Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.

Slides:



Advertisements
Similar presentations
Performance Evaluation of Cache Replacement Policies for the SPEC CPU2000 Benchmark Suite Hussein Al-Zoubi.
Advertisements

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
UPC Microarchitectural Techniques to Exploit Repetitive Computations and Values Carlos Molina Clemente LECTURA DE TESIS, (Barcelona,14 de Diciembre de.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.
Operating Systems Lecture Notes Memory Management Matthew Dailey Some material © Silberschatz, Galvin, and Gagne, 2002.
Virtual Memory Chapter 18 S. Dandamudi To be used with S. Dandamudi, “Fundamentals of Computer Organization and Design,” Springer,  S. Dandamudi.
1 S. Tallam, R. Gupta, and X. Zhang PACT 2005 Extended Whole Program Paths Sriraman Tallam Rajiv Gupta Xiangyu Zhang University of Arizona.
Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
CS 333 Introduction to Operating Systems Class 12 - Virtual Memory (2) Jonathan Walpole Computer Science Portland State University.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Using DISE to Protect Return Addresses from Attack Marc L. Corliss, E Christopher Lewis, Amir Roth University of Pennsylvania.
1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.
Catching Accurate Profiles in Hardware Satish Narayanasamy, Timothy Sherwood, Suleyman Sair, Brad Calder, George Varghese Presented by Jelena Trajkovic.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Department of Electrical and Computer Engineering Kekai Hu, Harikrishnan Chandrikakutty, Deepak Unnikrishnan, Tilman Wolf, and Russell Tessier Department.
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Computer Architecture and Operating Systems CS 3230: Operating System Section Lecture OS-7 Memory Management (1) Department of Computer Science and Software.
Chapter 8 Memory Management Dr. Yingwu Zhu. Outline Background Basic Concepts Memory Allocation.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
Operating system Security By Murtaza K. Madraswala.
R Enabling Trusted Software Integrity Darko Kirovski Microsoft Research Milenko Drinić Miodrag Potkonjak Computer Science Department University of California,
2015/10/22\course\cpeg323-08F\Final-Review F.ppt1 Midterm Review Introduction to Computer Systems Engineering (CPEG 323)
Kyushu University Koji Inoue ICECS'061 Supporting A Dynamic Program Signature: An Intrusion Detection Framework for Microprocessors Koji Inoue Department.
ACMSE’04, ALDepartment of Electrical and Computer Engineering - UAH Execution Characteristics of SPEC CPU2000 Benchmarks: Intel C++ vs. Microsoft VC++
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Memory: Relocation.
Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:
From lecture slides for Computer Organization and Architecture: Designing for Performance, Eighth Edition, Prentice Hall, 2010 CS 211: Computer Architecture.
Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto Virtual Memory Hardware.
Introduction: Memory Management 2 Ideally programmers want memory that is large fast non volatile Memory hierarchy small amount of fast, expensive memory.
Virtual Memory.  Next in memory hierarchy  Motivations:  to remove programming burdens of a small, limited amount of main memory  to allow efficient.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Harnessing the Cloud for Securely Outsourcing Large- Scale Systems of Linear Equations.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.
Chapter 11 System Performance Enhancement. Basic Operation of a Computer l Program is loaded into memory l Instruction is fetched from memory l Operands.
Re-configurable Bus Encoding Scheme for Reducing Power Consumption of the Cross Coupling Capacitance for Deep Sub-micron Instructions Bus Siu-Kei Wong.
CS203 – Advanced Computer Architecture Virtual Memory.
1 Contents Memory types & memory hierarchy Virtual memory (VM) Page replacement algorithms in case of VM.
1 University of Maryland Using Information About Cache Evictions to Measure the Interactions of Application Data Structures Bryan R. Buck Jeffrey K. Hollingsworth.
Introduction to Performance Tuning Chia-heng Tu PAS Lab Summer Workshop 2009 June 30,
Block Cache for Embedded Systems Dominic Hillenbrand and Jörg Henkel Chair for Embedded Systems CES University of Karlsruhe Karlsruhe, Germany.
A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.
Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.
Translation Lookaside Buffer
SLC/VER1.0/OS CONCEPTS/OCT'99
ECE232: Hardware Organization and Design
Memory COMPUTER ARCHITECTURE
Selective Code Compression Scheme for Embedded System
Hardware Support for Embedded Operating System Security
Microarchitectural for monitoring application specific instructions
Austin Rogers§, Milena Milenković‡, Aleksandar Milenković
Chapter 8: Main Memory.
Continuous, Low Overhead, Run-Time Validation of Program Executions
Another Performance Evaluation of Memory Hierarchy in Embedded Systems
Translation Lookaside Buffer
Austin Rogers§, Milena Milenković‡, Aleksandar Milenković
Virtual Memory Overcoming main memory size limitation
Contents Memory types & memory hierarchy Virtual memory (VM)
rePLay: A Hardware Framework for Dynamic Optimization
Introduction to Computer Systems Engineering
Presentation transcript:

Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic

Outline Introduction Related Work Trusted Instruction Execution Framework The Framework Potential Conclusion

Introduction Most of today’s computers connected to Internet, Even more in the future, including embedded devices One of the major security problems: the execution of the unauthorized code A lot of applications may be vulnerable Attack examples: –buffer overflow (heap, stack) –format string attack –…

Introduction Stack-smashing

Introduction One solution: allow only execution of trusted instructions Trusted instructions – with a valid signature Previous research: limited number of instruction streams (dynamic basic blocks) Use basic block signatures: run-time verification of the last basic block in an instruction stream Signatures calculated during trusted installation

Related Work Two categories: –Static source code analysis –Dynamic detection/prevention Static code analysis: false alarms Dynamic –Secure Program Execution Framework (SPEF) –Tag “spurious” data –Monitoring program “behavior” (system calls, performance monitoring registers) –Split stack for data/addresses, or secure stack –Compilers, compiler and library patches

Related Work Most related – SPEF: a given program binary has numerous representations with the same functionality During installation, each instruction block is transformed; verified in the run-time –compute transformation-invariant hash of the instruction block –encrypt the hash value with the secret key –use encrypted value to select a transformation (e.g., a particular instruction order in case of instruction scheduling) 7.5%-17.1% increased execution time, Mediabench Also related: tamper-proof techniques, but different granularity

Trusted Instruction Execution Requirements: –prevent the execution of unauthorized code –the security features should not significantly increase the program execution time This project: proposes a framework that satisfies requirements

Trusted Instruction Execution Atomic code unit protected by its signature: a basic block Verify all basic blocks? It is enough to verify the signature of the last basic block (LBB) in the instruction stream, when LBB generated a cache miss Signatures on hard disk: encrypted

Architecture for Trusted Computing BBST L1I L1D MMU Datapath FPUs IF Control BBST_M Code Heap Stack BBST – Basic Block Signature Table BBST_M – Basic Block Signature Table (Memory) BBSVU – Basic Block Signature Verification Unit BBSVU

Signature Generation MISR (Multiple input signature register) Linear feedback coefficients – based on the processor secret key

Phases of the Security Mechanism Compilation and program installation –Signature table (BBST_M) is generated, encrypted and appended to the program binary Program loading in the memory –BBST_M is decrypted, loaded in the memory Program execution –Signature of each last basic block with cache miss is verified –If no match, generate trap to OS – kill process

Program Execution

The Framework Potential 32-bit MISR I-cache: 4 ways, 128 sets, 64B line BBST: 4 ways, 4B line, 128/256 sets LRU replacement Traces of SPEC CPU2000 benchmarks for Alpha architecture –F2B, M2B segments –10 integer (CINT), 11 floating-point benchmarks (CFP)

The Framework Potential

Also measured; –the number of instruction cache misses –the number of BBST accesses The number of BBST misses – very small Trusted instruction overhead will not significantly hurt performance

Conclusion Proposed a framework for trusted instruction execution, evaluated potential Promises to be faster than SPEF, with additional hardware resources and BBST appended to program binary Future work: –asses different BBST organizations –preload BBST? –simulate execution time –evaluate an alternative implementation: signature embedded in the code

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.