300 likes | 446 Views
A Low Overhead Hardware Technique for Software Integrity and Confidentiality. Austin Rogers § , Milena Milenković ‡ , Aleksandar Milenković § Dynetics Inc., Huntsville, AL ‡ WebSphere Process Server Performance, IBM The LaCASA Laboratory Electrical and Computer Engineering Department
E N D
A Low Overhead Hardware Technique forSoftware Integrity and Confidentiality Austin Rogers§, Milena Milenković‡, Aleksandar Milenković § Dynetics Inc., Huntsville, AL ‡ WebSphere Process Server Performance, IBM The LaCASA Laboratory Electrical and Computer Engineering Department The University of Alabama in Huntsville http://www.ece.uah.edu/~lacasa
Outline • Motivation • Computer Security – Threat Models • Related Work • Architectures for Run-Time Verification of Software Integrity and Confidentiality • Experimental Evaluation • Conclusion
Motivation • Evolution of computer security • Economic, technology, and social trends • Proliferation of embedded computing systems • Ubiquitous accessibility and connectivity • Diversification of architectures • Tightening time-to-market constraints • Growing number of computer security exploits • Software vulnerabilities • Piracy • Reverse engineering
Outline • Motivation • Computer Security – Threat Models • Related Work • Architectures for Run-Time Verification of Software Integrity and Confidentiality • Experimental Evaluation • Conclusion
Computer Security • Integrity • Prevent execution of unauthorized code and use of unauthorized data • Confidentiality • Prevent unauthorized copying • Availability • Ensure system is available to legitimate users • Integrity and confidentiality influence availability
Ability to run programs at lower permission levels or access system over the network Inject malicious code Overwrite a return address Examples Buffer Overflow Exceed buffer size, overwrite return address Format String Vulnerabilities in printf-family functions Integer Error Integer arithmetic errors leading to undersized buffers Dangling Pointer Vulnerability when free called twice Arc-Injection Cause jump to library function Software Attacks localvariables Buf[0] Buf[0] ... ... Buf[n-1] Buf[n-1] Local var #2 Local var #2 Oldpointer Local var #1 Local var #1 Previous FP Previous FP FP FP Ret. Address Ret. Address Arg #1 Arg #1 functionarguments ... ... Arg #n Arg #n … Attack Code
Direct physical tampering Attacker has access to physical hardware Attacker can modify and override bus transactions Useful for reverse engineering Examples Spoofing Substitute with malicious block Splicing Substitute with different valid block Replay Substitute with stale block Physical Attacks BusRd(IBJ) IBJ MJ BusRd(IBJ) IBI IBJ IBJ BusRd(IBJ) DBJ CPU MainMemory DBJ* Bus
Learn secrets by indirect analysis Ability to run programs with lower permissions or direct physical access Two phases: collect information about system, then deduce secrets from that information Examples Timing Analysis Different operations take different amounts of time Differential Power Analysis Processor consumes different amounts of power for different instructions Fault Exploitation Compare results produced with and without a hardware fault Architectural Exploitation Take advantage of known architectural features Side-channel Attacks
Outline • Motivation • Computer Security – Threat Models • Related Work • Architectures for Run-Time Verification of Software Integrity and Confidentiality • Experimental Evaluation • Conclusion
Research in Academia • Individual Attack Solutions • Secure stack, pointer encryption, etc. • Execute Only Memory (XOM) • Seminal work, several extensions • Sign & Verify • Embedded signatures in code, verify at runtime • AEGIS Secure Processor • Implemented on FPGA • Uses physical unclonable functions
Industrial Solutions • Flag portions of memory as not usable for instructions • Intel Execute Disable Bit • AMD No Execute Bit • Augment existing processor designs • IBM SecureBlue • ARM TrustZone • Maxim DS5250 Secure Microprocessor • Co-processor for handling sensitive operations
Outline • Motivation • Computer Security – Threat Models • Related Work • Architectures for Run-Time Verification of Software Integrity and Confidentiality • Results • Conclusion
Architectures for Runtime Verification • Goal: come up with architectural extensions that are • Universal • Cost-effective • Power efficient • Performance effective • Applicable to legacy software
Architectures for Runtime Verification • 3-step sign-and-verify mechanism • Secure installation • Secret keys and instruction block signatures are generated and stored together with the program binary • Secure Loading • Extract secret program keys • Secure execution • Signatures are calculated from fetched instructionsand compared to stored signatures
Mechanism for Software Integrity and Confidentiality Secure Installation ProgramLoading Trusted Code Signed Code Original Code Generate Keys Program Header Secure Mode DecryptKeys Key1,Key2,Key3 ECPU.Key(Key1) Key1,Key2,Key3 ECPU.Key (Key2) Secure Execution ECPU.Key(Key3) EncryptKeys A I-Block EKey3(I-Block) I-Block DecryptI-Block EncryptI-Block Instruction Fetch Signature Re-SignI-Block SignI-Block =? Signature Fetch Signature Match
Architectural Enhancements • Reducing performance overhead • Parallelizable Message Authentication Code (PMAC) [Black, Rogaway 2002] • Speculative instruction execution --Run before Verification (RbV) • Reducing memory overhead • Protect multiple cache blocks with a signature
I2 I3 I0 I1 I4 I5 I6 I7 S0 S1 S2 S3 Parallel MAC: SIOM 31 0 A(SB0) I0 I1 I2 I3 I4 A(SB1) SP[A(SB1)] SP[A(SB0)] I5 I6 AES AES I7 KEY1 KEY1 S0 x x S1 S2 S3 AES AES KEY2 KEY2 S(SB1) S(SB0) x =?
C2 C3 C0 C1 C4 C5 C6 C7 Parallel MAC: SICM 31 0 A(SB0) C0 C1 C2 eS0 eS1 C3 eS2 eS3 C4 A(SB1) C5 AES AES C6 KEY3 KEY3 C7 SP[A(SB1)] SP[A(SB0)] eS0 AES eS1 AES AES KEY3 eS2 SP[A(eS)] eS3 KEY1 KEY1 x x AES AES KEY2 KEY2 S(SB1) S(SB0) x =?
Verification Latency Integrity Only Integrity and Confidentiality
Run Before Verification • Speculative execution: continue executing once I-block is fetched, in parallel with verification • Do not commit instructions before verification • Instruction Verification Buffer for in-order processors • Modify reorder buffer in out-of-order processors Instruction Verification Buffer ReadyFlag VerifiedFlag IType Destination Value 0 1 ... n-1
Reducing Memory Overhead • Protect two I-blocks with one signature • Signature produced by XORing signatures of all sub-blocks • Need both blocks to calculate signature, other block may or may not be in cache Block A Block B Instruction Opportunity Buffer ValidFlag Tag I-block 0 1 ... m-1
Outline • Motivation • Computer Security – Threat Models • Related Work • Architectures for Run-Time Verification of Software Integrity and Confidentiality • Experimental Evaluation • Conclusion
Experimental Environment BenchmarkInputs • Performance metric: sim_cycle • Energy metric: uarch.pdissipation • Normalized to the baseline architecture ARM Cross Compiler ArchitectureParameters BenchmarkSource Code Executable BaselineSimulator Secure InstallationEmulator BaselineResults Secure Executable BenchmarkInputs ArchitectureParameters ExtendedSimulator Results
… … … … … … … … Instruction Block Signature Verification Unit Data bus Processor MMU L1 D-cache sig sig FSig Datapath XOR L1I-cache =? match CSig FPUs IF I-cache CryptoPipeline (57K gates) IVB(FIFO) IBSVU Control IOB(FIFO) Program keys
Outline • Motivation • Computer Security – Threat Models • Related Work • Architectures for Run-Time Verification of Software Integrity and Confidentiality • Results • Conclusion
Conclusions • Contributions • Extension of the sign-and-verify mechanismto ensure both software integrity and confidentiality • Architectural enhancements for low performance and power overheads • Double key parallelizable MAC • Instruction Verification Buffer • Reducing memory overhead • Protect multiple blocks with a single signature • Future work • Ensuring data integrity and confidentiality • Resilience to side-channel attacks