system security overview
play

System Security Overview with an Emphasis on Security Issues for - PowerPoint PPT Presentation

Mar 26, 2023 •111 likes •1.27k views

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part 2) Byoungyoung Lee ( ) byoungyoung@snu.ac.kr Seoul National University 1 Outline Part1. Bugs in File Systems Semantic inconsistency

  1. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below 26

  2. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Should not be allowed. 26

  3. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Permission checks will be done later Should not be allowed. 26

  4. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Permission checks will be done later Should not be allowed. 26

  5. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Permission checks will be done later Should not be allowed. kernel's data value will be stored in array, which can be retrieved using flush+reload 26

  6. Mitigating Meltdown • Kernel Page Table Isolation • KAISER [ESSoS 17] 27

  7. Side Channels in SGX • Page fault • Controlled Channel Attack [S&P 15] • Cache • Software Grand Exposure [WOOT 17] • Branch prediction • Branch shadowing [Security 17] • Transient out-of-order execution • Foreshadow [Security 18] • Bus snooping  All of these are about memory access 28

  8. SGX's Threat Model SGX CPU Cache MEE 29

  9. SGX's Threat Model Only CPU is trusted SGX CPU Cache MEE All the rest are untrusted 29

  10. SGX's Threat Model Only CPU is trusted SGX CPU Cache MEE Any data leaving CPU is All the rest are untrusted encrypted by Memory Encryption Engine (MEE) 29

  11. Attacking SGX SGX CPU Cache MEE 30

  12. Attacking SGX Bus snooping: Access patterns SGX CPU are still visible Cache MEE 30

  13. Attacking SGX Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible 30

  14. Attacking SGX Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible Cache side channels 30

  15. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 31

  16. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) Request: C B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 31

  17. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) Request: C B E k (Tomato) C E k (Apple) Response: E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 31

  18. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) Request: C B E k (Tomato) C E k (Apple) Response: E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) Server learns client asked for “C” G E k (Cherry) How to make client’s query private? 31

  19. Easy Solution: Ask Everything Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 32

  20. Easy Solution: Ask Everything Server Client Key Value Request: A,B,C,D,…,G A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 32

  21. Easy Solution: Ask Everything Server Client Key Value Request: A,B,C,D,…,G A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Bluberry), D E k (Banana) E k (Tomato), …, E k (Cherry) E E k (Orange) F E k (Mango) G E k (Cherry) 32

  22. Easy Solution: Ask Everything Server Client Key Value Request: A,B,C,D,…,G A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Bluberry), D E k (Banana) E k (Tomato), …, E k (Cherry) E E k (Orange) F E k (Mango) Secure but too much overhead G E k (Cherry) 32

  23. Better Solution: Ask k tuples [S&P 98] Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 33

  24. Better Solution: Ask k tuples [S&P 98] Server Client Key Value Request: A,C A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 33

  25. Better Solution: Ask k tuples [S&P 98] Server Client Key Value Request: A,C A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Blueberry), D E k (Banana) E k (Apple) E E k (Orange) F E k (Mango) G E k (Cherry) 33

  26. Better Solution: Ask k tuples [S&P 98] Server Client Key Value Request: A,C A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Blueberry), D E k (Banana) E k (Apple) E E k (Orange) F E k (Mango) Provides k-1 ambiguity - So called k-anonymity [S&P 98] G E k (Cherry) Limited security guarantees - See l-diversity [ICDE 06], t-closeness [ICDE 07] 33

  27. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  28. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  29. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) E k (Banana) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  30. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  31. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  32. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  33. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), E k (Banana) C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  34. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), E k (Banana) C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E k (Blueberry) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  35. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), E k (Banana) C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Blueberry) E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) Key-Value mapping always changes 34

  36. Path ORAM [CCS 13] ORAM Client ORAM Server Position Map Stash 35

  37. Path ORAM [CCS 13] ORAM Client ORAM Server Position Map Stash Tree-like data structures - Client: Position map, stash - Server: ORAM Tree with real/dummy nodes 35

  38. ORAM-based solutions for Memory Access SGX CPU Cache MEE 36

  39. ORAM-based solutions for Memory Access Bus snooping: Access patterns SGX CPU are still visible Cache MEE 36

  40. ORAM-based solutions for Memory Access Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible 36

  41. ORAM-based solutions for Memory Access Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible Cache side channels 36

  42. Mitigation: ORAM-based Memory Controller SGX CPU ORAM ORAM Cache Server Client ObfusMem [ISCA 17], SDIMM [HPCA 18] - ORAM-based Memory Controller 37

  43. Mitigation: ORAM-based Memory Controller Patterns are secured SGX CPU using ORAM protocols ORAM ORAM Cache Server Client ObfusMem [ISCA 17], SDIMM [HPCA 18] - ORAM-based Memory Controller 37

  44. Mitigation: ORAM-based Memory Controller Patterns are secured SGX CPU using ORAM protocols ORAM ORAM Cache Server Client ObfusMem [ISCA 17], SDIMM [HPCA 18] - ORAM-based Memory Controller 37

  45. Mitigation: Place Trust in DRAM SGX CPU Bus snooping Cache MEE InvisiMem [ISCA 17] - Place trust in DRAM - All address and data bus traffics are encrypted  Note: SGX only encrypts values in data bus - Communication patterns are normalized 38

  46. Mitigation: Place Trust in DRAM SGX CPU Bus snooping Cache MEE InvisiMem [ISCA 17] - Place trust in DRAM - All address and data bus traffics are encrypted  Note: SGX only encrypts values in data bus - Communication patterns are normalized 38

  47. Mitigation: Place Trust in DRAM SGX CPU Bus snooping Cache MEE InvisiMem [ISCA 17] - Place trust in DRAM - All address and data bus traffics are encrypted  Note: SGX only encrypts values in data bus - Communication patterns are normalized 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Overview System Security Scanning Security Scanning and Discovery Important Security Web

Overview System Security Scanning Security Scanning and Discovery Important Security Web

Overview System Security Scanning Security Scanning and Discovery Important Security Web Sites Fingerprinting OS FingerPrinting IP Stacks Share Scans Chapter 14 SNMP Vulnerabilities FingerPrinting TCP/IP Services

439 views • 8 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
SYSTEM OF SYTEMS SECURITY (SOSSEC) OVERVIEW 1 VISION A fully capable System of Systems for

SYSTEM OF SYTEMS SECURITY (SOSSEC) OVERVIEW 1 VISION A fully capable System of Systems for

SYSTEM OF SYTEMS SECURITY (SOSSEC) OVERVIEW 1 VISION A fully capable System of Systems for Homeland Security/Homeland Defense that enables decisive Action to prevent, mitigate, respond and recover from all catastrophic incidents regardless

528 views • 27 slides
Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables http://outflux.net/slides/2013/drupal/tunables.pdf R0Ng DrupalCon Portland 2013 Kees Cook <keescook@google.com> (pronounced Case) Who is

474 views • 33 slides
System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part 1) Byoungyoung Lee ( ) byoungyoung@snu.ac.kr Seoul National University 1 Speaker: Byoungyoung Lee ( ) Research areas:

1.47k views • 106 slides
GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

National Taiwan University Department of Computer Science and Information Engineering GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin Phone Lin Ph.D. Ph.D. Email: plin@csie.ntu.edu.tw Email:

686 views • 41 slides
OSSAMS Open Source Security Assessment Management System

OSSAMS Open Source Security Assessment Management System

OSSAMS Open Source Security Assessment Management System System Overview Purpose To provide a framework for security assessors to correlate and

438 views • 12 slides
System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University System Security 2 Security in computer systems Hardware (System)

838 views • 56 slides
Protection and Security Threat is potential security violation Attack is attempt to breach

Protection and Security Threat is potential security violation Attack is attempt to breach

CSC 4103 - Operating Systems The Security Problem Spring 2007 Security must consider external environment of the system, and protect the system resources Lecture - XX Intruders (crackers) attempt to breach security Protection and

195 views • 4 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Overview Security Maintenance Practices and Principles Securing Operating Systems Patches,

Overview Security Maintenance Practices and Principles Securing Operating Systems Patches,

Overview Security Maintenance Practices and Principles Securing Operating Systems Patches, Fixes, Revisions Antivirus Software Post-Install Security Checklist: Windows/UNIX File System Security Issues Chapter 10 User

361 views • 8 slides
System Security System Security Aurlien Francillon francill@eurecom.fr Administrativa...

System Security System Security Aurlien Francillon francill@eurecom.fr Administrativa...

System Security System Security Aurlien Francillon francill@eurecom.fr Administrativa... Administrativa... About me Assistant professor at Eurecom since 2011 Doing security research Embedded systems (MCU, smart phones,...)

1.21k views • 100 slides
Module 20: Security The Security Problem Authentication Program Threats System

Module 20: Security The Security Problem Authentication Program Threats System

Module 20: Security The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption Silberschatz and Galvin 1999 Operating System Concepts 20.1 The Security Problem Security must

155 views • 11 slides
Network and Certificate System Security Requirements Network and Certificate System Security

Network and Certificate System Security Requirements Network and Certificate System Security

Network and Certificate System Security Requirements Network and Certificate System Security Requirements (NCSSR) Effective 1 January 2013 No amendments since passed Included in WebTrust Principles and Criteria for Certification

253 views • 7 slides
Virginia Retirement System Overview Presented to: Commission on Employee Retirement Security and

Virginia Retirement System Overview Presented to: Commission on Employee Retirement Security and

Virginia Retirement System Overview Presented to: Commission on Employee Retirement Security and Pension Reform July 11, 2016 Patricia S. Bishop, VRS Director VRS Overview VRS Total Membership Plan 1 Plan 2 Hybrid* Total 89,979 37,571

597 views • 38 slides
Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and

Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and

Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and Implementation Activities . Joe Weiss, PE, CISM Executive Consultant Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Stuart

947 views • 49 slides
Presentation: Forest Scenario Gene (Jige) Shen EcoMetrix Inc. ON, Canada Scenario Location Scenario

Presentation: Forest Scenario Gene (Jige) Shen EcoMetrix Inc. ON, Canada Scenario Location Scenario

5 th Meeting of the EMRAS II Working Group 8 Environmental Sensitivity 27 28 September 2011 SCK CEN Headquarters Av. Herrmann Debroux 40, 1160 Brussels, Belgium Presentation: Forest Scenario Gene (Jige) Shen EcoMetrix Inc. ON, Canada

158 views • 14 slides
Sound Transit South Bellevue Station Aesthetic Review June 2, 2015 Vicki Scuri SiteWorks 1

Sound Transit South Bellevue Station Aesthetic Review June 2, 2015 Vicki Scuri SiteWorks 1

Sound Transit South Bellevue Station Aesthetic Review June 2, 2015 Vicki Scuri SiteWorks 1 Perspective of Main Entrance 2 Perspective of Kiss and Ride 3 Column Wrap Leaf Patterns Reflect Seasons THERE ARE THREE TYPES OF COLUMN WRAPS, ALL

218 views • 17 slides
Voting in Maines Ranked Choice Election A non-partisan guide to ranked choice elections

Voting in Maines Ranked Choice Election A non-partisan guide to ranked choice elections

Voting in Maines Ranked Choice Election A non-partisan guide to ranked choice elections Summary: What is Ranked Choice Voting? A ranked choice ballot allows the voter to rank order the candidates: first choice, second choice, third

350 views • 19 slides
What Came First? The Ordering of Events in Systems @kavya719 kavya the design of concurrent

What Came First? The Ordering of Events in Systems @kavya719 kavya the design of concurrent

What Came First? The Ordering of Events in Systems @kavya719 kavya the design of concurrent systems Slack architecture on AWS systems with multiple independent actors . threads nodes in a multithreaded program. in a distributed system.

1.01k views • 72 slides
Food & Nutrition Task Force J une 25, 2020 Welcome & Agenda Updates Review

Food & Nutrition Task Force J une 25, 2020 Welcome & Agenda Updates Review

Food & Nutrition Task Force J une 25, 2020 Welcome & Agenda Updates Review scenario planning Breakout rooms for additional input Sharing District Updates 14 18 students per classroom A/B rotating

206 views • 10 slides
CHEESY PUFFS No GMO No maltodextrin No adjuncts No colorants No preservatives No yeast No

CHEESY PUFFS No GMO No maltodextrin No adjuncts No colorants No preservatives No yeast No

Natural & Wholesome Non-GMO Handcrafted in Portland CHEESY PUFFS No GMO No maltodextrin No adjuncts No colorants No preservatives No yeast No natural flavors Blue Cheese Jalapeno cheesy puff INGREDIENTS: Bobs Red Mill

564 views • 10 slides
Management presentation October 2011 Disclaimer NOT FOR RELEASE, DIRECTLY OR INDIRECTLY, IN THE

Management presentation October 2011 Disclaimer NOT FOR RELEASE, DIRECTLY OR INDIRECTLY, IN THE

Management presentation October 2011 Disclaimer NOT FOR RELEASE, DIRECTLY OR INDIRECTLY, IN THE UNITED STATES OF AMERICA, AUSTRALIA, CANADA, JAPAN OR ANY OTHER JURISDICTION WHERE TO DO SO WOULD BE UNLAWFUL. IMPORTANT NOTICE By attending the

552 views • 26 slides
Interactions Between Risk Assessors and Risk Managers Robert L. Buchanan Richard C. Whiting

Interactions Between Risk Assessors and Risk Managers Robert L. Buchanan Richard C. Whiting

Interactions Between Risk Assessors and Risk Managers Robert L. Buchanan Richard C. Whiting Center for Food Safety and Applied Nutrition Food and Drug Administration Risk Analysis Traditionally described as being comprised of three

142 views • 11 slides

More recommend