On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.

Slides:



Advertisements
Similar presentations
Architectural Support for Software-Based Protection Mihai Budiu Úlfar Erlingsson Martín Abadi ASID Workshop, Oct 21, 2006 Silicon Valley.
Advertisements

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Computer Science HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang North Carolina.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Architecture Support for Security Peter Chapman Michael Maass.
Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Chapter 1 Computer System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
CS 153 Design of Operating Systems Spring 2015
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Computer System Overview
Computer System Overview
Basic Input/Output Operations
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Embedded Systems Design ICT Embedded System What is an embedded System??? Any IDEA???
Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer Brett Hodges April 8, 2010.
Chapter 1 Computer System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Computer Systems Overview. Page 2 W. Stallings: Operating Systems: Internals and Design, ©2001 Operating System Exploits the hardware resources of one.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Ihr Logo Operating Systems Internals & Design Principles Fifth Edition William Stallings Chapter 1 Computer System Overview.
Mitigation of Buffer Overflow Attacks
1 CS/COE0447 Computer Organization & Assembly Language Chapter 5 part 4 Exceptions.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 10 “Buffer Overflow”.
Branch Regulation: Low-Overhead Protection from Code Reuse Attacks.
Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Presenter: Jianyong Dai Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookhot.
Software Integrity Monitoring Using Hardware Performance Counters Corey Malone.
Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:
G53SEC 1 Reference Monitors Enforcement of Access Control.
SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Jung-Eun Kim, Lui.
By Teacher Asma Aleisa Year 1433 H.   Goals of memory management  To provide a convenient abstraction for programming.  To allocate scarce memory.
Handling Mixed-Criticality in SoC- based Real-Time Embedded Systems Rodolfo Pellizzoni, Patrick Meredith, Min-Young Nam, Mu Sun, Marco Caccamo, Lui Sha.
R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ.
Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.
An Integrated Framework for Dependable and Revivable Architecture Using Multicore Processors Weidong ShiMotorola Labs Hsien-Hsin “Sean” LeeGeorgia Tech.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Processor Structure and Function Chapter8:. CPU Structure  CPU must:  Fetch instructions –Read instruction from memory  Interpret instructions –Instruction.
Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.
Creating Security using Software and Hardware Bradley Herrup CS297- Security and Programming Languages.
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.
A Survey on Runtime Smashed Stack Detection 坂井研究室 M 豊島隆志.
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
1 Computer Architecture. 2 Basic Elements Processor Main Memory –volatile –referred to as real memory or primary memory I/O modules –secondary memory.
Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.
A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.
Computer Systems Overview. Lecture 1/Page 2AE4B33OSS W. Stallings: Operating Systems: Internals and Design, ©2001 Operating System Exploits the hardware.
Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.
Embedded Real-Time Systems
1 Computer System Overview Chapter 1. 2 Operating System Exploits the hardware resources of one or more processors Provides a set of services to system.
Remix: On-demand Live Randomization
Chapter 1 Computer System Overview
Outline What does the OS protect? Authentication for operating systems
Outline What does the OS protect? Authentication for operating systems
Hardware Support for Embedded Operating System Security
Microarchitectural for monitoring application specific instructions
Flow Path Model of Superscalars
Summary by - Bo Zhang and Shuang Guo [Date: 03/31/2014]
Continuous, Low Overhead, Run-Time Validation of Program Executions
AEGIS: Secure Processor for Certified Execution
Return-to-libc Attacks
Presentation transcript:

On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui Sha, Renato Mancuso, Sibin Mohan 1

Rethinking Embedded System Security Traditional Embedded Systems Physically isolated environment Limited capability Use of specialized protocols Modern Embedded Systems More networked Increased capability Open, standard platform Sensitive/privacy information More vulnerable to security attacks Smart Grid Smart Car Smart Appliances Smart Phones 2

Challenges in Embedded System Security Limited Resources - Computational power, energy, cost Timing Requirement - Safety, reliability, quality of service System Upgrade - Verifiability they either require components that do not necessary exist in simple embedded system (such as trusted operating system or memory management units) Components the overheads imposed by them is not predictable enough for providing guarantees that are necessary for such systems. Predictable Overhead 3 Limitations in Existing Approaches

Our Solution 1.Extract the control Flow graph from executable 4 Time 2.Store the control flow graph on dedicated hardware 3.Check the run- time control flow with a dedicated hardware unit

Why It Works At inspection time, the dedicated core validates the execution flow. 5 Block x Block y Block z Malicious Code Block Time If malicious code gets executed, the control flow graph mutates...and detection is performed

Attacks 6 Overwrite the return address Overwrite a control variable Buffer Overflow Direct execution towards a libc function Return-into-libc Overwrite a function return address to chain the execution of small preexisting code fragments to produce arbitrary program behavior Return-oriented- programming Icode into a process with high privileges from a low-privileged one. Code injection

Architecture 7 Monitoring Module On-Chip Control Flow Monitoring Module (OCFMM) Block Info Program Counter Instruction Register Processor Isolated OCFMM Memory Block ID

Control Flow Example 8 main : instr_1 instr_2 lbl_2: instr_3 JEQ lbl_1 instr_4 instr_5 instr_6 JMP lbl_2 lbl_1: instr_7 instr_8 CALL func_1 instr_9 JMP lbl_2 func_1 :instr_f1 instr_f2 RET block D block C block B block A block E n = 4 pc = instr_1 n = 4 pc = instr_1 A n = 4 pc = instr_4 n = 4 pc = instr_4 B n = 3 pc = instr_7 n = 3 pc = instr_7 C n = 2 pc = instr_9 n = 2 pc = instr_9 D n = 3 pc = instr_f1 n = 3 pc = instr_f1 E Yes No Yes/No For each block, we store: 1.Block ID 2.Address of first instruction 3.Number of instructions 4.Yes-Block 5.No-Block

Inspection Suppose that the execution is in block A 9 n = 4 pc = instr_1 n = 4 pc = instr_1 A 1. Check that PC is between instr_1 + n n = 4 pc = instr_4 n = 4 pc = instr_4 B n = 3 pc = instr_7 n = 3 pc = instr_7 C Yes No 2. If not, fetch Yes/No Blocks C & B from OCFMM memory 3. If execution is not at instr_7 nor at instr_4, raise detection flag

Predictable Overhead Overhead is paid in short blocks where integrity check is longer than block execution time. 10

Experiments Code replacement attack – one of the jump destinations is different from the expected address resulting Return address overwriting in stack – jump to a different return address 11

Limitations Unable to detect attacks that do not alter the CFG – Still attacking the platform is significantly harder 12 Need for ad-hoc platform – The proposed approach is hardware-based. Custom hardware needed

Effective and Applicable to Embedded Real-Time Systems Finite and predictable overhead Software updates in embedded/RT systems are relatively rare Hardware isolation provides guaranteed protection

Implementation Replacing on-chip SRAM unit of OCFMM with an external one CFG profile caching mechanism Measurements Extensive measurements on logic overhead Measurements on performance overhead with and without block information caching mechanism Expansion Distinguish between multiple tasks and monitor the control flow of each Securing the whole system by detecting and securing some critical components Future Plan 14

Question? 15 Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.