n variant systems a secretless framework for security
play

N-Variant Systems A Secretless Framework for Security through - PowerPoint PPT Presentation

Jan 19, 2024 •260 likes •549 views

N-variants N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. Presented by: Stephen McLaughlin Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through N-variants The

  1. N-variants N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. Presented by: Stephen McLaughlin Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  2. N-variants The problem Software homogeneity makes the process of leveraging a known exploit easy. Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  3. N-variants Some solutions ◮ Address space randomization [] ◮ Instruction set randomization [] ◮ But how random are they... Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  4. N-variants Problem with solutions ◮ “Typically, these properties are determined by a secret key used to control the randomization.” ◮ Discussion: Is this really good enough? Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  5. N-variants Solution to problem with solutions ◮ Authors posit that we can eliminate the need for secrets! ◮ All we need to do is run variants of a program with mutually exclusive exploits, hopefully with the property that: ◮ Not all variants can be exploited at the same time. Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  6. N-variants Contributions ◮ The N-variant concept ◮ A model for reasoning about properties of N-variant systems ◮ Two examples of variants: Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  7. N-variants Security Model - Framework overview Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  8. N-variants Security Model - TCB Only mentioned in passing Let’s try to reason about it: ◮ Variant programs: Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  9. N-variants Security Model - TCB ◮ Variant programs: Obviously not in TCB - receive malicious inputs, and are not verified ◮ Monitor: Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  10. N-variants Security Model - TCB ◮ Variant programs: Obviously not in TCB - receive malicious inputs, and are not verified ◮ Monitor: Must be in the TCB if it is to provide reference monitor guarantees ◮ Polygrapher: Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  11. N-variants Security Model - TCB ◮ Variant programs: Obviously not in TCB - receive malicious inputs, and are not verified ◮ Monitor: Must be in the TCB if it is to provide reference monitor guarantees ◮ Polygrapher: No idea for now Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  12. N-variants Security Model - TCB Not explicitly mentioned in the paper Let’s try to reason about it: ◮ Variant programs: Obviously not trusted Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  13. N-variants From a reference monitor perspective ◮ What does it mediate? ◮ Is there a policy? ◮ Will come back to the next two ◮ Tamperproof? ◮ Verifiable? Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  14. N-variants Related Work ◮ Automated program diversity - Random instruction sets, system calls, address space layouts, etc. ◮ Redundant execution - fault tolerance, reliability ◮ Misc. - Non-executable pages, memory tainting, canaries Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  15. N-variants N-variant model Three parts ◮ The model - executions for original program and its variants ◮ Two properties about the model - Normal equivalence and Detection Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  16. N-variants Model ◮ Each program variant creates an execution: [ S 0 , S 1 , . . . ], a possibly infinite sequence of program states. ◮ The set of states for all variants is represented as a tuple of states for each variant at each step of execution: [ < S 0 , 0 , S 0 , 1 , . . . S 0 , N − 1 >, < S 1 , 0 , S 1 , 1 , . . . S 1 , N − 1 >, . . . ]. ◮ A canonicalization function C , is needed to transform the state of each variant to the form of the states of the original program. So, C ( S 0 , 0 ) = C ( S 1 , 0 ). Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  17. N-variants Normal Equivalence Property ◮ normal state : the variant is executing as intended. ◮ Normal Equivalence : If all variants are in a normal state, then they must have the same canonical state. ◮ More formally: ∀ s 1 , s 2 ∈ < S i >, s 1 , s 2 ∈ Normal → C ( s 1 ) = C ( s 2 ). ◮ Proved by induction over the number of normal state transitions. Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  18. N-variants Detection Property ◮ compromised state : the variant has been successfully compromised by an attack ◮ alarm state : a variant’s anomalous behavior is detected by the monitor. ◮ Detection Property : If the Normal Equivalence Property is satisfied then if a variant is in a compromised state, another variant is in an alarm state. Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  19. N-variants So what? ◮ What does this model actually tell us? ◮ Can we build a system that follows this model? ◮ What would this require? Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  20. N-variants Variants - Address Space Partitioning ◮ Threat : Exploits based on absolute addresses ◮ example: format string printf(str); ◮ Mitigation : Variants have mutually exclusive address spaces making a malicious address unreachable by more than one variant Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  21. N-variants Variants - Instruction Set Tagging ◮ Threat : Exploits that inject executable code to the stack ◮ example: Buffer overflow to overwrite return address ◮ Mitigation : Place a different tag on instructions from each variant Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  22. N-variants Kernel Implementation Goals: ◮ Reduce nondeterminism - Processes should be synchronized - Why is this required? ◮ Increase granularity of monitoring - Why is this required? Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  23. N-variants Kernel Implementation - Reducing Nondeterminism ◮ System calls are wrapped with synchronization primitives that force variants to execute calls in direct succession. Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  24. N-variants Evaluation Meh, we did it. It works. It’s not too slow. ◮ What did they evaluate? ◮ Did we learn anything about N-variants that we didn’t know before? ◮ Were there any lessons learned about the implementation? Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  25. N-variants Back to reference monitor guarantees ◮ complete mediation : Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  26. N-variants Back to reference monitor guarantees ◮ complete mediation : No - monitoring is done at intervals ◮ tamperproof : Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  27. N-variants Back to reference monitor guarantees ◮ complete mediation : No - monitoring is done at intervals ◮ tamperproof : No - by definition depends on input from potentially low integrity or malicious programs ◮ verifiable : ... Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

  28. N-variants Limitations ◮ Does not address recover from exploit, only detection ◮ May lead to denial of service ◮ Model is not subject to race conditions but actual implementation is ◮ Variant properties could be spoofed by a well crafted exploit ◮ Actual implementation only monitors the output of the variants ◮ N=2 Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GHUMVEE: Efficient, Effective and Flexible Replication Stijn Volckaert Computer Systems Lab

GHUMVEE: Efficient, Effective and Flexible Replication Stijn Volckaert Computer Systems Lab

Vakgroep ELIS GHUMVEE: Efficient, Effective and Flexible Replication Stijn Volckaert Computer Systems Lab Ghent University Belgium N-modular Redundancy variant 1 input variant 2 monitor output variant 3 equivalent components 2

450 views • 16 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g ,

Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g ,

handshake 1 Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g , where K fg can be hash AB authentication not mutual connection hijacking off-line password attack compromise of database

424 views • 16 slides
Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in

Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in

Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in my patient pathogenic or benign? &quot;The Doctor&quot; by Sir Luke Fildes (1891) Drop in genome price drives increase in patient variant

500 views • 22 slides
&lt;? &lt;?php php $ret = $ret = foo foo($a ($a); ); // C++ // C++ Variant v_ret Variant

&lt;? &lt;?php php $ret = $ret = foo foo($a ($a); ); // C++ // C++ Variant v_ret Variant

&lt;? &lt;?php php $ret = $ret = foo foo($a ($a); ); // C++ // C++ Variant v_ret Variant v_ret; ; Variant Variant v_a v_a; ; v_ret v_ret = = f_foo f_foo(v_a (v_a); ); Facebook 2010 (confidential) &lt;?php &lt;?

287 views • 12 slides
AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems Firmwares Jonas Zaddach

AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems Firmwares Jonas Zaddach

AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems Firmwares Jonas Zaddach (zaddach@eurecom.fr) Luca Bruno, Aurlien Francillon, Davide Balzarotti Outline Introduction AVATAR overview Framework components

1.09k views • 44 slides
IDN Variant TLDs Program Update IDN Variant TLDs Program Origins No variants of gTLDs will be

IDN Variant TLDs Program Update IDN Variant TLDs Program Origins No variants of gTLDs will be

IDN Variant TLDs Program Update IDN Variant TLDs Program Origins No variants of gTLDs will be delegated until appropriate variant management solutions are developed http://www.icann.org/en/groups/board/do

533 views • 31 slides
Variant and Invariant States for Reaction Systems S. Srinivasan, J. Billeter and D. Bonvin

Variant and Invariant States for Reaction Systems S. Srinivasan, J. Billeter and D. Bonvin

Variant and Invariant States for Reaction Systems S. Srinivasan, J. Billeter and D. Bonvin Laboratoire dAutomatique EPFL, Lausanne, Switzerland TFMST 2013, Lyon Laboratoire dAutomatique EPFL Variant and Invariant States 1 / 13

515 views • 13 slides
A Simpler Variant of Universally Composable Security for Standard Multi Party Computation Chlo

A Simpler Variant of Universally Composable Security for Standard Multi Party Computation Chlo

A Simpler Variant of Universally Composable Security for Standard Multi Party Computation Chlo e H ebant Ecole Normale Sup erieure February 22, 2018 Chlo e H ebant (ENS) Working Group: SUC Security February 22, 2018 1 / 18

898 views • 42 slides
Variant Effect Predictor Demo: The Variant Effect Predictor (VEP)

Variant Effect Predictor Demo: The Variant Effect Predictor (VEP)

Variant Effect Predictor Demo: The Variant Effect Predictor (VEP) We have identified five variants on human chromosome nine, an A deletion at 128328461, C-&gt;A

301 views • 7 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Coded Variant List - Background Exis involved in EDI transmission with customers such as OOCL,

Coded Variant List - Background Exis involved in EDI transmission with customers such as OOCL,

IMDG Code - Coded Variant List Presentation to SMDG Group James Douglas, Paul Ainscough, Exis Technologies Exis Technologies Leading supplier of computerised systems for the m anagement of dangerous goods Over 25 years experience of

572 views • 30 slides
National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security

National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security

Federal Information Systems Security Educators March 19, 2014 National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security (DHS) National Cybersecurity Education &amp; Awareness Branch (CE&amp;A) T HE CYBER THREAT

315 views • 13 slides
Variant-Related Issues Variant TLD Issues Project Goal

Variant-Related Issues Variant TLD Issues Project Goal

Variant-Related Issues Variant TLD Issues Project Goal Iden0fy and agree on issues related to variants that should be included in the report 2

218 views • 10 slides
Jorge Jimnez Variant calling jjimeneza@cipf.es Index 1. Variant calling pipeline 2.

Jorge Jimnez Variant calling jjimeneza@cipf.es Index 1. Variant calling pipeline 2.

Jorge Jimnez Variant calling jjimeneza@cipf.es Index 1. Variant calling pipeline 2. Alignment processing 3. SNP calling 4. Short indel calling 5. VCF format 6. Structural Variation Jorge Jimnez Variant calling jjimeneza@cipf.es

1.12k views • 40 slides
Open problem session Representation Theory XVI Dubrovnik June 28, 2019 July 5, 2019 1

Open problem session Representation Theory XVI Dubrovnik June 28, 2019 July 5, 2019 1

Open problem session Representation Theory XVI Dubrovnik June 28, 2019 July 5, 2019 1 Introduction These are open problems presented at the last meeting of the Lie Groups Section at the conference Representation Theory XVI held at the

434 views • 9 slides
From Hospitals to Molecules: Learning Biology through Observational Clinical Data Rami Vanguri

From Hospitals to Molecules: Learning Biology through Observational Clinical Data Rami Vanguri

From Hospitals to Molecules: Learning Biology through Observational Clinical Data Rami Vanguri Department of Biomedical Informatics Columbia University OSG All Hands Meeting March 7, 2017 San Diego Supercomputer Center, La Jolla, CA My

363 views • 25 slides
8. Shared Intention &amp; Motor Representation in Joint Action butterfillS@ceu.hu

8. Shared Intention &amp; Motor Representation in Joint Action butterfillS@ceu.hu

8. Shared Intention &amp; Motor Representation in Joint Action butterfillS@ceu.hu butterfillS@ceu.hu Outline 1. The leading philosophical approach to shared agency 2. Limits of this approach 3. (Building blocks for) an alternative approach

1.47k views • 110 slides
An introduction to Krivine realizability Alexandre Miquel D E . . O L - P O G I U I

An introduction to Krivine realizability Alexandre Miquel D E . . O L - P O G I U I

Introduction 2nd-order arithmetic (PA2) The c -calculus Realizability Adequacy Witness extraction An introduction to Krivine realizability Alexandre Miquel D E . . O L - P O G I U I Q C E A U R D A E L July 20th,

989 views • 61 slides
ACO Investment Model Application Guidance for ACOs that Began Participating in the Medicare

ACO Investment Model Application Guidance for ACOs that Began Participating in the Medicare

ACO Investment Model Application Guidance for ACOs that Began Participating in the Medicare Shared Savings Program in 2012 or 2013 Meg Cox, ACO Division Director Stephen Jenkins, Model Lead November 6 th , 2014 ACO Investment Model The ACO

662 views • 24 slides
http://golang.org Sunday, October 3, 2010 The Expressiveness of Go Rob Pike JAOO Oct 5, 2010

http://golang.org Sunday, October 3, 2010 The Expressiveness of Go Rob Pike JAOO Oct 5, 2010

http://golang.org Sunday, October 3, 2010 The Expressiveness of Go Rob Pike JAOO Oct 5, 2010 http://golang.org Sunday, October 3, 2010 Who 2 Sunday, October 3, 2010 Team Russ Cox Robert Griesemer Rob Pike Ian Taylor Ken Thompson

768 views • 49 slides
The Coming Kingdom Chapter 17 Dr. Andy Woods Senior Pastor Sugar Land Bible Church

The Coming Kingdom Chapter 17 Dr. Andy Woods Senior Pastor Sugar Land Bible Church

Dr. Andy Woods The Coming Kingdom 12/5/2018 The Coming Kingdom Chapter 17 Dr. Andy Woods Senior Pastor Sugar Land Bible Church President Chafer Theological Seminary Kingdom Study Outline 1. What does the Bible Say About the

260 views • 22 slides
Count kit within an Early Childhood setting. Compiled by : Shaanii-Grace Robinson Early Childhood

Count kit within an Early Childhood setting. Compiled by : Shaanii-Grace Robinson Early Childhood

The use of items in the Crayons Count kit within an Early Childhood setting. Compiled by : Shaanii-Grace Robinson Early Childhood Education Consultant The Early Childhood Commission Vision All Children having access to high quality early

686 views • 35 slides

More recommend