Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science.

Published byEsperanza Hensley Modified over 9 years ago

Similar presentations

Presentation on theme: "Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science."— Presentation transcript:

1 Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science Columbia University 1

2 Modern Hardware is Complex Modern systems built on layers of hardware Complexity increases risk of backdoors More hands Easier to hide A significant vulnerability Hardware is the root of trust All hardware and software controlled by microprocessors Applications OS Hypervisor Motherboard/ Slave Chips CPU

3 Prior Work and Scope Microprocessor design stages Prior work focuses on back end More immediate threat Example: IC fingerprinting [Agrawal et al., 2007] Front end is the extreme root Common assumption: golden model from front end Focus of this work High Level Design Specification Design Validation Physical Design Tapeout/ Fabrication Deployment Back EndFront End

4 Key Idea: Use Inherent Division of Work Bob Nice Guy Donates $100 Eric Evil Accountant Steals $10 Alice Charity President Receives $90 Thank you, Bob, for your $90 FetchDecodeExecute Microprocessor Pipeline Stages Analogue (Bob)(Eric)(Alice)

5 Outline Taxonomy Ticking Timebombs, Cheat Codes, Emitters, Corrupters Solutions TrustNet and DataWatch Results Correctness, Coverage and Costs Future Work

6 Taxonomy of Attacks Backdoor = Trigger + Payload Trigger: Turns on an attack Payload: Malicious, illegal action TriggersDataTime PayloadsEmitterCorrupter

7 Taxonomy of Attacks: Triggers TriggersDataTime

8 Taxonomy of Attacks: Payloads Emitter Attacks Extra malicious events Separate from normal events PayloadsEmitterCorrupter Corrupter Attacks No extra malicious events Normal instructions altered

9 Taxonomy of Attacks: Summary Emitter Timebomb Corrupter Timebomb Emitter Cheatcode Corrupter Cheatcode

10 Assumptions Large design team Each designer works on one unit or part of one Security add-ons cannot be done by one member Full knowledge Attacker has complete access to all design specifications Attacker also knows about additional security mechanism Equal distrust Any one designer/unit may be evil Security add-ons may contain backdoors

11 Outline Taxonomy Ticking Timebombs, Cheat Codes, Emitters, Corrupters Solutions TrustNet and DataWatch Results Correctness, Coverage and Costs Future Work

12 Sample Emitter Backdoor Consider a malicious instruction decoder Decoder emits instructions not in the original program Execution unit faithfully executes them Fetch DecodeExecute Spurious Output

13 TrustNet Predictor and Reactor monitor the Target Division of work prevents one bad guy from breaking two units Scaling to larger number increases design complexity PredictorReactor Target add $r1, $r2, $r3 Fetch Decode Execute

14 Corrupter Backdoors Bob Still nice Donates $100 Eric Evil (and smarter) Converts to Canadian $ Alice Still president Fooled by Eric’s C$100 Thank you, Bob, for your C$100

15 DataWatch Scaled up version of TrustNet Multiple bit messages Confirms types of messages (instead of just yes/no) PredictorReactor Target add $r1, $r2, $r3 Fetch Decode Execute SUB $r1, $r2, $r3 STOP

16 Outline Taxonomy Ticking Timebombs, Cheat Codes, Emitters, Corrupters Solutions TrustNet and DataWatch Results Correctness, Coverage and Costs Future Work

17 Experimental Context, Correctness, Costs Context Simplified OpenSPARC T2 Correctness Designed attacks No false positives or negatives Costs Low area overhead (2 KB per core) No performance impact How to measure coverage?

18 18 Units with a core Paper has plots for other units at a chip level Coverage: Vulnerability Space

19 19 Coverage Visualization WARNING: This is an approximate vizualization 19

20 Summary and Future Work Strengthen root of trust: microprocessors Hardware-only solution. No perf impact, low area overhead Security add-on highly resilient to corruption Provided attack taxonomy, method to characterize attack space Applicability of TrustNet & DataWatch Covered: pipelines, caches and content associative memory Not covered: ALU, microcode, power mgmt., side-channels Moving Forward Expand coverage Out-of-order processors Motherboard components Design automation tools Reaction to errors Applying techniques for reliable execution First steps toward a secure trusted hardware w/ untrusted units ✔ Thank You! and Questions?

Download ppt "Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Runahead Execution: An Alternative to Very Large Instruction Windows for Out-of-order Processors Onur Mutlu, The University of Texas at Austin Jared Start,

Runahead Execution: An Alternative to Very Large Instruction Windows for Out-of-order Processors Onur Mutlu, The University of Texas at Austin Jared Start,
Overcoming an UNTRUSTED COMPUTING BASE: Detecting and Removing Malicious Hardware Automatically Matthew Hicks Murph Finnicum Samuel T. King University.

Overcoming an UNTRUSTED COMPUTING BASE: Detecting and Removing Malicious Hardware Automatically Matthew Hicks Murph Finnicum Samuel T. King University.
RISC and Pipelining Prof. Sin-Min Lee Department of Computer Science.

RISC and Pipelining Prof. Sin-Min Lee Department of Computer Science.
Mehmet Can Vuran, Instructor University of Nebraska-Lincoln Acknowledgement: Overheads adapted from those provided by the authors of the textbook.

Mehmet Can Vuran, Instructor University of Nebraska-Lincoln Acknowledgement: Overheads adapted from those provided by the authors of the textbook.
1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
Lecture Objectives: 1)Define pipelining 2)Calculate the speedup achieved by pipelining for a given number of instructions. 3)Define how pipelining improves.

Lecture Objectives: 1)Define pipelining 2)Calculate the speedup achieved by pipelining for a given number of instructions. 3)Define how pipelining improves.
Department of Computer Science iGPU: Exception Support and Speculative Execution on GPUs Jaikrishnan Menon, Marc de Kruijf Karthikeyan Sankaralingam Vertical.

Department of Computer Science iGPU: Exception Support and Speculative Execution on GPUs Jaikrishnan Menon, Marc de Kruijf Karthikeyan Sankaralingam Vertical.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Helper Threads via Virtual Multithreading on an experimental Itanium 2 processor platform. Perry H Wang et. Al.

Helper Threads via Virtual Multithreading on an experimental Itanium 2 processor platform. Perry H Wang et. Al.
Architecture Support for Security Peter Chapman Michael Maass.

Architecture Support for Security Peter Chapman Michael Maass.
Chapter 4: The Building Blocks: Binary Numbers, Boolean Logic, and Gates Invitation to Computer Science, Java Version, Third Edition.

Chapter 4: The Building Blocks: Binary Numbers, Boolean Logic, and Gates Invitation to Computer Science, Java Version, Third Edition.
Pipelining Andreas Klappenecker CPSC321 Computer Architecture.

Pipelining Andreas Klappenecker CPSC321 Computer Architecture.
Pipelined Processor II CPSC 321 Andreas Klappenecker.

Pipelined Processor II CPSC 321 Andreas Klappenecker.
Computer Organization and Assembly language

Computer Organization and Assembly language
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Cisc Complex Instruction Set Computing By Christopher Wong 1.

Cisc Complex Instruction Set Computing By Christopher Wong 1.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Similar presentations

Ads by Google