Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science.

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

Runahead Execution: An Alternative to Very Large Instruction Windows for Out-of-order Processors Onur Mutlu, The University of Texas at Austin Jared Start,

Overcoming an UNTRUSTED COMPUTING BASE: Detecting and Removing Malicious Hardware Automatically Matthew Hicks Murph Finnicum Samuel T. King University.

RISC and Pipelining Prof. Sin-Min Lee Department of Computer Science.

Mehmet Can Vuran, Instructor University of Nebraska-Lincoln Acknowledgement: Overheads adapted from those provided by the authors of the textbook.

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

Lecture Objectives: 1)Define pipelining 2)Calculate the speedup achieved by pipelining for a given number of instructions. 3)Define how pipelining improves.

Department of Computer Science iGPU: Exception Support and Speculative Execution on GPUs Jaikrishnan Menon, Marc de Kruijf Karthikeyan Sankaralingam Vertical.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Chapter 6 Security Kernels.

Helper Threads via Virtual Multithreading on an experimental Itanium 2 processor platform. Perry H Wang et. Al.

Architecture Support for Security Peter Chapman Michael Maass.

Chapter 4: The Building Blocks: Binary Numbers, Boolean Logic, and Gates Invitation to Computer Science, Java Version, Third Edition.

Pipelining Andreas Klappenecker CPSC321 Computer Architecture.

Pipelined Processor II CPSC 321 Andreas Klappenecker.

Computer Organization and Assembly language

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Cisc Complex Instruction Set Computing By Christopher Wong 1.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Topics Introduction Hardware and Software How Computers Store Data

Computing hardware CPU.

Computer Architecture Project Team A Sergio Rico, Ertong Zhang, Vlad Chiriacescu, ZhongYin Zhang.

15-740/ Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property.

Design of a RISC Processor Compatible with ARM Instruction Set AHMET GÜRHANLI LAB: BL405 SUPERVISER: 陳中平教授.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt In ACM CCS’05.

What have mr aldred’s dirty clothes got to do with the cpu

Chapter 2 Parallel Architecture. Moore’s Law The number of transistors on a chip doubles every years. – Has been valid for over 40 years – Can’t.

An Object-Oriented Approach to Programming Logic and Design Fourth Edition Chapter 6 Using Methods.

The Central Processing Unit (CPU) and the Machine Cycle.

Information Security What is Information Security?

1 Designing a Pipelined Processor In this Chapter, we will study 1. Pipelined datapath 2. Pipelined control 3. Data Hazards 4. Forwarding 5. Branch Hazards.

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.

Processor Architecture

Pipelining and Parallelism Mark Staveley

Operating Systems Security

Security Vulnerabilities in A Virtual Environment

CENTRAL PROCESSING UNIT. CPU Does the actual processing in the computer. A single chip called a microprocessor. Composed of an arithmetic and logic unit.

Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.

Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :

Advanced Topics: Prefetching ECE 454 Computer Systems Programming Topics: UG Machine Architecture Memory Hierarchy of Multi-Core Architecture Software.

Lecture 9. MIPS Processor Design – Pipelined Processor Design #1 Prof. Taeweon Suh Computer Science Education Korea University 2010 R&E Computer System.

CHAPTER 2 Instruction Set Architecture 3/21/

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

1.3 Operating system services An operating system provide services to programs and to the users of the program. It provides an environment for the execution.

Computer Science Infrastructure Security for Virtual Cloud Computing Peng Ning 04/08/111BITS/ Financial Services Roundtable Supported by the US National.

PipeliningPipelining Computer Architecture (Fall 2006)

Computer System Structures

GCSE Computing - The CPU

Invitation to Computer Science, C++ Version, Fourth Edition

Security Virtualization

Computer Organization CS224

OCR GCSE Computer Science Teaching and Learning Resources

nZDC: A compiler technique for near-Zero silent Data Corruption

Bruhadeshwar Meltdown Bruhadeshwar

Computer Architecture 2

Teaching Computing to GCSE

Defending against malicious hardware

Bastion secure processor architecture

AEGIS: Secure Processor for Certified Execution

Hyesoon Kim Onur Mutlu Jared Stark* Yale N. Patt

Chapter 1 Introduction.

1-2 – Central Processing Unit

Sai Krishna Deepak Maram, CS 6410

GCSE Computing - The CPU

Lois Orosa, Rodolfo Azevedo and Onur Mutlu

Presentation transcript:

Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science Columbia University 1

Modern Hardware is Complex Modern systems built on layers of hardware Complexity increases risk of backdoors More hands Easier to hide A significant vulnerability Hardware is the root of trust All hardware and software controlled by microprocessors Applications OS Hypervisor Motherboard/ Slave Chips CPU

Prior Work and Scope Microprocessor design stages Prior work focuses on back end More immediate threat Example: IC fingerprinting [Agrawal et al., 2007] Front end is the extreme root Common assumption: golden model from front end Focus of this work High Level Design Specification Design Validation Physical Design Tapeout/ Fabrication Deployment Back EndFront End

Key Idea: Use Inherent Division of Work Bob Nice Guy Donates $100 Eric Evil Accountant Steals $10 Alice Charity President Receives $90 Thank you, Bob, for your $90 FetchDecodeExecute Microprocessor Pipeline Stages Analogue (Bob)(Eric)(Alice)

Outline Taxonomy Ticking Timebombs, Cheat Codes, Emitters, Corrupters Solutions TrustNet and DataWatch Results Correctness, Coverage and Costs Future Work

Taxonomy of Attacks Backdoor = Trigger + Payload Trigger: Turns on an attack Payload: Malicious, illegal action TriggersDataTime PayloadsEmitterCorrupter

Taxonomy of Attacks: Triggers TriggersDataTime

Taxonomy of Attacks: Payloads Emitter Attacks Extra malicious events Separate from normal events PayloadsEmitterCorrupter Corrupter Attacks No extra malicious events Normal instructions altered

Taxonomy of Attacks: Summary Emitter Timebomb Corrupter Timebomb Emitter Cheatcode Corrupter Cheatcode

Assumptions Large design team Each designer works on one unit or part of one Security add-ons cannot be done by one member Full knowledge Attacker has complete access to all design specifications Attacker also knows about additional security mechanism Equal distrust Any one designer/unit may be evil Security add-ons may contain backdoors

Outline Taxonomy Ticking Timebombs, Cheat Codes, Emitters, Corrupters Solutions TrustNet and DataWatch Results Correctness, Coverage and Costs Future Work

Sample Emitter Backdoor Consider a malicious instruction decoder Decoder emits instructions not in the original program Execution unit faithfully executes them Fetch DecodeExecute Spurious Output

TrustNet Predictor and Reactor monitor the Target Division of work prevents one bad guy from breaking two units Scaling to larger number increases design complexity PredictorReactor Target add $r1, $r2, $r3 Fetch Decode Execute

Corrupter Backdoors Bob Still nice Donates $100 Eric Evil (and smarter) Converts to Canadian $ Alice Still president Fooled by Eric’s C$100 Thank you, Bob, for your C$100

DataWatch Scaled up version of TrustNet Multiple bit messages Confirms types of messages (instead of just yes/no) PredictorReactor Target add $r1, $r2, $r3 Fetch Decode Execute SUB $r1, $r2, $r3 STOP

Outline Taxonomy Ticking Timebombs, Cheat Codes, Emitters, Corrupters Solutions TrustNet and DataWatch Results Correctness, Coverage and Costs Future Work

Experimental Context, Correctness, Costs Context Simplified OpenSPARC T2 Correctness Designed attacks No false positives or negatives Costs Low area overhead (2 KB per core) No performance impact How to measure coverage?

18 Units with a core Paper has plots for other units at a chip level Coverage: Vulnerability Space

19 Coverage Visualization WARNING: This is an approximate vizualization 19

Summary and Future Work Strengthen root of trust: microprocessors Hardware-only solution. No perf impact, low area overhead Security add-on highly resilient to corruption Provided attack taxonomy, method to characterize attack space Applicability of TrustNet & DataWatch Covered: pipelines, caches and content associative memory Not covered: ALU, microcode, power mgmt., side-channels Moving Forward Expand coverage Out-of-order processors Motherboard components Design automation tools Reaction to errors Applying techniques for reliable execution First steps toward a secure trusted hardware w/ untrusted units ✔ Thank You! and Questions?