Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identification and Protection of Security-Critical Data Nora Sovarel University of Virginia Computer Science June 6, 2006 MCS Project Presentation.

Published byJulianna Wilson Modified over 9 years ago

Similar presentations

Presentation on theme: "Identification and Protection of Security-Critical Data Nora Sovarel University of Virginia Computer Science June 6, 2006 MCS Project Presentation."— Presentation transcript:

1 Identification and Protection of Security-Critical Data Nora Sovarel University of Virginia Computer Science June 6, 2006 MCS Project Presentation

2 2 Security-Critical Data Corruption may lead to compromised security Control data –Used as or used to calculate Instruction Pointer –Numerous defenses StackGuard, Write or Exec, Shadow Stack Instruction Set Randomization ([Barrantes+,CCS’03], [Kc+,CCS’03]) Control Flow Integrity ([Abadi+, CCS’05]), DIRA ([Smirnov and Chiueh, NDSS’05]) Non-control data

3 3 CGI-BIN=“/bin” POST commands Non-Control Data Attack Heap corruption attack against configuration data ([Chen+,USENIX’05]) CGI-BIN=“/usr/local/httpd/cgi-bin” SERVER POST … rm –rf * / CGI-BIN=“/bin”

4 4 Non-Control Data Execution is altered by changing data –Configuration data - CGI-BIN path –User input – validated and then corrupted –User identity data- uid, root access if changed to 0 –Decision making data - if condition [Chen+,USENIX’05]

5 5 Non-Control Data Characteristics Long lifetime –Many opportunities to corrupt it Rarely updated Passed as parameters to system calls –execve, setuid, fopen, fwrite Special cases –If condition –Saved registers

6 6 Approach Store security-critical data in secure store –Protected by hardware –Writes allowed only in specially marked code sections –Corruption attempt generates segmentation fault Program –Need to mark data and update sections By programmer – language extension Automatically - inference –Automatic program transformation Store marked data in secure store Insert system calls for update sections

7 7 Variable lifetime initrwrrw read-only read-write Variable Secure Store read-write

8 8 Requirements No system calls injected No system calls skipped Operating System support Hardware support Acceptable performance penalty Reasonable programmer effort Use an existing control data defense mprotect NX/XD bit Case studies

9 9 Roadmap Motivation Approach Design –Language Extensions –Inference –Program Transformation Implementation Case Studies

10 10 C Language Extentions critical - Type qualifier –Marks security critical data –Data allocated in special storage update – statement update := update statement

11 11 Inference Security-critical data –Future Work Update Sections –Data marked using attributes –Assignment to critical data –Call to library function - predefined list –User defined function specialization for each combination of critical/non-critical parameters –Some user guidance required

12 12 User Defined Functions void set(int *p, int v) { *p = v; } … int critical *p; … set(p,1); … void set( int *p, int v) { *p = v; } void set1( critical int *p, int v) { enable_update(); *p = v; disable_update(); } … int *critical p; … set1(p,1); …

13 13 Program Transformation Puts security-critical data in secure store –Heap –Static data –Stack Sets the initial access rights Inserts enable/disable protection calls

14 14 Example critical int *x; … x=malloc(…) … update { statement; } … free(x); … int *x; … x=secure_malloc(…) … enable_update(); statement; disable_update(); … secure_free(x); …

15 15 Implementation Secure heap – modified Doug Lea memory allocator Enable/disable protection Update section inference – CIL module Future Work –Data Inference, secure stack, secure global data section

16 16 Case Studies - Goals Security-critical data and update sections –How many? –How they can be automatically inferred? Measure the performance (Null-Httpd) Verify the update section inference (Wu-FTPD)

17 17 Case Studies - Applications Null-Httpd 0.5.0 2,300 LOC Web server –Static HTML –CGI (Perl, PHP) Thread for each request Process for each script Wu-FTPD 2.6.0 18,000 LOC FTP server Fork to execute external applications (ls,zip,tar)

18 18 Security-Critical Data Wu-FTPD 2.6.0 Static data –passwd structure Mostly local variables - uid, args execve, seteuid Null-Httpd 0.5.0 Mostly static data –Configuration parameters –Connection data Local Variables - args, env write/send, execve

19 19 Update Sections - Null-Httpd 0.5.0 117 sections –The granularity of critical –The application architecture snprintf – more than half of the sections strcat, strncpy Interesting cases –potential deadlock - recv, read –aliasing - strchr

20 20 Update Sections – Wu-FTPD 2.6.0 Inference found 30 sections –Usually less than one screen away from definition Missed one case –critical char* gargv[MAX_GARGV] –copy pointers – no direct call to malloc –no crash, but security vulnerability

21 21 Performance - Null-Httpd 0.5.0 Penalty per single update – more than 5 orders of magnitude Penalty per connection –latency protected / latency unprotected = 1.4 Possible improvements –The data layout (fewer data) –Merge adjacent update sections

22 22 Conclusion Security-critical data can be identified and protected –Most passed to a few system calls –Run-time protections provided by existing hardware Update sections can be inferred –Number depends on application Many for Null-Httpd (application design) Performance penalty depends on the application –Big for Null-Httpd –Not measured for Wu-FTPD, but expected to be low

23 23 Questions Thanks: David Evans, Westley Weimer, Nate Paul, Jeff Shirley

Download ppt "Identification and Protection of Security-Critical Data Nora Sovarel University of Virginia Computer Science June 6, 2006 MCS Project Presentation."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Etter/Ingber Engineering Problem Solving with C Fundamental Concepts Chapter 4 Modular Programming with Functions.

Etter/Ingber Engineering Problem Solving with C Fundamental Concepts Chapter 4 Modular Programming with Functions.
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
CPS3340 COMPUTER ARCHITECTURE Fall Semester, 2013 10/17/2013 Lecture 12: Procedures Instructor: Ashraf Yaseen DEPARTMENT OF MATH & COMPUTER SCIENCE CENTRAL.

CPS3340 COMPUTER ARCHITECTURE Fall Semester, /17/2013 Lecture 12: Procedures Instructor: Ashraf Yaseen DEPARTMENT OF MATH & COMPUTER SCIENCE CENTRAL.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Lecture 10: Heap Management CS 540 GMU Spring 2009.

Lecture 10: Heap Management CS 540 GMU Spring 2009.
User-Level Memory Management in Linux Programming

User-Level Memory Management in Linux Programming
Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.

Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.
Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.

Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.
Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.

Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:

Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Chapter 9: Subprogram Control

Chapter 9: Subprogram Control
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer Brett Hodges April 8, 2010.

Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer Brett Hodges April 8, 2010.
1 Chapter 5: Names, Bindings and Scopes Lionel Williams Jr. and Victoria Yan CSci 210, Advanced Software Paradigms September 26, 2010.

1 Chapter 5: Names, Bindings and Scopes Lionel Williams Jr. and Victoria Yan CSci 210, Advanced Software Paradigms September 26, 2010.

Similar presentations

Ads by Google