system architectures and techniques for efficient secure
play

System Architectures and Techniques for Efficient, Secure, and - PowerPoint PPT Presentation

Mar 02, 2024 •102 likes •599 views

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario Werner May 7, 2020 Graz University of Technology Why do we care about code? www.tugraz.at 10:20 July 18 W i r e l e s s - G A D S L G

  1. System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario Werner May 7, 2020 Graz University of Technology

  2. Why do we care about code? www.tugraz.at 10:20 July 18 W i r e l e s s - G A D S L G a t e w a y Mario Werner | Graz University of Technology 1

  3. Problem Statement www.tugraz.at • Most research and vendor solely focus on software security • Processors lack protection against physical attacks • Adversary can exploit physical properties of a device • Active: e.g., induce faults (voltage/clock glitches, laser) [KSV13] • Passive: e.g., extract secrets (power/timing analysis) [MOP07] • Local and remote attack settings (e.g., cache attacks, Rowhammer [Kim+14], Plundervolt [Mur+20]) • Relevant in mobile, IoT, and cloud settings Mario Werner | Graz University of Technology 2

  4. Contribution www.tugraz.at • Techniques to protect code execution against physical attacks • Providing Control-Flow Integrity and Attestation • GPSA: adapt the old scheme as fault-attack countermeasure • SCFP: extends GPSA using sponge-based AE techniques • Remote attestation and licensing using SCFP-like approaches • Counteracting Physical Attacks on the Memory System • MEMSEC: hardware framework for memory encryption • S CATTER C ACHE : cache design hardened against timing attacks • Concepts tested in simulation and/or on real hardware • Fully integrated into the toolchain for good usability • Combined or individual adoption possible Mario Werner | Graz University of Technology 3

  5. Paper Relations www.tugraz.at P h y s i c a l A t t a c k s S o f t w a r e A t t a c k s A c t i v e P a s s i v e ( e . g . , F a u l t ) ( e . g . , S C ) G P S A / C S M e d e o S C F P I E A E E h C c a C R e m o t e A t t e s t a t i o n a n d r ME MS E C e t L i c e n s i n g a t t a a c D S Mario Werner | Graz University of Technology 4

  6. The PhD in Numbers www.tugraz.at • 16 (co-)authored papers in total • 4 papers in this thesis • Contributed to 2 lectures • System-on-Chip Architectures and Modeling (since WT2014) • Computer Organization (ST2019) → Computer Organization and Networks (WT2019) • Supervised 18 student projects • 4 bachelor theses • 4 master projects • 8 master theses • 2 internships Mario Werner | Graz University of Technology 5

  7. Part I: Providing Control-Flow Integrity and Attestation

  8. Why Control-Flow Integrity? www.tugraz.at ✈♦✐❞ ♠❛✐♥✭✮ ④ ❢♦r ✭❀❀✮ ④ check_pin read_pin ✉♥s✐❣♥❡❞ ♣✐♥ ❂ r❡❛❞❴♣✐♥✭✮❀ ✐♥t ❛✉t❤ ❂ ❝❤❡❝❦❴♣✐♥✭♣✐♥✮❀ ✐❢✭ ❛✉t❤ ✮ ④ ♦♣❡♥❴❞♦♦r✭✮❀ main open_door ⑥ ❡❧s❡ ④ r❛✐s❡❴❛❧❛r♠✭✮❀ ⑥ ❧♦❣❴❡✈❡♥t✭✮❀ raise_alarm log_event ⑥ ⑥ Mario Werner | Graz University of Technology 6

  9. Why Control-Flow Integrity? www.tugraz.at check_auth: // auth in x1 (0 if authentic) B N E x 0 , x 1 , n o t _ a u t h e n t i c a t e d authenticated: // open door // ... J next not_authenticated: // raise_alarm next: // log event Mario Werner | Graz University of Technology 7

  10. Protecting the Control Flow of Embedded Processors against Fault Attacks Mario Werner , Erich Wenger, and Stefan Mangard. “Protecting the Control Flow of Embedded Processors against Fault Attacks”. In: Smart Card Research and Advanced Applications – CARDIS . 2015, pp. 161–176. DOI : ✶✵✳✶✵✵✼✴✾✼✽✲✸✲✸✶✾✲✸✶✷✼✶✲✷❴✶✵ Mario Werner | Graz University of Technology 8

  11. High-Level Concept www.tugraz.at C o r e P i p e l i n e Wr i t e F F e e t t c c h h D e c o d e E x e c u t e Me mo r y B a c k Mo n i t o r Me mo r y ( R A M/ R O M) Mario Werner | Graz University of Technology 9

  12. Derived Signatures [MM88] www.tugraz.at Reset_Handler 0x00000000 0x0000b5b0 b5b0: push {r4, r5, r7, lr} 0x000164b2 af02: add r7, sp, #8 0x0001acbf 480d: ldr r0, [pc, #52] 0x0001f5cd 490e: ldr r1, [pc, #56] 0x00023855 4288: cmp r0, r1 0x00030a62 d20d: bhs #26 Reset_Handler:1 Reset_Handler:2 0x00030a62 0x00030a62 0x0003546f 4a0d: ldr r2, [pc, #52] 0x00035668 4c06: ldr r4, [pc, #24] ... ... ? ? ? Mario Werner | Graz University of Technology 10

  13. Continuous Signature Monitoring (CSM) [WS88] www.tugraz.at %1 (if) // ... %2 %3 // ... // ... // ... %4 // ... // ... Mario Werner | Graz University of Technology 11

  14. Continuous Signature Monitoring (CSM) [WS88] www.tugraz.at %1 (if) // ... %2 %3 // ... // ... // ... u p d a t e ( s i g 1 ) %4 // ... // ... Mario Werner | Graz University of Technology 11

  15. Continuous Signature Monitoring (CSM) [WS88] www.tugraz.at %1 (if) // ... %2 %3 // ... // ... // ... u p d a t e ( s i g 1 ) %4 // ... // ... c h e c k ( s i g 2 ) Mario Werner | Graz University of Technology 11

  16. Continuous Signature Monitoring (CSM) [WS88] www.tugraz.at %1 (if) // ... %2 %3 // ... // ... // ... u p d a t e ( s i g 1 ) %4 // ... // ... c h e c k ( s i g 2 ) Mario Werner | Graz University of Technology 11

  17. Summary www.tugraz.at • First known GPSA/CSM implementation • Hybrid (HW+SW) scheme • LLVM-based toolchain • HDL implementation for an ARMv7-M compatible processor • 6.4 % hardware overhead • 2 % to 71 % runtime overhead • Analysis and evaluation of signature functions (CRCs, MISRs) • CRC-32C: Resistant against at least 7 precise bit flips (injected across two encodings) • CSM h = 4: Detect a faulty instruction with 99.9 % within 3 cycles (arbitrary fault within encoding) Mario Werner | Graz University of Technology 12

  18. Sponge-Based Control-Flow Protection for IoT-Devices Mario Werner , Thomas Unterluggauer, David Schaffenrath, and Stefan Mangard. “Sponge-Based Control-Flow Protection for IoT Devices”. In: European Symposium on Security and Privacy – EuroS&P . Best Paper Award . 2018, pp. 214–226. DOI : ✶✵✳✶✶✵✾✴❊✉r♦❙P✳✷✵✶✽✳✵✵✵✷✸ Mario Werner | Graz University of Technology 13

  19. Question www.tugraz.at C o r e P i p e l i n e Wr i t e F F e e t t c c h h D e c o d e E x e c u t e Me mo r y B a c k Mo n i t o r Me mo r y ( R A M/ R O M) • How can we be sure that the monitor is working? Mario Werner | Graz University of Technology 14

  20. High-Level Concept www.tugraz.at C o r e P i p e l i n e A E Wr i t e F F e e t t c c h h D e c o d e E x e c u t e Me mo r y D e c r y p t B a c k Me mo r y ( R A M/ R O M) • Make correctness a requirement for functionality Mario Werner | Graz University of Technology 15

  21. Decryption/Execution Example www.tugraz.at strcmp 0x1b2a0645 0xdd3fbcce : 03 06 05 00 : lb a2, 0(a0) 0xf5a92604 : 83 86 05 00 : lb a3, 0(a1) 0x58c04f0a : 5b 0c 06 00 : b p e q z a 2 , 2 4 apply patch 2 apply patch 1 0x58c04f0a 0xe70771a6 : 13 05 15 00 : addi a0, a0, 1 0x5b26165e : 93 85 15 00 : addi a1, a1, 1 0xa4e9634c : db 04 d6 fe : b p e q a 2 , a 3 , - 2 4 0 x a 4 e 9 6 3 4 c : 4d 1b c0 0f : a3 0f 21 3e Mario Werner | Graz University of Technology 16

  22. APE-like Decryption Mode www.tugraz.at • Original construction by Andreeva et al. [And+14] P C P C C 0 0 1 1 2 f f f x 0 x ' x x ' x 0 1 1 2 P a t c h P a t c h 0 1 Mario Werner | Graz University of Technology 17

  23. Summary www.tugraz.at • Sponge-based Control-Flow Protection (SCFP) • Hardware-supported CFI scheme • Decrypts the instruction stream with instruction granularity • Evolution of GPSA and CSM with added confidentiality/authenticity • Maintains protection across indirect calls • Supports exception/interrupt handling (enables preemptive OSs) • Presented and analyzed two suitable sponge constructions • Discussed three SCFP instantiations (IE, AEE, AEE-Light) • Implemented AEE-Light into a RISC-V processor • 9.1 % runtime overhead • 19.8 % code size overhead • Manufactured in cooperation with ETH-Zurich Mario Werner | Graz University of Technology 18

  24. Remote Attestation and Licensing via Secure Code Execution www.tugraz.at • SCFP-like technique with added challenge response protocol • Idea: Reuse the balancing of the internal crypto state • Supports all common + a novel attestation mode: • Static (arbitrary data/code) • Graph (novel approach, attests crypto state) • Path (repeated graph attestation) • Hybrid (any combination of above the modes) • Software-only prototype on top of SCFP • Online licensing extension • Verifier provides patch values for prover via license tokens • Each token is a patch encrypted with the attestation state Mario Werner | Graz University of Technology 19

  25. Part II: Counteracting Physical Attacks on the Memory System

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan University, Israel PKC 2013 Yehuda Lindell Techniques for Efficient Secure Computation 28/2/2013 1 / 39 Secure Computation Background A set of

689 views • 39 slides
Ensuring a secure, reliable and efficient Power System in a Changing Environment Delivering a

Ensuring a secure, reliable and efficient Power System in a Changing Environment Delivering a

Ensuring a secure, reliable and efficient Power System in a Changing Environment Delivering a Secure Sustainable Power System 17 th August 2011 Outline Agenda Chair: Dick Lewis, Manager, Grid Operations Planning 10.00 a.m. Registration (Tea

833 views • 70 slides
Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava CCSW 2009: The ACM Cloud Computing Security Workshop 1 The Problem Providing secure and

414 views • 19 slides
Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU

Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU

Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU controller 10C Disks control address main bus 10D Low-Level I/O Techniques data interrupts 10E Higher Level I/O Techniques memory

493 views • 17 slides
Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU

Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU

Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU controller 10C Disks control address main bus 10D Low Level I/O Techniques data interrupts 10E Higher Level I/O Techniques memory

657 views • 16 slides
Towards a Secure and Efficient System for End-to-End Provenance Patrick McDaniel, Kevin Butler,

Towards a Secure and Efficient System for End-to-End Provenance Patrick McDaniel, Kevin Butler,

Towards a Secure and Efficient System for End-to-End Provenance Patrick McDaniel, Kevin Butler, Stephen McLaughlin Penn State University Erez Zadok, Radu Sion, Stony Brook University Marianne Winslett, University of Illinois TaPP10, San

336 views • 17 slides
G.J.M. Smit Contents Efficient architectures Introduction energy-efficient systems for

G.J.M. Smit Contents Efficient architectures Introduction energy-efficient systems for

G.J.M. Smit Contents Efficient architectures Introduction energy-efficient systems for streaming applications Streaming DSP applications Tiled architectures Dynamic reconfiguration Gerard Smit Run-time mapping of streams to

626 views • 10 slides
Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message Transmission Schemes Yvo Desmedt 1 , 2 Stelios Erotokritou 1 Reihaneh Safavi-Naini 3 1 Department of Computer Science University College London, UK 2

459 views • 33 slides
Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE Convenient What is Secure Returns ? Secure Returns is a secure website where you and your clients can securely upload & download confidential

202 views • 9 slides
Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure Metering Issues and Extensions Real World Other Directions Metering for General Access Structures Understanding the model Audit Agency

480 views • 35 slides
Efficient and secure modular operations using the Polynomial Modular Number System (Part 1)

Efficient and secure modular operations using the Polynomial Modular Number System (Part 1)

The Polynomial modular number system (PMNS) Randomisation with the PMNS Internal randomisation using the Montgomery-like method Efficient and secure modular operations using the Polynomial Modular Number System (Part 1) ephane Didier 1 , Fangan

757 views • 26 slides
Efficient Scheme for Secure and Privacy-Preserving Electric Vehicle Dynamic Charging System IEEE

Efficient Scheme for Secure and Privacy-Preserving Electric Vehicle Dynamic Charging System IEEE

Efficient Scheme for Secure and Privacy-Preserving Electric Vehicle Dynamic Charging System IEEE ICC 2017 Paris, France May 21 - 25, 2017 Presenter: Outline I ntroduction Proposed Scheme Evaluations Conclusion W hat is EV

560 views • 20 slides
Flexible, Efficient Abstractions for High Performance Computation on Current and Emerging

Flexible, Efficient Abstractions for High Performance Computation on Current and Emerging

Institute for CLEAN AND SECURE ENERGY THE UNIVERSITY OF UTAH TM Flexible, Efficient Abstractions for High Performance Computation on Current and Emerging Architectures J AMES C. S UTHERLAND Associate Professor - Chemical Engineering M ATT M

141 views • 10 slides
Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment

Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment

Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment pain The vision The Octomizer: TVM for everyone 2 Simple, secure, and efficient Drive TVM adoption Expand the set of users who can deployment of

370 views • 14 slides
Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

366 views • 14 slides
Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck, Job Noorman,

Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck, Job Noorman,

Secure Resource Sharing for Embedded Protected Module Architectures Jo Van Bulck, Job Noorman, Jan T obias Mhlberg and Frank Piessens August 24, 2015 Contents 1. Embedded Problem Domain 2. Protected Module Architectures 3.

511 views • 23 slides
On the probabilistic nature of quantum me- chanics and the notion of closed systems Jrmy

On the probabilistic nature of quantum me- chanics and the notion of closed systems Jrmy

On the probabilistic nature of quantum me- chanics and the notion of closed systems Jrmy Faupin, Jrg Frhlich and Baptiste Schubnel Abstract. The notion of closed systems in Quantum Mechanics is dis- cussed. For this purpose, we

927 views • 38 slides
Software Development and Integration in Robotics (SDIR-VIII) May 6, 2013 Karlsruhe, Germany

Software Development and Integration in Robotics (SDIR-VIII) May 6, 2013 Karlsruhe, Germany

ICRA2012 Workshop on Software Development and Integration in Robotics (SDIR-VIII) May 6, 2013 Karlsruhe, Germany Davide Brugali University of Bergamo, Italy Nico Hochgeschwender, Bonn-Rhein-Sieg University, Germany Roland Philippsen,

528 views • 26 slides
Managing Network Services 181.063 VU 2.0 AKIK3 181.085 SE 2.0 Seminar aus Informatik

Managing Network Services 181.063 VU 2.0 AKIK3 181.085 SE 2.0 Seminar aus Informatik

Gerald Pfeifer Managing Network Services 181.063 VU 2.0 AKIK3 181.085 SE 2.0 Seminar aus Informatik 181.101 SE 2.0 Informations und Komm.sys Keywords: Domainsregistrierung, cfengine, logging (syslog, access_log,...), monitoring

842 views • 61 slides
Fourier Transforms and Spectral Analysis Chaiwoot Boonyasiriwat September 17, 2020

Fourier Transforms and Spectral Analysis Chaiwoot Boonyasiriwat September 17, 2020

Fourier Transforms and Spectral Analysis Chaiwoot Boonyasiriwat September 17, 2020 Discrete-Time Fourier Transform The discrete-time Fourier transform (DTFT) of a discrete-time signal x ( k ) with sampling interval T is the Z transform X ( z

1.03k views • 80 slides
Solar Physics in the high school Study of the sunspots Space research for society on every scale

Solar Physics in the high school Study of the sunspots Space research for society on every scale

Solar Physics in the high school Study of the sunspots Space research for society on every scale H-SPACE 2018 4 th International Conference on Research, Technology and Education of Space February 15-16, 2018, Budapest, Hungary Pet Mria

176 views • 15 slides
Word Ordering Without Syntax Allen Schmaltz Alexander M. Rush Stuart M. Shieber Harvard

Word Ordering Without Syntax Allen Schmaltz Alexander M. Rush Stuart M. Shieber Harvard

Word Ordering Without Syntax Allen Schmaltz Alexander M. Rush Stuart M. Shieber Harvard University EMNLP, 2016 Schmaltz et al. (Harvard University) Word Ordering Without Syntax EMNLP, 2016 1 / 15 Outline Task: Word Ordering, or

499 views • 19 slides
The SAL Tool Julien Schmaltz Institute for Computing and Information Sciences Radboud University

The SAL Tool Julien Schmaltz Institute for Computing and Information Sciences Radboud University

Introduction Expression Language Transition Language Modules and Contexts The SAL Tool Julien Schmaltz Institute for Computing and Information Sciences Radboud University Nijmegen The Netherlands julien@cs.ru.nl April 8, 2009 J. Schmaltz

545 views • 25 slides
Can the 125 GeV Higgs be the Little Higgs Jrgen Reuter DESY JRR/Tonini, JHEP 1302 (2013) 077;

Can the 125 GeV Higgs be the Little Higgs Jrgen Reuter DESY JRR/Tonini, JHEP 1302 (2013) 077;

J. R. Reuter Little Higgs Models DESY, 10.6.2013 Can the 125 GeV Higgs be the Little Higgs Jrgen Reuter DESY JRR/Tonini, JHEP 1302 (2013) 077; Kilian/JRR PRD 70 (2004), 015004 LHC Physics Discussion, DESY, 10.6.2013 J. R. Reuter Little

777 views • 31 slides

More recommend