Runtime Protection via Dataflow Flattening Bertrand Anckaert Ghent University/ Boston Consulting Group The Third International Conference on Emerging Security.

Slides:



Advertisements
Similar presentations
Algorithms and data structures
Advertisements

HARDWARE SOFTWARE PARTITIONING AND CO-DESIGN PRINCIPLES MADHUMITA RAMESH BABU SUDHI PROCH 1/37.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
Dynamic Memory Allocation (also see pointers lectures) -L. Grewe.
Iterated Transformations and Quantitative Metrics for Software Protection International Conference on Security and Cryptography SECRYPT 2009 July 7-10,
Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Randomized Radon Transforms for Biometric Authentication via Fingerprint Hashing 2007 ACM Digital Rights Management Workshop Alexandria, VA (USA) October.
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.
Cpeg421-08S/final-review1 Course Review Tom St. John.
Run-Time Storage Organization
1 Reducing Generational Copy Reserve Overhead with Fallback Compaction Phil McGachey and Antony L. Hosking June 2006.
Overview of program analysis Mooly Sagiv html://
The Superdiversifier: Peephole Individualization for Software Protection Mariusz H. Jakubowski Prasad Naldurg Chit Wei (Nick) Saw Ramarathnam Venkatesan.
1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.
Software Uniqueness: How and Why? Puneet Mishra Dr. Mark Stamp Department of Computer Science San José State University, San José, California.
Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Chapter 7: Runtime Environment –Run time memory organization. We need to use memory to store: –code –static data (global variables) –dynamic data objects.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.
BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.
KEVIN COOGAN, GEN LU, SAUMYA DEBRAY DEPARTMENT OF COMUPUTER SCIENCE UNIVERSITY OF ARIZONA 報告者:張逸文 Deobfuscation of Virtualization- Obfuscated Software.
Exploiting SIMD parallelism with the CGiS compiler framework Nicolas Fritz, Philipp Lucas, Reinhard Wilhelm Saarland University.
Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaoton Zhuang, Tao Zhang, Hsien-Hsin S. Lee, Santosh Pande HIDE: An Infrastructure.
Mitigation of Buffer Overflow Attacks
Branch Regulation: Low-Overhead Protection from Code Reuse Attacks.
{ Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Cristiano Giuffrida, Anton Kuijsten & Andrew S.Tanenbaum.
1 Memory Management Requirements of memory management system to provide the memory space to enable several processes to execute concurrently to provide.
Pointers review Let a variable aa be defined as ‘int *aa;’, what is stored in aa? Let a variable aa be defined as ‘int ** aa;’ what is stored in aa? Why.
Computation and data migration in an embedded many-core SoC January Matthieu BRIEDA Anca MOLNOS Julien.
Compiler Principles Fall Compiler Principles Lecture 0: Local Optimizations Roman Manevich Ben-Gurion University.
Memory Management Operating Systems CS550. Memory Manager Memory manager - manages allocation and de-allocation of main memory Plays significant impact.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
Program Obfuscation: A Quantitative Approach Presented by: Mariusz Jakubowski Microsoft Research Third Workshop on Quality of Protection October 29 th,
Raccoon: Closing Digital Side- Channels through Obfuscated Execution Author: Ashay Rane, Calvin Lin, Mohit Tiwari Presenter: Rongdong Chai.
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.
Software Tamper Resistance: Obstructing Static Analysis of Programs Chenxi Wang, Jonathan Hill, John Knight, Jack Davidson at university of Virginia This.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto Memory Management Overview.
1 Pintos Virtual Memory Management Project (CS3204 Spring 2006 VT) Yi Ma.
Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.
CS412/413 Introduction to Compilers Radu Rugina Lecture 18: Control Flow Graphs 29 Feb 02.
1 Xen and the Art of Binary Modification Lies, Damn Lies, and Page Frame Addresses Greg Cooksey and Nate Rosenblum, March 2007.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.
A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.
Compilers and Security
Memory Management What if pgm mem > main mem ?. Memory Management What if pgm mem > main mem ? Overlays – program controlled.
Run-Time Environments Chapter 7
Names and Attributes Names are a key programming language feature
Compositional Pointer and Escape Analysis for Java Programs
Chien-Chung Shen CIS/UD
A System for Protecting the Integrity of Virtual Function Tables
Methodology of a Compiler that Compresses Code using Echo Instructions
Human Complexity of Software
Software Security Lesson Introduction
Memory Management Overview
Effective and Efficient memory Protection Using Dynamic Tainting
Reverse engineering through full system simulations
Dynamic Memory And Objects
CSE 153 Design of Operating Systems Winter 2019
COMP755 Advanced Operating Systems
Introduction to Computer Systems Engineering
Virtual Memory.
Run-time environments
Presentation transcript:

Runtime Protection via Dataflow Flattening Bertrand Anckaert Ghent University/ Boston Consulting Group The Third International Conference on Emerging Security Information, Systems and Technologies SECURWARE 2009 June 18-23, 2009 – Athens/Glyfada, Greece Mariusz H. Jakubowski Ramarathnam Venkatesan Chit Wei (Nick) Saw Microsoft Research Redmond, WA (USA)

SECURWARE 2009June 18-23, Introduction Software protection –Complicate reverse engineering and tampering. –Enforce execution as intended by developer. –DRM, licensing, anti-malware, OS security, etc. Dataflow analysis –Track flow of data through program. –Locate and tamper “interesting” data. Goals of our work: –Develop methods against malicious dataflow analysis. –Study dataflow flattening as an element of comprehensive protection frameworks.

SECURWARE 2009June 18-23, Overview Introduction Background Dataflow flattening Implementation and experiments Applications Conclusion Protecting data operations

SECURWARE 2009June 18-23, Background Oblivious RAMs [Goldreich and Ostrovsky ’96] –Randomized memory-access patterns –Each fetch/store replaced by many fetch/stores –Cannot infer program operation from memory accesses Control-flow flattening –Program’s CFG converted to flat (two-level) graph –Cannot infer control-flow structure from execution on the flat graph

SECURWARE 2009June 18-23, Overview Introduction Background Dataflow flattening Implementation and experiments Applications Conclusion Protecting data operations

SECURWARE 2009June 18-23, Dataflow Flattening Two main aspects: –Making dataflow graph appear complete –Randomizing memory-access patterns Informally: –“Every variable affects every other variable.” –“Program accesses memory at random.”

SECURWARE 2009June 18-23, Flattening Dataflow Graphs Basic idea: Make dataflow graph appear complete. –Every variable affects all other variables. –Cannot infer useful variable dependencies. Data-centric analog of control-flow flattening AB X Y

SECURWARE 2009June 18-23, Flattening Dataflow Graphs Basic idea: Make dataflow graph appear complete. –Every variable affects all other variables. –Cannot infer useful variable dependencies. Data-centric analog of control-flow flattening AB X Y

Heap Memory Management Unit Program Dataflow Flattening via an MMU

SECURWARE 2009June 18-23, MMU Software-based Memory Management Unit: –Periodic reordering of heap data –Migration of variables from stack to heap –Pointer masking Variable references redirected through MMU

SECURWARE 2009June 18-23, MMU Operation Heap subdivided into encrypted pages (e.g, 4KB). Upon each access of a heap page: –Retrieve n extra pages with probability 1/p. –Randomly shuffle the (expected) 1+n/p pages. –Re-salt and re-encrypt each page.

SECURWARE 2009June 18-23, Security Analysis Security analyzed via practical metrics Confusion factor C as a metric –Define C as the number of possible places for a page in memory. –Let N = total number of memory pages. –Oblivious RAMs: C = N after each memory access. –Our approach: C converges to N as accesses occur.

SECURWARE 2009June 18-23, Practical Issues Most program variables are stack-based. –Solution: Migrate variables from stack to heap. –Explicitly allocate and free heap memory when entering and exiting stack frames. Pointers can reveal access patterns. –Solution: Scramble pointers. –Only MMU knows mapping between addresses and variables.

SECURWARE 2009June 18-23, Overview Introduction Background Dataflow flattening Implementation and experiments Applications Conclusion Protecting data operations

SECURWARE 2009June 18-23, Implementation Tool for transforming C programs –Based on Phoenix compiler infrastructure –Compiler backend plug-in –Instrumentation of Phoenix IR Transformations –Interception and custom implementation of heap operations (malloc, free, etc.) –Conversion of stack variables to heap variables –Pointer scrambling (encryption)

SECURWARE 2009June 18-23, Experimental Results Selected SPEC benchmarks (compression, optimization, QCD, chess, fluid dynamics ) Simple algorithms (pseudorandom-number generation, summing a list of integers) Performance impact (slowdown)

SECURWARE 2009June 18-23, Overview Introduction Background Dataflow flattening Implementation and experiments Applications Conclusion Protecting data operations

SECURWARE 2009June 18-23, Applications Software protection –Anti-malware systems –Licensing, DRM, product activation, etc. –Defenses against information-extraction and side- channel attacks More comprehensive tools –Element of broader protection strategies –Means of realizing “engineering assumptions” needed by some security models

SECURWARE 2009June 18-23, Conclusion Dataflow flattening –Makes dataflow graph appear complete. –Randomizes memory-access patterns. –Complicates inference of algorithms from their data operations. Future directions –Dataflow flattening as part of more comprehensive systems –Security analysis via models and metrics