fraichard Dubins/Reeds &amp; Shepp Car Kinematics = y

Smooth Path Planning for Cars Thierry Fraichard Dubins/Reeds &amp; Shepp Car Kinematics = y ( , , ) q x y w = &amp; &amp; sin cos 0 x y Perfect rolling Bounded steering angle

300 views • 18 slides

More recommend