Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:

Slides:

Advertisements

Similar presentations

Architectural Support for Software-Based Protection Mihai Budiu Úlfar Erlingsson Martín Abadi ASID Workshop, Oct 21, 2006 Silicon Valley.

Advertisements

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

Anshul Kumar, CSE IITD CSL718 : VLIW - Software Driven ILP Hardware Support for Exposing ILP at Compile Time 3rd Apr, 2006.

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Computer Organization and Architecture

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.

Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.

Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.

1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Enhancing Embedded Processors with Specific Instruction Set Extensions for Network Applications A. Chormoviti, N. Vassiliadis, G. Theodoridis, S. Nikolaidis.

MemTracker Efficient and Programmable Support for Memory Access Monitoring and Debugging Guru Venkataramani, Brandyn Roemer, Yan Solihin, Milos Prvulovic.

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.

Digital signature using MD5 algorithm Hardware Acceleration

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Address Space Layout Permutation

Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

IVEC: Off-Chip Memory Integrity Protection for Both Security and Reliability Ruirui Huang, G. Edward Suh Cornell University.

Speculative Software Management of Datapath-width for Energy Optimization G. Pokam, O. Rochecouste, A. Seznec, and F. Bodin IRISA, Campus de Beaulieu

Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaoton Zhuang, Tao Zhang, Hsien-Hsin S. Lee, Santosh Pande HIDE: An Infrastructure.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 10 “Buffer Overflow”.

1 Fast and Efficient Partial Code Reordering Xianglong Huang (UT Austin, Adverplex) Stephen M. Blackburn (Intel) David Grove (IBM) Kathryn McKinley (UT.

Kyushu University Koji Inoue ICECS'061 Supporting A Dynamic Program Signature: An Intrusion Detection Framework for Microprocessors Koji Inoue Department.

MICHALIS POLYCHRONAKIS(COLUMBIA UNIVERSITY,USA), KOSTAS G. ANAGNOSTAKIS(NIOMETRICS, SINGAPORE), EVANGELOS P. MARKATOS(FORTH-ICS, GREECE) ACSAC,2010 Comprehensive.

Chapter 16 Micro-programmed Control

University of Maryland Dynamic Floating-Point Error Detection Mike Lam, Jeff Hollingsworth and Pete Stewart.

Relyzer: Exploiting Application-level Fault Equivalence to Analyze Application Resiliency to Transient Faults Siva Hari 1, Sarita Adve 1, Helia Naeimi.

An Architecture and Prototype Implementation for TCP/IP Hardware Support Mirko Benz Dresden University of Technology, Germany TERENA 2001.

CSCI Rational Purify 1 Rational Purify Overview Michel Izygon - Jim Helm.

Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.

Next Generation ISA Itanium / IA-64. Operating Environments IA-32 Protected Mode/Real Mode/Virtual Mode - if supported by the OS IA-64 Instruction Set.

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

LECTURE 10 Pipelining: Advanced ILP. EXCEPTIONS An exception, or interrupt, is an event other than regular transfers of control (branches, jumps, calls,

Evaluating the Fault Tolerance Capabilities of Embedded Systems via BDM M. Rebaudengo, M. Sonza Reorda Politecnico di Torino Dipartimento di Automatica.

CDA-5155 Computer Architecture Principles Fall 2000 Multiprocessor Architectures.

VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.

GangES: Gang Error Simulation for Hardware Resiliency Evaluation Siva Hari 1, Radha Venkatagiri 2, Sarita Adve 2, Helia Naeimi 3 1 NVIDIA Research, 2 University.

A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.

Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.

Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.

Basic Concepts Microinstructions The control unit seems a reasonably simple device. Nevertheless, to implement a control unit as an interconnection of.

Dynamic and On-Line Design Space Exploration for Reconfigurable Architecture Fakhreddine Ghaffari, Michael Auguin, Mohamed Abid Nice Sophia Antipolis University.

Shellcode COSC 480 Presentation Alison Buben.

Micro-programmed Control

Pinpointing Vulnerabilities

ASAP The 28th Annual IEEE International Conference on Application-specific Systems, Architectures and Processors July 10th-12th 2017, Seattle, WA,

nZDC: A compiler technique for near-Zero silent Data Corruption

Hardware Support for Embedded Operating System Security

Microarchitectural for monitoring application specific instructions

Improving Program Efficiency by Packing Instructions Into Registers

Pipelining: Advanced ILP

Continuous, Low Overhead, Run-Time Validation of Program Executions

Mengjia Yan† , Jiho Choi† , Dimitrios Skarlatos,

Computer Evolution and Performance

Hardware Assisted Fault Tolerance Using Reconfigurable Logic

Co-designed Virtual Machines for Reliable Computer Systems

Fault Tolerant Systems in a Space Environment

Presentation transcript:

Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by: Arjun Prakash

Outline What is Code Injection Attack? Related Work Motivation IMPRES Architecture – An overview Software Instrumentation Code Injection Attack Detection Check-summing at Runtime Contribution and Limitations Code Integrity Violation Model Encryption Hardware Design Flow Evaluation Summary

Format String Vulnerabilities Stack Based Buffer Overflows Heap Based Buffer Overflows Attacks violating software integrity (dynamically changing instructions with the intention of gaining access to a program). Insertion of harmful instructions into the program stream. Dangling Pointer References Code Injection Attacks 47% of vulnerabilities reported from were code injection

Examples for Code Injection Attack (1) Return Address Overwriting

Heap Based Buffer Overflow Examples for Code Injection Attack (2)

Related Work Existing work on Code Injection detection can be categorized into: Software based Static Technique Detect Vulnerability at compile time (automated static code analysis) Dynamic Technique Methods to prove program behaves as expected at runtime Software constructs to prove program behavior Hardware based (Usually attack specific) Use of additional co-processor Addition co-processor & hardware tables Embedded Micro Monitoring - MicroInstruction routines to perform in-line security monitoring (only partial support)

Motivation Software Approach Huge Code-size Overhead High Performance Penalty Check-summing is susceptible to code injection attacks Solutions to Code Injection Attacks Hardware Approach –High Area Impact –Interfacing Problem –Memory/table limitations –Scalability Problems IMPRES is a novel Hardware/Software technique at the granularity if microinstructions to reduce overheads considerably

Software Instrumentation Compile Assemble & Link Application Source Code Code Injection Detection IMPRES HARDWARE Secure IMPRES Architecture: An Overview Instrumented Binary Loading

Software Instrumentation A special instruction ( chk ), with the checksum is inserted at the beginning of each logical basic block

Chk e-checksum Inst1 Inst2 Inst3 Inst4 Inst5 CFI Check-summing at Runtime e-checksum e-checksum’ Chksum 1 Encrypt = √ Chksum Chksum Chksum Chksum Chksum BB + A Typical Basic Block Incremental checksum recalculation:- Does not accumulate workload to particular points in the program flow Encryption (a time consuming task) is used only when it is required. Decreases overhead!

Code Injection Attack Detection  Static time Check-summing  Load time encryption using hardware secret key  Runtime encrypted check-summing and comparison  fBB flag : Set only when Check Instructions at the beginning of BBs and micro instruction embedded into the machine instructions server as interface between H/w and S/w

A code injection detector which require only a rudimentary software analysis Instruction memory transient fault detector (Single Event Upset in the instruction memory are fully detected with small latency) Encrypted Basic Block Check-summing for code integrity violation detection × Will only detect code injection attacks and will NOT detect any other security threats Contributions & Limitations

Code Integrity Violation Model

Code Integrity Violation Model (2)  The model in the previous slide covers all the possible cases  All the combinations other than those presented in the previous slide are duplicates/subsets  Some duplicates are depicted below (D1 ε T01, D2 ε T09 and D3 ε T14)

Integrity Violation Detection Type Original Changed Error Signal T01 chk checksum SIGCKSM T02 chk CFI SIGCKSM T03 chk nonBI SIGCKSM T04 chk undefined SIGSYSM T05 CFI another CFI SIGCKSM T06 CFI chk SIGNCFI T07 CFI nonBI SIGNCFI T08 CFI undefined SIGSYSM T09 nonBI SIGCKSM T10 nonBI chk SIGNCFI T11 nonBI CFI SIGCKSM T12 nonBI undefined SIGSYSM T13 chk & nonBIs any insts. SIG(CKSM/NCFI) T14 whole BB any insts. SIG(CKSM/NCFI)

Encryption Hardware The encryption is performed in parallel to the pipeline. A single encryption takes 18 clock cycles with a clock period 20x smaller than that of the processor.

Design Flow (a) Software Instrumentation (b) IMPRES Hardware Model

Evaluation SIGCHSM - Encrypted Checksum mismatch SIGNCFI - No Control Flow Instruction SIGSYSM- System Error

Performance Overhead Average performance overhead is Blowfish benchmark performs better… Why?

Hardware and Memory Overheads Clock Period (ns) Area (gates) Leakage Power (10 -6 watt) Ordinary H/W IMPRES H/W Overhead (%)0.06%0.91%1.05%

Fault Injection Analysis

Error Detection Latency Type Activated At Detected At   (/bbsize) T011 bbsize bbsize-11 T T T T05 bbsize 01 T06 bbsize 01 T07 bbsize bbsize+111 T08 bbsize 01 T09 bbsize/2 bbsize bbsize/2 bbsize-2 T10 bbsize/2 0 bbsize-2 T11 bbsize/2 0 bbsize-2 T12 bbsize/2 0 bbsize-2 Average Error Detection Latency =

Summary and Conclusions  Code Injection Attacks are still Real  IMPRES provides a low cost rudimentary solution to code injection attacks  IMPRES’s overheads and detection latency are minimum

THANK YOU!