Program Partitioning Program Partitioning for Secure E xecution - - PowerPoint PPT Presentation

Program Partitioning Program Partitioning for Secure E xecution for Secure E xecution

• G. E

dwa rd Suh Cha rle s W. O’ Do nne ll Srini De va da s

Se pte mb e r 24, 2004 4th MI T CSAI L Co mpute r Arc hite c ture Wo rksho p

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 2

Licensing Licensing

$o ftwa re L ic e nsing impo rta nt So ftwa re ma king mo ne y Jo b s a fte r g ra dua tio n Alte rna tive s pro b le ma tic Se rvic e inste a d o f so ftwa re F re e so ftwa re , b ug suppo rt

⇒

Pa st me tho ds po o r Online L ic e nse Authe ntic a tio n Se ria l Numb e rs Do ng le s

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 3

Polling No Good Polling No Good

Do ng le / Online Ve rific a tio n simply polling “Che c ks” a re no t c ritic a l to a pplic a tio n’ s func tio na lity E a sily b ypa sse d

Control Flows:

Start Program Start Program Authenticate Run Program

Serial Number

Run Program Run Program Authenticate Dongle

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 4

Secure CPUs? Secure CPUs?

AE GIS to the re sc ue ?

E nc rypt a pplic a tio n, tie to CPU/ ma c hine Pe o ple use ma ny ma c hine s Ma jo r pro b le ms with Se c ure CPUs? T he y’ re slo w T he y do n’ t run ve ry fa st (Se rio usly, simply c a n’ t b e a t “no rma l” CPUs) T ie L ic e nse to a Pe rso n?

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 5

Portable Protected Processor (PPP) Portable Protected Processor (PPP)

Se c ure CPU (e ntire trust b a se ) o n a sing le do ng le So le ly ide ntifie d a s yo urs (PUF ) Put o n yo ur ke yc ha in Dumb te rmina ls e xe c ute a ll c o de via PPP (who lly e nc rypte d just fo r yo u) using this do ng le

But this wo uld b e e ve n slowe r

ARxHe8#9 Yt3(2Sx! mov eax,0x5 cmp eax,sp

PPP

CPU PUF

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 6

Only use PPP when necessary Only use PPP when necessary

“Che c k” PPP like o ld do ng le s (But wa y c o o le r b e c a use sma rte r? ) F unda me nta lly sa me pro b le m Minima l re q uire me nts: (1) Pro te c te d Pro g ra m r

e quir e s yo ur PPP to wo rk

(2) Pro te c te d Pro g ra m can e ncr

ypt so me pro prie ta ry

a lg o rithms

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 7

Program Partitioning Program Partitioning

Pa rtitio n the pro g ra m into plain a nd e ncr

ypte d te xt

E xe c ute e nc rypte d te xt (o nly) o n PPP E nc rypte d “c o de ” is no t use le ss (like do ng le c he c ks) b ut c ritic a l to the e xe c utio n o f the a pplic a tio n Ca n a lso e nc rypt pro prie ta ry a lg o rithms

Start Snood™ draw_snoods() free_snoods() shoot_snood() up_score() Start Snood™ draw_snoods() free_snoods() E5AxPO22qWuzB PPP 8Tz03HJfe28mQ shoot_snood() PPP up_score()

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 8

Partitioning Balance Partitioning Balance

E nc rypte d re g io ns o n c ritic a l pa th E nc rypte d re g io ns sma ll, imita te -a b le ?

draw_snoods() free_snoods() E5AxPO22qWuzB PPP shoot_snood() draw_snoods() free_snoods() E5AxPO22qWuzB copy_shoot()

Balance wha t po rtio ns to e nc rypt, whic h no t to

L e ss e nc ryptio n fa ste r Mo re e nc ryptio n ha rde r to re ve rse -e ng ine e r

⇒ ⇒

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 9

Solution Requirements Solution Requirements

S

• me so lutio n sho uld a nswe r…

Adve rsa ria l Mo de l

• r

Parame te rizable me tho do lo g y fo r diffe re nt a dve rsa rie s

Me tric fo r “le ve l o f se c urity” T ra nsitio n po int stra te g y a nd a tta c k re pulsio n Arc hite c tura l mo dific a tio ns fo r spe e d

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 10

Transitions: Toy ideas Transitions: Toy ideas

Co mpile r & Huma n De te rmine d E a sie r with c o mpile r in trust-b a se L a ng ua g e -le ve l de finitio n fo r pro prie ta ry a lg o rithms Co ntro l flo w g ra ph inte rpre ta tio n Co mpile r de te rmina tio n o f c ritic a l pa ths Mo nito r c o de a dditio n I nte rwo ve n with re q uire d c o de

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 11

Attack Complexity: Toy ideas Attack Complexity: Toy ideas

Ob fusc a tio n te c hniq ue s I nc re a se s I ng re ss a nd E g re ss c o unt Co ntro l flo w g ra ph unio nizing with unre la te d flo w Simila r to wa te rma rking te c hniq ue s Da ta flo w g ra ph ma nipula tio ns

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 12

Architectural Modifications: Toy Ideas Architectural Modifications: Toy Ideas

PPP ha s slo w inte rfa c e T ry to ke e p/ re use da ta within PPP But simplifie s a tta c k Ne e d ve ry fa st switc hing b e twe e n Ho st PC a nd PPP Mig ht ne e d e xtra c o nte xt o r ta g g e d a wa re ne ss Ho st CPU multita sking

PPP

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 13

Beyond Licensing Beyond Licensing

PPP uniq ue ly ide ntifie s you with a pplic a tio n Pe rso na lize d se tting s Se c ure I de ntity situa tio ns (o nline purc ha se , e tc ) Ne e d stro ng e r pr

ivacy mo de l

E nd-to -e nd pro te c tio n o f da ta le a ving PPP

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 14

Summary Summary

PPP tie d to lic e nse o f so ftwa re Pa rtitio n e nc rypte d a nd pla in te xt o f a pplic a tio n so ftwa re a lo ng c ritic a l pa th Co mpile r & Huma n de te rmine d tra nsfo rma tio ns to de fe nd a tta c ks a nd pro te c t I P Arc hite c tura l c ha ng e s ne e de d fo r e ffic ie nc y E xte nding PPP g ive s mo re po ssib ilitie s

Program Partitioning for Secure Execution | 4th MIT CSAIL Computer Architecture Workshop 15

Thanks Thanks