Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH.

Published byFrancis Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH."— Presentation transcript:

1 sotiris@ics.forth.grwww.sharcs-project.eu 1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH

2 sotiris@ics.forth.grwww.sharcs-project.eu Project Details  Start date: 2015-01-01  Duration: 36 months  Budget: 3,105,762  Coordinator: FORTH  Academia  FORTH  Vrije Universiteit  Chalmers  TU Braunschweig  Industry  Neurasmus BV  OnApp Limited  IBM Ltd  Elektrobit GMBH 2

3 sotiris@ics.forth.grwww.sharcs-project.eu Overview  Design, build and demonstrate secure-by-design system architectures that achieve end-to-end security  Analyze and extend each H/W and S/W layer  Technologies developed directly utilizable by applications and services that require end-to-end security 3

4 sotiris@ics.forth.grwww.sharcs-project.eu Motivation  Systems are as secure as their weakest link  Must think in terms of end-to-end security  Security is typically applied in layers  Tighten up one layer and attackers move to another  Ultimately security mechanisms must be pushed down to the H/W  Immutability; Clean and simple API; Secure foundation; Efficiency  H/W on-chip resources are no longer a problem  Billions of transistors on-chip; Exploit parallelism and H/W  Pushing security to the H/W  Benefit: performance, energy/power-efficiency; Challenge: flexibility  Global adoption of embedded systems  No widely deployed security software 4

5 sotiris@ics.forth.grwww.sharcs-project.eu Objectives 1. Extend existing H/W and S/W platforms towards developing secure- by-design enabling technologies 2. Leverage H/W technology features present in today’s processors and embedded devices to facilitate S/W-layer security 3. Build methods and tools for providing maximum possible security- by-design guarantees for legacy systems 4. Evaluate acceptance, effectiveness and platform independence of SHARCS technologies and processes 5. Create high impact in the security and trustworthiness of ICT systems 5

6 sotiris@ics.forth.grwww.sharcs-project.eu SHARCS Framework 6

7 sotiris@ics.forth.grwww.sharcs-project.eu Hardware Architecture  Instruction Set Randomization  Defense against code injection  Minimal performance/area overhead (~1%)  Additional hardware inside MMU  Control Flow Integrity  Defense against code reuse attacks  Minimal performance/area overhead (~1%)  ISA extension & additional registers/memory  Main memory encryption  Defense against main memory disclosure attacks  Effective even against cold boot attacks  Affordable runtime overhead if customized hardware is deployed 7

8 sotiris@ics.forth.grwww.sharcs-project.eu Runtime and Software Tools 8  GPU encryption keys protection  Keys are stored in GPU registers/memory  Secure against whole main memory disclosure  Accelerated cryptographic operations  GPU Network Intrusion Detection  Based on signature matching  Computational intensive  High throughput, highly parallel  Inexpensive, commodity, programmable

9 sotiris@ics.forth.grwww.sharcs-project.eu Applications - Pilots 9  Medical  Automotive  Cloud

10 sotiris@ics.forth.grwww.sharcs-project.eu Implantable Medical Device (attacks) 10  Operation modification  Data-log manipulation  Data theft

11 sotiris@ics.forth.grwww.sharcs-project.eu Implantable Medical Device (defenses) 11  Control Flow Integrity  Instruction Set Randomization  Memory Encryption

12 sotiris@ics.forth.grwww.sharcs-project.eu Automotive Application (attacks)  Data/code modification  Program flow modification  Large-scale exploit  DoS 12

13 sotiris@ics.forth.grwww.sharcs-project.eu Automotive Application (defenses)  Control Flow Integrity  Instruction Set Randomization  Memory Encryption 13

14 sotiris@ics.forth.grwww.sharcs-project.eu Cloud Application (attacks)  Unauthorized access  Date modification  Breach or loss of data  … 14

15 sotiris@ics.forth.grwww.sharcs-project.eu Cloud Application (defenses)  GPU keys protection  GPU NIDS 15

16 sotiris@ics.forth.grwww.sharcs-project.eu SHARCS Applications 16

17 sotiris@ics.forth.grwww.sharcs-project.eu More Information  Visit us on the web: sharcs-project.eu  Follow us on Twitter: @sharcs_project  Like us on Facebook: facebook.com/sharcsproject  Email us at: sotiris@ics.forth.gr 17

18 sotiris@ics.forth.grwww.sharcs-project.eu 18 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH

19 sotiris@ics.forth.grwww.sharcs-project.eu Defense against ROP 19

20 sotiris@ics.forth.grwww.sharcs-project.eu Defense against JOP 20

21 sotiris@ics.forth.grwww.sharcs-project.eu Instruction Set Randomization 21

22 sotiris@ics.forth.grwww.sharcs-project.eu Memory Encryption with software 22

23 sotiris@ics.forth.grwww.sharcs-project.eu Memory Encryption with hardware 23

24 sotiris@ics.forth.grwww.sharcs-project.eu Candidate Hardware Extensions  Instruction Set Randomization  Control Flow Integrity  Information Flow Tracking  Secure H/W Memory  Fine-grained Memory Protection  Dynamic Type Safety 24

25 sotiris@ics.forth.grwww.sharcs-project.eu SHARCS Methodology 25

Download ppt "1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH."

Similar presentations

BI 4.0 - Web Intelligence 4.0. Business Challenges Incorrect decisions based on inadequate data Lack of Ad hoc reporting and analysis Delayed decisions.

BI Web Intelligence 4.0. Business Challenges Incorrect decisions based on inadequate data Lack of Ad hoc reporting and analysis Delayed decisions.
Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
System Simulation Of 1000-cores Heterogeneous SoCs Shivani Raghav Embedded System Laboratory (ESL) Ecole Polytechnique Federale de Lausanne (EPFL)

System Simulation Of 1000-cores Heterogeneous SoCs Shivani Raghav Embedded System Laboratory (ESL) Ecole Polytechnique Federale de Lausanne (EPFL)
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 

Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Development of a track trigger based on parallel architectures Felice Pantaleo PH-CMG-CO (University of Hamburg) Felice Pantaleo PH-CMG-CO (University.

Development of a track trigger based on parallel architectures Felice Pantaleo PH-CMG-CO (University of Hamburg) Felice Pantaleo PH-CMG-CO (University.
Architecture Support for Security Peter Chapman Michael Maass.

Architecture Support for Security Peter Chapman Michael Maass.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Azad Madni Professor Director, SAE Program Viterbi School of Engineering Platform-based Engineering: Rapid, Risk-mitigated Development.

Azad Madni Professor Director, SAE Program Viterbi School of Engineering Platform-based Engineering: Rapid, Risk-mitigated Development.
What Great Research ?s Can RAMP Help Answer? What Are RAMP’s Grand Challenges ?

What Great Research ?s Can RAMP Help Answer? What Are RAMP’s Grand Challenges ?
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.

Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.
V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.

V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.
6/30/2015HY220: Ιάκωβος Μαυροειδής1 Moore’s Law Gordon Moore (co-founder of Intel) predicted in 1965 that the transistor density of semiconductor chips.

6/30/2015HY220: Ιάκωβος Μαυροειδής1 Moore’s Law Gordon Moore (co-founder of Intel) predicted in 1965 that the transistor density of semiconductor chips.
1 July 23, 2002 Strategic Technology Plan Briefing to LOT Committee.

1 July 23, 2002 Strategic Technology Plan Briefing to LOT Committee.

Similar presentations

Ads by Google