Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Slides:

Advertisements

Similar presentations

USENIX Security Symposium, Baltimore, MD, Non-Control-Data Attacks Are Realistic Threats Shuo Chen *, Jun Xu, Emre Sezer, Prachi Gauriar, Ravi Iyer.

Advertisements

1 Evaluating the Security Threat of Instruction Corruptions in Firewalls Shuo Chen, Jun Xu, Ravishankar K. Iyer, Keith Whisnant Center of Reliable and.

HARDWARE SOFTWARE PARTITIONING AND CO-DESIGN PRINCIPLES MADHUMITA RAMESH BABU SUDHI PROCH 1/37.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Moving Target Defense in Cyber Security

Dr. XiaoFeng Wang Spring 2006 Packet Vaccine: Black-box Exploit Detection and Signature Generation XiaoFeng Wang, Zhuowei Li Jun Xu, Mike Reiter Chongkyung.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Defeating Memory Corruption Attacks via Pointer Taintedness Detection Shuo Chen †, Jun Xu ‡, Nithin Nakka †, Zbigniew Kalbarczyk † and Ravi K. Iyer † ‡

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.

1 Security Vulnerability Analysis and Mitigation for Real-World Systems Shuo Chen Center for Reliable and High-Performance Computing Coordinated Science.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.

Non-Control-Data Attacks and Securing software by enforcing data- flow integrity Zhiqiang Lin Mar 28, 2007 CS590 paper presentation.

In vfprintf(), if (fmt points to “%n”) then **ap = (character count) Achieving Trusted Systems by Providing Security and Reliability FORMAL REASONING ON.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.

Lecture 16 Buffer Overflow

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer Brett Hodges April 8, 2010.

Address Space Layout Permutation

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

A Security Review Process for Existing Software Applications

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Illinois Center for Wireless Systems Wireless Security Quantification and Mechanisms Bill Sanders Professor, Electrical and Computer Engineering Director,

Analyzing and Detecting Network Security Vulnerability Weekly report 1Fan-Cheng Wu.

Computer Security and Penetration Testing

1 Enhancing Security of Real-World Systems with a Better Understanding of Threats Shuo Chen Candidate of Ph.D. in Computer Science Center for Reliable.

Software Security Testing Vinay Srinivasan cell:

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt In ACM CCS’05.

Carnegie Mellon Selected Topics in Automated Diversity Stephanie Forrest University of New Mexico Mike Reiter Dawn Song Carnegie Mellon University.

Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.

1 Enhancing Security of Real-World Systems with a Better Understanding of Threats Shuo Chen Candidate of Ph.D. in Computer Science Center for Reliable.

Buffer Overflow Detection Stuart Pickard CSCI 297 June 14, 2005.

Computer Science Detecting Memory Access Errors via Illegal Write Monitoring Ongoing Research by Emre Can Sezer.

Mitigation of Buffer Overflow Attacks

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 10 “Buffer Overflow”.

Vigilante: End-to-End Containment of Internet Worms Authors : M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham In Proceedings.

1 Enhancing Security of Real-World Systems with a Better Understanding of Threats Shuo Chen Ph.D. Candidate in Computer Science Center for Reliable and.

COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

Carnegie Mellon University 10/23/2015 Survivability Analysis via Model Checking Oleg Sheyner Jeannette Wing Carnegie Mellon University.

Formal Reasoning of Security Vulnerabilities by Pointer Taintedness Semantics S. Chen, K. Pattabiraman, Z. Kalbarczyk and R. K. Iyer Center for Reliable.

Identification and Protection of Security-Critical Data Nora Sovarel University of Virginia Computer Science June 6, 2006 MCS Project Presentation.

Trusted ILLIAC - A Configurable, Application-Aware, High-Performance Platform for Trustworthy Computing Ravishankar Iyer, Wen-mei Hwu, Klara Nahrstedt,

Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:

Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.

A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.

Wireless and Mobile Security

1 Enhancing Security of Real-World Systems with a Better Understanding of the Threats Shuo Chen Candidate of Ph.D. in Computer Science Center for Reliable.

Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

A Survey on Runtime Smashed Stack Detection 坂井研究室 M 豊島隆志.

Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-

Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.

VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt Cyber Defense.

Chapter 10 Buffer Overflow 1. A very common attack mechanism o First used by the Morris Worm in 1988 Still of major concern o Legacy of buggy code in.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

@Yuan Xue Worm Attack Yuan Xue Fall 2012.

Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.

Module 30 (Unix/Linux Security Issues II)

Secure Software Development: Theory and Practice

Software Security Lesson Introduction

All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.

Operating System Concepts

Understanding and Preventing Buffer Overflow Attacks in Unix

Presentation transcript:

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman Objective and Approach Accomplishments Threat of Hardware Memory Errors (DSN’01, DSN’02) Modeling and Analyzing Software Security Vulnerabilities (DSN’03) Identifying New Security Threats (USENIX Security’05) Memory Layout Randomization-based Defense Technique (SRDS’03) Formal Analysis on Security Vulnerabilities (SEC’04) Architectural Supports for Security and Reliability Future Directions Combination of static code analysis and architecture support –To automatically derive predicates to be checked by processor at runtime Reliability and security support for embedded systems –Migrate our current techniques to embedded systems –New topics: cell phone viruses, reduced power consumption, tamper-resistance hardware, crypto and authentication hardware/software Objective –design and validate secure and reliable computing systems to support critical infrastructures. Approach –analyze raw data on security vulnerabilities and attacks –generate stochastic and state machine models depicting security threats –apply formal reasoning to uncover security vulnerabilities due to inconsistencies between system specifications and implementations –implement defensive techniques at compiler, operating system and hardware levels Study impact of hardware errors on system security –IEEE Dependable Systems and Networks (DSN’01 and DSN’02) State machine modeling of realistic security vulnerabilities –DSN’03 Memory layout randomization-based defensive technique –IEEE Reliable Distributed Systems (SRDS’03) Architecture level support for reliability and security –EASY’02, DSN’04 and DSN’05 Formal reasoning on security vulnerabilities –IFIP Information Security (SEC’04) Non-control-data attack: a new security threat –USENIX Security (Security’05) Attacker Target host Firewall (IPChains and Netfilter) Due to hardware memory errors, packets can penetrate firewalls Attacker Network server (FTP and SSH) Due to hardware memory errors, users can log in with arbitrary passwords  Emulate random hardware memory errors Stochastic model: quantitatively assess the threat in real environments WU-FTP Server Format String Attack NULL-HTTP Server Heap Corruption Attack State machine based modeling of buffer overflow, format string, heap corruption, and integer overflow Reliability and Security Engine (RSE) –A reconfigurable processor framework to embed reliability and security checking modules. –Modules perform low-latency detections. –Reliability data range check, instruction sequence check, hang/crash detection and hardware checkpointing –Security: secure return address stack, memory layout randomization and pointer taintedness detection Observation –Success of memory corruption attacks require attacker’s knowledge about the memory layout of the victim process Technique –Modify the loader so that every time when an application process starts, its memory layout is randomized. –Attack attempts crash the process rather than take control over the application. –Randomized memory regions Stack Heap Shared Libraries Global offset table The root cause of many vulnerabilities ( > 66% of CERT advisories): pointer taintedness Pointer taintedness: a pointer value is derived directly or indirectly from user input Formally defined semantics of pointer taintedness enables extracting security preconditions in application source code –Implement a compiler and a theorem prover to analyze C-code to extract conditions of pointer taitnedness. Usefulness of extracted security preconditions –Vulnerability avoidance – removal of vulnerabilities from the source code –Generation of assertions for runtime vulnerability masking Hardware-level checking: enhancing processors to detect pointer taintedness. Most current attacks are control-data attacks –Corrupting function pointers or return addresses to run malicious code. –Many defensive techniques are proposed to defeat control-data attacks, e.g., syscall-based IDS, non-executable memory and control data protection. New threat: non-control-data attacks –User identity data, configuration data, user input data and decision- making Booleans –Non-control-data attacks can obtain the root privilege by exploiting vulnerabilities of FTP, SSH, HTTP and Telnet servers –More comprehensive defensive techniques are needed. (EASY’02, DSN’04, DSN’05)