rifle an architectural framework for user centric
play

RIFLE: An Architectural Framework for User-Centric Information-Flow - PowerPoint PPT Presentation

Apr 12, 2023 •217 likes •426 views

RIFLE: An Architectural Framework for User-Centric Information-Flow Security Neil Vachharajani Matthew J. Bridges Jonathan Chang Ram Rangan Guilherme Ottoni Jason A. Blome George A. Reis Manish Vachharajani David I. August

  1. RIFLE: An Architectural Framework for User-Centric Information-Flow Security Neil Vachharajani · Matthew J. Bridges Jonathan Chang · Ram Rangan Guilherme Ottoni · Jason A. Blome · George A. Reis Manish Vachharajani · David I. August Liberty Research Group Princeton University

  2. Information- -Flow Security in the Real World Flow Security in the Real World Information IRS provides RIFLE: Information Flow Security tax forms IRS.gov Financial Tax Prep Alice Info Software Barrier Alice enters TaxPrep, Inc. her financial TaxPrep.com provides software information patches http://www.liberty-research.org The Liberty Research Group 2

  3. Information- -Flow Security in the Real World Flow Security in the Real World Information Financial Info IRS provides RIFLE: Information Flow Security Barrier tax forms IRS.gov Tax Prep Alice Software Alice enters TaxPrep, Inc. her financial TaxPrep.com provides software information patches http://www.liberty-research.org The Liberty Research Group 3

  4. Information- -Flow Security in the Real World Flow Security in the Real World Information All programs must be assumed unsafe Malicious programs intentionally leak information • Buggy programs that unintentionally leak information • RIFLE: Information Flow Security User-Centric Information-Flow Security 1. Users want to establish their own security policy • CIA's security needs differ from Joe Average's 2. Users want data-dependent security policies • Web browser with web search form data • Web browser with banking login form data 3. Users should not have to sacrifice security for functionality • All programs should be secure or securable • Only security holes that will be realized are significant http://www.liberty-research.org The Liberty Research Group 4

  5. Definition of Security: Non- -Interference Interference Definition of Security: Non Integrity • Untrusted inputs should not affect trusted outputs RIFLE: Information Flow Security • Example: prevent input from being executed [Suh 04, Crandall 04] Confidentiality [Denning 76, Myers 97, Myers 99, Tse 04] • High security inputs should not affect low security outputs • Example: tax preparation software Key mechanism: tracking flow of information through code • Integrity/confidentiality are dual • Policies and enforcement rely on information flow http://www.liberty-research.org The Liberty Research Group 5

  6. Information- -Flow Security: Tainting Data Flow Security: Tainting Data Information • Used in Perl’s “taint” mode and other works [Denning 76, Suh 04, Crandall 04] RIFLE: Information Flow Security Program inputs are tainted or 1. add r4 = r1 , r2 labeled with a security class add r5 = r4 ,r3 2. Labels propagate through div r6 = r5 , 3 computation sc .write, r6 3. Certain operations enforce a security policy by verifying operand labels for security http://www.liberty-research.org The Liberty Research Group 6

  7. Problems with the Taint Solution Problems with the Taint Solution mov r2=0 RIFLE: Information Flow Security Value bnez r1 ,L1 1 0 r1 r2 1 0 L1:mov r2=1 Control Flow Can sc .write,r2 Leak I nformation! http://www.liberty-research.org The Liberty Research Group 7

  8. User- -Centric Information Centric Information- -Flow Security Flow Security User Essential for User-Centric IFS Deal breaker for t User-Centric IFS r RIFLE: Information Flow Security t o n p s e n s p m o o u i e L S t Fundamentally c a e e r r m v o e c i r m n f t Impossible o n a a m f E v m n r a I y e r r o s c s g k i n f l o r a o o e r e P P C P L Taint [Suh 2004] Yes Dynamic No No Moderate Static Systems Rate Limited Static Yes Yes None [Denning 76, Myers 97, Myers 99] Static with Runtime Rate Limited Hybrid Yes Yes Little Principles [Tse 2004] Dynamic/ Ideal User-Centric No No No None Hybrid RIFLE Rate Limited Dynamic No Yes Moderate http://www.liberty-research.org The Liberty Research Group 8

  9. Naïve “Solution”: Taint the Program Counter Naïve “Solution”: Taint the Program Counter A mov r2=0, PC • Ops have implicit PC operand RIFLE: Information Flow Security • Label PC like other operands B • PC should be declassified after bnez PC = r1 ,L1 branch merge C Value L1:mov r2 =1, PC 1 0 r1 1 r2 0 D PC D D PC =declassify PC sc .write, r2 , PC Code can leak information whether it is executed or not! http://www.liberty-research.org The Liberty Research Group 9

  10. RIFLE: The Big Picture RIFLE: The Big Picture Binary Translator Compiled Code RIFLE: Information Flow Security Runtime Base ISA Compiler Environment (policy enforcer) Programmer’s User’s System System Compiled Code Unannotated Secure ISA Source Code Programmer End User http://www.liberty-research.org The Liberty Research Group 10

  11. Naïve Binary Translation Naïve Binary Translation RIFLE: Information Flow Security mov r2=0, PC bnez PC = r1 ,L1 L1:mov r2=1, PC Flow Dependence PC =declassify PC sc .write,r2, PC http://www.liberty-research.org The Liberty Research Group 11

  12. Naïve Binary Translation Naïve Binary Translation 1. Force every if to have an else RIFLE: Information Flow Security mov r2=0, PC bnez PC = r1 ,L1 L1:mov r2=1, PC Flow Dependence PC =declassify PC sc .write,r2, PC http://www.liberty-research.org The Liberty Research Group 12

  13. Naïve Binary Translation Naïve Binary Translation 1. Force every if to have an else 2. On each side of the branch, modify same variables RIFLE: Information Flow Security mov r2=0, PC bnez PC = r1 ,L1 mov r2 =r2, PC L1:mov r2 =1, PC L1:mov r2=1, PC Flow Flow Dependence Dependence PC =declassify PC sc .write, r2 , PC http://www.liberty-research.org The Liberty Research Group 13

  14. Naïve Binary Translation Naïve Binary Translation • But, what about memory? RIFLE: Information Flow Security mov r2=&x, PC bnez PC = r1 ,L1 st M[r1] =M[ r1 ], PC L1:st M[r1] =1, PC No Memory Possible Dependence Memory PC =declassify PC since r1 == 0 Dependence sc .write,M[r2], PC http://www.liberty-research.org The Liberty Research Group 14

  15. RIFLE Binary Translation RIFLE Binary Translation Key I nsight: Handle implicit flows at data use, not data definition. mov r2=&x RIFLE: Information Flow Security mov s10 = s1 bnez r1 ,L1 Control Dependence L1:< s10 > st M[ r1 ]=1 Possible Memory Dependence < s10 > sc .write,M[r2] http://www.liberty-research.org The Liberty Research Group 15

  16. Results: Security Results: Security Word Count (wc) • Function calls and returns • Global pointer, stack pointer RIFLE: Information Flow Security wc.NM wc.MAP load6.txt src4+2or6.txt Inputs Combined Command Line Program Binary PGP – identified unexpected information flows! • Key ring – each key labeled with a unique label • Plain text – colored with a unique label • Cipher text – • Expected: labeled with key’s label and plain text label • Actual: labeled with label of all keys up to used key and plain text label http://www.liberty-research.org The Liberty Research Group 16

  17. Hardware Implementation & Optimizations Hardware Implementation & Optimizations • All instructions create explicit flows • Use shadow registers/memory to store security labels • Augment processor data path to track explicit flows RIFLE: Information Flow Security • Transformation inserts redundant security register defines • Many instructions added • Many security registers needed add r1=0,1 add r1=0,1 mov s50 = s10 s50 = mov s10 mov s60 = s50 (r10) jump L2 (r10) jump L2 L1: <s50>(r1) jump L3 L1: <s50>(r1) jump L3 … … L2: <s50> add r1=0,0 L2: <s60> add r1=0,0 jump L1 jump L1 Before Opti After Opti http://www.liberty-research.org The Liberty Research Group 17

  18. Results: Performance Results: Performance Validated Itanium 2 model built in the Liberty Simulation Environment 2.5 RIFLE: Information Flow Security Double Cache Original Cache Normalized Runtimes 2.0 1.5 1.0 0.5 0.0 y f d c n r r 2 p f c l p c e t w a o p p i e f z m v s a w t e i d t g . z r r h M 5 . a t 2 b . c 1 . 4 7 t p 0 g . . 8 6 6 6 o 1 . 0 e 1 7 1 8 5 e 3 p 9 1 2 G m 1 http://www.liberty-research.org The Liberty Research Group 18

  19. Conclusions & Future Work Conclusions & Future Work • User-centric information flow security empowers users • User (not programmer) tailored security policy • Data-based (not program-based) security RIFLE: Information Flow Security • Any program (no need for special languages) can be secured • User-centric information flow security is possible • RIFLE provides user-centric information-flow security by: • Tracking flow and enforcing policies dynamically • Using static “hints” via binary translation to establish security • Future work • Improved performance – more optimization, hardware acceleration • JVM implementation – for broadened applicability • Declassification – allowing user-controlled data “leaks” http://www.liberty-research.org The Liberty Research Group 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

RIFLE An Architectural Framework for User-Centric Information-Flow Security Vachharajani, N. and

RIFLE An Architectural Framework for User-Centric Information-Flow Security Vachharajani, N. and

RIFLE An Architectural Framework for User-Centric Information-Flow Security Vachharajani, N. and Bridges, M.J. and Chang, J. and Rangan, R. and Ottoni, G. and Blome, J.A. and Reis, G.A. and Vachharajani, M. and August, D.I. Information Flow

977 views • 19 slides
A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural

A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural

A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural Access Control Access Control Jie Ren Department of Informatics University of California, Irvine Outline Overview Architecture and

917 views • 74 slides
User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining

User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining

User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining concepts and terms we thought were relevant - We told stories/use cases of user-centric process models in the wild as well as

907 views • 19 slides
GraVF: GraVF: A Vertex-Centric A Vertex-Centric Graph Processing Graph Processing Framework

GraVF: GraVF: A Vertex-Centric A Vertex-Centric Graph Processing Graph Processing Framework

GraVF: GraVF: A Vertex-Centric A Vertex-Centric Graph Processing Graph Processing Framework Framework on FPGA on FPGA Nina Engelhardt August 31, 2016 Graphs and Graph Traversal Algorithms 1 Vertex-centric Programming Model: From POV of

262 views • 9 slides
Old Windsor Rifle &amp; Pistol Club Who we are and what we do Old Windsor Rifle &amp; Pistol

Old Windsor Rifle &amp; Pistol Club Who we are and what we do Old Windsor Rifle &amp; Pistol

Old Windsor Rifle &amp; Pistol Club Who we are and what we do Old Windsor Rifle &amp; Pistol Club History of the club The Club was formed in 1977 by four pistol shooters. They leased a disused building from the Parish Council and

151 views • 11 slides
A Conceptual Framework for Network Centric Warfare Workshop on Network Centric Warfare and

A Conceptual Framework for Network Centric Warfare Workshop on Network Centric Warfare and

OFT ASDC3I A Conceptual Framework for Network Centric Warfare Workshop on Network Centric Warfare and Network Enabled Capabilities December 17-19, 2002 Ongoing Research Sponsored by OFT and ASD(C3I) EBR RAND OFT ASDC3I Agenda

1.39k views • 107 slides
The Big Picture So Far From the Architecture to the OS to the User : Architectural resources, OS

The Big Picture So Far From the Architecture to the OS to the User : Architectural resources, OS

The Big Picture So Far From the Architecture to the OS to the User : Architectural resources, OS management, and User Abstractions. Hardware abstraction Example OS Services User abstraction Processor Process management, Scheduling, Traps,

608 views • 13 slides
Summary User-centric Social Social Multimedia Multimedia Computing From Users: user-perceptive

Summary User-centric Social Social Multimedia Multimedia Computing From Users: user-perceptive

Summary User-centric Social Social Multimedia Multimedia Computing From Users: user-perceptive Content User-centric Cross-Network multimedia content analysis Multimedia computing On Users: social multimedia User activity-based user

498 views • 22 slides
5G As A User-Centric Network Xiao-Feng Qi Contents 5G at Huawei 5G Vision and Viewpoints A

5G As A User-Centric Network Xiao-Feng Qi Contents 5G at Huawei 5G Vision and Viewpoints A

5G As A User-Centric Network Xiao-Feng Qi Contents 5G at Huawei 5G Vision and Viewpoints A User-Centric View Huawei Began 5G Research since 2009 9 300+ $600m Research Centers Experts For 5G Research 2013~2018 By 2014 By 2014 Virtualized

390 views • 15 slides
Cross-Fertilization of HPC and Big Data Jean-Thomas Acquaviva, jtacquaviva@ddn.com Angelos

Cross-Fertilization of HPC and Big Data Jean-Thomas Acquaviva, jtacquaviva@ddn.com Angelos

Cross-Fertilization of HPC and Big Data Jean-Thomas Acquaviva, jtacquaviva@ddn.com Angelos Bilas, bilas@ics.forth.gr ICT11 14M 19 Partners User Centric Value Proposition User Centric Value Propostion User Centric Value Proposition

273 views • 13 slides
NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural is a family owned business, based in Colchester. The manufacturing facility is 70,000 sq. ft with a staff of over 50. What do we do? NES

274 views • 16 slides
XM107 Long Range Sniper Rifle Cal .50 Non-Developmental Item (NDI) rapid fire, materiel

XM107 Long Range Sniper Rifle Cal .50 Non-Developmental Item (NDI) rapid fire, materiel

XM107 Long Range Sniper Rifle Cal .50 Non-Developmental Item (NDI) rapid fire, materiel target destruction (semi-automatic) rifle Provides extended standoff ranges (1500m materiel &amp; 1000m personnel) Funding available will

129 views • 11 slides
Human C Centric User er Accep eptance T e Testing Rebecca Long @amaya30 #PNSQC2020 1

Human C Centric User er Accep eptance T e Testing Rebecca Long @amaya30 #PNSQC2020 1

Human C Centric User er Accep eptance T e Testing Rebecca Long @amaya30 #PNSQC2020 1 Human Centric User Acceptance Testing / @amaya30 # PNSQC2020 1 Hello! Rebecca Long @amaya30 Spokane, Washington QA Manager at Engie

426 views • 21 slides
A Long-Term User-Centric Analysis of Deduplication Patterns 32 nd International Conference on

A Long-Term User-Centric Analysis of Deduplication Patterns 32 nd International Conference on

A Long-Term User-Centric Analysis of Deduplication Patterns 32 nd International Conference on Massive Storage Systems and Technology (MSST 2016) Zhen Sun, 1,2 Geoff Kuenning, 3 Sonam Mandal, 2 Philip Shilane, 4 Vasily Tarasov, 5 Nong Xiao, 1,6

868 views • 18 slides
Homework: User-centric Networking Richard Mortier richard.mortier@nottingham.ac.uk

Homework: User-centric Networking Richard Mortier richard.mortier@nottingham.ac.uk

Homework: User-centric Networking Richard Mortier richard.mortier@nottingham.ac.uk http://www.homenetworks.ac.uk/ with University of Glasgow, Imperial College London, BT, Microsoft Research, Georgia Tech Acknowledgements A three year

628 views • 18 slides
An Architectural Framework for Accelerating Dynamic Parallel Algorithms on Reconfigurable

An Architectural Framework for Accelerating Dynamic Parallel Algorithms on Reconfigurable

An Architectural Framework for Accelerating Dynamic Parallel Algorithms on Reconfigurable Hardware Tao Chen, Shreesha Srinath Christopher Batten , G. Edward Suh Computer Systems Laboratory School of Electrical and Computer Engineering Cornell

546 views • 36 slides
SlideControl 2.0 TECHNOLOGY on the tissue. assumed. For the calculation of the fmowrate a

SlideControl 2.0 TECHNOLOGY on the tissue. assumed. For the calculation of the fmowrate a

www.envea.global PROCESS MONITORING SYSTEMS FOR SOLIDS Product Information FEATURES: Contactless throughput measurement for air slides No installations into the process 4 ... 20 mA trend signal for the fmow rate Fast recognition of Flow / No

517 views • 4 slides
Part I d v &gt; 0 : sink requiring d v flow into this node. 2 2 3 d v &lt; 0 : source

Part I d v &gt; 0 : sink requiring d v flow into this node. 2 2 3 d v &lt; 0 : source

Circulations with demands G = ( V , E ) . 3 v V there is a demand d v : 3 3 Part I d v &gt; 0 : sink requiring d v flow into this node. 2 2 3 d v &lt; 0 : source with Circulations with demands 2 d v units of flow

288 views • 4 slides
Chapter 3 Evaluating Process Capacity Process Flow Diagram Bottleneck and Capacity

Chapter 3 Evaluating Process Capacity Process Flow Diagram Bottleneck and Capacity

Chapter 3 Evaluating Process Capacity Process Flow Diagram Bottleneck and Capacity Utilization Multiple Types of Flow Units 1 Each pitch requires 2 days to review. A writer needs 10 days to develop a script. A team needs 30

495 views • 11 slides
NeST: Network Stack Tester Shanthanu S Rai, Narayan G, Dhanasekhar M, Leslie Monis, Mohit P.

NeST: Network Stack Tester Shanthanu S Rai, Narayan G, Dhanasekhar M, Leslie Monis, Mohit P.

Applied Networking Research Workshop 2020 acm sigcomm NeST: Network Stack Tester Shanthanu S Rai, Narayan G, Dhanasekhar M, Leslie Monis, Mohit P. Tahiliani Wireless Information Networking Group (WiNG) Department of Computer Science and

499 views • 14 slides
Language-Based Information-Flow Security Presenter: Yiming Zhang Goal of this paper? This is a

Language-Based Information-Flow Security Presenter: Yiming Zhang Goal of this paper? This is a

Language-Based Information-Flow Security Presenter: Yiming Zhang Goal of this paper? This is a survey paper that studies the research on information-flow security, especially on work that uses static program analysis. Why language-based

585 views • 24 slides
Document Automation in Microsoft Flow using DocumentsCorePack Clint Higley|

Document Automation in Microsoft Flow using DocumentsCorePack Clint Higley|

Document Automation in Microsoft Flow using DocumentsCorePack Clint Higley| clint.higley@mscrm-addons.com Michael Dohr | michael.dohr@mscrm-adddons.com Empowering Dynamics 365 Users Demo Requirement: A quote document should be sent to the

156 views • 5 slides
7. Dual flows and algorithms Duality review Minimum-cost flow dual Specialized flow

7. Dual flows and algorithms Duality review Minimum-cost flow dual Specialized flow

CS/ECE/ISyE 524 Introduction to Optimization Spring 201718 7. Dual flows and algorithms Duality review Minimum-cost flow dual Specialized flow duals Max-flow problems LP solvers Wrap-up Laurent Lessard

341 views • 30 slides
SESSION 3: CASH FLOW CLAIMS Cash Flows versus Earnings When asked to assess the financial

SESSION 3: CASH FLOW CLAIMS Cash Flows versus Earnings When asked to assess the financial

Aswath Damodaran 0 SESSION 3: CASH FLOW CLAIMS Cash Flows versus Earnings When asked to assess the financial health of a company, we almost invariably look at the accounting bottom line, i.e., earnings. There are two reasons why

111 views • 7 slides

More recommend