secure program execution via secure program execution via
play

Secure Program Execution via Secure Program Execution via Dynamic - PowerPoint PPT Presentation

Jan 05, 2023 •274 likes •547 views

Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic Information Flow Tracking Tracking G. Edward Suh Suh, , Jae Jae W. Lee, David W. Lee, David G. Edward Zhang, Srinivas Srinivas Devadas Devadas

  1. Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic Information Flow Tracking Tracking G. Edward Suh Suh, , Jae Jae W. Lee, David W. Lee, David G. Edward Zhang, Srinivas Srinivas Devadas Devadas Zhang, Massachusetts Institute of Technology Massachusetts Institute of Technology ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004

  2. Program Vulnerabilities Program Vulnerabilities � Program bugs cause serious security risks Program bugs cause serious security risks � � Attackers can gain total control of victim processes Attackers can gain total control of victim processes � � Very difficult, if not impossible, to eliminate the bugs Very difficult, if not impossible, to eliminate the bugs � � Existing solutions have limitations Existing solutions have limitations � � Safe languages Safe languages � � re re- -programming, performance hit programming, performance hit � � Fix programs: new libraries, compilers Fix programs: new libraries, compilers � � partial protection, re partial protection, re- -compilation compilation � � Run Run- -time monitoring: program shepherding time monitoring: program shepherding � � overheads overheads � � Other hardware solutions Other hardware solutions � � partial protection partial protection � ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004 2 2

  3. Our Goal Our Goal � Architectural support to defeat Architectural support to defeat a broad range a broad range of of � security exploits (possibly all) security exploits (possibly all) � Focus on attacks to Focus on attacks to gain total control gain total control (shell) (shell) � � Should work for legacy code and shared libraries Should work for legacy code and shared libraries � � transparent transparent to applications, run to applications, run- -time checks time checks � � Should have Should have low overhead low overhead (performance and memory (performance and memory � space) space) � Need to find common requirements for successful Need to find common requirements for successful � security exploits security exploits ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004 3 3

  4. Attack Model: Example Attack Model: Example - - Stack Smashing Stack Smashing Step 1. Inject malicious data malicious data Step 1. Inject int func(void) � � through legitimate channels through legitimate channels { char buf[256]; � Long input Long input for buffer overflows for buffer overflows � while (gets(buf)) {...} } Step 2. Bugs modify unintended Step 2. Bugs modify unintended � � memory locations memory locations Stack Stack Stack Stack � The data flows into The data flows into buf , [] , buf[] � overwrites a return address overwrites a return address Used for return Return Return Malicious Address Malicious Address Step 3. Take control over Step 3. Take control over � � Input data Input data Attack � Jump to Jump to injected target address injected target address � from from buf buf (return address ( return address in the example) in the example) gets() gets() (256 Bytes) (256 Bytes) � Execute Execute injected code injected code � Other Other Other Other variables variables variables variables ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004 4 4

  5. Observation: Common Requirements for Observation: Common Requirements for Successful Attacks Successful Attacks � All attacks come from All attacks come from identifiable I/O identifiable I/O channels channels � � Both OS and applications explicitly manage I/O Both OS and applications explicitly manage I/O � � Malicious inputs should be used for Malicious inputs should be used for a few a few security security � sensitive operations to take control of a process sensitive operations to take control of a process � Instructions Instructions: executes malicious code from I/O : executes malicious code from I/O � � Code pointers Code pointers: : arbitrarily arbitrarily redirect the control flow redirect the control flow � � Data pointers for stores Data pointers for stores: overwrite a : overwrite a critical program critical program � variable ( (valid_passwd valid_passwd = 1) = 1) variable � In most applications, instructions and pointers In most applications, instructions and pointers � usually do not come directly from I/O usually do not come directly from I/O ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004 5 5

  6. Our Protection Scheme Our Protection Scheme I/O, other processes Step 1. OS tags Security Tags; potentially malicious 0 – authentic , inputs as spurious 1 – spurious Operating System Step 2. Processors track Dynamic Information the flow of the spurious Flow Tracking values Vulnerability Program Step 3. Detect attacks Detect Processors checks - Check and restrict the + trap handler Unintended Uses use of spurious values ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004 6 6

  7. Implementation Overview Implementation Overview Security Policy Operating System I/O 1. Which I/O to Execution Monitor tag spurious I/O interface Trap handler 2. Which flows to I/O Traps track Information Tag flow checker tracker 3. When to trap Processor ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004 7 7

  8. Architectural Support Architectural Support ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004

  9. Security Tags Security Tags 1- -bit information to indicate whether a piece of data can be trust bit information to indicate whether a piece of data can be trusted ed 1 � � � 0 0 – – authentic authentic � � 1 1 – – spurious spurious � Granularity Granularity � � � One for One for each general purpose register each general purpose register (GPR) (GPR) � � One for One for each byte each byte in memory in memory – – 12.5% overhead is a na 12.5% overhead is a naï ïve management ve management � � Multi Multi- -granularity tags granularity tags - - Only Only 1.4% 1.4% space overhead, space overhead, 2.1% 2.1% bandwidth bandwidth � overhead on average (based on experiments) overhead on average (based on experiments) GPR (32 or 64 bits) 0/1 Memory (1 Byte) 0/1 At the start- -up, all instructions and initial data will be tagged up, all instructions and initial data will be tagged “ “authentic authentic” ” At the start � � During the execution, the execution monitor sets the tag for each I/O h I/O During the execution, the execution monitor sets the tag for eac � � input according to the security policy input according to the security policy ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004 9 9

  10. Dynamic Information Flow Tracking Dynamic Information Flow Tracking � Compute a new security tag for each operation Compute a new security tag for each operation � � If If spurious spurious data controls a result, the result is also data controls a result, the result is also spurious spurious � � Various types of dependencies exist Various types of dependencies exist � � Direct copy Direct copy: load/store spurious data : load/store spurious data � � Computation Computation: compute from spurious data : compute from spurious data � � Pointer additions Pointer additions � � Other computations Other computations � � Load address Load address: load from spurious address : load from spurious address � � Store address Store address: store into spurious address : store into spurious address � � Propagation Control Register (PCR) determines which Propagation Control Register (PCR) determines which � dependencies to track dependencies to track � Execution monitor sets the register based on the security policy Execution monitor sets the register based on the security policy � ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004 10 10

  11. Security Tag Computation Examples Security Tag Computation Examples LD R2, Imm(R1) ST R1, Imm(R2) SUB R3, R1, R2 R1 1 R2 1 R1 1 R3 0 R1 1 R2 0 +Imm +Imm Tag spurious Authentic Spurious - Memory Memory R3 1 T[R3] = T[R2] = T[MEM] = T[R1] OR T[R2] T[MEM] OR T[R1] T[R3] OR T[R1] ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004 11 11

  12. Tag Checker Tag Checker � Processor traps when spurious values are used for Processor traps when spurious values are used for � sensitive operations sensitive operations � Sensitive values to be checked Sensitive values to be checked � � Instructions Instructions � � Load addresses Load addresses � � Store addresses Store addresses � � Jump target addresses Jump target addresses � � Trap Control Register (TCR) determines which Trap Control Register (TCR) determines which � uses of spurious values generate a trap uses of spurious values generate a trap ASPLOS XI, October 11, 2004 ASPLOS XI, October 11, 2004 12 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in

Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in

Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space Babak Salamat, Todd Jackson , Andreas Gal, and Michael Franz Secure Systems and Languages Laboratory Department of Computer Science

619 views • 27 slides
Program Execution Execution Models 1 How are Programs Executed? Ultimately, the instructions

Program Execution Execution Models 1 How are Programs Executed? Ultimately, the instructions

Program Execution Execution Models 1 How are Programs Executed? Ultimately, the instructions of a program run on the hardware foo.c0 Source program Processor chip o But the hardware does not understand C0 Two main ways to bridge the

935 views • 89 slides
Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

SECUR E SOCIAL, EMOTIONAL, AND COGNITIVE UNDERSTANDING AND REGULATION Created by Success for All, University of Michigan, and Harvard University Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

957 views • 59 slides
Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique

Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique

Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 1 / 24 Secure Multi-Execution Outline Secure Multi-Execution

622 views • 29 slides
Program Partitioning Program Partitioning for Secure E xecution for Secure E xecution Cha rle

Program Partitioning Program Partitioning for Secure E xecution for Secure E xecution Cha rle

Program Partitioning Program Partitioning for Secure E xecution for Secure E xecution Cha rle s W. O Do nne ll G. E dwa rd Suh Srini De va da s Se pte mb e r 24, 2004 4 th MI T CSAI L Co mpute r Arc hite c ture Wo rksho p

189 views • 15 slides
Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its

Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its

Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its Verification Mads Dam KTH Royal Institute of Technology BISS spring school, Bertinoro 2018 The Goal Hypervisor Context switch: Fixed round-robin

1.16k views • 67 slides
Provably Secure Execution Platforms - Lecture One: Introduction Mads Dam KTH Royal Institute

Provably Secure Execution Platforms - Lecture One: Introduction Mads Dam KTH Royal Institute

Provably Secure Execution Platforms - Lecture One: Introduction Mads Dam KTH Royal Institute of Technology Thanks to Roberto Guanciale, Musard Balliu, Christoph Baumann, Hamed Nemati, Oliver Schwarz, Victor Do, Christian Gehrmann, Jonas

1.41k views • 114 slides
System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario Werner May 7, 2020 Graz University of Technology Why do we care about code? www.tugraz.at 10:20 July 18 W i r e l e s s - G A D S L G

599 views • 49 slides
CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING LOU, TOM HOU Talk Outline Motivation and Background Why this work ? Threat Model What are we defending against ? CaSE:

248 views • 21 slides
Symbolic Execution Builds predicates that characterize Conditions for executing paths

Symbolic Execution Builds predicates that characterize Conditions for executing paths

Symbolic Execution Builds predicates that characterize Conditions for executing paths Symbolic Execution and Proof of Effects of the execution on program state Properties Bridges program behavior to logic Finds important

309 views • 6 slides
Review: Program Execution Registers program counter, stack pointer, . . . Memory

Review: Program Execution Registers program counter, stack pointer, . . . Memory

Threads and Concurrency 1 Review: Program Execution Registers program counter, stack pointer, . . . Memory program code program data program stack containing procedure activation records CPU fetches and executes

699 views • 24 slides
Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all

Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all

A tool for the Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all program branches. Inputs are considered symbolic variables. Symbols remain uninstantiated and become constrained at execution

451 views • 24 slides
SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, Peng Ning Samsung KNOX R&D, Samsung Research America Motivation Operating system kernels

543 views • 25 slides
CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves Meni

CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves Meni

CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves Meni Orenbach (Technion), Yan Michalevsky (Anjuna), Christof Fetzer (TU Dresden, Scone), Mark Silberstein (Technion) Published in USENIX ATC19

744 views • 24 slides
Linking and Loading ! Preparing Program for Execution ! Relocation ! Address binding !

Linking and Loading ! Preparing Program for Execution ! Relocation ! Address binding !

CPSC 410/611 : Operating Systems Linking and Loading ! Preparing Program for Execution ! Relocation ! Address binding ! Linking, loading ! Reading: Doeppner 3.4 ! Preparing a Program for Execution ! dynamically loaded system

128 views • 9 slides
in Z and Z and Higgs Bosons Higgs Bosons in bb final state Abhinav Dubey University of

in Z and Z and Higgs Bosons Higgs Bosons in bb final state Abhinav Dubey University of

Search for the Associated Production of Search for the Associated Production of bb final state in Z and Z and Higgs Bosons Higgs Bosons in bb final state Abhinav Dubey University of Delhi, India On behalf of the D0 Collaboration

691 views • 14 slides
Cache Example Main memory: Byte addressable memory of size 4GB = 2 32 bytes Cache size: 64KB = 2 16

Cache Example Main memory: Byte addressable memory of size 4GB = 2 32 bytes Cache size: 64KB = 2 16

Cache Example Main memory: Byte addressable memory of size 4GB = 2 32 bytes Cache size: 64KB = 2 16 bytes Block (line) size : 64 bytes = 2 6 bytes Number of memory blocks = 2 32 / 2 6 = 2 26 Number of cache blocks = 2 16 / 2 6 = 2 10 Is the

1.53k views • 34 slides
Efficiency in Part-of-Speech Tagging Naghmeh Fazeli summer semester 2016 Supervisor: Dr.

Efficiency in Part-of-Speech Tagging Naghmeh Fazeli summer semester 2016 Supervisor: Dr.

Efficiency in Part-of-Speech Tagging Naghmeh Fazeli summer semester 2016 Supervisor: Dr. Alexis Palmer Learning a Part-of-Speech Tagger from Two Hours of Annotation -2013 Dan Garrette Department of Computer Science The University of

627 views • 48 slides
Prevention and Reaction Defending Privacy in the Web 2.0 Michael Hart Rob Johnson

Prevention and Reaction Defending Privacy in the Web 2.0 Michael Hart Rob Johnson

Prevention and Reaction Defending Privacy in the Web 2.0 Michael Hart Rob Johnson mhart@cs.stonybrook.edu Stony Brook University For all the Webs successes what is the cost to privacy? Main sources of privacy invasions

863 views • 21 slides
Lunch n Learn Lunch n Learn Lunch n Learn Lunch n Learn Understanding Understanding

Lunch n Learn Lunch n Learn Lunch n Learn Lunch n Learn Understanding Understanding

Lunch n Learn Lunch n Learn Lunch n Learn Lunch n Learn Understanding Understanding Understanding Understanding DTDs DTDs T s T s UNCLASSIFIED UNCLASSIFIED US Army Aviation and Missile Command US Army Aviation and Missile Command U.S.

575 views • 18 slides
OmniUpdate Training Tuesday Tag Management and XSL WebEx Event # 802 553 786 Audio will be heard

OmniUpdate Training Tuesday Tag Management and XSL WebEx Event # 802 553 786 Audio will be heard

OmniUpdate Training Tuesday Tag Management and XSL WebEx Event # 802 553 786 Audio will be heard on your computer speakers. If you do not have working computer speakers, call 1-408-792-6300 . Enter event number and Presented by: attendee ID or

555 views • 14 slides
The CPU-Memory Gap 100,000,000.0 10,000,000.0 Disk 1,000,000.0 SSD 100,000.0 Disk seek time

The CPU-Memory Gap 100,000,000.0 10,000,000.0 Disk 1,000,000.0 SSD 100,000.0 Disk seek time

High-Performance Data Storage Sean Barker 1 Data Storage Disks Hard disk (HDD) Solid state drive (SSD) Random Access Memory Dynamic RAM (DRAM) Static RAM (SRAM) Registers %rax, %rbx, ... Sean Barker 2 The

453 views • 9 slides
Design-by-Contract 7 January 2019 OSU CSE 1 Systems Thinking A system is any part of

Design-by-Contract 7 January 2019 OSU CSE 1 Systems Thinking A system is any part of

Design-by-Contract 7 January 2019 OSU CSE 1 Systems Thinking A system is any part of anything that you want to think about as an indivisible unit An interface is a description of the boundary between a system and everything

825 views • 45 slides

More recommend