what s necessary to establish malware freedom
play

Whats Necessary to Establish Malware Freedom Unconditionally? - PowerPoint PPT Presentation

Dec 20, 2023 •170 likes •397 views

Whats Necessary to Establish Malware Freedom Unconditionally? Virgil D. Gligor ECE and CyLab Carnegie Mellon University Pittsburgh, PA 15213 FCS Workshop Boston June 22, 2020 06/22/2020 1 Outline I. Background - adversary: persistent

  1. What’s Necessary to Establish Malware Freedom Unconditionally? Virgil D. Gligor ECE and CyLab Carnegie Mellon University Pittsburgh, PA 15213 FCS Workshop Boston June 22, 2020 06/22/2020 1

  2. Outline I. Background - adversary: persistent malware & its remote controller - malware-free state? unconditionally ? - a sufficient solution for the cWRAM model II. What’s necessary on real systems ? - external verifiers and challenge functions challenge functions: - optimal space-time bounds (m. t) - unique (m, t) bounds for code - target claw free within (m, t) bounds III. Q & A 06/22/2020 2

  3. I. Background V. Gligor and M. Woo, “ Establishing Software Root of Trust Unconditionally ,” in Proc. of NDSS , San Diego, CA. 2019. (full length paper - CyLab TR 2018 -003 , Nov. 2018) V. Gligor, “ A Rest Stop on the Unending Road to Provable Security ” in Proc. of SPW , Cambridge University, UK, 2019 (article and transcript of discussion) 06/22/2020 3

  4. CPU 0 Baseboard GPU CPU 1 controller Memory 1 Memory 0 CPU R M RAM Bus System CPU 4 CPU 2 remote controller Memory 4 Memory 2 persistent malware NIC CPU 3 - survives power cycles, trusted boots, and re-flashing Disk controller - under security monitors & anti-malware tools Memory 3 Don’t - no observable (hyper)properties USB controller Care 06/22/2020 4

  5. Adversary: persistent malware & its remote controller 06/22/2020 5

  6. persistent malware can - extract all software secrets stored on its computer - modify all SW/FW; e.g., at system initialization - read/write all I/O channels & communicate with remote controller - adaptively modify programs and data & execute any function on chosen input but - cannot access the processors & storage (e.g., random bits) of a connected system remote controller can - exercise all attacks that implant persistent malware on remote system - communicate with & control persistent malware - use unbounded computation power: e.g., break all complexity-based crypto but - cannot predict Nature’s throw of fair dice . . . or random bits of an QRNG - cannot modify a system’s HW 06/22/2020 6

  7. Malware-free states? Unconditionally? 06/22/2020 7

  8. Persistent malware has no externally observable (hyper)properties Q : How can malware-free states be established (w/o taking the system apart) ? A: RoT state (“ all and only chosen content ”) => malware-free state RoT failure => detect malware execution or unaccounted content ` (e.g., malware caused), or both Unconditional Establishment of RoT State - no secrets, no trusted HW modules, no bounds on remote adversary’s power - need only truly random bits & HW specifications 06/22/2020 8

  9. A Sufficient Solution on the cWRAM CPU General Purpose Regs processor state R Device random Specs bits M Initialize m-t optimal code nonce External C m,t v C nonce ß Verifier C nonce ( v )? unique & target claw free t ? OK => RoT on malware-free Device 9 06/22/2020

  10. Overview: cWRAM ISA++ - Constants: w -bit word , up to 2 operands /instruction - Constants: w -bit word , up to 2 operands /instruction instructions execute in unit time ; no cycles, frequency, voltage, current, … instructions execute in unit time ; no cycles, frequency, voltage, current, … - Memory : M words - Memory : M words - Processor registers : GPRs, PC, PSW, Special Processor Registers R - Processor registers : GPRs, PC, PSW, Special Processor Registers R - Addressing : immediate, relative, direct, indirect - Addressing : immediate, relative, direct, indirect - Architecture features: caches, virtual memory, TLBs, pipelining, multi-core processors - Architecture features: caches, virtual memory, TLBs, pipelining, multi-core processors - ISA: all (un)signed integer instructions M M - All Loads, Stores, Register transfers - All Unconditional & Conditional Branches, all branch types - all predicates with 1 or 2 operands - Halt - All Computation Instructions : - addition, subtraction, logic, shift r/l (R i , α), rotate r/l (R i , α), . . . - variable shift r/l (R i , R j ), variable rotate r/l (R i , R j ), . . . - multiplication (1 register output). . . - mod (aka., division-with-remainder) . . . 06/22/2020 10

  11. random What is a nonce? bits C m,t on cWRAM? { r 0 …r k-1 ,x } Z p $ nonce k-1 0 v i ) Ÿ x i (mod p ), s i = Σ r j (i+1) j (mod p ) H r 0 …r k-1 ,x( v ) = Σ + ( s i j = 0 d = | v |-1 i = d k-independent (almost) universal hash functions randomized polynomial family H r 0 …r k-1 ,x( v ) = H d,k,x ( v ) unique m-t optimal bounds on cWRAM code: m = k + 22, t = (6 k - 4)6 d (m’,t’) “<“ ( m , t ) => Pr [ nonce, f , y : f ( y ) = H d,k,x ( v ) | (m’,t’) ] ≤ 3 Ε Ε p target claw free within the m-t bounds 06/22/2020 11

  12. II. What’s necessary on real systems ? untrusted CPU-Memory System trustworthy challenge function executes C nonce Î { C m,t } selection: External nonce on input v Verifier { C m,t } satisfies: measurement: N 1 system response N 2 N 3 N 4 N 1 : existence of external verifier & challenge function N 2 : find a concrete space-time optimal bound: ( m,t ) N 3 : ( m,t ) is unique for program code N 4 : target claw free within ( m,t ) 06/22/2020 12

  13. (un)trusted? no 1. external verifiers system challenge & challenge functions function External proof of Observer malware freedom ? untrusted system 2 Protocols for n Detectable Properties establish => all n systems are trusted untrusted system 1 abort => ≤ n -1 systems are untrusted Detectable malware free? Property system 3 untrusted 13 06/22/2020

  14. (un)trusted? no 1. external verifiers system challenge & challenge functions function External proof of Observer malware freedom ? untrusted system 2 Necessity trustworthy? trustworthy system 1 challenge Unconditionally Detectable External malware function Byzantine Agreement Verifier for Broadcast free? system with probability 1 - ε response malware-free probability ≥ 1 - ε system 3 untrusted Legend : synchronous private channel 14 06/22/2020

  15. (un)trusted? no 1. external verifiers system challenge & challenge functions function External proof of Observer malware freedom ? untrusted system 2 Necessity trustworthy? trustworthy system 1 challenge Unconditionally Detectable External malware function Byzantine Agreement for Verifier Rational Consensus free? system with probability 1 - ε response malware-free probability ≥ 1 - ε system 3 untrusted Legend : synchronous private channel 15 06/22/2020

  16. (un)trusted? no 1. external verifiers system challenge & challenge functions function External proof of Observer malware freedom ? untrusted system 2 Necessity trustworthy? trustworthy system 1 challenge Traditional External malware function Consensus Verifier free? with crashes system response system 3 untrusted Legend : synchronous private channel 16 06/22/2020

  17. 2. find space-time bounds trusted untrusted trustworthy trustworthy system/simulator system challenge challenge External External malware function function Verifier Verifier malware free? baseline actual free C nonce (v) result baseline measurement C nonce (v) = result & = minimum amount of resources used by C nonce baseline = actual? to prevent malware running or hiding const const 37°C current, voltage, frequency, cc, temperature power time E sys ( C nonce ) E sys (C nonce ) measurement accuracy => a specific system initialization & choice of C nonce min E sys (C nonce ) => min. space-time bounds => lower (m,t) bounds = optimal (m,t) bounds min E sys (C nonce ) <≠ optimal (m,t) bounds 06/22/2020 17

  18. 2. find space-time bounds trusted trustworthy system/simulator challenge External function Verifier malware baseline free C nonce (v) baseline measurement min E sys for single core CPUs [DeVogeleer, et al. 2017] ~ mem size const ε const 0 0 E sys,i = (P cpu,i + P drop,i + P back ) · cc i · (1/(f – f k ) + β). for specific system initialization & choice of C nonce E sys (C nonce ) = Σ i E sys,i = ( P cpu,i + P back ) · cc i · (1/f + ε ) const min E sys (C nonce ) => min cc i & min mem size => lower (m,t) bounds = optimal (m,t) bounds min E sys (C nonce ) <≠ optimal (m,t) bounds of C nonce 06/22/2020 18

  19. 3. unique m-t bounds for C m,t program code execution execution time time verifier requests cWRAM initialization T T C m,T C m,T code code malware performs time C mem,time its initialization t+δt code t C M,t M – m C M,t input u’ input u code on disk code mem m +|u| M +|u| m M memory memory space space 3 space-time optimal program families C M,t δt = time to transfer M – m to/from disk T / t > 1 + δ , 0 < δ < 1; T / t > 3 in practice a) single choice : C m,t ; e.g., ( M,t ) b) C m,t = second pre-image free: u’ ≠ u => C nonce (u’) ≠ C nonce (u), whp . c) C m,t code identity in (m,t) : C nonce code in v => C nonce ( v ) is unique in (m,t), whp . 06/22/2020 19

  20. 4. target claw-free in (m,t) untrusted system nonce persistent malware remote adversary y round-trip C nonce Î { C m,t } time T v trustworthy f nonce input v C nonce ( v ) = r External C nonce response Verifier v r r, (m,t) C nonce Î { C m,t } f i , f j Î { F }, not arbitrary x j poly time f j => hardness conjectures f i and/or secrets x i r on any system 06/22/2020 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

540 views • 42 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

567 views • 22 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Elements of Typographic Freedom A GUIDE FOR FONT USERS Degrees of Typographic Freedom

Elements of Typographic Freedom A GUIDE FOR FONT USERS Degrees of Typographic Freedom

CHRISTOPHER ADAMS NEW YORK Elements of Typographic Freedom A GUIDE FOR FONT USERS Degrees of Typographic Freedom AVAILABILITY, FOR SALE e.g. ITC, BITSTREAM Freedom to Own GRATIS FONTSHOP, STORM TYPE Freedom to Use PDF, WEBFONTS

671 views • 23 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

496 views • 48 slides
Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

DeepSec IDSC Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware Adventures Agenda INTRODUCTION ANDROID MALWARE COMMAND &amp; CONTROL QUESTIONS &amp; ANSWERS 2 1 2 3 4 Android Malware

1.01k views • 64 slides
Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University Malware Defense Agenda 2 Two lectures Lecture I : Malware basics, malware on the PC,

621 views • 40 slides
FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for Malware Amount of malware is growing exponentially Anti-virus and signature based approaches are reactionary, dont work for novel malware

127 views • 11 slides
thought, persons religion or belief in worship, observance, practice and teaching,

thought, persons religion or belief in worship, observance, practice and teaching,

Freedom of religion and freedom of expression: Balancing rights Carolyn Evans, Vice-Chancellor (1) Everyone has the right to freedom of thought, conscience, religion or belief including a) A freedom to have or adopt a Section 20:

1.08k views • 13 slides
CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is software that aids in gathering A virus is a computer program that is information about a person or organization capable of making copies of itself

716 views • 56 slides
What Constitutes a Useful Theory Result? J.J. Garcia-Luna-Aceves University of California Santa

What Constitutes a Useful Theory Result? J.J. Garcia-Luna-Aceves University of California Santa

What Constitutes a Useful Theory Result? J.J. Garcia-Luna-Aceves University of California Santa Cruz (UCSC) jj@soe.ucsc.edu What Is Network Theory? fundamental limits Lower-bound Upper-bound logic analytical models simulations

270 views • 8 slides
Quadratic differential systems possessing invariant ellipses: a complete classification in the

Quadratic differential systems possessing invariant ellipses: a complete classification in the

Quadratic differential systems possessing invariant ellipses: a complete classification in the space R 12 Nicolae Vulpe Institute of Mathematics and Computer Science (Moldova) a work in common with R. D. S. Oliveira, A. C. Rezende Instituto de

970 views • 50 slides
For Thursday Finish chapter 12 No written homework Program 3 Any questions? Problems

For Thursday Finish chapter 12 No written homework Program 3 Any questions? Problems

For Thursday Finish chapter 12 No written homework Program 3 Any questions? Problems with Probabilistic Reasoning If no assumptions of independence are made, then an exponential number of parameters is needed for sound

791 views • 41 slides
Uniprocessor Scheduling under Precedence Constraints PARADES PARADES G.E.I.E. Massimo Baleani,

Uniprocessor Scheduling under Precedence Constraints PARADES PARADES G.E.I.E. Massimo Baleani,

Uniprocessor Scheduling under Precedence Constraints PARADES PARADES G.E.I.E. Massimo Baleani, Alberto Ferrari, Leonardo Mangeruca, Alberto Sangiovanni-Vincentelli PARADES Outline The meaning of precedence constraints Motivating

385 views • 14 slides
Joining data: a real- world necessity PAN DAS JOIN S F OR S P READS H EET US ERS John Miller

Joining data: a real- world necessity PAN DAS JOIN S F OR S P READS H EET US ERS John Miller

Joining data: a real- world necessity PAN DAS JOIN S F OR S P READS H EET US ERS John Miller Principal Data Scientist Pandas for spreadsheet users Learn based on similarities to spreadsheets Understand the power and exibility of pandas

621 views • 24 slides
Choice theory Michel Bierlaire michel.bierlaire@epfl.ch Transport and Mobility Laboratory

Choice theory Michel Bierlaire michel.bierlaire@epfl.ch Transport and Mobility Laboratory

Choice theory Michel Bierlaire michel.bierlaire@epfl.ch Transport and Mobility Laboratory Choice theory p. 1/26 Framework Choice: outcome of a sequential decision-making process Definition of the choice problem: How do I get to EPFL?

494 views • 26 slides
Humans, Machine, and the Future of Work Moshe Y. Vardi Rice University Houston, TX, USA

Humans, Machine, and the Future of Work Moshe Y. Vardi Rice University Houston, TX, USA

Humans, Machine, and the Future of Work Moshe Y. Vardi Rice University Houston, TX, USA vardi@cs.rice.edu Follow me on social media! Where Are The Jobs? The Great Coupling The Great Decoupling The Neoluddites J. Sachs and L. Kotlikoff

873 views • 25 slides
Combinatorial Methods for Modelling Composed Software Systems Ludwig Kampel, Bernhard Garn and

Combinatorial Methods for Modelling Composed Software Systems Ludwig Kampel, Bernhard Garn and

Combinatorial Methods for Modelling Composed Software Systems Ludwig Kampel, Bernhard Garn and Dimitris E. Simos SBA Research, Austria 6th International Workshop on Combinatorial Testing (IWCT 2017) Waseda University, Nishiwaseda Campus,

968 views • 69 slides

More recommend