the dragonbeam framework hardware protected security
play

The DragonBeam Framework: Hardware-Protected Security Modules for - PowerPoint PPT Presentation

Aug 31, 2022 •455 likes •928 views

The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection Man-Ki Yoon, Mihai Christodorescu, Lui Sha, Sibin Mohan University of Illinois at Urbana-Champaign Qualcomm Research Silicon Valley June 6, 2016

  1. The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection Man-Ki Yoon, Mihai Christodorescu, Lui Sha, Sibin Mohan University of Illinois at Urbana-Champaign Qualcomm Research Silicon Valley June 6, 2016

  2. Security Monitoring In-place External Monitoring Monitoring Applicatio Applicatio Applicatio Applicatio n n n n Application Application OS OS The DragonBeam Framework

  3. Security Monitoring In-place External Monitoring Monitoring Applicatio Applicatio Applicatio Applicatio n n n n Application Application OS OS Unsafety of the monitor The DragonBeam Framework

  4. Security Monitoring In-place External Monitoring Monitoring Applicatio Applicatio Applicatio Applicatio n n n n Application Application OS OS Semantic gap Unsafety of the monitor The DragonBeam Framework

  5. DragonBeam Framework Applicatio Applicatio n n Application OS Command/Response Secure Layer Untrusted Layer The DragonBeam Framework

  6. DragonBeam Framework Monitored Core Secure Core Applicatio Applicatio n n Application Secure SecMan Memory OS SKM Command/Response Secure Layer Untrusted Layer The DragonBeam Framework

  7. DragonBeam Framework Monitored Core Secure Core Applicatio Applicatio n n Application Secure SecMan Memory OS SKM Command/Response Secure Layer Untrusted Layer Secure Kernel Module - Performs security monitoring operations - Expands the observability - Protected by Secure Core The DragonBeam Framework

  8. DragonBeam Framework Monitored Core Secure Core Applicatio Applicatio n n Application Secure SecMan Memory OS SKM Command/Response Secure Layer Untrusted Layer Secure Kernel Module Manager - Commands SKM to perform security operations - Analyzes monitored information - Guarantees the integrity and the liveness of SKM The DragonBeam Framework

  9. DragonBeam Framework Monitored Core Secure Core Applicatio Applicatio n n Application Secure SecMan Memory OS SKM Command/Response Secure Layer Untrusted Layer Secure Memory - Secure communication channel between SKM and SecMan - Only accessible by SKM or Secure Core - Also hosts SecMan code/data The DragonBeam Framework

  10. Example Use Case SecMan Time SKM SKM SecMan Secure Data Memory The DragonBeam Framework

  11. Example Use Case SecMan Sends Command Time SKM SKM SecMan check_syscall_table () { send_cmd(CMD_SYSCALL_TABLE); settimer(TIMEOUT); } Secure Data Memory The DragonBeam Framework

  12. Example Use Case SecMan Sends Command Time SKM SKM SecMan check_syscall_table () { 1 send_cmd(CMD_SYSCALL_TABLE); settimer(TIMEOUT); } Secure Data Memory The DragonBeam Framework

  13. Example Use Case SecMan Sends Command Time SKM SKM SecMan skm_ISR () { check_syscall_table () { save sp; 1 send_cmd(CMD_SYSCALL_TABLE); move sp to secure stack; switch (*CMD) { settimer(TIMEOUT); … } 2 case CMD_SYSCALL_TABLE: send_syscall_table(); break; … } restore sp; } Secure Data Memory The DragonBeam Framework

  14. Example Use Case SecMan Sends Command Time Collects Information SKM SKM SecMan skm_ISR () { check_syscall_table () { save sp; 1 send_cmd(CMD_SYSCALL_TABLE); move sp to secure stack; switch (*CMD) { settimer(TIMEOUT); … } 2 case CMD_SYSCALL_TABLE: send_syscall_table(); break; … } 3 restore sp; } Secure Data Memory send_syscall_table () { get cur_syscall_table; for each entry i write cur_syscall_table[i]; response_ready(); } The DragonBeam Framework

  15. Example Use Case SecMan Sends Command Time Collects Information SKM SKM SecMan skm_ISR () { check_syscall_table () { save sp; 1 send_cmd(CMD_SYSCALL_TABLE); move sp to secure stack; switch (*CMD) { settimer(TIMEOUT); … } 2 case CMD_SYSCALL_TABLE: send_syscall_table(); break; … } 3 restore sp; } 4 Secure Data Memory send_syscall_table () { get cur_syscall_table; for each entry i write cur_syscall_table[i]; response_ready(); } The DragonBeam Framework

  16. Example Use Case SecMan Sends Command Analyzes Data Time Collects Information SKM SKM SecMan skm_ISR () { check_syscall_table () { save sp; 1 send_cmd(CMD_SYSCALL_TABLE); move sp to secure stack; switch (*CMD) { settimer(TIMEOUT); … } 2 case CMD_SYSCALL_TABLE: send_syscall_table(); break; … recv_syscall_table () { } 3 5 cleartimer(TIMEOUT); restore sp; } retrieve current syscall table; for each entry i 4 if (cur.table[i]!=org.table[i]) Secure Data Memory send_syscall_table () { Raise alert! get cur_syscall_table; } for each entry i write cur_syscall_table[i]; response_ready(); } The DragonBeam Framework

  17. Challenges Monitored Core Secure Core Applicatio Applicatio n n Application Secure SecMan Memory OS SKM Command/Response • SKM identification • Secure memory access control • SKM integrity and liveness guarantee The DragonBeam Framework

  18. SKM Registration SKM .text • Requested by SKM, verified by SecMan Base address • Calculates a hash of SKM’s code • Directly from physical frames SKM Size Page SecMan SKM Size SKM Loading Virtual Address Space Registration request Page table Information Page Table Hierarchy Physical Address Space The DragonBeam Framework

  19. SKM Registration SKM .text • Requested by SKM, verified by SecMan Base address • Calculates a hash of SKM’s code • Directly from physical frames SKM Size Page SecMan SKM Size SKM Loading Virtual Address Space Registration request Find phys. frames of Page table SKM .text Information Page Table Hierarchy SKM .text Physical Frames Physical Address Space The DragonBeam Framework

  20. SKM Registration SKM .text • Requested by SKM, verified by SecMan Base address • Calculates a hash of SKM’s code • Directly from physical frames SKM Size Page SecMan SKM Size SKM Loading Virtual Address Space Registration request Find phys. frames of Page table SKM .text Information Page Table Hierarchy Calculate the hash SKM .text of SKM .text Physical Frames Match Not Begin Halt and operations alarm Physical Address Space The DragonBeam Framework

  21. Secure Memory Access Control • Who initiated memory transaction? • Use the current program counter and page mapping information Secure Memory RAM Array Registered .text info Program Within Counter Monitored SKM .text? Core Page Table Same with the Base registered one? Address Registered Page Malicious SKM Table info Module The DragonBeam Framework

  22. Secure Memory Access Control • What if attacker modifies SKM’s page mapping? Physical Address Space Page Table Hierarchy Virtual Address Space SKM .text Physical Base Frames PC Size PC The DragonBeam Framework

  23. Secure Memory Access Control • What if attacker modifies SKM’s page mapping? Physical Address Space Page Table Hierarchy Virtual Address Space SKM .text Physical Base Frames PC Size PC Page Table Hierarchy PC Altered Malicious Module’s Physical Frames The DragonBeam Framework

  24. Secure Memory Access Control • What if attacker modifies SKM’s page mapping? • Solution : Regularly translate virt-to-phys address and verifies SKM .text hash Physical Address Space Page Table Hierarchy Virtual Address Space SKM .text Physical Base Frames PC Size PC Page Table Hierarchy PC Altered Malicious Module’s Physical Frames The DragonBeam Framework

  25. Heartbeat and Hashing • Heartbeat • Checks if SKM is alive • Only SKM can respond Timeout SecMan Requests for HB Receives HB Sends HB SKM Time The DragonBeam Framework

  26. Heartbeat and Hashing • Heartbeat • Checks if SKM is alive • Only SKM can respond Timeout SecMan Requests for HB Receives HB Sends HB SKM Time • SKM .text hashing • Checks if SKM’s code and page mapping have not been altered The DragonBeam Framework

  27. Random Check Intervals • To prevent TOCTTOU (Time Of Check To Time Of Use) attacks • Attacker cannot guess the pattern of checks SKM SKM SKM SKM SecMan HB HB HS HB HS HB HS OP OP OP OP SKM SKM SKM HB HB OP OP Time SKM Operation Heartbeat Hashing SKM HB HS (Request/Send/Receive) SKM .text OP (Send/Response/Analysis) The DragonBeam Framework

  28. Implementation • Leon3 processor on Xilinx ZC702 FPGA Leon3 Core 1 Leon3 Core 2 • SPARC V8, soft-core (Monitored Core) (Secure Core) AHBRAM • 83.3 MHz Secure Memory • 256 MB Instruction Instruction Secure Pipeline Pipeline SecMan PC PC Data/Stack Controller Unused MMU MMU CTP CTP Base Access Size Control CTP AMBA AHB BUS AHB2AXI AHB2APB Bridge Bridge Multiprocessor SKM Main Interrupt Memory Linux Controller IRQ IRQ The DragonBeam Framework

  29. Implementation • Leon3 processor on Xilinx Leon3 on-chip SRAM (128KB) ZC702 FPGA Leon3 Core 1 Leon3 Core 2 • SPARC V8, soft-core (Monitored Core) (Secure Core) AHBRAM • 83.3 MHz Secure Memory • 256 MB Instruction Instruction Secure Pipeline Pipeline SecMan PC PC Data/Stack Controller Unused MMU MMU CTP CTP Base Access Size Control CTP AMBA AHB BUS AHB2AXI AHB2APB Bridge Bridge Multiprocessor SKM Main Interrupt Memory Linux Controller IRQ IRQ The DragonBeam Framework

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware pentester Who am I ? Julien Moinard - Electronic engineer @opale-security (French company) - Security consultant, Hardware & SoDware pentester -

803 views • 40 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Why W3C needs to Remain Neutral and Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just: Image source: halfelf.org It is about decentralizing ID validation and key storage (my religion)

522 views • 16 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. These

977 views • 34 slides
Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB https://github.com/secworks IT security Embedded systems ASIC, FPGA Biometrics Open Crypto Hardware CPU design Assembly hacking Hardware Security

896 views • 50 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER / engineers Hardware security for embedded systems: memory and communication protection Arithmetic Tradeoffs on Performance/Cost/Security secure

310 views • 14 slides
for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1

for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1

Attacker Models for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1 Security-sensitive hardware: examples 2 Naive attacker model Attacks on communication channels exploiting lousy crypto or insecure

904 views • 45 slides
Bermuda Protected Species, Protected Areas & Climate Change Lagoon is approximately 750 km

Bermuda Protected Species, Protected Areas & Climate Change Lagoon is approximately 750 km

Bermuda Protected Species, Protected Areas & Climate Change Lagoon is approximately 750 km 2 Islands are 54 km 2 Population 64,237 (2010 census) Giving a population density of 1,190 people per km 2 Biodiversity Framework in Bermuda

1.38k views • 20 slides
CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec

CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec

CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec @CHIPSEC Wha What is is Pl Platform rm Se Secu curi rity? ty? Hardware Implementation and Configuration Available Security Features

695 views • 20 slides
Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

703 views • 46 slides
Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) & Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides
P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d

P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d

P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d bi t d bi t i t i f f Id Id tit T tit T t t RISE - Awareness of Biometrics and Security Ethics y By Nicolas DELVAUX

625 views • 20 slides
BOOM Analy*cs: Exploring Data-Centric, Declara*ve Programming for

BOOM Analy*cs: Exploring Data-Centric, Declara*ve Programming for

BOOM Analy*cs: Exploring Data-Centric, Declara*ve Programming for the Cloud Neil Conway* hEp://boom.cs.berkeley.edu Joint work with Peter Alvaro*, Tyson Condie*,

444 views • 43 slides
The Google File System Presented by: Alexa Leal Architecture the basic idea Question: 1. GFS

The Google File System Presented by: Alexa Leal Architecture the basic idea Question: 1. GFS

The Google File System Presented by: Alexa Leal Architecture the basic idea Question: 1. GFS does not cache file data. Why does this design choice not lead to performance loss? Single Master Clients never read or write to the master

260 views • 13 slides
The Comerica U.S. Economic Outlook A Taxonomy of Economic Risk Factors for 2017 Robert A. Dye

The Comerica U.S. Economic Outlook A Taxonomy of Economic Risk Factors for 2017 Robert A. Dye

The Comerica U.S. Economic Outlook A Taxonomy of Economic Risk Factors for 2017 Robert A. Dye Ph.D. Chief Economist, Comerica Bank September 2016 A Taxonomy of Economic Risk Factors Unknown Knowns Unknown Unknowns Standard economic metrics

194 views • 18 slides
Failure Detection and Propagation in HPC systems George Bosilca 1 , Aurlien Bouteiller 1 , Amina

Failure Detection and Propagation in HPC systems George Bosilca 1 , Aurlien Bouteiller 1 , Amina

Failure Detection and Propagation in HPC systems George Bosilca 1 , Aurlien Bouteiller 1 , Amina Guermouche 1 , Thomas Hrault 1 , Yves Robert 1 , 2 , Pierre Sens 3 and Jack Dongarra 1 , 4 1 . University Tennessee Knoxville 2 . ENS Lyon, France 3

644 views • 48 slides
The CQL Con*nuous Query Language: Seman*c Founda*ons and Query

The CQL Con*nuous Query Language: Seman*c Founda*ons and Query

The CQL Con*nuous Query Language: Seman*c Founda*ons and Query Execu*on Arvind Arasu, Shivnath Babu, Jennifer Widom Presented by: Young-Rae Kim

580 views • 44 slides
Theory of Everything Norman R. Howes & John A. Howes August, 2013 The Temporal Logic of

Theory of Everything Norman R. Howes & John A. Howes August, 2013 The Temporal Logic of

A Topological / Modal Logic Theory of Everything Norman R. Howes & John A. Howes August, 2013 The Temporal Logic of Behaviors (TLB) The Logic used in the IEEE Computer Societys series of books on distributed system software engineering.

495 views • 10 slides
FPGA Reliability Evaluation Aitzan Sari, Vasileios Vlagkoulis, Mihalis Psarakis Dept. of

FPGA Reliability Evaluation Aitzan Sari, Vasileios Vlagkoulis, Mihalis Psarakis Dept. of

Workshop on Open-Source Design Automation for FPGAs An Open-Source Framework for Xilinx FPGA Reliability Evaluation Aitzan Sari, Vasileios Vlagkoulis, Mihalis Psarakis Dept. of Informatics, University of Piraeus, Greece Motivation FPGAs

414 views • 16 slides
Traveler @ FRIB Dong Liu (liud@frib.msu.edu) Software Engineer This material is based upon work

Traveler @ FRIB Dong Liu (liud@frib.msu.edu) Software Engineer This material is based upon work

Traveler @ FRIB Dong Liu (liud@frib.msu.edu) Software Engineer This material is based upon work supported by the U.S. Department of Energy Office of Science under Cooperative Agreement DE-SC0000661, the State of Michigan and Michigan State

435 views • 16 slides

More recommend