Presentation is loading. Please wait.

Presentation is loading. Please wait.

G ENESIS: Security Through Software Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi Wang Carnegie.

Published byDoris Rodgers Modified over 9 years ago

Similar presentations

Presentation on theme: "G ENESIS: Security Through Software Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi Wang Carnegie."— Presentation transcript:

1 G ENESIS: Security Through Software Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi Wang Carnegie Mellon University http://www.cs.virginia.edu/genesis/

2 2 http://www.cs.virginia.edu/genesis Other Team Members UVA staff –Adrian Filipi –Jason Hiser –Jonathan Rowanhill UVA students –Ben Cox –Wei Hu –Nate Paul –Ana Sovarel –Dan Williams CMU student –Ting-Fang Yen

3 3 http://www.cs.virginia.edu/genesis Outline As requested, we are following the outline that John sent out We are using his phrasing for the titles Good

4 4 http://www.cs.virginia.edu/genesis Recall SRS Program Goal Biologically-Inspired Diversity: “Metric: automatically produce 100 diverse but functionally equivalent versions of a software component such that no more than thirty-three versions of a component share the same deficiency.”

5 5 http://www.cs.virginia.edu/genesis Project Overview

6 6 http://www.cs.virginia.edu/genesis Genesis Vision Automated production of diverse functionally- equivalent software Comprehensive application of diversity Source code Object code Executable Compile Link Load Run Diversity Transforms Source code Object code Executable Compile Link Load Run Diversity Transforms Source code Object code Executable Compile Link Load Run Diversity Transforms Source code Object code Executable Compile Link Load Run Diversity Transforms

7 7 http://www.cs.virginia.edu/genesis Diversity @ Run-time STRATA Virtual Machine –Apply transformations to binaries during execution –Portable VM  portable encapsulation of diversity policies –No source code needed Previous STRATA applications –Binary translation for binary execution on non-native CPU –Security policies –Dynamic optimizations

8 8 http://www.cs.virginia.edu/genesis Genesis Technical Approach Practical applications of Instruction Set Randomization (code injection attacks) –Low overhead –Diversity key generated at run-time, single binary image  compatible with integrity checkers –Maintain control through attack unlike previous ISR approaches (starting point for recovery) –Source code not needed Calling Sequence Diversity (return-to-libc attacks) –Modifies calling convention –Diversity key generated at run-time –Requires compiler support

9 9 http://www.cs.virginia.edu/genesis Picture From July PI Meeting

10 10 http://www.cs.virginia.edu/genesis Results

11 11 http://www.cs.virginia.edu/genesis Security Summary Practical protection against code injection and return-to-libc style attacks –Low overhead Independent of code-injection exploit path: –Handles both known and unknown attacks –Breaks attack payload No successful penetration on test applications –Using own attacks –With Red team

12 12 http://www.cs.virginia.edu/genesis SPEC Benchmark Avg SpecInt: 6% Avg SpecFloat: 3% In progress: ISR measurements

13 13 http://www.cs.virginia.edu/genesis Apache & Bind DNS Performance Preliminary numbers Apache performance: –[0% - 4%] Bind performance –[5% - 10%] Diversity transforms (i.e., AES) add little overhead beyond the base Strata Virtual Machine

14 14 http://www.cs.virginia.edu/genesis Performance Summary Expand benchmarks to other critical services and applications –File servers, FTP servers, mail servers, etc… –Browsers, mail clients, etc… If performance holds (<10%): –Dynamic and continuous protection, i.e., always run software with Strata Opens up lots of possibilities

15 15 http://www.cs.virginia.edu/genesis Toolkit Summary

16 16 http://www.cs.virginia.edu/genesis Toolkit Summary Techniques implemented: –Instruction set randomization + tagging –Calling sequence diversity –Simple address space randomization –Stack frame padding Techniques are composable Arbitrary number of versions

17 17 http://www.cs.virginia.edu/genesis Toolkit Summary

18 18 http://www.cs.virginia.edu/genesis Significant Other Results N-Variant Systems http://www.cs.virginia.edu/nvariant/http://www.cs.virginia.edu/nvariant/ –Security as a system property –Secretless security –NSF Cyber Trust award PHPrevent http://www.phprevent.org/http://www.phprevent.org/ –Web application protection –Prevents cross-site scripting, command/script injection and SQL injection attacks Low false positive rates Precise tainting approach applicable to other environments –Prototype performance: < 10% –PHP installed on 50% of Apache servers, 1.3M IP address, 23M domains (Apache ~70% of the web server market)

19 19 http://www.cs.virginia.edu/genesis Red Team Exercise

20 20 http://www.cs.virginia.edu/genesis The Blue Team

21 21 http://www.cs.virginia.edu/genesis The White Team

22 22 http://www.cs.virginia.edu/genesis The Red Team

23 23 http://www.cs.virginia.edu/genesis Blue Team 100 variants of Apache protected using combination of: –Instruction set randomization + tagging, calling sequence diversity, simple address space randomization, stack frame padding Scope & claims –Code-injection attacks –Return-to-libc attacks –Application-level attacks

24 24 http://www.cs.virginia.edu/genesis Red Team Long night  sleep deprived Attempted to launch 6 exploits against all 100 variants 2 exploits counted, i.e., worked against unprotected Apache

25 25 http://www.cs.virginia.edu/genesis White Team Verified exploit works against unprotected Apache Count red squares (successful) vs. green squares (thwarted). Total # squares = 100. 2 code-injection attacks via format string and buffer overflow Blue team: 198 points Red team: 0 points

26 26 http://www.cs.virginia.edu/genesis Red Team Summary Very useful activity Red Team identified potential vulnerability in calling sequence diversity with function handlers: –Not in scope with respect to return-to-libc attacks, will address in the future Red Team needs more time: –Exploits are brittle –Designing exploits for programs running under the Strata VM difficult –Expanded red team in progress: Everything is in scope (VM, non-code injection attacks, non- return-to-libc attacks) Very useful activity

27 27 http://www.cs.virginia.edu/genesis Improving SRS Metrics Expand attack classes covered by diversity techniques Tighter definition of success needed— what is a “deficiency”? Bounds on environmental aspects, e.g. performance—should be constrained Source code Object code Executable Compile Link Load Run Diversity Transforms Source code Object code Executable Compile Link Load Run Diversity Transforms Source code Object code Executable Compile Link Load Run Diversity Transforms

28 28 http://www.cs.virginia.edu/genesis Impediments To Dramatic Performance Increase Depends what you mean by: –“impediment” –“dramatic”, and –“performance” There are many dimensions to this We think they should be explored Here is what we mean…

29 29 http://www.cs.virginia.edu/genesis Impediments To Dramatic Performance Increase Applicability: –Support for more platforms, e.g. Microsoft and Apple (currently supported by Strata: Solaris, Irix, Linux) –This will not be simple to create Utility: –Ease-of-use tools and techniques –More general tools and techniques Operational evaluation

30 30 http://www.cs.virginia.edu/genesis Impediments To Dramatic Performance Increase More comprehensive processes: –Support for system manufacturing –Manufacturing economics models Cover larger class of attacks: –Insider, data, DoS, application Further reduce overhead of various techniques: –Strata VM performance (note critical threshold) –Diversity transforms

31 31 http://www.cs.virginia.edu/genesis Next Steps For Genesis Team Generalize diversity techniques: –E.g., Add protection against non-control attacks –E.g., Handle “higher-level” attacks Combine diversity and other protection mechanisms: –E.g., Generalize calling sequence diversity –E.g., Strata security policies + diversity transforms Operational evaluation of diversity –In contact with DoD supplier Reduce Strata overhead further Windows Port

32 32 http://www.cs.virginia.edu/genesis Follow-on Program Major program for: –Demonstration –Integration –Enhancement of SRS-developed technologies Program might: –Target typical DoD system –Involve most existing groups –Involve new groups interested in related issues

33 33 http://www.cs.virginia.edu/genesis Conclusions Artificial diversity really works It is ready for “primetime” evaluation Genesis tools can support realistic applications Low Strata performance overhead Opens up many opportunities What an excellent project, I am delighted

Download ppt "G ENESIS: Security Through Software Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi Wang Carnegie."

Similar presentations

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Software change management

Software change management
Configuration management

Configuration management
Evaluating Indirect Branch Handling Mechanisms in Software Dynamic Translation Systems Jason D. Hiser, Daniel Williams, Wei Hu, Jack W. Davidson, Jason.

Evaluating Indirect Branch Handling Mechanisms in Software Dynamic Translation Systems Jason D. Hiser, Daniel Williams, Wei Hu, Jack W. Davidson, Jason.
Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Moving Target Defense in Cyber Security

Moving Target Defense in Cyber Security
Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.

Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.
Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec. 5 2007.

Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec
University of VirginiaDARPA SRS - 27 Jan 20051 Effectiveness of Instruction Set Randomization Ana Nora Sovarel and David Evans DARPA SRS – Genesis Project.

University of VirginiaDARPA SRS - 27 Jan Effectiveness of Instruction Set Randomization Ana Nora Sovarel and David Evans DARPA SRS – Genesis Project.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Abhinn Kothari, 2009CS10172 Parth Jaiswal 2009CS10205 Group: 3 Supervisor : Huzur Saran.

Abhinn Kothari, 2009CS10172 Parth Jaiswal 2009CS10205 Group: 3 Supervisor : Huzur Saran.
Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.

Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.

Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.
G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.

G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

Similar presentations

Ads by Google