dma support for the sancus architecture
play

DMA Support for the Sancus Architecture Lightweight and Open-Source - PowerPoint PPT Presentation

Oct 15, 2022 •45 likes •545 views

DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT Sergio Seminara seminara@kth.se KTH - Kungliga Tekniska Hgskola Examiner: prof. Mads Dam Supervisor: prof. Roberto Guanciale Seminara (KTH)

  1. DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT Sergio Seminara � seminara@kth.se KTH - Kungliga Tekniska Högskola Examiner: prof. Mads Dam Supervisor: prof. Roberto Guanciale Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 0 / 27

  2. Introduction Goal of the Thesis Sancus 2.0 DMA Goal of the Thesis To extend Sancus 2.0 architecture with DMA capabilities, without affecting its security guarantees Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 1 / 27

  3. Introduction Goal of the Thesis Contributions of the Thesis: 1 Provide a background on Sancus and PMA in general 2 Show that a direct implementation of DMA breaks security guarantees 3 Propose secure DMA implementations on Sancus that preserve security properties Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 2 / 27

  4. Introduction Goal of the Thesis What is DMA? Direct Memory Access (DMA) It is a feature of CPUs that allows hardware subsystems to directly access the memory, without the participation of the Control Unit (CU). � Without DMA, the CPU would be fully occupied during I/O operations. In this sense, DMA speeds up the system, by unburdening the CPU from I/O loads. Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 3 / 27

  5. Introduction Goal of the Thesis What is Sancus 2.0? Sancus Target architecture of the thesis is Sancus a [5], an open-source, lightweight PMA with a specific focus for networked embedded devices. a Sancus version with secure DMA support is currently maintained on GitHub at https://github.com/S3rg7o/sancus-core Protected Modules Architectures Security architectures running independently from an operating system, that can execute code in an isolated area of the memory. Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 4 / 27

  6. Introduction PMAs and PC Based MAC Secure Code Execution on Embedded Devices Embedded device are required to be cheap in terms of: – Chip area unsuitable to implement established – Chip complexity → solutions from high-end devices world – Power consumption A promising solution is found in Protected (software) Module Architectures , security architectures that offers: – Isolated execution of protected software module – Secure remote attestation – Divide-and-conquer approach, as complex software is splitted into smaller protected modules, easier to verify [4] Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 5 / 27

  7. Introduction PMAs and PC Based MAC Program-Counter Based Memory Access Control PC Based MAC Memory protection technique which sets different memory permissions depending on the current value of the PC. Hardware-only solution, with minimal TCB 1 Strong modules isolation and confidentiality guarantees Low cost → compatible with lightweight embedded devices Memory access rights from \ to Protected Unprotected Entry point Code Data Entry point r - x r - x r w - r w x PC Text section r - x r - x r w - r w x Unprotected \ - - x - - - - - - r w x Other SMs 1 Trusted Computing Base Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 6 / 27

  8. Introduction PMAs and PC Based MAC PC Based Memory PMAs Access Control Memory Protection on Embdedded Devices Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 7 / 27

  9. Introduction Sancus Overview System Model A single infrastructure provider IP owns and administers a set of networked microprocessor-based systems, referred as nodes N i . IP N 1 SP 1 · · · SM 1 , 1 SM 2 , 1 N 2 SP 2 . . · · · SM 2 , 2 SM j , k . . . SP j . Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 8 / 27

  10. Introduction Sancus Overview Security Properties: SMs Isolation Remote Attestation Secure Communication & Secure Linking Secure Key Management Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 9 / 27

  11. Introduction Sancus Overview Attacker Model Attackers can: Manipulate all the software on the node and act as software providers Control the communication network, independently of its security protocol Perform protocol-level attacks on cryptographic functions Plug-in their own peripherals before the system is started. Any further alteration at runtime is not considered in this model Attackers cannot: Have physical access to the hardware of the system. At anytime they cannot: – Access CPU internal registers – Place probes on memory buses – Disconnect components at runtime Break cryptographic primitives Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 10 / 27

  12. Introduction Sancus Overview Software Module on a Sancus Node Processor protect(layout,SP) instruction supervises SMs deployment Node Memory Unprotected Next ID Protected Caller ID storage area K N A software module is composed by: Code section, containing protected code and constants, that can be entered only via few predefined entry points Data section, containing the module private data Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 11 / 27

  13. Introduction Sancus Overview Software Module on a Sancus Node Processor protect(layout,SP) instruction supervises SMs deployment Node SM 1 text section SM 1 data section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data Next ID TS 1 TE 1 DS 1 DE 1 K N , SP , SM 1 ID SM 1 SM 1 metadata Protected Caller ID storage area K N TS n TE n DS n DE n K N , SP , SM n ID SM n SM n metadata Layout Key ID � The node key K N , together with all SMs keys K N , SP , SM i , are stored in the Protected Storage Area (PSA). � PSA is not mapped into the system memory � keys never leak on Sancus! Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 11 / 27

  14. Introduction Sancus Overview Trusted Computing Base (TCB) � The set of hardware or software components critical for the security of the system. Sancus TCB is hardware-only TCB RAM or Frontend ROM Memory Backbone SM Control Execution Unit RAM SM1 SM2 MAL MAL Violation Layout Layout Key Key Peripheral Bus Key & Layout Crypto Unit MAB Interface DMA DMA Peripherals Peripherals DMA Controller Address registers FSM Number of words Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 12 / 27

  15. Introduction Sancus Overview DMA Controller Sancus is provided with a default DMA controller. Main benefits from its inclusion in the system are: Multiplex different devices, with a positional priority arbitration Incorporate all the complexity of the DMA protocol in use on Sancus Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 13 / 27

  16. Problem Statement PC Based Memory PMAs Access Control Memory Protection DMA? on Embdedded Devices Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 14 / 27

  17. Problem Statement DMA Support for PMAs PMAs generally do not support DMA PC based MAC is enforced over the CPU memory access bus (MAB). • What if the untrusted element resides outside CPU domain? • What if there was a way to directly access the memory, bypassing any CPU control, so that no violation is raised on illegal accesses? Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 15 / 27

  18. Problem Statement DMA Support for PMAs DMA Exploitation on PMAs � Watch out � An attacker with DMA capabilities can tamper with any location of the system memory at runtime, as DMA bypasses any MMU-like control. An example of DMA exploitation, for the Sancus architecture, is provided at https://github.com/S3rg7o/sancus-examples/blob/master/hello-DMA/Readme.md . Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 16 / 27

  19. Extending DMA on Sancus Sancus 2.0 What about Sancus? It does not support DMA natively Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 17 / 27

  20. Extending DMA on Sancus Direct DMA Implementation Direct DMA Implementation Breaks Sancus security guarantees! Every memory location can be accessed, including the SMs protected sections. Modules isolation reneges The K N , SP , SM key is computed only once, on module deployment. If isolation reneges, it can’t be no longer be considered a sufficient assurance of modules integrity Nodes and modules keys are inaccessible from DMA � SMs isolation is a crucial security property � An attacker can entirely rewrite the text section of a module, making it de facto a Trojan horse � Although alarming, this scenario differs from keys disclosure since attacker’s computational capabilities are still confined to compromised node Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 18 / 27

  21. Extending DMA on Sancus Solution Tree Need for solutions! DMA on PMAs? 1) No DMA in the system Allow DMA in the system 2) Enforce PC-based 3) Exclude DMA from 4) Allow access to specific memory access control protected memory locations in SMs data sections Seminara (KTH) DMA Support for the Sancus Architecture 19 February 2019 19 / 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O

Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O

Responsiveness Guarantee for the Sancus Protected Module Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O & application case o 3. Objectives Attacker model & properties o 4. Design

420 views • 14 slides
Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared

Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared

Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared Infrastructure Job Noorman Public PhD Defence 19 Apr 2017 Safety considerations when lodging in a hotel Untrusted guests Locked room Unknown personnel

1.16k views • 79 slides
Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your

Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your

Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your hosts Andrew Whelan CEO, Sancus BMS Group Chartered Fellow of the Chartered Institute for Securities & Investment Andys career has spanned

765 views • 18 slides
Sancus BMS Group The Future for Alternative Finance Andrew Whelan May 2017 GLI Finance

Sancus BMS Group The Future for Alternative Finance Andrew Whelan May 2017 GLI Finance

Sancus BMS Group The Future for Alternative Finance Andrew Whelan May 2017 GLI Finance Investment Portfolio of SME Lending Platforms This document is confidential and should only be circulated with prior approval from Sancus BMS Group. 2 |

947 views • 32 slides
Sancus 2.0: Open-Source Trusted Computing for the IoT Jan Tobias Mhlberg

Sancus 2.0: Open-Source Trusted Computing for the IoT Jan Tobias Mhlberg

Sancus 2.0: Open-Source Trusted Computing for the IoT Jan Tobias Mhlberg jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium FOSDEM, Brussels, February 2018 Joint work with Job Noorman, Jo Van

815 views • 46 slides
1 Where does architecture come from? What order? Use an architecture youve seen before

1 Where does architecture come from? What order? Use an architecture youve seen before

Architecture 2 1 Announcements What is Architecture? Final project hand-in and documentation Big picture Structure or structures that support the system Early design decisions Architecture is the design decisions you

275 views • 5 slides
Can Software Architecture Be Used To Support Innovation? Pierre Pureur Can Software Architecture

Can Software Architecture Be Used To Support Innovation? Pierre Pureur Can Software Architecture

SATURN 2019 Can Software Architecture Be Used To Support Innovation? Pierre Pureur Can Software Architecture Be Used To Support Innovation? 1 Can Software Architecture Be Used To Support Innovation? Most innovation projects do not care

380 views • 37 slides
Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing

Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing

Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing Base Pieter Agten Wilfried Daniels Raoul Strackx Job Noorman Anthony Van Herrewege Christophe Huygens Bart Preneel Ingrid Verbauwhede Frank

806 views • 67 slides
A multi physical simulation architecture to support the A multi physical simulation

A multi physical simulation architecture to support the A multi physical simulation

IPG Technology Conference Karlsruhe 2012 A multi physical simulation architecture to support the A multi physical simulation architecture to support the development of hybrid electric vehicles James Chapman CAE Simulation Group Jaguar Land

235 views • 21 slides
Architecture, ISA support, and Software Toolchain for Neuromorphic Computing in ReRAMBased

Architecture, ISA support, and Software Toolchain for Neuromorphic Computing in ReRAMBased

Scalable and Energy-Efficient Architecture Lab (SEAL) Architecture, ISA support, and Software Toolchain for Neuromorphic Computing in ReRAMBased Main Memory Yuan Xie University of California, Santa Barbara yuanxie@ece.ucsb.edu Research

592 views • 28 slides
GLI Finance Geoff Miller CEO Proposed Acquisition - Sancus November 2014 1 Disclaimer

GLI Finance Geoff Miller CEO Proposed Acquisition - Sancus November 2014 1 Disclaimer

GLI Finance Geoff Miller CEO Proposed Acquisition - Sancus November 2014 1 Disclaimer IMPORTANT NOTICE These presentation materials (the "Presentation Materials") are being solely issued to and directed at persons who are qualified

407 views • 8 slides
Dr. Pat Selinger IBM Fellow and VP of Data Management Architecture and Technology IBM, USA DB2

Dr. Pat Selinger IBM Fellow and VP of Data Management Architecture and Technology IBM, USA DB2

Dr. Pat Selinger IBM Fellow and VP of Data Management Architecture and Technology IBM, USA DB2 and e-business Infrastructure DB2 J2EE Support JDBC, SQLJ, JTA DB2 EJB Everyplace Stored Procedures DB2 LDAP Support DB2 LDAP Support Data

478 views • 4 slides
ADDING SUPPORT FOR C++ CONTRACTS TO CLANG A CS PhD. student (Computer Architecture and Technology

ADDING SUPPORT FOR C++ CONTRACTS TO CLANG A CS PhD. student (Computer Architecture and Technology

and some thoughts around their application Javier Lpez-Gmez 8th April 2019 Computer Science and Engineering Department, University Carlos III of Madrid ADDING SUPPORT FOR C++ CONTRACTS TO CLANG A CS PhD. student (Computer Architecture

418 views • 39 slides
Support of Cross Calls between Microprocessor and FPGA in CPU-FPGA Coupling Architecture G.

Support of Cross Calls between Microprocessor and FPGA in CPU-FPGA Coupling Architecture G.

Support of Cross Calls between Microprocessor and FPGA in CPU-FPGA Coupling Architecture G. NguyenThiHuong and Seon Wook Kim Microarchitecture and Compiler Laboratory School of Electrical Engineering Korea University Motivation

416 views • 19 slides
1 Last class: Computer architecture support for systems Today: Operating Systems

1 Last class: Computer architecture support for systems Today: Operating Systems

1 Last class: Computer architecture support for systems Today: Operating Systems Structures and Basics 2 Interlude Recap of OS goals Resource management Memory, Devices Scheduling Security Services to

548 views • 25 slides
ICOS: Support for Bare Metal Computer Architecture Assignments Zachary Kurmas

ICOS: Support for Bare Metal Computer Architecture Assignments Zachary Kurmas

ICOS: Support for Bare Metal Computer Architecture Assignments Zachary Kurmas kurmasz@gvsu.edu The Story GVSU offers two hardware courses CIS 251, Computer Organization, 3 hours CIS 451, Computer Architecture, 4 hours

302 views • 18 slides
Computer Programming II Algorithm Analysis and Sorting Techniques Algorithm A sequence of

Computer Programming II Algorithm Analysis and Sorting Techniques Algorithm A sequence of

Computer Programming II Algorithm Analysis and Sorting Techniques Algorithm A sequence of well-defined instructions, which with a finite number of steps solves a problem or calculation. Components Sequence: a succession of instructions

654 views • 38 slides
COMP 516 COMP 516 Research Methods in Computer Science Research Methods in Computer Science

COMP 516 COMP 516 Research Methods in Computer Science Research Methods in Computer Science

COMP 516 COMP 516 Research Methods in Computer Science Research Methods in Computer Science Lecture 18: Legal, Social, Ethical and Professional Issues (1) Dominik Wojtczak Dominik Wojtczak Department of Computer Science Department of

755 views • 9 slides
Mining, and Intro to Categorization Tues April 10 Kristen Grauman UT Austin UT Austin, CS 376

Mining, and Intro to Categorization Tues April 10 Kristen Grauman UT Austin UT Austin, CS 376

Mining, and Intro to Categorization Tues April 10 Kristen Grauman UT Austin UT Austin, CS 376 Computer Vision - lecture 21 Recognition and learning Recognizing categories (objects, scenes, activities, attributes), learning techniques

820 views • 71 slides
Parallel Computing in R and Simulations on the Cluster Computing Club April 30, 2019 Lamar Hunt

Parallel Computing in R and Simulations on the Cluster Computing Club April 30, 2019 Lamar Hunt

Parallel Computing in R and Simulations on the Cluster Computing Club April 30, 2019 Lamar Hunt Background Brand and Generic drugs are generally considered equivalent, however, the FDA does not require generic drug producers to

572 views • 18 slides
Clustering Data Streams zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Sudipto Guha

Clustering Data Streams zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Sudipto Guha

Clustering Data Streams zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Sudipto Guha zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Liadan OCallaghan zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Abstract

468 views • 8 slides
Sub-lithographic Semiconductor Computing Systems Andr DeHon andre@cs.caltech.edu In

Sub-lithographic Semiconductor Computing Systems Andr DeHon andre@cs.caltech.edu In

Sub-lithographic Semiconductor Computing Systems Andr DeHon andre@cs.caltech.edu In collaboration with Helia Naeimi, Michael Wilson, Charles Lieber, Patrick Lincoln, and John Savage MPSoC 2005 -- DeHon Approaching the Bottom In 1959,

724 views • 51 slides
Tracking Dice, see dieroll2.cpp Defining tvector objects const int DICE_SIDES = 4; Can specify

Tracking Dice, see dieroll2.cpp Defining tvector objects const int DICE_SIDES = 4; Can specify

Vectors Vector basics Were using the class tvector , need #includetvector.h Vectors are homogeneous collections with random access Based on the standard C++ (STL) class vector, but safe Store the same type/class of object,

360 views • 7 slides
Vectors Vectors are homogeneous collections with random access Store the same type/class of

Vectors Vectors are homogeneous collections with random access Store the same type/class of

Vectors Vectors are homogeneous collections with random access Store the same type/class of object, e.g., int, string, The 1000 th object in a vector can be accessed just as quickly as the 2 nd object Weve used files to store

902 views • 28 slides

More recommend