1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

Slides:



Advertisements
Similar presentations
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Advertisements

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
1 Specifying and Verifying Hardware Support for Copy and Tamper-Resistant Software David Lie, John Mitchell, Chandramohan Thekkath and Mark Horowitz Computer.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Architectural Support for Copy and Tamper- Resistant Software David Lie Computer Systems Laboratory Stanford University.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Implementing an Untrusted Operating System on Trusted Hardware.
Digital Signatures and Hash Functions. Digital Signatures.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Towards Application Security On Untrusted OS
Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and Mark.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
Cryptography, Authentication and Digital Signatures
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Virtual Memory Expanding Memory Multiple Concurrent Processes.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
Multilevel Caches Microprocessors are getting faster and including a small high speed cache on the same chip.
Creating Security using Software and Hardware Bradley Herrup CS297- Security and Programming Languages.
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Architecture Support for Secure Computing Mikel Bezdek Chun Yee Yu CprE 585 Survey Project 12/10/04.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Hardware-rooted Trust for Secure Key Management & Transient Trust
Attacks on Public Key Encryption Algorithms
Memory COMPUTER ARCHITECTURE
CS161 – Design and Architecture of Computer
Chapter 1: Introduction
Hardware Cryptographic Coprocessor
Computer-System Architecture
Module 2: Computer-System Structures
AEGIS: Secure Processor for Certified Execution
Introduction to Symmetric-key and Public-key Cryptography
User-mode Secret Protection (SP) architecture
Translation Buffers (TLB’s)
Outline Using cryptography in networks IPSec SSL and TLS.
Module 2: Computer-System Structures
Translation Buffers (TLB’s)
Lecture 8: Efficient Address Translation
Module 2: Computer-System Structures
Translation Buffers (TLBs)
Module 2: Computer-System Structures
Review What are the advantages/disadvantages of pages versus segments?
Presentation transcript:

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and Mark Horowitz Computer Systems Laboratory Stanford University

2 XOM XOM: eXecute Only Memory Would like to support an environment where programs are protected from copying and tampering Use this to: –Prevent Hackers –Protect Intellectual Property –Combat Software Piracy Software Distributor Customer Program XOM Compartment

3 General Strategy Interfaces are suspect –Disk and memory are considered insecure On chip storage can be trusted How compartments are implemented –Data is always protected by some mechanism –With hardware tags when on chip –With crypto when off chip

4 Crypto Review Asymmetric Ciphers or public-key ciphers (RSA, El Gamal) –Pairs of keys –Public key and is used to encrypt data –Private key and is used to decrypt data –Are much slower than symmetric ciphers Symmetric Ciphers (3DES, Blowfish) –Single key used for encryption and decryption –Pretty fast when implemented in hardware –Advanced Encryption Standard ciphers will be even faster

5 Software Distribution Method DistributorCustomer Customer wishes to purchase software Customer sends public key Encrypted Code Randomly Selected Symmetric Key Program Code Encrypted Code Symmetric key is encrypted with public key Customer receives encrypted code with encrypted key Encrypt Program

6 Loading Secure Code Executable Code Encrypted Symmetric Key Encrypted Code Symmetric Decryption Module Decrypted Symmetric Key (Session Key) Private Key Secure Execution Engine Secure XOM Machine Insecure Main Memory XOM Key Table Asymmetric Decryption Module

7 Managing Data Simple hardware rule: a tag check on every access But the model is too rigid, applications cannot pass out data for other applications to read Have a special compartment with a tag ID of zero called the “null” compartment Special instructions are required to move data to and from null to a program’s private compartment –Allows for communication with principals outside of compartment

8 A Simple XOM Machine

9 Two problems Memory is insecure –All sensitive program data must fit in registers –Too restrictive a programming model Programs can’t read or write data that doesn’t belong to them –But OS needs to do this when performing a context switch Use encryption to solve both problems –This was the same technique used to protect sensitive code

10 Supporting Main Memory store_secure instruction Data To Insecure Main Memory Tag Encrypt Data before storing in memory Currently executing XOM ID Check that the currently executing XOM ID matches the tag XOM Key Table

11 Supporting Main Memory load_secure instruction Data From Insecure Main Memory Tag Currently executing XOM ID Target register tag is set to XOM ID Decrypt Data XOM Key Table

12 Supporting Interrupts save_secure instruction Data To Insecure Main Memory Tag Currently executing XOM ID Look up session key based on Tag Encrypt Data XOM Key Table

13 Supporting Interrupts restore_secure instruction Data From Insecure Main Memory Tag Currently executing XOM ID Decrypt Data XOM Key Table Executing Program indicates which XOM ID to use Target register tag is set to XOM ID

14 Spoofing Attacks Spoofing attack: –Adversary tries to substitute fake ciphertext to alter behavior Tags are able to catch spoofed attacks because tag ID changes Encryption alone is not sufficient for memory Data Adversary swaps data DataFalse Data Encrypt and store to memory Junk Decrypts to Junk but alters program behavior

15 Spoofing Prevention Solution is to add an integrity hash to the encryption –In cryptography terms, this is called a Message Authentication Code (MAC) Data Adversary swaps data False Data Encrypt and store to memory with added hash Hash does not match data so exception is thrown !

16 Splicing Attacks and Replay Attacks Splicing Attacks –Attacker moves valid data from one location to another location –Add position dependent hash: Virtual Address for secure load/stores Register number for secure save/restores Replay Attacks –Attack records and reuses old register and memory values –Add a regenerative key to Key Table that is used for save/restores –Use protected registers to protect memory values

17 Required Hardware Micro-code or Virtual Machine for control

18 Performance Issues Performance hit is going to come from the cryptographic operations –XOM start-up –Instruction load path from memory –Data loads and stores to and from memory –Register saves and restores to and from memory The accesses to memory occur the most often We want to speed up the symmetric and hashing operations, as well as optimize access to memory

19 Additional Hardware Cache decrypted data –Add tags to caches Speed up symmetric operations –Add special symmetric cryptography hardware Speed up hash calculation –Select a fast hash calculation such as 128 bit CRC

20 Caching Values Caching reduces the number of cryptographic operations The size of each message is increased The granularity of ownership is increased –Need to add per word valid bits –Clear all valid bits when tag changes

21 Full XOM Machine

22 Summary Show how to implement compartments with architectural support Trust only the processor and assume memory and OS are insecure Use: –Data tagging on-chip –Crypto off-chip Required hardware is modest –Private Memory and Key –XOM Tags on registers Additional hardware can be added to improve performance –Symmetric hardware –XOM Tags in caches

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.