Presentation is loading. Please wait.

Presentation is loading. Please wait.

Can Carlak, Jiwon Joung, Brandon Nguyen, Won Park

Published byStewart King Modified over 6 years ago

Similar presentations

Presentation on theme: "Can Carlak, Jiwon Joung, Brandon Nguyen, Won Park"— Presentation transcript:

1 Can Carlak, Jiwon Joung, Brandon Nguyen, Won Park
TZSlicer: Security-Aware Dynamic Program Slicing for Hardware Isolation Can Carlak, Jiwon Joung, Brandon Nguyen, Won Park

2 The Road Ahead... Motivation and Background Implementation of TZSlicer
Optimization of TZSlicer Evaluation

3 Motivation Problem: Inadequate protection from malicious acts
leaking confidential information modifying critical data especially in embedded systems, IoT Solution: hardware security

4 Challenges How to split the data and code based on their security properties? Challenging for developers who do not have security background or hardware framework Two distinct software development (secure, normal) Maintain small TCB size

5 TrustZone Hardware isolation Secure / Normal world concepts
Architecture Context switching Tradeoffs, small/large TEE TCB

6 Program Slicing What is slicing? Types:
computation of set of program statements that affect values at some point of interest Types: Static Dynamic program slicing is the computation of the set of program statements, the program slice, that may affect the values at some point of interest, referred to as a slicing criterion. At first, slicing was only static, i.e., applied on the source code with no other information than the source code. Bogdan Korel and Janusz Laski introduced dynamic slicing, which works on a specific execution of the program (for a given execution trace).

7 Motivation and Background
Implementation of TZSlicer Optimization of TZSlicer Evaluation

8 TZSlicer User specified sensitive portions
Taintgrind to perform dependency analysis Three levels of granularity TZ-M : Method level TZ-B : Basic Block level TZ-L : Line level The inputs to TZSlicer include a set of tainted variables, a set of test input vectors for dynamic slicing, and the resource constraints that determine the key parameters in slice optimization. Taintgrind is a dynamic taint analysis framework that TZSlicer uses to pinpoint tainted variables. The authors tain at three levels of granularity, M, B, L.

9 TZSlicer M : tainted function M1 goes into the secure world and M2 remaints in the normal world. A context switch is required. B : B carves out the unexecuted else() branch from the secure world. L : Line based tainting taints at the line level but in turn requires more context switches.

10 Motivation and Background
Implementation of TZSlicer Optimization of TZSlicer Evaluation

11 TZSlicer Optimization
Naively slicing the program by putting all the meaningful code in the TEE results in a larger than necessary TCB The three tainting methods (TZ-M, TZ-B, TZ-L) increase the granularity of slices This reduces the amount of code that has to be in the TEE Falls under the category of “resource optimization” Bdon

12 TZSlicer Optimization - Resource Optimization

13 TZSlicer Optimization
TZ-L has the highest granularity: results in the smallest TCB Comes at the cost of more world switches Next optimization category: “communication optimization” Aims to reduce the number of world switches for a given amount of work TZ-L with these optimizations is dubbed “TZ-L+” Two optimizations: loop unrolling and variable renaming

14 TZSlicer Optimization - Loop Unrolling
Several restrictions Loop must be split between secure and normal worlds Loop body must have no branches Loop body must have no data dependencies If this restriction is not met but the first two are, use the next optimization to remove the dependencies Each iteration still has 4 switches, but now we’re handling two old iterations for each new iteration.

15 TZSlicer Optimization - Variable Renaming
Can lift the dependency restriction imposed by the unrolling method Detects data dependencies (RAW, WAR, WAW) Renames variables that are subject to the dependencies Frees up the loop for unrolling Line 4 in the secure world is dependent on lines 2 and 3 in the normal world Code is from DAXPY

16 Motivation and Background
Implementation of TZSlicer Optimization of TZSlicer Evaluation

17 Experimental Setup: Programs
Adopted 7 real world C programs to evaluate Test Cases # Lines Branches Loops Functions FFT 83 3 7 1 Sobel_Filter 121 8 5 6 Matrix_Multiplication 26 AES_KeyExpansion 81 2 4 Linear_Regression 40 Shift_Cipher 57 DAXPY 33

18 Experimental Setup: Trustzone Framework
Developed bare-metal TrustZone framework targeting Xilinx Zynq platform 256 KB on-chip memory to deploy secure world and normal applications Hardware isolation enforced at physical bus level

19 TCB Size Evaluate security of TZSlicer by measuring size of TCB
Compared to putting entire program in secure world

20 Test Cases Original TZ-M TZ-B TZ-L TZ-L+ (x=2) (x=3) (x=4) FFT 83
83 (0%) 80 (-3.6%) 60 (-27.7%) 81 (-2.4%) 90 (+8.4%) 99 (+19.3%) Sobel_Filter 121 121 (0%) 106 (-12.4%) 131 (+8.3%) 140 (+15.7%) 149 (+23.1%) Matrix_Multiplication 26 26 (0%) 17 (-34.6%) 19 (-26.9%) AES_KeyExpansion 81 49 (-39.5%) 40 (-50.6%) 42 (-48.1%) Linear_Regression 40 40 (0%) 27 (-32.5%) 24 (-40%) 41 (+2.5%) 45 (+12.5%) 51 (+27.5%) Shift_Cipher 57 57 (0%) 15 (-73.7%) DAXPY 33 33 (0%) 17 (-48.5%) 16 (-51.5%) 26 (-21.2%) 29 (-12.1%) 32 (-3.0%)

21 Test Cases Original TZ-M TZ-B TZ-L TZ-L+ (x=2) (x=3) (x=4) FFT 83
83 (0%) 80 (-3.6%) 60 (-27.7%) 81 (-2.4%) 90 (+8.4%) 99 (+19.3%) Sobel_Filter 121 121 (0%) 106 (-12.4%) 131 (+8.3%) 140 (+15.7%) 149 (+23.1%) Matrix_Multiplication 26 26 (0%) 17 (-34.6%) 19 (-26.9%) AES_KeyExpansion 81 49 (-39.5%) 40 (-50.6%) 42 (-48.1%) Linear_Regression 40 40 (0%) 27 (-32.5%) 24 (-40%) 41 (+2.5%) 45 (+12.5%) 51 (+27.5%) Shift_Cipher 57 57 (0%) 15 (-73.7%) DAXPY 33 33 (0%) 17 (-48.5%) 16 (-51.5%) 26 (-21.2%) 29 (-12.1%) 32 (-3.0%)

22 Test Cases Original TZ-M TZ-B TZ-L TZ-L+ (x=2) (x=3) (x=4) FFT 83
83 (0%) 80 (-3.6%) 60 (-27.7%) 81 (-2.4%) 90 (+8.4%) 99 (+19.3%) Sobel_Filter 121 121 (0%) 106 (-12.4%) 131 (+8.3%) 140 (+15.7%) 149 (+23.1%) Matrix_Multiplication 26 26 (0%) 17 (-34.6%) 19 (-26.9%) AES_KeyExpansion 81 49 (-39.5%) 40 (-50.6%) 42 (-48.1%) Linear_Regression 40 40 (0%) 27 (-32.5%) 24 (-40%) 41 (+2.5%) 45 (+12.5%) 51 (+27.5%) Shift_Cipher 57 57 (0%) 15 (-73.7%) DAXPY 33 33 (0%) 17 (-48.5%) 16 (-51.5%) 26 (-21.2%) 29 (-12.1%) 32 (-3.0%)

23 Test Cases Original TZ-M TZ-B TZ-L TZ-L+ (x=2) (x=3) (x=4) FFT 83
83 (0%) 80 (-3.6%) 60 (-27.7%) 81 (-2.4%) 90 (+8.4%) 99 (+19.3%) Sobel_Filter 121 121 (0%) 106 (-12.4%) 131 (+8.3%) 140 (+15.7%) 149 (+23.1%) Matrix_Multiplication 26 26 (0%) 17 (-34.6%) 19 (-26.9%) AES_KeyExpansion 81 49 (-39.5%) 40 (-50.6%) 42 (-48.1%) Linear_Regression 40 40 (0%) 27 (-32.5%) 24 (-40%) 41 (+2.5%) 45 (+12.5%) 51 (+27.5%) Shift_Cipher 57 57 (0%) 15 (-73.7%) DAXPY 33 33 (0%) 17 (-48.5%) 16 (-51.5%) 26 (-21.2%) 29 (-12.1%) 32 (-3.0%)

24 Performance Evaluation: World Switches
Migration of partial program necessitates world switches Introduces additional timing overhead

25 Performance Evaluation
Test Cases TZ-L (Baseline) TZ-L+(x=2) TZ-L+(x=3) TZ-L+(x=4) FFT 73 68 (-11.7%) 71 (-7.8%) Sobel_Filter 729 471 ( -35.4%) 351 (-51.9%) Matrix_Multiplication 0 (0%) AES_KeyExpansion 101 101 (0%) Linear_Regression 19 10 (-47.4%) 7 (-63.2%) Shift_Cipher DAXPY 20 14 (-30.0%) 8 (-60.0%) 11 (-45.0%) # of context swithches(?) Takeaway: more loop unrolling is better

26 Tradeoff

27 Conclusion TZSlicer: dynamic program slicing framework
Automatically partitions program into secure slice and normal slice 3 levels of granularity: TZ-M, TZ-B, TZ-L Optimization using loop unrolling + variable renaming

Download ppt "Can Carlak, Jiwon Joung, Brandon Nguyen, Won Park"

Similar presentations

Software Exploits for ILP We have already looked at compiler scheduling to support ILP – Altering code to reduce stalls – Loop unrolling and scheduling.

Software Exploits for ILP We have already looked at compiler scheduling to support ILP – Altering code to reduce stalls – Loop unrolling and scheduling.
HARDWARE SOFTWARE PARTITIONING AND CO-DESIGN PRINCIPLES MADHUMITA RAMESH BABU SUDHI PROCH 1/37.

HARDWARE SOFTWARE PARTITIONING AND CO-DESIGN PRINCIPLES MADHUMITA RAMESH BABU SUDHI PROCH 1/37.
A Process Splitting Transformation for Kahn Process Networks Sjoerd Meijer.

A Process Splitting Transformation for Kahn Process Networks Sjoerd Meijer.
CS 378 Programming for Performance Single-Thread Performance: Compiler Scheduling for Pipelines Adopted from Siddhartha Chatterjee Spring 2009.

CS 378 Programming for Performance Single-Thread Performance: Compiler Scheduling for Pipelines Adopted from Siddhartha Chatterjee Spring 2009.
Architecture-dependent optimizations Functional units, delay slots and dependency analysis.

Architecture-dependent optimizations Functional units, delay slots and dependency analysis.
EECC551 - Shaaban #1 Fall 2003 lec#3 9-16-2003 Pipelining and Exploiting Instruction-Level Parallelism (ILP) Pipelining increases performance by overlapping.

EECC551 - Shaaban #1 Fall 2003 lec# Pipelining and Exploiting Instruction-Level Parallelism (ILP) Pipelining increases performance by overlapping.
1 COMP 740: Computer Architecture and Implementation Montek Singh Tue, Feb 24, 2009 Topic: Instruction-Level Parallelism IV (Software Approaches/Compiler.

1 COMP 740: Computer Architecture and Implementation Montek Singh Tue, Feb 24, 2009 Topic: Instruction-Level Parallelism IV (Software Approaches/Compiler.
1 Advanced Computer Architecture Limits to ILP Lecture 3.

1 Advanced Computer Architecture Limits to ILP Lecture 3.
Chapter 4 Advanced Pipelining and Intruction-Level Parallelism Computer Architecture A Quantitative Approach John L Hennessy & David A Patterson 2 nd Edition,

Chapter 4 Advanced Pipelining and Intruction-Level Parallelism Computer Architecture A Quantitative Approach John L Hennessy & David A Patterson 2 nd Edition,
EECC551 - Shaaban #1 Fall 2005 lec#7 10-11-2005 Static Compiler Optimization Techniques We examined the following static ISA/compiler techniques aimed.

EECC551 - Shaaban #1 Fall 2005 lec# Static Compiler Optimization Techniques We examined the following static ISA/compiler techniques aimed.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
EECC551 - Shaaban #1 Winter 2002 lec#3 12-9-2002 Pipelining and Exploiting Instruction-Level Parallelism (ILP) Pipelining increases performance by overlapping.

EECC551 - Shaaban #1 Winter 2002 lec# Pipelining and Exploiting Instruction-Level Parallelism (ILP) Pipelining increases performance by overlapping.
EECC551 - Shaaban #1 Spring 2006 lec#3 3-20-2006 Pipelining and Instruction-Level Parallelism. Definition of basic instruction block Increasing Instruction-Level.

EECC551 - Shaaban #1 Spring 2006 lec# Pipelining and Instruction-Level Parallelism. Definition of basic instruction block Increasing Instruction-Level.
EECC551 - Shaaban #1 Fall 2005 lec#3 9-15-2005 Pipelining and Instruction-Level Parallelism. Definition of basic instruction block Increasing Instruction-Level.

EECC551 - Shaaban #1 Fall 2005 lec# Pipelining and Instruction-Level Parallelism. Definition of basic instruction block Increasing Instruction-Level.
Chapter 2 Instruction-Level Parallelism and Its Exploitation

Chapter 2 Instruction-Level Parallelism and Its Exploitation
EECC551 - Shaaban #1 Spring 2004 lec#3 3-15-2004 Definition of basic instruction blocks Increasing Instruction-Level Parallelism & Size of Basic Blocks.

EECC551 - Shaaban #1 Spring 2004 lec# Definition of basic instruction blocks Increasing Instruction-Level Parallelism & Size of Basic Blocks.
Data Dependencies A dependency type that can cause a stall.

Data Dependencies A dependency type that can cause a stall.
Design of SCS Architecture, Control and Fault Handling.

Design of SCS Architecture, Control and Fault Handling.
NDSS 2007 Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, Giovanni Vigna.

NDSS 2007 Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, Giovanni Vigna.

Similar presentations

Ads by Google