s oftware s ecurity and r andomization through p rogram p
play

S OFTWARE S ECURITY AND R ANDOMIZATION THROUGH P ROGRAM P ARTITIONING - PowerPoint PPT Presentation

Aug 26, 2023 •110 likes •338 views

S OFTWARE S ECURITY AND R ANDOMIZATION THROUGH P ROGRAM P ARTITIONING AND C IRCUIT V ARIATION M OVING T ARGET D EFENSE (MTD) 14 3 N OV 2014 Todd Andel Lindsey Whitehurst Todd McDonald School of Computing University of South Alabama Work

  1. S OFTWARE S ECURITY AND R ANDOMIZATION THROUGH P ROGRAM P ARTITIONING AND C IRCUIT V ARIATION M OVING T ARGET D EFENSE (MTD) ’ 14 3 N OV 2014 Todd Andel Lindsey Whitehurst Todd McDonald School of Computing University of South Alabama Work performed under NSF grants CNS-1305369, DUE-1241675, DUE-1303384 University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  2. Hypothesis 2 Partitioning security critical program sections to FPGAs may mitigate many software security risks that rely on jumping within a program’s address space. Since we utilize reconfigurable hardware, our partition approach can be used to provide a dynamic and adaptive software layout, resulting in a continually changing target. University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  3. Overview 3 • Hardware/Software Paradigm and Program Partitioning • Partitioning for Software Security • Where we’re at • Transitioning Towards Dynamic Target University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  4. Hardware / Software Paradigm 4 Program Target GPP Compile to opcodes HLL: Java, C, C++ • Lowest speed • Reconfigurable software FPGA Circuit synthesis • Speed approaches custom HW • Reconfigurable logic ASIC Circuit masking HDL: Verilog, VHDL • High speed • Cost, time, not reconfigurable FPGA growth has allowed for: Customized reconfigurable “software” onto a hardware device University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  5. FPGAs and Security Research 5 • Increasing Speed and Efficiency of Applications • Protecting from Side-Channel-Analysis • Protecting Intellectual Property and Preventing Tampering • Dynamically Monitoring Programs at Runtime University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  6. Program Partitioning 6 Partitioning idea has been used for speedup a.k.a a co-processor Partitioned Program Model # Program body main: la $t0, A add $t1, $0, $0 addi $t2, $0, 5 add $s0, $0, $0 Opcode Hardware Instructions Circuits on GPP Partition control – State transfer Reconfigurable logic changes this from a manufacture time decision to a compile time decision University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  7. Our Quest 7 • Determine if program partitioning between an FPGA and GPP can increase software security • Previous works do not provide functional protection of the code • Investigate system resilience against buffer overflow attacks • Well known and documented • Initial indication that system will enhance security • Cost-Effective Study • Determine the additional overhead added because of new configuration University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  8. FPGAs Enhance Security via Partitioning 8 • FPGAs do not have a program counter • Can attacks that rely on addresses be mitigated by running the vulnerable portions on an FPGA? • For Example: • Stack Overflow • Heap Overflow • Return-to-libc University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  9. Progress 9 Goal  Implement Vulnerable Program, Demonstrate Vulnerabilities  Partition and Implement Software on GPP and FPGA  Test Partitioned System Determine Overhead Associated with System University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  10. Implement Vulnerable Program and Attack on GPP 10 • Hardware • Xilinx Virtex-5 LX50T FPGA on Diligent Genesis development board • Microblaze Processor • Designed in Xilinx XPS Using Base System Builder • Acts as GPP • Uses GCC Compiler • Turned off Compiler Flags to Prevent Stack Protection • Simple C Program vulnerable to Buffer Overflows University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  11. Microblaze – C Program 11 Vulnerable as expected since sending in a larger license code than the buffer #include <stdio.h> int main() #include <string.h> { #include <stdlib.h> init_platform(); #include "platform.h“ char *myLicense = "notAValidLicenseButOverflowingTheBuffer"; int checkLicense(char **license) if(checkLicense(&myLicense)) { { char license_buffer[16]; printf("\n\n=============================\n int valid_flag[1] = {0}; "); (strcpy)(license_buffer, *license); printf("Correct License! Please Continue\n"); printf("=============================\n\n") if((strcmp)(license_buffer,"validLicense")==0) ; { valid_flag[0] = 1; } else } return valid_flag[0]; { } printf("\nIncorrect License, Access Denied.\n\n"); } return 0; } University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  12. Partitioned System Design 12 • Microblaze Designed in Xilinx XPS • Includes dual-port BRAM • C program running on Microblaze • Attached to BRAM port A • User core implemented in VHDL • checkLicense now a circuit • License key included • Attached to BRAM port B • Trigger and data both passed through BRAM University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  13. Control Flow within System 13 Memory Location • Control determined by value in base 0x90000000 Base Address of address of shared BRAM space Shared BRAM • Data located in next address location in BRAM 0x90000004 Lock • While c program is in control, lock = 1 • While VHDL is in control, lock = 2 0x90000008 Data … … University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  14. Partitioned Version 14 Data and Trigger Via BRAM int main() { char *p_data = "validLicense"; int *p_lock; int *p_data_location; p_lock = 0x90000004; p_data_location = 0x90000020; memcpy(p_data_location, p_data, 12); B *p_lock = 1; R xil_printf("User Entered Data = %s\n", p_data); A M while(*p_lock !=2){} if(*p_data_location != 0 ) { xil_printf("\n\n=========================\n"); xil_printf("Correct License! Please Continue\n"); xil_printf("=============================\n\n");} } else { xil_printf("\nIncorrect License, Access Denied.\n\n"); } return 0; } University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  15. Partition Design Operates as Intended 15 • Unfinished • More testing, runtime input • Timing and Overhead • Repeat for real GPP Partition vs. Microblaze University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  16. Transitioning to Dynamic Adaptive Variation 16 • Reconfigurable hardware allows target to change: • Two thrusts 1. Partitioning 2. Equivalent circuits University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  17. Partitioning Variants 17 • Randomly select partition • Basic blocks, function, method, object • Automate via HLL – HDL compiler • SystemC, Streams-C, Impulse C • Challenges • How to select partition and how often • Changing trigger and data changes between variants University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  18. Circuit Variations 18 • Take partition and produce circuit variants via polymorphic generator • Variants with same I/O relationship • Possibly change I/O relationships with fake inputs/fake outputs • Essentially a form of indistinguishability obfuscation • Preferably we would like variants that: • Are generated randomly and efficiently • Hide some form of abstract information (topology, signals, components, function) • Current techniques: • Iterative subcircuit selection and replacement • Deterministic hiding algorithms (mainly component hiding) University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  19. Iterative Subcircuit Selection and Replacement 19 C i ′ C n ′ C Subcircuit Subcircuit Selection Replacement C sub C rep ????? • Random Boolean logic expansion (using logic rules) • Random circuit generation (generate random circuits until you find a match) • Random function expansion (using BDD) University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

  20. The Big Picture with Dynamic Partial Reconfiguration 20 • HLL functions, basic blocks • Runtime changes to logic • Equivalent circuit variants • How many? How often? How • Xilinx, Altera, & OpenPR tools • Generation and selection selected? • Program changes to remaining software University of South Alabama CFITS (Center for Forensics, Information Technology, and Security) School of Computing

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

S ECURITY AND R ISK M ANAGEMENT IN A GILE S OFTWARE D EVELOPMENT SATURN 2012 Conference

S ECURITY AND R ISK M ANAGEMENT IN A GILE S OFTWARE D EVELOPMENT SATURN 2012 Conference

S ECURITY AND R ISK M ANAGEMENT IN A GILE S OFTWARE D EVELOPMENT SATURN 2012 Conference (#SATURN2012) Srini Penchikala (@srinip) 05.10.12 # WHOAMI Security Architect @ Financial Services Organization Location: Austin, TX Certified

505 views • 33 slides
Modern Security Model for Linux Operating Systems Aleksander Zdyb S OFTWARE E NGINEER T IZEN P

Modern Security Model for Linux Operating Systems Aleksander Zdyb S OFTWARE E NGINEER T IZEN P

Aleksander Zdyb Modern Security Model for Linux Operating Systems Aleksander Zdyb S OFTWARE E NGINEER T IZEN P LATFORM S ECURITY a.zdyb@samsung.com https://github.com/azdyb Briefly about security requirements About Tizen operating system

920 views • 46 slides
ARCTIC investigators s ARCTIC : A ssessment by a double R andomization of a C onventional

ARCTIC investigators s ARCTIC : A ssessment by a double R andomization of a C onventional

ARCTIC investigators s ARCTIC : A ssessment by a double R andomization of a C onventional antiplatelet strategy versus a monitoring-guided strategy for drug-eluting stent implantation and, of T reatment I nterruption versus C ontinuation one year

496 views • 20 slides
DB ENCH -OLTP (2005) tpmC Baseline Performance $ Tf Performance With Faults $ tpmC Tf

DB ENCH -OLTP (2005) tpmC Baseline Performance $ Tf Performance With Faults $ tpmC Tf

7/23/18 B ENCHMARKING B ENCHMARKING THE S ECURITY OF S OFTWARE S YSTEMS OR TO BE NCHMARK OR NOT TO BE NCHMARK Assessing and comparing computer systems and/or components according to specific quality attributes Performance benchmarking QRS

378 views • 7 slides
R ECAP | P RELIMINARY D ESIGN P ROGRAM (PDP) P RELIMINARY E VALUATION E DUCATIONAL P ROGRAM E

R ECAP | P RELIMINARY D ESIGN P ROGRAM (PDP) P RELIMINARY E VALUATION E DUCATIONAL P ROGRAM E

G. H. M ITCHELL E LEMENTARY S CHOOL B RIDGEWATER , MA C OMMUNITY P RESENTATION J ANUARY 10, 2019 Raymond Design Associates R ECAP | P RELIMINARY D ESIGN P ROGRAM (PDP) P RELIMINARY E VALUATION E DUCATIONAL P ROGRAM E VALUATION OF O PTIONS

465 views • 23 slides
I NTRODUCTION TO W EB S ECURITY by Fabrizio dAmore Department of Computer, Control, and

I NTRODUCTION TO W EB S ECURITY by Fabrizio dAmore Department of Computer, Control, and

I NTRODUCTION TO W EB S ECURITY by Fabrizio dAmore Department of Computer, Control, and Management Engineering Antonio Ruberti Sapienza University of Rome WHY W EB S ECURITY April 2013 recent studies conform a trend that has been

958 views • 62 slides
R esearching esearching I I Pv6 Pv6 S S ecurity ecurity R C apabilities apabilities C ( RISC

R esearching esearching I I Pv6 Pv6 S S ecurity ecurity R C apabilities apabilities C ( RISC

R esearching esearching I I Pv6 Pv6 S S ecurity ecurity R C apabilities apabilities C ( RISC RISC ) ) ( Bio: Bio: Antonios Atlasis Antonios Atlasis An IT engineer for more than 20 years, developer and instructor in several Computer

1.3k views • 80 slides
CAMP CAMP ( C C ollege ollege A A ssistance ssistance M M igrant igrant P P rogram) rogram) (

CAMP CAMP ( C C ollege ollege A A ssistance ssistance M M igrant igrant P P rogram) rogram) (

CAMP CAMP ( C C ollege ollege A A ssistance ssistance M M igrant igrant P P rogram) rogram) ( Paul Dorres &amp; Naoko Kawamura What is CAMP ? What is CAMP ? CAMP (College Assistance Migrant Program) Federally-funded (U.S. Department of

292 views • 12 slides
C DI, S eam &amp; R E S TE as y You havent seen RES T yet! Dan Allen S enior S oftware

C DI, S eam &amp; R E S TE as y You havent seen RES T yet! Dan Allen S enior S oftware

C DI, S eam &amp; R E S TE as y You havent seen RES T yet! Dan Allen S enior S oftware Engineer JBoss, by Red Hat Ag enda R E S T princ iples JAX -R S S eam R E S TE as y integ ration JAX -R S enhanc ed w ith C DI Demo Abus ing H TTP

807 views • 51 slides
Regression Testing S oftware is constantly modified Bug fixes Addition of

Regression Testing S oftware is constantly modified Bug fixes Addition of

Time - Aware Test Suite Prioritization Kristen R. Walcott, Gregory M. Kapfhammer, Mary Lou S offa Robert S . Roos University of Virginia Allegheny College International S ymposium on S oftware Testing and Analysis Portland, Maine July

573 views • 26 slides
Need representative, end-to-end applications 3. Cluster management 3. Cluster management built

Need representative, end-to-end applications 3. Cluster management 3. Cluster management built

A N O PEN -S OURCE OURCE B ENC HMARK S UI OR M IC NCHMARK UITE TE FOR ICRO ROSERVICES SERVICES AND ND T HEIR IR H ARDWARE RDWARE -S OFTWARE OFTWARE I MPLICA OR C LOU ICATIONS TIONS FOR OUD AND E DGE S YSTE STEMS MS Yu Gan, Yanqi Zhang,

622 views • 35 slides
S eeking Truth Exploring Mental Health in Information S ecurity Philippe Dorman @

S eeking Truth Exploring Mental Health in Information S ecurity Philippe Dorman @

S eeking Truth Exploring Mental Health in Information S ecurity Philippe Dorman @ philippedorman Obj ectives Define S ubj ect Environment Information S ecurity The Individual Existing Resources Who am I? ~10 years

521 views • 23 slides
T HE S TATE : M ILITARISM , N ATIONAL S ECURITY , I MPERIALISM 1 N ATION AND S TATE UNDER S

T HE S TATE : M ILITARISM , N ATIONAL S ECURITY , I MPERIALISM 1 N ATION AND S TATE UNDER S

S ESSION 9 T HE S TATE : M ILITARISM , N ATIONAL S ECURITY , I MPERIALISM 1 N ATION AND S TATE UNDER S ECURITY war-making &amp; national security increasing state power The State of Siege Karl Marx, the state of siege Vesting

258 views • 8 slides
NVIDIA GPUS Mark Kilgard Principal S ystem S oftware Engineer, NVIDIA Piers Daniell S enior

NVIDIA GPUS Mark Kilgard Principal S ystem S oftware Engineer, NVIDIA Piers Daniell S enior

SG4121: OPENGL 4.5 UPDATE FOR NVIDIA GPUS Mark Kilgard Principal S ystem S oftware Engineer, NVIDIA Piers Daniell S enior Graphics S oftware Engineer, NVIDIA Mark Kilgard Principal S ystem S oftware Engineer OpenGL driver and API

982 views • 81 slides
S ECURITY &amp; P RIVACY IN 3G/4G/ 5G NETWORKS : T HE AKA P ROTOCOL W ITH S.A LT , P.-A. F OUQUE ,

S ECURITY &amp; P RIVACY IN 3G/4G/ 5G NETWORKS : T HE AKA P ROTOCOL W ITH S.A LT , P.-A. F OUQUE ,

S ECURITY &amp; P RIVACY IN 3G/4G/ 5G NETWORKS : T HE AKA P ROTOCOL W ITH S.A LT , P.-A. F OUQUE , G. M ACARIO -R AT , B. R ICHARD M E , MYSELF , AND EMSEC BSc. &amp; MSc. Mathematics, TU Eindhoven Master thesis on multiparty

748 views • 53 slides
Attribute-Based Signatures [Maji et al. 2008]: Users have attributes (Manager, Finance

Attribute-Based Signatures [Maji et al. 2008]: Users have attributes (Manager, Finance

S TRONGER S ECURITY N OTIONS FOR D ECENTRALIZED T RACEABLE A TTRIBUTE -B ASED S IGNATURES AND M ORE E FFICIENT C ONSTRUCTIONS Essam Ghadafi University College London e.ghadafi@ucl.ac.uk CT-RSA 2015 S TRONGER S ECURITY N OTIONS FOR D ECENTRALIZED

535 views • 34 slides
Motion Planning n Problem n Given start state x S , goal state x G n Asked for: a sequence

Motion Planning n Problem n Given start state x S , goal state x G n Asked for: a sequence

Motion Planning Pieter Abbeel UC Berkeley EECS Many images from Lavalle, Planning Algorithms Motion Planning n Problem n Given start state x S , goal state x G n Asked for: a sequence of control inputs that leads from start to goal

537 views • 19 slides
Data Mining II Time Series Analysis Heiko Paulheim Introduction So far, we have only

Data Mining II Time Series Analysis Heiko Paulheim Introduction So far, we have only

Data Mining II Time Series Analysis Heiko Paulheim Introduction So far, we have only looked at data without a time dimension or simply ignored the temporal aspect Many classic DM problems have variants that respect time

928 views • 73 slides
A scalable quantum architecture for dark matter detection Daniel Carney JQI/QuICS, University of

A scalable quantum architecture for dark matter detection Daniel Carney JQI/QuICS, University of

A scalable quantum architecture for dark matter detection Daniel Carney JQI/QuICS, University of Maryland/NIST Theory Division, Fermilab Based on Gravitational direct detection of dark matter DC , S. Ghosh, G. Krnjaic, J. M. Taylor,

387 views • 36 slides
www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device generates, stores and processes security-critical information 2 PUFs: Myth, Fact or Busted? CHES 2012 However: Cryptographic secrets can be leaked

443 views • 26 slides
and Applications Lecture 8: Review of Probability Theory Juan Carlos Nieves Snchez November

and Applications Lecture 8: Review of Probability Theory Juan Carlos Nieves Snchez November

Artificial Intelligence: Methods and Applications Lecture 8: Review of Probability Theory Juan Carlos Nieves Snchez November 28, 2014 Outline Probability Axioms Independence. Baye s rule. Inference Using Full Joint

689 views • 34 slides
Many-Task Applications in the Integrated Plasma Simulator Samantha S. Foley, Wael R. Elwasif,

Many-Task Applications in the Integrated Plasma Simulator Samantha S. Foley, Wael R. Elwasif,

Many-Task Applications in the Integrated Plasma Simulator Samantha S. Foley, Wael R. Elwasif, David E. Bernholdt, Aniruddha G. Shet Oak Ridge National Laboratory Randall Bramley Indiana University Motivation ! Computational science is moving

599 views • 22 slides
Atmospheric Neutrino Fluxes: The use of muon fluxes to Improve the Accuracy in Low Energies. May,

Atmospheric Neutrino Fluxes: The use of muon fluxes to Improve the Accuracy in Low Energies. May,

Atmospheric Neutrino Fluxes: The use of muon fluxes to Improve the Accuracy in Low Energies. May, 28, 2018 M. Honda @ PANE 2018 1. Over view of the calculation of atmospheric neutrino and the Muon Calibration of Atmospheric Neutrino. 2.

729 views • 48 slides
Some RNN Variants Arun Mallya Best viewed with Computer Modern fonts installed Outline

Some RNN Variants Arun Mallya Best viewed with Computer Modern fonts installed Outline

Some RNN Variants Arun Mallya Best viewed with Computer Modern fonts installed Outline Why Recurrent Neural Networks (RNNs)? The Vanilla RNN unit The RNN forward pass Backpropagation refresher The

870 views • 36 slides

More recommend