1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH.

Slides:



Advertisements
Similar presentations
BI Web Intelligence 4.0. Business Challenges Incorrect decisions based on inadequate data Lack of Ad hoc reporting and analysis Delayed decisions.
Advertisements

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
System Simulation Of 1000-cores Heterogeneous SoCs Shivani Raghav Embedded System Laboratory (ESL) Ecole Polytechnique Federale de Lausanne (EPFL)
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Development of a track trigger based on parallel architectures Felice Pantaleo PH-CMG-CO (University of Hamburg) Felice Pantaleo PH-CMG-CO (University.
Architecture Support for Security Peter Chapman Michael Maass.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.
Azad Madni Professor Director, SAE Program Viterbi School of Engineering Platform-based Engineering: Rapid, Risk-mitigated Development.
What Great Research ?s Can RAMP Help Answer? What Are RAMP’s Grand Challenges ?
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.
V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.
6/30/2015HY220: Ιάκωβος Μαυροειδής1 Moore’s Law Gordon Moore (co-founder of Intel) predicted in 1965 that the transistor density of semiconductor chips.
1 July 23, 2002 Strategic Technology Plan Briefing to LOT Committee.
Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.
Research Directions for On-chip Network Microarchitectures Luca Carloni, Steve Keckler, Robert Mullins, Vijay Narayanan, Steve Reinhardt, Michael Taylor.
On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
© 2012 IBM Corporation IBM Israel Software Lab (ILSL( Daniel Yellin, Director March 2013.
1 IS 8950 Managing Network Infrastructure and Operations.
FINANCIAL SERVICES INTEGRATION INDUSTRY SOLUTION.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Jaeki Song ISQS6337 JAVA Lecture 16 Other Issues in Java.
An Answer to the EC Expert Group on CLOUD Computing Keith G Jeffery Scientific Coordinator.
SODA Archiving October 2013
:: ::::: ::::: ::::: ::::: ::::: ::::: ::::: ::::: ::::: ::::: ::::: :: Dennis Hoppe (HLRS) ATOM: A near-real time Monitoring.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
Branch Regulation: Low-Overhead Protection from Code Reuse Attacks.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
07/09/04 Johan Muskens ( TU/e Computer Science, System Architecture and Networking.
An Architecture and Prototype Implementation for TCP/IP Hardware Support Mirko Benz Dresden University of Technology, Germany TERENA 2001.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.
R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ.
Graciela Saunders.  Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy 
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia.
Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.
INTRODUCTION TO SIM.DLL AGENDA SIM.DLL Overview and Features SIM.DLL Requirements Supported Terminals Transaction Flow Benefits.
Computing Systems: Next Call for Proposals Dr. Panagiotis Tsarchopoulos Computing Systems ICT Programme European Commission.
Overview of Network Security. Network Security2 New Challenges 1.Security does not focus on a “product” only; it is a process and focuses on the whole.
© 2009 IBM Corporation IBM Manufacturing Integration Framework Cristina Morariu Brasov, 15 March 2012.
Database Laboratory Regular Seminar TaeHoon Kim Article.
Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,
By SPEC INFOTECH. A programming language reigning the IT industry Marking its presence around the globe Striking Features which make Java supreme: Simplistic.
Connect A 3 Contact persons: Sandro D'Elia Anne-Marie Sassen Horizon 2020: LEIT – ICT WP
Self-Securing Devices: Better Security via Smarter Devices Greg Ganger Director, Parallel Data Lab.
Clouding with Microsoft Azure
Dynamo: A Runtime Codesign Environment
Enabling machine learning in embedded systems
ASSET - Automotive Software cyber SEcuriTy
FPGA: Real needs and limits
How to Mitigate the Consequences What are the Countermeasures?
SCONE: Secure Linux Containers Environments with Intel SGX
Shielding applications from an untrusted cloud with Haven
PLANNING A SECURE BASELINE INSTALLATION
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
IBM Software A financial services company speeds up fraud detection Protecting customers and innovating new product offerings with an IBM business rules.
Presentation transcript:

1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH

Project Details  Start date:  Duration: 36 months  Budget: 3,105,762  Coordinator: FORTH  Academia  FORTH  Vrije Universiteit  Chalmers  TU Braunschweig  Industry  Neurasmus BV  OnApp Limited  IBM Ltd  Elektrobit GMBH 2

Overview  Design, build and demonstrate secure-by-design system architectures that achieve end-to-end security  Analyze and extend each H/W and S/W layer  Technologies developed directly utilizable by applications and services that require end-to-end security 3

Motivation  Systems are as secure as their weakest link  Must think in terms of end-to-end security  Security is typically applied in layers  Tighten up one layer and attackers move to another  Ultimately security mechanisms must be pushed down to the H/W  Immutability; Clean and simple API; Secure foundation; Efficiency  H/W on-chip resources are no longer a problem  Billions of transistors on-chip; Exploit parallelism and H/W  Pushing security to the H/W  Benefit: performance, energy/power-efficiency; Challenge: flexibility  Global adoption of embedded systems  No widely deployed security software 4

Objectives 1. Extend existing H/W and S/W platforms towards developing secure- by-design enabling technologies 2. Leverage H/W technology features present in today’s processors and embedded devices to facilitate S/W-layer security 3. Build methods and tools for providing maximum possible security- by-design guarantees for legacy systems 4. Evaluate acceptance, effectiveness and platform independence of SHARCS technologies and processes 5. Create high impact in the security and trustworthiness of ICT systems 5

SHARCS Framework 6

Hardware Architecture  Instruction Set Randomization  Defense against code injection  Minimal performance/area overhead (~1%)  Additional hardware inside MMU  Control Flow Integrity  Defense against code reuse attacks  Minimal performance/area overhead (~1%)  ISA extension & additional registers/memory  Main memory encryption  Defense against main memory disclosure attacks  Effective even against cold boot attacks  Affordable runtime overhead if customized hardware is deployed 7

Runtime and Software Tools 8  GPU encryption keys protection  Keys are stored in GPU registers/memory  Secure against whole main memory disclosure  Accelerated cryptographic operations  GPU Network Intrusion Detection  Based on signature matching  Computational intensive  High throughput, highly parallel  Inexpensive, commodity, programmable

Applications - Pilots 9  Medical  Automotive  Cloud

Implantable Medical Device (attacks) 10  Operation modification  Data-log manipulation  Data theft

Implantable Medical Device (defenses) 11  Control Flow Integrity  Instruction Set Randomization  Memory Encryption

Automotive Application (attacks)  Data/code modification  Program flow modification  Large-scale exploit  DoS 12

Automotive Application (defenses)  Control Flow Integrity  Instruction Set Randomization  Memory Encryption 13

Cloud Application (attacks)  Unauthorized access  Date modification  Breach or loss of data  … 14

Cloud Application (defenses)  GPU keys protection  GPU NIDS 15

SHARCS Applications 16

More Information  Visit us on the web: sharcs-project.eu  Follow us on  Like us on Facebook: facebook.com/sharcsproject  us at: 17

18 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH

Defense against ROP 19

Defense against JOP 20

Instruction Set Randomization 21

Memory Encryption with software 22

Memory Encryption with hardware 23

Candidate Hardware Extensions  Instruction Set Randomization  Control Flow Integrity  Information Flow Tracking  Secure H/W Memory  Fine-grained Memory Protection  Dynamic Type Safety 24

SHARCS Methodology 25

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.