Presentation is loading. Please wait.

Presentation is loading. Please wait.

Creating Security using Software and Hardware Bradley Herrup CS297- Security and Programming Languages.

Published byProsper Walker Modified over 9 years ago

Similar presentations

Presentation on theme: "Creating Security using Software and Hardware Bradley Herrup CS297- Security and Programming Languages."— Presentation transcript:

1 Creating Security using Software and Hardware Bradley Herrup CS297- Security and Programming Languages

2 XOM Architecture Execute-Only Memory Creating a Secure Execution Environment Uses Public-Key Cryptology Framework Do not Secure the entire program just the secure parts

3 An Abstract XOM Machine Has Four Distinct Premises A Scheme to decrypt symmetric keys using private-public keys The Symmetric key act as Session keys Facilities for real-time decryption Instructions for entering and exiting XOM modes Including Interrupts Tagging Systems

4 Implementing XOM Using a Virtual Machine Possible to implement XOM on a Virtual Machine In either software or hardware So can be run internally on a typical CPU Uses a monitor to maintain assurance

5 Full XOM Machine enter_xom and exit_xom Must also implement a method of secure_store and secure_load (also referred to as restore_secure) Use of MAC to assure secure transference

6 Security Issues with XOM Spoofing Attacks Solved using MAC Execution is halted if MAC does not match Splicing Attacks Replacing ciphertext with other valid ciphertext our of sequence MAC includes a destination and location variable Replay attacks Can cause unintentional interrupts which would allow access to area outside XOM

7 Performance Implications Memory delay of about 100 cycles Memory latency is the greatest delay Using more specialized hardware to decrease the speed elsewhere to compensate for memory latency Leads into SAFE-OPS

8 SAFE-OPS Software/Architecture Framework for the Efficient Operation of Protected Software Want to be able to create tamperproof, secure and reliable software Can be accomplished by utilizing not only software tactics but also hardware secure designs Face the problems that become addressed in a smaller environment that is not

9 Hardware Security Smart Cards Tamper Resistant Packaging Secure Coprocessing

10 Software Security Copyright/ watermarking and stegonography Obfuscation Code and Checksums Proof-carrying code Custom OS Smaller footprints for Embedded Systems

11 SAFE-OPS Approach Solve the security problem by using optimization techniques Fine-tune code Compiler assistance in helping Give the user the choice as to where to put portions of security On the software side or the hardware However, Secure hardware increases the assurance of the software

12 Using FPGAS Field Programmable Gate Array Programmable Logic Chip Can be used and instantiated to perform various functions Must be a level of trust insured in the security of the FPGA Can be updated and reconfigured on a whim to move with the ever changing tie of security

13 Examples of Choice Register Streaming FPGA watches instruction stream and uses said stream to create a key Decryption of sequence created by compiler representing the instruction sequence If both code and key match continue to execute the instructions

14 FPGA-Instruction Based Caching Use FPGA to reduce operating times as secondary Cache Secondary L2 Cache Secure Block cache Secure Register Sequence Buffer

15 Discussion

Download ppt "Creating Security using Software and Hardware Bradley Herrup CS297- Security and Programming Languages."

Similar presentations

Interactive lesson about operating system

Interactive lesson about operating system
An Overview Of Virtual Machine Architectures Ross Rosemark.

An Overview Of Virtual Machine Architectures Ross Rosemark.
Memory.

Memory.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Operating Systems Lecture 10 Issues in Paging and Virtual Memory Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing.

Operating Systems Lecture 10 Issues in Paging and Virtual Memory Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing.
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
1 Specifying and Verifying Hardware Support for Copy and Tamper-Resistant Software David Lie, John Mitchell, Chandramohan Thekkath and Mark Horowitz Computer.

1 Specifying and Verifying Hardware Support for Copy and Tamper-Resistant Software David Lie, John Mitchell, Chandramohan Thekkath and Mark Horowitz Computer.
Implementing an Untrusted Operating System on Trusted Hardware.

Implementing an Untrusted Operating System on Trusted Hardware.
Computer Organization CS224 Fall 2012 Lesson 44. Virtual Memory  Use main memory as a “cache” for secondary (disk) storage l Managed jointly by CPU hardware.

Computer Organization CS224 Fall 2012 Lesson 44. Virtual Memory  Use main memory as a “cache” for secondary (disk) storage l Managed jointly by CPU hardware.
1 A Real Problem  What if you wanted to run a program that needs more memory than you have?

1 A Real Problem  What if you wanted to run a program that needs more memory than you have?
CS 345 Computer System Overview

CS 345 Computer System Overview
CS 153 Design of Operating Systems Spring 2015

CS 153 Design of Operating Systems Spring 2015
Operating System Support Focus on Architecture

Operating System Support Focus on Architecture
CS 104 Introduction to Computer Science and Graphics Problems

CS 104 Introduction to Computer Science and Graphics Problems
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Computer System Overview

Computer System Overview
State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.

State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Modified from Silberschatz, Galvin and Gagne ©2009 CS 446/646 Principles of Operating Systems Lecture 1 Chapter 1: Introduction.

Modified from Silberschatz, Galvin and Gagne ©2009 CS 446/646 Principles of Operating Systems Lecture 1 Chapter 1: Introduction.
03/22/2004CSCI 315 Operating Systems Design1 Virtual Memory Notice: The slides for this lecture have been largely based on those accompanying the textbook.

03/22/2004CSCI 315 Operating Systems Design1 Virtual Memory Notice: The slides for this lecture have been largely based on those accompanying the textbook.

Similar presentations

Ads by Google