Secure Execution of Computations in Untrusted Hosts S. H. K. Narayanan 1, M.T. Kandemir 1, R.R. Brooks 2 and I. Kolcu 3 1 Embedded Mobile Computing Center.

Slides:

Advertisements

Similar presentations

A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico.

Advertisements

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler

A Fast Data Protection Technique for Mobile Agents to Avoid Attacks in Malicious Hosts Jesús Arturo Pérez Díaz Darío Álvarez Gutiérrez Department of Informatics.

Operating System Security

Optimizing Compilers for Modern Architectures Allen and Kennedy, Chapter 13 Compiling Array Assignments.

Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern.

Chapter 4 Systems of Linear Equations; Matrices

Chapter 4 Systems of Linear Equations; Matrices

Henry C. H. Chen and Patrick P. C. Lee

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

Sparse Computations: Better, Faster, Cheaper! Padma Raghavan Department of Computer Science and Engineering, The Pennsylvania State University

Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.

II. Linear Block Codes. © Tallal Elshabrawy 2 Last Lecture H Matrix and Calculation of d min Error Detection Capability Error Correction Capability Error.

8.2 Discretionary Access Control Models Weiling Li.

A High Performance Application Representation for Reconfigurable Systems Wenrui GongGang WangRyan Kastner Department of Electrical and Computer Engineering.

ELEC 7250 Term Project Presentation Khushboo Sheth Department of Electrical and Computer Engineering Auburn University, Auburn, AL.

Privacy-Preserving Cross-Domain Network Reachability Quantification

Improving the Efficiency of Memory Partitioning by Address Clustering Alberto MaciiEnrico MaciiMassimo Poncino Proceedings of the Design,Automation and.

On Effective Testing of Health Care Simulation Software Christian Murphy, M.S. Raunak, Andrew King, Sanjian Chen, Christopher Imbriano, Gail Kaiser, Insup.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (

ENGG 1801 Engineering Computing MATLAB Lecture 7: Tutorial Weeks Solution of nonlinear algebraic equations (II)

Data Partitioning for Reconfigurable Architectures with Distributed Block RAM Wenrui Gong Gang Wang Ryan Kastner Department of Electrical and Computer.

Parallelizing Compilers Presented by Yiwei Zhang.

File authentication. Just as people need authentication, so, too, do the files that are so freely distributed through the Internet. The Web works on a.

The Mobile Code Paradigm and Its Security Issues Anthony Chan September 13, 1999.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Concatenation MATLAB lets you construct a new vector by concatenating other vectors: – A = [B C D... X Y Z] where the individual items in the brackets.

MOHAMMAD IMRAN DEPARTMENT OF APPLIED SCIENCES JAHANGIRABAD EDUCATIONAL GROUP OF INSTITUTES.

Encryption Schemes Second Pass Brice Toth 21 November 2001.

1 Chapter 2 Matrices Matrices provide an orderly way of arranging values or functions to enhance the analysis of systems in a systematic manner. Their.

A Cryptography Education Tool Anna Yu Department of Computer Science College of Engineering North Carolina A&T State University June 18, 2009.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Effect of Mutual Coupling on the Performance of Uniformly and Non-

Chapter 3 Linear Programming Methods 高等作業研究高等作業研究 ( 一 ) Chapter 3 Linear Programming Methods (II)

An Effective Dynamic Scheduling Runtime and Tuning System for Heterogeneous Multi and Many-Core Desktop Platforms Authous: Al’ecio P. D. Binotto, Carlos.

Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.

Self-Protecting Mobile Agents Lee Badger Brian Matt Steven Kiernan Funded by both ITS and Active Networks Programs NAI Labs, Network Associates, Inc. 17.

MATLAB for Engineers 4E, by Holly Moore. © 2014 Pearson Education, Inc., Upper Saddle River, NJ. All rights reserved. This material is protected by Copyright.

CMPS 1371 Introduction to Computing for Engineers MATRICES.

Matlab for Engineers Manipulating Matlab Matrices Chapter 4.

MATLAB for Engineers 4E, by Holly Moore. © 2014 Pearson Education, Inc., Upper Saddle River, NJ. All rights reserved. This material is protected by Copyright.

MagicNET: Security System for Protection of Mobile Agents.

Autonomic scheduling of tasks from data parallel patterns to CPU/GPU core mixes Published in: High Performance Computing and Simulation (HPCS), 2013 International.

1 Context-dependent Product Line Practice for Constructing Reliable Embedded Systems Naoyasu UbayashiKyushu University, Japan Shin NakajimaNational Institute.

What does C store? >>A = [1 2 3] >>B = [1 1] >>[C,D]=meshgrid(A,B) c) a) d) b)

Ahmed Osama Research Assistant. Presentation Outline Winc- Nile University- Privacy Preserving Over Network Coding 2  Introduction  Network coding 

Software solutions for challenges in embedded systems Sri Hari Krishna Narayanan, The Pennsylvania State University, USA, Theme While.

Mobile Agent Security Presented By Sayuri Yonekawa October 17, 2000.

Meeting 18 Matrix Operations. Matrix If A is an m x n matrix - that is, a matrix with m rows and n columns – then the scalar entry in the i th row and.

Lecture 20: Choosing the Right Tool for the Job. What is MATLAB? MATLAB is one of a number of commercially available, sophisticated mathematical computation.

Lecture 26: Reusable Methods: Enviable Sloth. Creating Function M-files User defined functions are stored as M- files To use them, they must be in the.

Learning Objectives for Section 4.5 Inverse of a Square Matrix

 2008 Pearson Education, Inc. All rights reserved. 1 Arrays and Vectors.

1 Lecture 3 Post-Graduate Students Advanced Programming (Introduction to MATLAB) Code: ENG 505 Dr. Basheer M. Nasef Computers & Systems Dept.

Secure Data Outsourcing

Finishing up Chapter 5. Will this code enter the if statement? G=[30,55,10] if G

Key Generation Protocol in IBC Author ： Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Matrix Algebra Definitions Operations Matrix algebra is a means of making calculations upon arrays of numbers (or data). Most data sets are matrix-type.

Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 1 Part 3 - Chapter 8 Linear Algebraic Equations and Matrices.

Chapter 15 Running Time Analysis. Topics Orders of Magnitude and Big-Oh Notation Running Time Analysis of Algorithms –Counting Statements –Evaluating.

A rectangular array of numeric or algebraic quantities subject to mathematical operations. The regular formation of elements into columns and rows.

ENGG 1801 Engineering Computing

Learning Objectives for Section 4.5 Inverse of a Square Matrix

Matrix Analysis and Quantum Computing

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.

Trust-based Privacy Preservation for Peer-to-peer Data Sharing

Translation in Homogeneous Coordinates

Presentation transcript:

Secure Execution of Computations in Untrusted Hosts S. H. K. Narayanan 1, M.T. Kandemir 1, R.R. Brooks 2 and I. Kolcu 3 1 Embedded Mobile Computing Center (EMC 2 ) The Pennsylvania State University. 2 Department of Electrical and Computer Engineering, Clemson University. 3 The University of Manchester 11th International Conference on Reliable Software Technologies, Porto, Portugal, June, 2006

2 Outline Mobile Code Security Concerns with Mobile Code Some Related Work High Level Views Mathematical Details Example Experiments

3 What is Mobile Code? Code belonging to a client that is executed on a remote host. Not just relegated to a mobile platform. Applicable where data is not movable but code is.  Due to large volume or concerns for privacy. Mobile code Results Mobile code is being widely used for a variety of applications Server / Remote Host Client

4 Some Security Concerns ! Threat : To the host from malicious code/ malicious client Solution : Run the code in a Sandbox. Client Server / Remote Host Mobile code Results

5 Some Security Concerns ! Threat : To the code/results from intermediate attacks. Solution : Encryption and authentication techniques. Client Server / Remote Host Mobile code Results

6 Some Security Concerns ! Threat : Will the right code be executed at all? Solution : Make the remote host include a proof of correct execution. Client Server / Remote Host Mobile code Results ?

7 Some Security Concerns ! Threat : One server changing the intermediate result generated by another? Solution : Encryption Techniques. Client Server / Remote Host Mobile code Final Results Partial Results

8 Some Security Concerns ! Threat : To the privacy of the code! This is particularly important when the algorithm used is a proprietary one. Solution : Client Server / Remote Host Mobile code Results This paper presents a method to protect the semantics of the mobile code that is to be executed at a remote host. Thus, a client’s intellectual capital is preserved.

9 Some Related Work in Code Privacy Code Obfuscation  Collberg et al. 1997, Hohl 1997, Jansen et al.  Makes the code hard to read Function hiding scheme  Sander and Tschudin  Encrypting transformation applied to the function. Encrypted functions  Loureiro et al.  Host runs code encrypted with error codes  Requires tamper proof hardware support

10 Scalar Codes - High level view Client Server Original Code Transformed Code Data Transformed Results Original Results Results Semantic transformation of the code prevents an untrusted server from gleaning the code’s meaning

11 Transformation – Scalar Codes a := d + e + f ; b := g -2e ; c := 3f + 4d; Obtain Computation matrix, C. Rows correspond to statements Columns correspond to variables By multiplying C and I, the output vector O is obtained. Using a different C means that different code is executed. d e f g Changing the semantics is now just an matrix transformation on C

12 Transformation – Scalar Codes Client uses a transformation matrix T to transform C into C’. C’ is sent to the untrusted server. The server then executes C’ to produce O’ and sends it to the client. Client uses an inverse transformation matrix M to obtain O. O is the same vector that would have been obtained had C been executed locally at the client.

13 Selection of T and M T and M should be the inverse of each other. Dimensionalities  If C is an m * n matrix, then M is m * k and T is k * m.  This means that we can introduce extra statements into C’ that did not exist in C.

14 Array Codes - High level view Input Arrays (I) Client Server O’ Inverse Semantic Transformation (O’= M O’’) Inverse Redirection O O’’ O’’= C’’ I C’ Loop Transformation C’’ Semantic Transformation ( C’’=T C’ ) and Redirection C

15 Transformation –Array Codes Array based codes give more opportunities for transformation  Loop Transformation on the loop bounds Does not change the semantics, simply the order in which the elements are accessed. C  C’

16 Transformation –Array Codes  Semantic Transformation on the body Does not change the loop bounds Client uses a transformation vector T to transform C’ into C’’. AjAj BkBk + DiDi = BkBk AjAj - DiDi =

17 Transformation –Array Codes  Redirection Data transformation that changes the locations to which the assignments are performed. The references in Array D, Li+o, are transformed using a data transformation {S,s} ==== +-+- ==== +-+- Array DArray A Array B Array ZArray A Array B The untrusted server now executes a code that is semantically different, accesses data in a different pattern and whose stores take place to different locations.

18 Transformation –Array Codes The untrusted server executes O’’ = C’’ * I. Client uses the inverse semantic transformation matrix M to transform O’’ into O’. Inverse redirection using an inverse data transformation, {Y,y}, is then performed.

19 Multiple Hosts- High level view O1’O1’ O2’O2’ Op’Op’ O1’O1’ O2’O2’ Op’Op’ C C1C1 CpCp C2C2 Code Partitioning O1O1 O2O2 O3O3 Data Merging C1’C1’ Cp’Cp’ C2’C2’ Cp’Cp’ C2’C2’ C1’C1’ IpIp I2I2 I1I1

20 Example – Scalar Code (1/4) Snippet of code from Mediabench benchmark. How would the code run locally on the client? dx0 = x0 – x1 – x12 dy0 = y0 – y1 – y12 dx1 = x12 – x2 + x3 dy1 = y12 – y2 – y3 Code Computation Matrix Input Vector Computed Output Vector

21 Example – Scalar Code (2/4) Calculating C’ using the transformation matrix T. Transformation matrixComputation matrix Computation matrix of the code sent to the untrusted server

22 Example – Scalar Code (3/4) C’ is run on the untrusted host to obtain the output vector O’ and returned to the client. The client calculates the inverse transformation matrix.

23 Example – Scalar Code (4/4) The client applies the inverse transformation matrix to obtain the same results that would have been obtained had the code been run locally

24 Experiments Experiments were conducted to analyze the performance overhead involved. Benchmarks  C++ programs between 1,072 and 3,582 lines TRACK_SEL 2.0 SMART_PLANNER CLUSTER Setup  The default program was transferred from one workstation to another, executed and the results sent back and the time for the entire process was measured.  Similarly for the transformed program the total time was measured but the measured time included the time taken for transformation.

25 Experiments The overhead is the ratio: BenchmarkOverhead TRACK_SEL % SMART_PLANNER3.88% CLUSTER3.93%

26 Conclusions This paper presents a method to protect certain classes of mobile applications from untrusted hosts. Reverse engineering is prevented through transformation of the source code. Measured performance overhead due to loop restructuring and data transformation were low.

Thank you! This work is supported in part by NSF Career Award # and by a grant from the GSRC. Embedded and Mobile Computing Center: My webpage :