1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.

Slides:

Advertisements

Similar presentations

HARDWARE SOFTWARE PARTITIONING AND CO-DESIGN PRINCIPLES MADHUMITA RAMESH BABU SUDHI PROCH 1/37.

Advertisements

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

Abhinn Kothari, 2009CS10172 Parth Jaiswal 2009CS10205 Group: 3 Supervisor : Huzur Saran.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Defeating Memory Corruption Attacks via Pointer Taintedness Detection Shuo Chen †, Jun Xu ‡, Nithin Nakka †, Zbigniew Kalbarczyk † and Ravi K. Iyer † ‡

TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.

1 Security Vulnerability Analysis and Mitigation for Real-World Systems Shuo Chen Center for Reliable and High-Performance Computing Coordinated Science.

Characterizing and Reasoning about Security Vulnerabilities Shuo Chen Center for Reliable and High-Performance Computing Coordinated Science Laboratory.

Non-Control-Data Attacks and Securing software by enforcing dataflow integrity Zhiqiang Lin Mar 28, 2007 CS590 paper presentation.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

In vfprintf(), if (fmt points to “%n”) then **ap = (character count) Achieving Trusted Systems by Providing Security and Reliability FORMAL REASONING ON.

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

1/25 Pointer Logic Changki PSWLAB Pointer Logic Daniel Kroening and Ofer Strichman Decision Procedure.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

The Impact of Programming Language Theory on Computer Security Drew Dean Computer Science Laboratory SRI International.

CS252: Systems Programming Ninghui Li Final Exam Review.

Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer Brett Hodges April 8, 2010.

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

A Framework for Automated Web Application Security Evaluation

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

A Security Review Process for Existing Software Applications

Illinois Center for Wireless Systems Wireless Security Quantification and Mechanisms Bill Sanders Professor, Electrical and Computer Engineering Director,

Analyzing and Detecting Network Security Vulnerability Weekly report 1Fan-Cheng Wu.

Computer Security and Penetration Testing

BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.

1 Enhancing Security of Real-World Systems with a Better Understanding of Threats Shuo Chen Candidate of Ph.D. in Computer Science Center for Reliable.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt In ACM CCS’05.

1 Enhancing Security of Real-World Systems with a Better Understanding of Threats Shuo Chen Candidate of Ph.D. in Computer Science Center for Reliable.

R Enabling Trusted Software Integrity Darko Kirovski Microsoft Research Milenko Drinić Miodrag Potkonjak Computer Science Department University of California,

1 Enhancing Security of Real-World Systems with a Better Understanding of Threats Shuo Chen Ph.D. Candidate in Computer Science Center for Reliable and.

COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

Carnegie Mellon University 10/23/2015 Survivability Analysis via Model Checking Oleg Sheyner Jeannette Wing Carnegie Mellon University.

Formal Reasoning of Security Vulnerabilities by Pointer Taintedness Semantics S. Chen, K. Pattabiraman, Z. Kalbarczyk and R. K. Iyer Center for Reliable.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Presenter: Jianyong Dai Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookhot.

Trusted ILLIAC - A Configurable, Application-Aware, High-Performance Platform for Trustworthy Computing Ravishankar Iyer, Wen-mei Hwu, Klara Nahrstedt,

Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:

Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.

Highly Scalable Distributed Dataflow Analysis Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan Chelsea LeBlancTodd.

A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.

1 Enhancing Security of Real-World Systems with a Better Understanding of the Threats Shuo Chen Candidate of Ph.D. in Computer Science Center for Reliable.

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

Sampling Dynamic Dataflow Analyses Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan University of British Columbia.

Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

A Survey on Runtime Smashed Stack Detection 坂井研究室 M 豊島隆志.

Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-

Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.

Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.

VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.

1 Enhancing Security of Real-World Systems with a Better Understanding of Threats Shuo Chen Ph.D. Candidate in Computer Science Center for Reliable and.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt Cyber Defense.

@Yuan Xue Worm Attack Yuan Xue Fall 2012.

A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.

Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.

Secure Programming Dr. X

Module 30 (Unix/Linux Security Issues II)

Secure Software Development: Theory and Practice

CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst

All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.

Format String Vulnerability

Sampling Dynamic Dataflow Analyses

Presentation transcript:

1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman

2 Objective and Approach Objective design and validate secure and reliable computing systems to support critical infrastructures. design and validate secure and reliable computing systems to support critical infrastructures.Approach analyze raw data on security vulnerabilities and attacks analyze raw data on security vulnerabilities and attacks generate stochastic and state machine models depicting security threats generate stochastic and state machine models depicting security threats apply formal method to uncover security vulnerabilities due to inconsistencies between system specifications and implementations apply formal method to uncover security vulnerabilities due to inconsistencies between system specifications and implementations implement defensive techniques at compiler, operating system and hardware levels implement defensive techniques at compiler, operating system and hardware levels

3 Accomplishments Study impact of hardware errors on system security IEEE Dependable Systems and Networks (DSN’01 and DSN’02) IEEE Dependable Systems and Networks (DSN’01 and DSN’02) State machine modeling of real-world security vulnerabilities DSN’03 DSN’03 Non-control-data attack: a new security threat USENIX Security (Security’05) USENIX Security (Security’05) Memory layout randomization-based defensive technique IEEE Reliable Distributed Systems (SRDS’03) IEEE Reliable Distributed Systems (SRDS’03) Architecture level support for reliability and security EASY’02, DSN’04 and DSN’05 EASY’02, DSN’04 and DSN’05 Formal reasoning on security vulnerabilities IFIP Information Security (SEC’04) IFIP Information Security (SEC’04)

4 Modeling and Analyzing Security Vulnerabilities An extensive study on security vulnerabilities in Bugtraq and CERT Each vulnerability is decomposed to multiple simple predicates. State machine modeling for buffer overflow, format string bug, heap corruption, integer overflow, … A more formal way for reasoning about security vulnerabilities. WU-FTP Server Format String Attack NULL-HTTP Server Heap Corruption Attack (DSN’03)

5 New Security Threat: Non-Control-Data Attack Most current attacks are control-data attacks Corrupting function pointers or return addresses to run malicious code. Corrupting function pointers or return addresses to run malicious code. Many defensive techniques are proposed to defeat control-data attacks. Many defensive techniques are proposed to defeat control-data attacks. New threat: non-control-data attacks are generally applicable to attack real-world systems User identity data, configuration data, user input data and decision-making Booleans are security critical. User identity data, configuration data, user input data and decision-making Booleans are security critical. Non-control-data attacks can obtain the root privilege on FTP, SSH, HTTP and Telnet servers. Non-control-data attacks can obtain the root privilege on FTP, SSH, HTTP and Telnet servers. A comprehensive defensive technique is needed to defeat both types of attacks. A comprehensive defensive technique is needed to defeat both types of attacks. (USENIX Security’05)

6 Pointer Taintedness Detection for Security The root cause of many attacks (control-data attacks and non-control-data attacks): pointer taintedness Pointer taintedness: a pointer value is derived directly or indirectly from user input. Prevent pointer taintedness  defeat many real-world attacks, e.g., stack smashing, format string, heap corruption, integer overflow, and globbing attacks. e.g., stack smashing, format string, heap corruption, integer overflow, and globbing attacks.format stringformat string Pursued directions Pointer taintedness avoidance – uncover vulnerabilities by source code analysis Pointer taintedness avoidance – uncover vulnerabilities by source code analysis Pointer taintedness detection – check pointers at runtime. Pointer taintedness detection – check pointers at runtime.

7 Source Code Analysis to Uncover Pointer Taintedness Formal semantic definition of pointer taintedness using equational logic Develop a theorem proving technique to analyze C source code at machine code level Extract a set of preconditions for each analyzed function Satisfaction of preconditions  no possibility of pointer taintedness inside this function Satisfaction of preconditions  no possibility of pointer taintedness inside this functionEvaluation Analyze strcpy(), printf(), free() and socket read functions of HTTP servers Analyze strcpy(), printf(), free() and socket read functions of HTTP servers Negations of extracted preconditions suggest scenarios of potential vulnerabilities. Negations of extracted preconditions suggest scenarios of potential vulnerabilities. (SEC’04)

8 Runtime Pointer Taintedness Detection A processor architectural level mechanism to detect pointer taintedness On SimpleScalar simulator On SimpleScalar simulator Implemented a taintedness-aware memory system Extended ALU instructions to propagate taintedness in memory Evaluation using several network applications and SPEC benchmarks Effective in detecting both control-data attacks and non-control-data attacks Effective in detecting both control-data attacks and non-control-data attacks Transparent to applications, precompiled binary can run. Transparent to applications, precompiled binary can run. No known false alarm. No known false alarm. (DSN’05)

9 Future Directions Combination of static code analysis and architecture support To automatically derive predicates to be checked by processor at runtime To automatically derive predicates to be checked by processor at runtime Reliability and security support for embedded systems Migrate our current techniques to embedded systems Migrate our current techniques to embedded systems New topics: cell phone virus, reduced power consumption, tamper-resistant hardware, crypto and authentication hardware/software New topics: cell phone virus, reduced power consumption, tamper-resistant hardware, crypto and authentication hardware/software

10 Backup

11 ap: argument pointer fmt: format string pointer Internals of Format String Attack In vfprintf(), if (fmt points to “%n”) then **ap = (character count) Vulnerable code: recv(buf); printf(buf); /* should be printf(“%s”,buf) */ \xdd \xcc \xbb \xaa %d %d %d %n …%n%d%d%d0xaabbccdd fmt: format string pointer ap: argument pointer High Low Stack growth *ap is a tainted value. back

12 Extracting Security Specifications by Theorem Prover C source code of a library function formal semantic representation Automatically translated to formal semantic representation Theorem generation Theorem proving A set of sufficient conditions that imply the validity of the theorems. They are the security specifications of the analyzed function. For each pointer dereference in an assignment, generate a theorem stating that the pointer is not tainted