case cache assisted secure execu3on on arm processors
play

CaSE: Cache-Assisted Secure Execu3on on ARM Processors N1NG N1NG - PowerPoint PPT Presentation

Dec 24, 2023 •200 likes •552 views

CaSE: Cache-Assisted Secure Execu3on on ARM Processors N1NG N1NG ZHANG ZHANG , KUN SUN, WENJING LOU, TOM HOU Who am I ? - 10 years, working on different security products data forensic, mul;-level security systems - did my undergrad @

  1. CaSE: Cache-Assisted Secure Execu3on on ARM Processors N1NG N1NG ZHANG ZHANG , KUN SUN, WENJING LOU, TOM HOU

  2. Who am I ? - 10 years, working on different security products – data forensic, mul;-level security systems - did my undergrad @ Umass – middle of no where - did my Ph.D @ VT in DC. – nice area, but I never got to go out ! - back to industry doing interes;ng things – or not - lastly, I am also an adjunct assistant professor at the complex network and security research laboratory (CNSR) at Virginia Tech

  3. Talk Outline ü Mo;va;on and Background – Why this work ? ü Threat Model – What are we defending against ? ü CaSE: Cache-Assisted Secure Execu;on – How does it work? ü CaSE highlight – Challenges ? ü Evalua;on – How did we do ? ü Conclusion and future Work

  4. Cyber ALacks

  5. Threat to Mobile devices

  6. But how does it really work ?

  7. Buffer overflow - What is a soRware stack

  8. SoRware Exploits – Can you spot the bug ?

  9. What happened ? Tests array

  10. Before and ARer J

  11. So are we doomed ? The best you can do ?

  12. ARM TrustZone – Trusted Execu3on Environment (TEE) System Wide Protec;on Secure World Normal World ü Divides system resources into two worlds ü Normal World runs the content rich OS ü Secure World runs security cri;cal services ü The protec;on of resources includes - processor, memory and IO devices

  13. Many Products use ARM TrustZone

  14. Smart Devices Going Mo Mobile bile

  15. Physical Level ALack

  16. Hardware ALacks - Cold Boot ALack

  17. What can you recover ?

  18. And whatever else that are in memory

  19. Previous Works on Coldboot Defense TRESOR Sec 2011 – Register-based RAM-less AES encryp;on Copker NDSS 2014 – Cache-based RAM-less RSA encryp;on PixelVault CCS 2014 – GPU based RAM-less encryp;on Sentry ASPLOS 2015 – Cache-based RAM-less encryp;on Mimosa S&P 2015 – Transac;onal-based RAM-less encryp;on

  20. Mul3-vector Adversary

  21. Introducing CaSE - Goals ü Defense against Mul;-Vector adversary ü Physical memory disclosure a_ack – Cold boot ü Compromised rich OS ü Provide confiden;ality and integrity to both the code and data of the binaries in TEE ü Confiden;ality – Protects IP, secret code, sensi;ve data ü Integrity – Program behavior

  22. Threat Model System On Chip (SoC) Processor Cache NonSecure Secure Cache Cache NonSecure Normal World Memory Secure Memory DRAM NonSecure Rich OS Secure OS

  23. Case-Assisted Execu3on in Secure World System On Chip (SoC) Processor Cache 0101010110101101 1001 1101 Context Secure storage Packer 1101 0101 0101010110101101 NonSecure Normal World Memory Secure Memory DRAM Secure OS NonSecure Rich OS

  24. Case-Assisted Execu3on in Normal World System On Chip (SoC) Processor Cache 0101010110101101 0101010110101101011010100 1001 0101 1101 1101 CaSE Context Secure Manager storage Packer 1101 0101 0101 1101 0101010110101101 0101010110101101011010100 Secure Memory NonSecure Normal World Memory DRAM NonSecure OS Secure Rich OS

  25. Cache Architecture Details

  26. Controlling the Cache ü Cache Locking is available through L2 cache lockdown CP15 coprocessor ü The granularity of locking is per cache way ü On Cortex-A8, which has 8 way total 256KB L2 unified cache

  27. SoC-Bound Execu3on – Cache Locking

  28. Self Modifying Program System On Chip (SoC) L1 Instruc;on Cache L1 Data Cache L2 Unified Cache

  29. Self Modifying Program System On Chip (SoC) L1 Instruc;on Cache L1 Data Cache L2 Unified Cache

  30. Evalua3on Feasibility of using Cache as Memory

  31. Evalua3on Performance Impact to the Applica3on

  32. Performance Impact to the System

  33. Conclusion ü A secure cache-assisted SoC-bound execu;on framework ü Provide confiden;ality and integrity to sensi;ve code and data of applica;ons ü Protect against both sodware a_acks and cold boot a_ack. ü In the future, we would like to further study efficient method to provide OS support to the TEE.

  34. What other things did I do ? - Differen;al privacy in data mining - ICC 11 - Reverse engineer ASUS BIOS - Trusted Cloud Compu;ng – CNS 14 - An;-memory forensic framework – HIVES – ASIACCS 15 - Cache-based rootkits – EUROSP 16 - Case – Cached-assisted security execu;on – SP16 - Augmented reality authen;ca;on – TRUSTED – CCS16 Feel free to contact me at Ningzhang.info / ningzh@vt.edu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING LOU, TOM HOU Talk Outline Motivation and Background Why this work ? Threat Model What are we defending against ? CaSE:

248 views • 21 slides
Cache Coherency Cache coherent processors most current value for an address is the last

Cache Coherency Cache coherent processors most current value for an address is the last

Cache Coherency Cache coherent processors most current value for an address is the last write all reading processors must get the most current value Cache coherency problem update from a writing processor is not known to other

719 views • 30 slides
Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors Max

Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors Max

Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors Max Doblas , Ioannis-Vatistas Kostalabros , Miquel Moret and Carles Hernndez Computer Sciences - Runtime Aware Architecture, Barcelona

1.17k views • 30 slides
mutexes / barriers / monitors 1 last time cache coherency multiple cores, each with own cache

mutexes / barriers / monitors 1 last time cache coherency multiple cores, each with own cache

mutexes / barriers / monitors 1 last time cache coherency multiple cores, each with own cache at most one cache with modifjed value watch other processors accesses to monitor value use invalidation to prevent others from getting modifjed

757 views • 75 slides
1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

Cache Performance Metrics Cache miss rate: number of cache misses divided by number of accesses Lecture 14: Hardware Approaches for Cache Optimizations Cache hit time: the time between sending address and data returning from cache Cache

608 views • 4 slides
1 Implementation Snoop Caches Implementing Snooping Caches Write Races: Multiple processors

1 Implementation Snoop Caches Implementing Snooping Caches Write Races: Multiple processors

An Example Snoopy Protocol Invalidation protocol, write-back cache Each block of memory is in one state: Cache Coherence and Memory Clean in all caches and up-to-date in memory (Shared) Consistency OR Dirty in exactly one cache

507 views • 3 slides
Hybrid cache architecture for high-speed packet processing Z. Liu, K. Zheng and B. Liu Abstract:

Hybrid cache architecture for high-speed packet processing Z. Liu, K. Zheng and B. Liu Abstract:

Hybrid cache architecture for high-speed packet processing Z. Liu, K. Zheng and B. Liu Abstract: The exposed memory hierarchies employed in many network processors (NPs) are expensive in terms of meeting the worst-case processing requirement.

427 views • 8 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
Online Cache Modeling for Commodity Multicore Processors Richard West, Puneet Zaroo, Carl A.

Online Cache Modeling for Commodity Multicore Processors Richard West, Puneet Zaroo, Carl A.

Online Cache Modeling for Commodity Multicore Processors Richard West, Puneet Zaroo, Carl A. Waldspurger and Xiao Zhang Contact: richwest@cs.bu.edu Computer Science The Big Picture . . . Application threads VM VM VM VM VM . . .

404 views • 23 slides
Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency Requirements of performance, availability, and disconnected operation require us to relax the goal of semantic transparency. - HTTP 1.1 specification

598 views • 13 slides
Worst-case Bounds and Optimized Cache on M th Request Cache Insertion Policies under Elastic

Worst-case Bounds and Optimized Cache on M th Request Cache Insertion Policies under Elastic

Worst-case Bounds and Optimized Cache on M th Request Cache Insertion Policies under Elastic Conditions Niklas Carlsson, Linkping University Derek Eager, University of Saskatchewan Proc. IFIP Performance , Toulouse, France, Dec. 2018. Motivation

1.07k views • 89 slides
Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology New Security Challenges Current computer

411 views • 26 slides
DAWG : A Defense Against Cache Timing Attacks in Speculative Execution Processors Vladimir

DAWG : A Defense Against Cache Timing Attacks in Speculative Execution Processors Vladimir

DAWG : A Defense Against Cache Timing Attacks in Speculative Execution Processors Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, Joel Emer {vlk, ilebedev, saman, devadas, emer}@csail.mit.edu MICRO'18

949 views • 78 slides
Joint Wireless Information and Energy Transfer in Cache-assisted Relaying Systems IEEE Wireless

Joint Wireless Information and Energy Transfer in Cache-assisted Relaying Systems IEEE Wireless

Joint Wireless Information and Energy Transfer in Cache-assisted Relaying Systems IEEE Wireless Communications and Networking Conference 2018 16 th April, 2018 Sumit Gautam , Thang X. Vu, Symeon Chatzinotas, Bjrn Ottersten {sumit.gautam,

853 views • 20 slides
Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser |

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser |

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser LCA, Gold Coast, QLD, 2020-01-15 https://trustworthy.systems What is seL4? A 30-Year Dream 3 | LCA |

886 views • 36 slides
L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache, and all blocks initially marked as not valid , Given the main memory word addresses 0 1 2 3 4 3 4 15, calculate Cache hit rate. Cache Index

654 views • 9 slides
Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1 Agenda

Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1 Agenda

Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1 Agenda Brief information about Windows NT Security architecture Identification and authentication Access control Administration C. Ding -

1.28k views • 52 slides
Learning Expressive Ontological Concept Descriptions via Neural Networks Marco Rospocher First

Learning Expressive Ontological Concept Descriptions via Neural Networks Marco Rospocher First

Learning Expressive Ontological Concept Descriptions via Neural Networks Marco Rospocher First things first University of Trento - September 21, 2018 MARCO Learning Expressive Ontological Concept Descriptions via Neural Networks ROSPOCHER

1.41k views • 119 slides
Mite-A-Thon Date: September 8 to September 15, 2018 Location: North America Mite-A-Thon: What is

Mite-A-Thon Date: September 8 to September 15, 2018 Location: North America Mite-A-Thon: What is

Mite-A-Thon Date: September 8 to September 15, 2018 Location: North America Mite-A-Thon: What is it? Objectives 1) To raise awareness about honey bee colony Varroa infestations in North America through effective monitoring methods. 2)

290 views • 4 slides
Latin and Greek Elements in English Review of Latin Forms 1. The fern offers perhaps the best

Latin and Greek Elements in English Review of Latin Forms 1. The fern offers perhaps the best

Latin and Greek Elements in English Review of Latin Forms 1. The fern offers perhaps the best example in nature of the supradecompound leaf. supra- above, further adj. de- down having many divisions that are themselves replicated com- with,

73 views • 5 slides
Nicolas Verstaevel IRIT DAY 2: SMART CITIES TABLE 4: IMPLEMENTATION OF THE SMART CITY CONCEPT

Nicolas Verstaevel IRIT DAY 2: SMART CITIES TABLE 4: IMPLEMENTATION OF THE SMART CITY CONCEPT

Nicolas Verstaevel IRIT DAY 2: SMART CITIES TABLE 4: IMPLEMENTATION OF THE SMART CITY CONCEPT INTERNATIONAL SUMMER SCHOOL SMART GRIDS AND SMART CITIES Barcelona, 6-8 June 2017 700 members 7 Topics 21 Teams - 4 Strategic axis

604 views • 23 slides
Farm Direct FAQ (1) When is the Farm Direct law effective? January 1, 2012. The Oregon

Farm Direct FAQ (1) When is the Farm Direct law effective? January 1, 2012. The Oregon

Farm Direct FAQ (1) When is the Farm Direct law effective? January 1, 2012. The Oregon Department of Agriculture rules implementing the law will be adopted as the Farm Direct Marketing Rules and will be found at OAR 603-025-0221through

408 views • 7 slides
Ecosystem Services and Green Growth Jeffrey R. Vincent (Duke

Ecosystem Services and Green Growth Jeffrey R. Vincent (Duke

Ecosystem Services and Green Growth Jeffrey R. Vincent (Duke University / Beijer Ins3tute / SANDEE) Inaugural Conference World Bank Green Growth

628 views • 17 slides
mimikatz 2.0 Benjamin DELPY ` gentilkiwi ` Our little story `whoami`, why am I doing this?

mimikatz 2.0 Benjamin DELPY ` gentilkiwi ` Our little story `whoami`, why am I doing this?

mimikatz 2.0 Benjamin DELPY ` gentilkiwi ` Our little story `whoami`, why am I doing this? mimikatz 2.0 & sekurlsa Focus on Windows 8.1 et 2012r2 Kerberos & strong authentication Questions / Answers And of course, some demos during

970 views • 30 slides

More recommend