evaluating sfi for a cisc architecture
play

Evaluating SFI for a CISC Architecture by Stephen McCamant and Greg - PowerPoint PPT Presentation

Jun 10, 2023 •330 likes •449 views

Evaluating SFI for a CISC Architecture by Stephen McCamant and Greg Morrisett USENIX Security Symposium 2006 Presented by William Enck CSE598a/544 - Advanced Systems Security April 24, 2007 CSE598a/544 - Advanced Systems Security Page 1 A

  1. Evaluating SFI for a CISC Architecture by Stephen McCamant and Greg Morrisett USENIX Security Symposium 2006 Presented by William Enck CSE598a/544 - Advanced Systems Security April 24, 2007 CSE598a/544 - Advanced Systems Security Page 1

  2. A Reoccurring Topic • Today’s topic: Buffer Overflows 0xFF...FF Top of Stack ‣ Why do we keep talking about them? ... ‣ A quick review of malcode prevention: Return Address Stack Growth Buffer Growth • Sandboxing variables buffer[n-1] • Syscall IDS buffer[...] • Randomization buffer[0] ... • Canaries 0x00...00 • etc. • We are not going to talk about buffer overflows per se, rather another technique that can help stop attacks, one of which is buffer overflows CSE598a/544 - Advanced Systems Security Page 2

  3. A Practical Approach • A Two-Step Process ‣ Rewrite application binaries • Consume assembly code (this is not a compiler trick) ‣ Verify the rewrite was successful • can be done at load time “We do not mind if the verifier fails to recognize that some programs have the safety property, as long as whenever it concludes that on does, it is correct.” CSE598a/544 - Advanced Systems Security Page 3

  4. Software Fault Isolation • Basic idea: prevent potentially unsafe instructions from executing with improper arguments ‣ down to the granularity of memory writes “SFI does not provide general protection against attacks on the untrusted code; it simply contains those attacks within the component” • How do the goals differ from other techniques? • Limitations: ‣ Typically slow ‣ CISC is tough CSE598a/544 - Advanced Systems Security Page 4

  5. The x86 Architecture • You can’t live with it, you can’t live without it ‣ x86 is the de-facto standard that is not going away • CISC Architectures have: ‣ instructions vary in length • RISC typically has a “4-byte stream” ‣ small number of registers • Previous SFI techniques required five CSE598a/544 - Advanced Systems Security Page 5

  6. Normalizing CISC • Instruction “streams” are used by previous SFI techniques to verify branch target addresses • CISC has variable length instructions ‣ add “ nop ” padding to recreate sanity • no instruction crosses the 16-byte chunk boundary • The start of every 16-bytes is an instruction (“psuedo-stream”) ‣ What is the cost of this addition? • Largest percentage of performance overhead • From a storage perspective, binaries increase by 50-100% (but easily compressible) ‣ No one ever said security was free CSE598a/544 - Advanced Systems Security Page 6

  7. Efficient Protection • Make use of architecture and implementation specifics ‣ Use as few “special” registers as possible ( %ebp ) ‣ Smart memory range checking • Frame pointer ( %ebp ) only set at start of function ‣ check on set • Stack pointer ( %esp ) frequently modified ‣ This one is a little more tricky (problematic in related work) ‣ check before jump ‣ Efficient address “checking” with bitwise and • code regions with simple higher order bits • use mask to ensure the address is where you want it to be ‣ Modern x86 processors keep shadow stacks for branch prediction, therefore, we want to keep ret instructions CSE598a/544 - Advanced Systems Security Page 7

  8. Formal Analysis • Not something you see every day • The ACL2 theorem-proving system acts on Lisp implementations of a model system ‣ Implemented an x86 simulator ‣ Proves verifier achieves safety goals • The rewriter was not analyzed CSE598a/544 - Advanced Systems Security Page 8

  9. Back to Buffer Overflows • What does all of this do for buffer overflows? ‣ Binaries verified to provide fault containment ‣ The verifier has been verified ‣ They solved buffer overflows, right? • Is the model correct? • Is containment the answer? ‣ Does this work for real programs? • Apache, Bind? OpenSSH? CSE598a/544 - Advanced Systems Security Page 9

  10. Take-away • A lot of interesting optimizations have been applied to make a previously discounted idea applicable to real systems • Knowing what an arbitrary program will do is impossible; ‣ however, it may be good enough to be sure that a program with specific properties will act in specific ways. CSE598a/544 - Advanced Systems Security Page 10

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CISC 323 Intro to Software Engineering Week 8: Software Architecture (Continued) CISC 323

CISC 323 Intro to Software Engineering Week 8: Software Architecture (Continued) CISC 323

CISC 323 Intro to Software Engineering Week 8: Software Architecture (Continued) CISC 323 Intro to Software Engineering Lecture 8-1 Data-Centered and Interpreter Architectural Styles Architectural Style Examples [Shaw&Garlan]

1.33k views • 83 slides
CISC 322 Software Architecture Lecture 10: Linux Architecture Emad Shihab Paper by: Ivan T.

CISC 322 Software Architecture Lecture 10: Linux Architecture Emad Shihab Paper by: Ivan T.

CISC 322 Software Architecture Lecture 10: Linux Architecture Emad Shihab Paper by: Ivan T. Bowman, Richard C. Holt and Neil V. Brewster Recap of Last Class Layered Style Virtual Machine Client-Server Architecture Recovery Why

516 views • 19 slides
CISC 322 Software Architecture Lecture 09: Architecture Styles (4) Emad Shihab Adapted from

CISC 322 Software Architecture Lecture 09: Architecture Styles (4) Emad Shihab Adapted from

CISC 322 Software Architecture Lecture 09: Architecture Styles (4) Emad Shihab Adapted from Ahmed E. Hassan and Spiros Mancoridis Recap of Last Class Automated Stock Trading System Two architectures Pipe-and-Filter + Repository +

187 views • 18 slides
Evaluating the Productivity of a Evaluating the Productivity of a Multicore Architecture

Evaluating the Productivity of a Evaluating the Productivity of a Multicore Architecture

Evaluating the Productivity of a Evaluating the Productivity of a Multicore Architecture Multicore Architecture Jeremy Kepner and Nadya Bliss MIT Lincoln Laboratory HPEC 2008 This work is sponsored by the Department of Defense under Air Force

343 views • 31 slides
CISC 322 Software Architecture Lecture 11: Reference Architecture Emad Shihab Paper by: Ahmed

CISC 322 Software Architecture Lecture 11: Reference Architecture Emad Shihab Paper by: Ahmed

CISC 322 Software Architecture Lecture 11: Reference Architecture Emad Shihab Paper by: Ahmed E. Hassan and Richard C. Holt Schedule Today No class Midterm Concep. Concep. Arch. Arch. Pres. Report Recap of Last Class Architecture

543 views • 26 slides
CISC / RISC Complex / Reduced Instruction Set Computers CISC / RISC p. 1/12 Instruction

CISC / RISC Complex / Reduced Instruction Set Computers CISC / RISC p. 1/12 Instruction

Systems Architecture CISC / RISC Complex / Reduced Instruction Set Computers CISC / RISC p. 1/12 Instruction Usage Instruction Group Average Usage 1 Data Movement 45.28% 2 Flow Control 28.73% 3 Arithmetic 10.75% 4 Compare

1.3k views • 12 slides
CISC 322 Software Architecture Lecture 04: Non Functional Requirements (NFR) Quality

CISC 322 Software Architecture Lecture 04: Non Functional Requirements (NFR) Quality

CISC 322 Software Architecture Lecture 04: Non Functional Requirements (NFR) Quality Attributes Emad Shihab Adapted from Ahmed E. Hassan and Ian Gorton Last Class - Recap Lot of ambiguity within stakeholders Focus on the needs,

1.07k views • 29 slides
John Reagan 1 VAX/VMS Digital introduced the VAX-11, a 32-bit CISC architecture, 40 years ago

John Reagan 1 VAX/VMS Digital introduced the VAX-11, a 32-bit CISC architecture, 40 years ago

Porting OpenVMS using LLVM John Reagan 1 VAX/VMS Digital introduced the VAX-11, a 32-bit CISC architecture, 40 years ago in 1977 (before most of you were born) Modeled after the PDP-11 with 16 general purpose registers used for integer

592 views • 12 slides
CISC 322 Software Architecture Lecture 01: Introduction and Admin Emad Shihab Adapted from:

CISC 322 Software Architecture Lecture 01: Introduction and Admin Emad Shihab Adapted from:

CISC 322 Software Architecture Lecture 01: Introduction and Admin Emad Shihab Adapted from: Ahmed E. Hassan 1 Waterfall Development Process Requirement Software Requirements Engineering Specification (SRS) Architecture Analysis

608 views • 21 slides
CISC 322 Software Architecture Lecture 08: Architecture Styles (3) Emad Shihab Automated Stock

CISC 322 Software Architecture Lecture 08: Architecture Styles (3) Emad Shihab Automated Stock

CISC 322 Software Architecture Lecture 08: Architecture Styles (3) Emad Shihab Automated Stock Trading System A customer approaches YOURSTRULYTradingSolutions with the need for an architecture design for an automated stock trading

192 views • 4 slides
EAP ATAM and Collaboration at the Enterprise Level Evaluating Software Architecture ATAM The

EAP ATAM and Collaboration at the Enterprise Level Evaluating Software Architecture ATAM The

EAP ATAM and Collaboration at the Enterprise Level Evaluating Software Architecture ATAM The Architecture Trade-off Analysis Method n Evaluating software architecture Determines if the architecture meets the business drivers One of its

148 views • 11 slides
CISC 322 Software/Game Architecture Module 4: Examples of Architectures (Linux) Ahmed E. Hassan

CISC 322 Software/Game Architecture Module 4: Examples of Architectures (Linux) Ahmed E. Hassan

CISC 322 Software/Game Architecture Module 4: Examples of Architectures (Linux) Ahmed E. Hassan Linux as a Case Study: Its Extracted Software Architecture Paper By: Ivan T. Bowman, Richard C. Holt and Neil V. Brewster Slides By: Jack

463 views • 15 slides
CISC 322 Software Architecture Lecture 21: Final Review Emad Shihab Course Content

CISC 322 Software Architecture Lecture 21: Final Review Emad Shihab Course Content

CISC 322 Software Architecture Lecture 21: Final Review Emad Shihab Course Content Requirements Architectural Styles Architecture Recovery Design Patterns Project Scheduling Software Estimation Requirements

628 views • 19 slides
CISC 326 Game Architecture Module 6: Reference Architectures (Web Servers

CISC 326 Game Architecture Module 6: Reference Architectures (Web Servers

CISC 326 Game Architecture Module 6: Reference Architectures (Web Servers and Web Browsers) Ahmed E. Hassan A Reference Architecture for Web Servers Ahmed Hassan and Richard Holt Software Architecture

573 views • 31 slides
CISC 326 Game Architecture Module 02: Challenges In Game Development Ahmed E. Hassan (with

CISC 326 Game Architecture Module 02: Challenges In Game Development Ahmed E. Hassan (with

CISC 326 Game Architecture Module 02: Challenges In Game Development Ahmed E. Hassan (with slides from Drs. Scott Grant and Nick Graham) World of Warcraft Released November 23, 2004 after a closed beta Over 100 million lifetime players

1.12k views • 62 slides
CISC Design: Implementation from HFC Virendra Singh Associate Professor Computer Architecture

CISC Design: Implementation from HFC Virendra Singh Associate Professor Computer Architecture

CISC Design: Implementation from HFC Virendra Singh Associate Professor Computer Architecture and Dependable Systems Lab Department of Electrical Engineering Indian Institute of Technology Bombay http://www.ee.iitb.ac.in/~viren/ E-mail:

875 views • 42 slides
CS31001 COMPUTER ORGANIZATION AND ARCHITECTURE Debdeep Mukhopadhyay, CSE, IIT Kharagpur The

CS31001 COMPUTER ORGANIZATION AND ARCHITECTURE Debdeep Mukhopadhyay, CSE, IIT Kharagpur The

CS31001 COMPUTER ORGANIZATION AND ARCHITECTURE Debdeep Mukhopadhyay, CSE, IIT Kharagpur The Instruction Set Architecture (ISA): From CISC to RISC 1 Complex Instructions The ISA for MIPS was simple. Instead, we can have more complex

363 views • 25 slides
Interface between CISC and Detector Facilities A. Cervera S. Gollapinni Contents of interface

Interface between CISC and Detector Facilities A. Cervera S. Gollapinni Contents of interface

CISC meeting 13/02/2019 Interface between CISC and Detector Facilities A. Cervera S. Gollapinni Contents of interface document Introduction Detector Integration DUNE Detector Infrastructure Detector Support Structures (DSS)

1.05k views • 14 slides
Processor Architectures 2 Schedule Exam 3 Tuesday,

Processor Architectures 2 Schedule Exam 3 Tuesday,

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Processor Architectures 2 Schedule Exam 3 Tuesday,

363 views • 23 slides
Instruction Set Architecture ( ISA ) 1 / 28 instructions 2 / 28 Instruction Set Architecture

Instruction Set Architecture ( ISA ) 1 / 28 instructions 2 / 28 Instruction Set Architecture

Instruction Set Architecture ( ISA ) 1 / 28 instructions 2 / 28 Instruction Set Architecture Also called (computer) architecture Implementation --> actual realisation of ISA ISA can have multiple implementations ISA allows

825 views • 28 slides
T o w a a r r d d s s B B e e t t t e r C C o o d d e e G G e e n

T o w a a r r d d s s B B e e t t t e r C C o o d d e e G G e e n

D mi t r y B o r i s e n k o v , L e o n i d K h o l o d o v , D mi t r y S h t u k e n b e r g T o w a a r r d d s s B B e e t t t e r C C o o d d e e G G e e n n e e

313 views • 12 slides
Blackfin Processor Architecture Processor Architecture Blackfin Instructor: Prof. Andy Wu

Blackfin Processor Architecture Processor Architecture Blackfin Instructor: Prof. Andy Wu

Graduate Institute of Electronics Engineering, NTU Blackfin Processor Architecture Processor Architecture Blackfin Instructor: Prof. Andy Wu ACCESS IC LAB ACCESS IC LAB Graduate Institute of Electronics Engineering, NTU Introduction

576 views • 56 slides
Compilers and computer architecture: The RISC-V architecture Martin Berger 1 November 2019 1

Compilers and computer architecture: The RISC-V architecture Martin Berger 1 November 2019 1

Compilers and computer architecture: The RISC-V architecture Martin Berger 1 November 2019 1 Email: M.F.Berger@sussex.ac.uk , Office hours: Wed 12-13 in Chi-2R312 1 / 1 Recall the function of compilers 2 / 1 Introduction In previous

1.4k views • 106 slides
Reduced Instruction Set Computers Raul Queiroz Feitosa Parts of these slides are from the

Reduced Instruction Set Computers Raul Queiroz Feitosa Parts of these slides are from the

Reduced Instruction Set Computers Raul Queiroz Feitosa Parts of these slides are from the support material provided by W. Stallings Objective To provide an overview of the innovations in the areas of computer organization and architecture

347 views • 17 slides

More recommend