Architecture Support for Security Peter Chapman Michael Maass.

Slides:

Advertisements

Similar presentations

A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.

Advertisements

Overcoming an UNTRUSTED COMPUTING BASE: Detecting and Removing Malicious Hardware Automatically Matthew Hicks Murph Finnicum Samuel T. King University.

1 Pipelining Part 2 CS Data Hazards Data hazards occur when the pipeline changes the order of read/write accesses to operands that differs from.

Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science.

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Software Certification and Attestation Rajat Moona Director General, C-DAC.

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

Security in Software Engineering PRESENTED BY ROHIT MUKHERJEE AND RAMAKRISHNA VEERAVALLI.

Online Performance Auditing Using Hot Optimizations Without Getting Burned Jeremy Lau (UCSD, IBM) Matthew Arnold (IBM) Michael Hind (IBM) Brad Calder (UCSD)

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CIS700: Hardware Support for Security Professor Milo Martin

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Software Process and Product Metrics

Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.

Computer System Lifecycle Chapter 1. Introduction Computer System users, administrators, and designers are all interested in performance evaluation. Whether.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.

15-740/ Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Security and Penetration Testing

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

Branch Regulation: Low-Overhead Protection from Code Reuse Attacks.

Jan. 29, 2002Grand Challenges in Simulation Issues in Enhancing Model Reuse C. Michael Overstreet Richard E. Nance Osman Balci.

Software Assurance Session 13 INFM 603. Bugs, process, assurance Software assurance: quality assurance for software Particularly assurance of security.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.

Highly Scalable Distributed Dataflow Analysis Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan Chelsea LeBlancTodd.

A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.

A Systematic Survey of Self-Protecting Software Systems

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Chapter 10 XML and Web Services. Topics Why a standards-compliant XML parser Why a standard (off the shelf) XML parser Validation. External references.

Proprietary vs. Free/Open Source Software

M IST : An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis Colin D. Walter formerly: (Manchester, UK)

Raccoon: Closing Digital Side- Channels through Obfuscated Execution Author: Ashay Rane, Calvin Lin, Mohit Tiwari Presenter: Rongdong Chai.

Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.

M IST : An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis Colin D. Walter (Manchester, UK)

Sampling Dynamic Dataflow Analyses Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan University of British Columbia.

Computer Security By Duncan Hall.

Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.

Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.

Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.

1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH.

VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.

Software Security Q: What does it mean to say that a program is secure? A: There is a sufficient amount of trust that the program maintains _____________,

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

Secure Programming Dr. X

CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.

Secure Programming Dr. X

Protecting Memory What is there to protect in memory?

New Cache Designs for Thwarting Cache-based Side Channel Attacks

Outline What does the OS protect? Authentication for operating systems

Outline Introduction Characteristics of intrusion detection systems

Secure Software Development: Theory and Practice

Introduction to Networking

Outline What does the OS protect? Authentication for operating systems

AEGIS: Secure Processor for Certified Execution

Software Security Lesson Introduction

Outline Using cryptography in networks IPSec SSL and TLS.

Shielding applications from an untrusted cloud with Haven

Meltdown & Spectre Attacks

Presentation transcript:

Architecture Support for Security Peter Chapman Michael Maass

Overview ● The Pervasiveness of Computing Vulnerabilities ● Hardware vs. Software Mitigations ● Hardware Challenges ● Examples: – Timing Side Channels – Code Re-use Attacks

Overview ● The Pervasiveness of Computing Vulnerabilities ● Hardware vs. Software Mitigations ● Hardware Challenges ● Examples: – Timing Side Channels – Code Re-use Attacks Ask Questions!

The Pervasiveness of Computing Vulnerabilities ● Computing stacks are vulnerable at all layers ● Software vulnerabilities are introduced at all phases: – Design/implementation vulnerabilities ● We'd like to catch vulnerabilities early, but we don't always succeed – Makes the problem much harder and more expensive

The Pervasiveness of Computing Vulnerabilities Hardware is vulnerable for the same reasons as software – Hardware is harder to fix because you can't usually just patch it – Sometimes the vulnerability is due to physical properties that are difficult to predict or model

The Pervasiveness of Computing Vulnerabilities Hardware is vulnerable for the same reasons as software – Hardware is harder to fix because you can't usually just patch it – Sometimes the vulnerability is due to physical properties that are difficult to predict or model

The Pervasiveness of Computing Vulnerabilities

Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically Is the server with the HDL secure?

Hardware vs. Software Mitigations Software is easier to deploy, but: – Some vulnerabilities can't easily be fixed in software due to performance issues or a lack of context – Sometimes it's too expensive to fix in software because a general solution doesn't exist ● Every system needs a custom solution – Sometimes the solution works against the hardware ● Tracking taint in at runtime consumes resources (e.g., cache, registers, etc.)

Hardware Challenges ● Needs very low overhead in terms of performance and space ● Needs to be simple enough to reason about correctness while still fixing the problem ● Needs a very good reason to do it ● If software support is necessary, adoption becomes more expensive ● Backwards compatibility is harder ● Must avoid political landmines that harm adoption – TPM cooped by DRM

Timing Side Channels ● Computations take varying lengths of time based on the input and use different resources – This information leaks ● Timing information can be correlated to statistically determine private information such as key presses, cryptographic keys, visited web sites, etc.

Timing Side Channels ● We can deny access to timing information, thus plugging the leak, but: – Some applications depend on accurate timing information (e.g., games, multimedia, etc.) – Denying access still requires potentially significant hardware/software changes ● Bleach the timing data so that it's still monotonic, but no longer allows for correlation

Code Reuse Attacks Code injection attacks are typically mitigated by preventing existing code from being changed or by preventing data from being executed as code Attackers now make clever use of existing code

Code Reuse Attacks In hardware: – Prevent jumps outside of the current function unless it's to the start of a new function – Prevent calls to anything but the start of functions – Prevent return values from being changed Need: – Hardware in the pipeline to perform checks on redirections – Software support is needed to securely mark the start of functions – A secure stack is required to prevent return values from being changed

References ● M. Kayaalp, M. Ozsoy, N. Abu-Ghazaleh, and D. Ponomarev, “Branch regulation: low- overhead protection from code reuse attacks,” in Proceedings of the 39th International Symposium on Computer Architecture, Piscataway, NJ, USA, 2012, pp. 94–105. ● J. Valamehr, M. Chase, S. Kamara, A. Putnam, D. Shumow, V. Vaikuntanathan, and T. Sherwood, “Inspection resistant memory: architectural support for security from physical examination,” SIGARCH Comput. Archit. News, vol. 40, no. 3, pp. 130–141, Jun ● J. Demme, R. Martin, A. Waksman, and S. Sethumadhavan, “Side-channel vulnerability factor: a metric for measuring information leakage,” SIGARCH Comput. Archit. News, vol. 40, no. 3, pp. 106–117, Jun ● R. Martin, J. Demme, and S. Sethumadhavan, “TimeWarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks,” SIGARCH Comput. Archit. News, vol. 40, no. 3, pp. 118–129, Jun ● S. Jana and V. Shmatikov, “Memento: Learning Secrets from Process Footprints,” in Security and Privacy (SP), 2012 IEEE Symposium on, 2012, pp. 143 –157.