Presentation is loading. Please wait.

Presentation is loading. Please wait.

Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.

Published byDonna Garrett Modified over 8 years ago

Similar presentations

Presentation on theme: "Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology."— Presentation transcript:

1 Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology

2 2 Introduction Released software contains many vulnerabilities Various types of attacks – stack/heap buffer overflow, format string vuln. Solution: Intrusion Detection Systems (IDS) – Network vs. Host Based – Signature vs. Anomaly Detection “Strange” control flow paths taken

3 3 Motivation Memory tampering is the starting point of attacks Many attacks don’t modify control flow Propose: IDS scheme with compiler & micro-architecture support that detects memory tampering

4 4 Basic Idea Compiler – Identify regions that critical object are R_Only / WR – Keep state for every crucial object – Change state before & after every store instruction Hardware – On every store check the state of the object written

5 5 Baseline Scheme Compiler – Identify regions that critical object are R_Only / WR – Keep state for every crucial object – Change state before & after every store instruction add special instructions Hardware – On every store check the state of the object written

6 6 Examples

7 7 Baseline Scheme Pros – Some store instruction has to initiate memory corruption  Coverage 100% Cons – Extremely large overhead – Too many new instructions added Solution: Compiler Optimizations

8 8 Compiler Framework Overview

9 9 Static Analysis to find as many target addresses as possible

10 10 Compiler Framework Overview Identify all the store instructions

11 11 Compiler Framework Overview Write Range: The shortest distance between two store operations on the same object Baseline Case: two state transitions within a write range Used for later optimization phases

12 12 Compiler Framework Overview Define Hot / Cold blocks Move Protection Operations to Cold Blocks Tradeoff between performance and security

13 13 Compiler Framework Overview Protecting every single object becomes not feasible Cost/Benefit analysis to select protection points Analysis unit = write range Protect a write range if WR.benefit/WR.cost is low

14 14 Compiler Framework Overview Clustering of protection operations Re-arrange layout of objects in memory Decrease number of instructions executed

15 15 Compiler Framework Overview Profile-driven analysis to identify the possible target addresses Observation: limited number of addresses accessed by a pointer dereference Keep these addresses into a table Don’t check if an address is not present ( - )

16 16 Compiler Framework Overview Need to define what action to take on every given time Maintain a hash table with all the actions to be taken. Access the table by PC address The table must be filled on run time ( -- ) Need to worry about the security of the table ( --- )

17 17 Architectural Support

18 18 Experimental Results - Real attacks and injected bugs tested

19 19 Experimental Results

20 20 Experimental Results

21 21 Conclusion IDS system to identify memory tampering Few of architectural support + Compiler Optimizations Baseline System  100% coverage but 50% overhead Final system  14% overhead, 92.7% randomly injected bugs detected Poorly Written

22 22 Q & A

Download ppt "Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology."

Similar presentations

1 InfoShield: A Security Architecture for Protecting Information Usage in Memory Georgia Tech Weidong Shi – Georgia Tech Josh Fryman – Intel Corporation.

1 InfoShield: A Security Architecture for Protecting Information Usage in Memory Georgia Tech Weidong Shi – Georgia Tech Josh Fryman – Intel Corporation.
Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Moving Target Defense in Cyber Security

Moving Target Defense in Cyber Security
Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec. 5 2007.

Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.

Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.

TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.
Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Virtual Memory I Chapter 8.

Virtual Memory I Chapter 8.
Code Coverage Testing Using Hardware Performance Monitoring Support Alex Shye, Matthew Iyer, Vijay Janapa Reddi and Daniel A. Connors University of Colorado.

Code Coverage Testing Using Hardware Performance Monitoring Support Alex Shye, Matthew Iyer, Vijay Janapa Reddi and Daniel A. Connors University of Colorado.
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.

Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Similar presentations

Ads by Google