Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.

Published byChristina Lambert Modified over 8 years ago

Similar presentations

Presentation on theme: "A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical."— Presentation transcript:

1 A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical and Computer Engineering Dept. The University of Alabama in Huntsville {milenkm|milenka|jovanov}@ece.uah.edu

2 Outline Introduction Related Work Trusted Instruction Execution Framework The Framework Potential Conclusion

3 Introduction Most of today’s computers connected to Internet  security is a critical issue Even more so in the future One of the major security problems: the execution of the unauthorized code A lot of applications may be vulnerable Attack examples: –buffer overflow (heap, stack) –format string attack

4 Introduction We propose a processor architecture that –will allow execution of the trusted instructions only –will not significantly increase the program execution time

5 Related Work Two categories: –Static source code analysis –Dynamic detection/prevention Static code analysis: false alarms Dynamic –Monitoring program behavior (system calls, performance monitoring registers) –Compilers, safe language dialects –Secure Program Execution Framework (SPEF) –Tag data from “spurious” channels –Split stack for data/addresses, or secure stack

6 Trusted Instruction Execution Atomic code unit protected by its signature: a basic block Verify all basic blocks? Cache memory is safe: verify the signature of basic blocks that generated a cache miss Text memory write protected: check only last basic block in a stream

7 Architecture For Trusted Computing BBST L1I L1D MMU Datapath FPUs IF Control BBST_M Code Heap Stack BBST – Basic Block Signature Table BBST_M – Basic Block Signature Table (Memory) BBSVU – Basic Block Signature Verification Unit BBSVU

8 Phases of the Security Mechanism Compilation –Compiler generates a list of basic blocks Secure program installation –Signature table (BBST_M) is generated, encrypted and appended to the program binary Program loading in the memory –BBST_M is decrypted, loaded in the memory Program execution –Signature of each last basic block in a stream that generated a cache miss is verified –If no match, a trap to OS – kill process & audit

9 Signature generation MISR (Multiple input signature register) Linear feedback coefficients – based on the processor secret key

10 Program Execution

11 The Framework Potential 32-bit MISR I-cache: 4 ways, 128 sets, 64B line BBST: 4 ways, 4B line, 128/256 sets LRU replacement Traces of SPEC CPU2000 benchmarks for Alpha architecture –F2B, M2B segments Measure: BBST misses per 1 M instructions

12 The Framework Potential

13

14 Conclusion Proposed a framework for trusted instruction execution, evaluated potential Promises to be faster than SPEF, with additional hardware resources and BBST appended to program binary Future work: –different BBST organizations and sizes –detailed performance evaluation –an alternative implementation: signature embedded in the code

Download ppt "A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical."

Similar presentations

SE-292: High Performance Computing

SE-292: High Performance Computing
Performance Evaluation of Cache Replacement Policies for the SPEC CPU2000 Benchmark Suite Hussein Al-Zoubi.

Performance Evaluation of Cache Replacement Policies for the SPEC CPU2000 Benchmark Suite Hussein Al-Zoubi.
Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
UPC Microarchitectural Techniques to Exploit Repetitive Computations and Values Carlos Molina Clemente LECTURA DE TESIS, (Barcelona,14 de Diciembre de.

UPC Microarchitectural Techniques to Exploit Repetitive Computations and Values Carlos Molina Clemente LECTURA DE TESIS, (Barcelona,14 de Diciembre de.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
4/14/2017 Discussed Earlier segmentation - the process address space is divided into logical pieces called segments. The following are the example of types.

4/14/2017 Discussed Earlier segmentation - the process address space is divided into logical pieces called segments. The following are the example of types.
1 S. Tallam, R. Gupta, and X. Zhang PACT 2005 Extended Whole Program Paths Sriraman Tallam Rajiv Gupta Xiangyu Zhang University of Arizona.

1 S. Tallam, R. Gupta, and X. Zhang PACT 2005 Extended Whole Program Paths Sriraman Tallam Rajiv Gupta Xiangyu Zhang University of Arizona.
Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.

Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Figure 2.8 Compiler phases. 2.8.1 Compiling. Figure 2.9 Object module. 2.8.2 Linking.

Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.
Using DISE to Protect Return Addresses from Attack Marc L. Corliss, E Christopher Lewis, Amir Roth University of Pennsylvania.

Using DISE to Protect Return Addresses from Attack Marc L. Corliss, E Christopher Lewis, Amir Roth University of Pennsylvania.
1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.

1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.
outline Purpose Design Implementation Market Conclusion presentation Outline.

outline Purpose Design Implementation Market Conclusion presentation Outline.
Lecture 9: SHELL PROGRAMMING (continued) Creating shell scripts!

Lecture 9: SHELL PROGRAMMING (continued) Creating shell scripts!
Catching Accurate Profiles in Hardware Satish Narayanasamy, Timothy Sherwood, Suleyman Sair, Brad Calder, George Varghese Presented by Jelena Trajkovic.

Catching Accurate Profiles in Hardware Satish Narayanasamy, Timothy Sherwood, Suleyman Sair, Brad Calder, George Varghese Presented by Jelena Trajkovic.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Similar presentations

Ads by Google