Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.

Slides:

Advertisements

Similar presentations

1 InfoShield: A Security Architecture for Protecting Information Usage in Memory Georgia Tech Weidong Shi – Georgia Tech Josh Fryman – Intel Corporation.

Advertisements

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Moving Target Defense in Cyber Security

Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Virtual Memory I Chapter 8.

Code Coverage Testing Using Hardware Performance Monitoring Support Alex Shye, Matthew Iyer, Vijay Janapa Reddi and Daniel A. Connors University of Colorado.

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Address Space Layout Permutation

15-740/ Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt In ACM CCS’05.

nd Joint Workshop between Security Research Labs in JAPAN and KOREA Profile-based Web Application Security System Kyungtae Kim High Performance.

1 Specialization Tools and Techniques for Systematic Optimization of System Software McNamee, Walpole, Pu, Cowan, Krasic, Goel, Wagle, Consel, Muller,

Exploiting Program Hotspots and Code Sequentiality for Instruction Cache Leakage Management J. S. Hu, A. Nadgir, N. Vijaykrishnan, M. J. Irwin, M. Kandemir.

1 Advance Computer Architecture CSE 8383 Ranya Alawadhi.

Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaoton Zhuang, Tao Zhang, Hsien-Hsin S. Lee, Santosh Pande HIDE: An Infrastructure.

Computer Science Detecting Memory Access Errors via Illegal Write Monitoring Ongoing Research by Emre Can Sezer.

Vigilante: End-to-End Containment of Internet Worms Authors : M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham In Proceedings.

Kyushu University Koji Inoue ICECS'061 Supporting A Dynamic Program Signature: An Intrusion Detection Framework for Microprocessors Koji Inoue Department.

Microprocessor Microarchitecture Instruction Fetch Lynn Choi Dept. Of Computer and Electronics Engineering.

Buffer Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Defenses Author:

Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:

Advanced Computer Architecture Lab University of Michigan Compiler Controlled Value Prediction with Branch Predictor Based Confidence Eric Larson Compiler.

Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.

COMPILERS CLASS 22/7,23/7. Introduction Compiler: A Compiler is a program that can read a program in one language (Source) and translate it into an equivalent.

Part I The Basic Idea software sequence of instructions in memory logically divided in functions that call each other – function ‘IE’ calls function.

Shellcode Development -Femi Oloyede -Pallavi Murudkar.

Protecting C Programs from Attacks via Invalid Pointer Dereferences Suan Hsi Yong, Susan Horwitz University of Wisconsin – Madison.

DynamicMR: A Dynamic Slot Allocation Optimization Framework for MapReduce Clusters Nanyang Technological University Shanjiang Tang, Bu-Sung Lee, Bingsheng.

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

Using Dynamic Compilers for Software Testing Ben Breech Lori Pollock John Cavazos.

Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :

Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Re-configurable Bus Encoding Scheme for Reducing Power Consumption of the Cross Coupling Capacitance for Deep Sub-micron Instructions Bus Siu-Kei Wong.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt Cyber Defense.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.

Shellcode COSC 480 Presentation Alison Buben.

Adaptive Android Kernel Live Patching

MadeCR: Correlation-based Malware Detection for Cognitive Radio

Demand Paging Reference Reference on UNIX memory management

CSC 495/583 Topics of Software Security Stack Overflows (2)

Microarchitectural for monitoring application specific instructions

Demand Paging Reference Reference on UNIX memory management

Continuous, Low Overhead, Run-Time Validation of Program Executions

High Coverage Detection of Input-Related Security Faults

Security in Java Real or Decaf? cs205: engineering software

Ka-Ming Keung Swamy D Ponpandi

Software Security Lesson Introduction

Fault Tolerant Systems in a Space Environment

Ka-Ming Keung Swamy D Ponpandi

Presentation transcript:

Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology

2 Introduction Released software contains many vulnerabilities Various types of attacks – stack/heap buffer overflow, format string vuln. Solution: Intrusion Detection Systems (IDS) – Network vs. Host Based – Signature vs. Anomaly Detection “Strange” control flow paths taken

3 Motivation Memory tampering is the starting point of attacks Many attacks don’t modify control flow Propose: IDS scheme with compiler & micro-architecture support that detects memory tampering

4 Basic Idea Compiler – Identify regions that critical object are R_Only / WR – Keep state for every crucial object – Change state before & after every store instruction Hardware – On every store check the state of the object written

5 Baseline Scheme Compiler – Identify regions that critical object are R_Only / WR – Keep state for every crucial object – Change state before & after every store instruction add special instructions Hardware – On every store check the state of the object written

6 Examples

7 Baseline Scheme Pros – Some store instruction has to initiate memory corruption  Coverage 100% Cons – Extremely large overhead – Too many new instructions added Solution: Compiler Optimizations

8 Compiler Framework Overview

9 Static Analysis to find as many target addresses as possible

10 Compiler Framework Overview Identify all the store instructions

11 Compiler Framework Overview Write Range: The shortest distance between two store operations on the same object Baseline Case: two state transitions within a write range Used for later optimization phases

12 Compiler Framework Overview Define Hot / Cold blocks Move Protection Operations to Cold Blocks Tradeoff between performance and security

13 Compiler Framework Overview Protecting every single object becomes not feasible Cost/Benefit analysis to select protection points Analysis unit = write range Protect a write range if WR.benefit/WR.cost is low

14 Compiler Framework Overview Clustering of protection operations Re-arrange layout of objects in memory Decrease number of instructions executed

15 Compiler Framework Overview Profile-driven analysis to identify the possible target addresses Observation: limited number of addresses accessed by a pointer dereference Keep these addresses into a table Don’t check if an address is not present ( - )

16 Compiler Framework Overview Need to define what action to take on every given time Maintain a hash table with all the actions to be taken. Access the table by PC address The table must be filled on run time ( -- ) Need to worry about the security of the table ( --- )

17 Architectural Support

18 Experimental Results - Real attacks and injected bugs tested

19 Experimental Results

20 Experimental Results

21 Conclusion IDS system to identify memory tampering Few of architectural support + Compiler Optimizations Baseline System  100% coverage but 50% overhead Final system  14% overhead, 92.7% randomly injected bugs detected Poorly Written

22 Q & A