Presentation is loading. Please wait.

Presentation is loading. Please wait.

Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:

Published byMerilyn Fisher Modified over 8 years ago

Similar presentations

Presentation on theme: "Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:"— Presentation transcript:

1 Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by: Arjun Prakash

2 Outline What is Code Injection Attack? Related Work Motivation IMPRES Architecture – An overview Software Instrumentation Code Injection Attack Detection Check-summing at Runtime Contribution and Limitations Code Integrity Violation Model Encryption Hardware Design Flow Evaluation Summary

3 Format String Vulnerabilities Stack Based Buffer Overflows Heap Based Buffer Overflows Attacks violating software integrity (dynamically changing instructions with the intention of gaining access to a program). Insertion of harmful instructions into the program stream. Dangling Pointer References Code Injection Attacks 47% of vulnerabilities reported from 1994-2004 were code injection

4 Examples for Code Injection Attack (1) Return Address Overwriting

5 Heap Based Buffer Overflow Examples for Code Injection Attack (2)

6 Related Work Existing work on Code Injection detection can be categorized into: Software based Static Technique Detect Vulnerability at compile time (automated static code analysis) Dynamic Technique Methods to prove program behaves as expected at runtime Software constructs to prove program behavior Hardware based (Usually attack specific) Use of additional co-processor Addition co-processor & hardware tables Embedded Micro Monitoring - MicroInstruction routines to perform in-line security monitoring (only partial support)

7 Motivation Software Approach Huge Code-size Overhead High Performance Penalty Check-summing is susceptible to code injection attacks Solutions to Code Injection Attacks Hardware Approach –High Area Impact –Interfacing Problem –Memory/table limitations –Scalability Problems IMPRES is a novel Hardware/Software technique at the granularity if micro- instructions to reduce overheads considerably

8 Software Instrumentation Compile Assemble & Link Application Source Code Code Injection Detection IMPRES HARDWARE Secure IMPRES Architecture: An Overview Instrumented Binary Loading

9 Software Instrumentation A special instruction ( chk ), with the checksum is inserted at the beginning of each logical basic block

10 Chk e-checksum Inst1 Inst2 Inst3 Inst4 Inst5 CFI Check-summing at Runtime e-checksum e-checksum’ Chksum 1 Encrypt = √ Chksum 1-2 + Chksum 1-3 + Chksum 1-4 + Chksum 1-5 + Chksum BB + A Typical Basic Block Incremental checksum recalculation:- Does not accumulate workload to particular points in the program flow Encryption (a time consuming task) is used only when it is required. Decreases overhead!

11 Code Injection Attack Detection  Static time Check-summing  Load time encryption using hardware secret key  Runtime encrypted check-summing and comparison  fBB flag : Set only when Check Instructions at the beginning of BBs and micro instruction embedded into the machine instructions server as interface between H/w and S/w

12 A code injection detector which require only a rudimentary software analysis Instruction memory transient fault detector (Single Event Upset in the instruction memory are fully detected with small latency) Encrypted Basic Block Check-summing for code integrity violation detection × Will only detect code injection attacks and will NOT detect any other security threats Contributions & Limitations

13 Code Integrity Violation Model

14 Code Integrity Violation Model (2)  The model in the previous slide covers all the possible cases  All the combinations other than those presented in the previous slide are duplicates/subsets  Some duplicates are depicted below (D1 ε T01, D2 ε T09 and D3 ε T14)

15 Integrity Violation Detection Type Original Changed Error Signal T01 chk checksum SIGCKSM T02 chk CFI SIGCKSM T03 chk nonBI SIGCKSM T04 chk undefined SIGSYSM T05 CFI another CFI SIGCKSM T06 CFI chk SIGNCFI T07 CFI nonBI SIGNCFI T08 CFI undefined SIGSYSM T09 nonBI SIGCKSM T10 nonBI chk SIGNCFI T11 nonBI CFI SIGCKSM T12 nonBI undefined SIGSYSM T13 chk & nonBIs any insts. SIG(CKSM/NCFI) T14 whole BB any insts. SIG(CKSM/NCFI)

16 Encryption Hardware The encryption is performed in parallel to the pipeline. A single encryption takes 18 clock cycles with a clock period 20x smaller than that of the processor.

17 Design Flow (a) Software Instrumentation (b) IMPRES Hardware Model

18 Evaluation SIGCHSM - Encrypted Checksum mismatch SIGNCFI - No Control Flow Instruction SIGSYSM- System Error

19 Performance Overhead Average performance overhead is Blowfish benchmark performs better… Why?

20 Hardware and Memory Overheads Clock Period (ns) Area (gates) Leakage Power (10 -6 watt) Ordinary H/W16.84227077478 IMPRES H/W16.85229143483 Overhead (%)0.06%0.91%1.05%

21 Fault Injection Analysis

22 Error Detection Latency Type Activated At Detected At   (/bbsize) T011 bbsize bbsize-11 T021101 T031101 T041101 T05 bbsize 01 T06 bbsize 01 T07 bbsize bbsize+111 T08 bbsize 01 T09 bbsize/2 bbsize bbsize/2 bbsize-2 T10 bbsize/2 0 bbsize-2 T11 bbsize/2 0 bbsize-2 T12 bbsize/2 0 bbsize-2 Average Error Detection Latency =

23 Summary and Conclusions  Code Injection Attacks are still Real  IMPRES provides a low cost rudimentary solution to code injection attacks  IMPRES’s overheads and detection latency are minimum

24 THANK YOU!

25

Download ppt "Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:"

Similar presentations

Architectural Support for Software-Based Protection Mihai Budiu Úlfar Erlingsson Martín Abadi ASID Workshop, Oct 21, 2006 Silicon Valley.

Architectural Support for Software-Based Protection Mihai Budiu Úlfar Erlingsson Martín Abadi ASID Workshop, Oct 21, 2006 Silicon Valley.
ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Anshul Kumar, CSE IITD CSL718 : VLIW - Software Driven ILP Hardware Support for Exposing ILP at Compile Time 3rd Apr, 2006.

Anshul Kumar, CSE IITD CSL718 : VLIW - Software Driven ILP Hardware Support for Exposing ILP at Compile Time 3rd Apr, 2006.
Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Computer Organization and Architecture

Computer Organization and Architecture
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.

Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.

Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.
1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.

1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Enhancing Embedded Processors with Specific Instruction Set Extensions for Network Applications A. Chormoviti, N. Vassiliadis, G. Theodoridis, S. Nikolaidis.

Enhancing Embedded Processors with Specific Instruction Set Extensions for Network Applications A. Chormoviti, N. Vassiliadis, G. Theodoridis, S. Nikolaidis.
MemTracker Efficient and Programmable Support for Memory Access Monitoring and Debugging Guru Venkataramani, Brandyn Roemer, Yan Solihin, Milos Prvulovic.

MemTracker Efficient and Programmable Support for Memory Access Monitoring and Debugging Guru Venkataramani, Brandyn Roemer, Yan Solihin, Milos Prvulovic.
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Similar presentations

Ads by Google