Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overcoming an UNTRUSTED COMPUTING BASE: Detecting and Removing Malicious Hardware Automatically Matthew Hicks Murph Finnicum Samuel T. King University.

Published byJohnathan Longway Modified over 9 years ago

Similar presentations

Presentation on theme: "Overcoming an UNTRUSTED COMPUTING BASE: Detecting and Removing Malicious Hardware Automatically Matthew Hicks Murph Finnicum Samuel T. King University."— Presentation transcript:

1 Overcoming an UNTRUSTED COMPUTING BASE: Detecting and Removing Malicious Hardware Automatically Matthew Hicks Murph Finnicum Samuel T. King University of Illinois Urbana-Champaign Milo M. K. Martin Jonathan M. Smith University of Pennsylvania

2 Hardware is too important to trust blindly

3 Hardware is as complex as software

4 Hardware complexity equals hardware vulnerability

5 Hardware must be defended against malicious designers

6 BlueChip looks for malicious insertions at design time and prevents them from affecting the system during runtime

7 BlueChip is both hardware and software, design time and run time Run time Design time Identify malicious circuits - UCI Disable malicious circuits – BlueChip hardware Original design Handle missing hardware – BlueChip software Software system

8 Design Implementation Experiments Conclusion Questions

9 BlueChip helps managers increase trust, without requiring them to know more

10 UCI highlights potentially malicious circuits automatically

11 Attackers must avoid impacting functionality during testing

12 UCI detects all circuits where the output value is identical to the input value, for all test cases

13

14 Data-flow triples generation start at output signals recurse_tuples for each item in the parents list generate a tuple for each driver add self to temp parents list if driver behind a flip-flop increase delay in temp parents list recurse on child

15 Triples: (good, m, 0)

16 Triples: (good, m, 0) (good, out, 0)

17 Triples: (good, m, 0) (good, out, 0) (bad, m, 0)

18 Triples: (good, m, 0) (good, out, 0) (bad, m, 0) (bad, out, 0) (m, out, 0) (good, n, 0) (bad, n, 0) (n, out, 0)

19 UCI Analysis for each test case for each clock cycle for each dataflow triple remaining if target != driver(delay) remove triple

20 Triples: (good, m, 0) (good, out, 0) (bad, m, 0) (bad, out, 0) (m, out, 0) (good, n, 0) (bad, n, 0) (n, out, 0) Test cases: C1C20 01 10...

21 Test cases: C1C20 01 10... Triples: (good, m, 0) (good, out, 0) (bad, m, 0) (bad, out, 0) (m, out, 0) (good, n, 0) (bad, n, 0) (n, out, 0)

22 Test cases: C1C20 01 10... Triples: (good, m, 0) (good, out, 0) (bad, m, 0) (bad, out, 0) (m, out, 0) (good, n, 0) (bad, n, 0) (n, out, 0)

23 Test cases: C1C20 01 10... Triples: (good, m, 0) (good, out, 0) (bad, m, 0) (bad, out, 0) (m, out, 0) (good, n, 0) (bad, n, 0) (n, out, 0)

24

25

26

27

28 BlueChip is both hardware and software, design time and run time HW Test cases BlueChip Circuit designed Attack inserted Suspicious circuits identified and removed Hardware triggers emulation software OS Design TimeRun Time

29 BlueChip hardware alerts software when it attempts to use removed circuits

30

31

32 BlueChip software emulates the behavior of removed hardware 1.Receive BlueChip exception 2.Load state of processor 3.Fetch trapping instruction 4.Decode trapping instruction 5.Execute trapping instruction in emulator 6.Store updated state to hardware 7.Return from trap

33 BlueChip does NOT emulate the removed hardware

34 BlueChip DOES emulate the behavior of the hardware spec at a higher level of abstraction

35

36 Undefined state –Low visibility test cases –Architecturally undefined state Malicious test cases –ISA emulator also vettes test cases Control information –Implementation dependent BlueChip isn’t effective in certain situations

37 Design Implementation Experiments Conclusion Questions

38

39 Design Implementation Experiments Conclusion Questions

40 BlueChip successfully prevents malicious hardware

41 BlueChip handles UCI false positives

42 BlueChip has a low overhead

43 Design Implementation Experiments Conclusion Questions

44 BlueChip allows flexible handling of untrusted hardware

45 Design Implementation Experiments Conclusion Questions

46 UCI isn’t as complex as it seems

47 Code coverage is deficient in both time and space

48

49 It Can Happen IF ( r.d.inst ( conv_integer ( r.d.set ) ) = X"80082000" ) THEN hackStateM1 <= '1'; ELSE hackStateM1 <= '0'; END IF; IF ( r.d.inst ( conv_integer ( r.d.set ) ) = X"80102000" ) THEN r.w.s.s <= hackStateM1 OR rin.w.s.s; ELSE r.w.s.s <= rin.w.s.s; END IF; Hardware attacks can be trivial to implement, but hard to detect

50 Sometimes BlueChip software must emulate around instructions … ORr3, r4, r3 … // Load regs[r3] and regs[r4] in l3 and l4 SUBg0, 1, l5 XORl3, l5, l3 XORl4, l5, l4 NANDl3, l4, l3 // Store l3 into regs[r3] …

51 Sometimes BlueChip software must emulate around instructions … STHr3, [r4] … // Load regs[r3] and regs[r4] in l3 and l4 LD[l4-2], l5 ANDl3, 0xffff, l3 SRLl5, 16, l5 SLLl5, 16, l5 ORl5, l3, l3 STl3, [l4-2] … Assumes r4 is not word aligned

52 Sometimes BlueChip software fails to make forward progress … STHr3, [r4] … // Load regs[r3] and regs[r4] in l3 and l4 LD[l4-2], l5 ANDl3, 0xffff, l3 SRLl5, 16, l5 SLLl5, 16, l5 ORl5, l3, l3 STl3, [l4-2] … What happens when the attack triggers on 0x40005555 = 0x4000AAAA When r4 = 0x40005CCE

Download ppt "Overcoming an UNTRUSTED COMPUTING BASE: Detecting and Removing Malicious Hardware Automatically Matthew Hicks Murph Finnicum Samuel T. King University."

Similar presentations

Pipelining (Week 8).

Pipelining (Week 8).
Morgan Kaufmann Publishers The Processor

Morgan Kaufmann Publishers The Processor
IMPACT Second Generation EPIC Architecture Wen-mei Hwu IMPACT Second Generation EPIC Architecture Wen-mei Hwu Department of Electrical and Computer Engineering.

IMPACT Second Generation EPIC Architecture Wen-mei Hwu IMPACT Second Generation EPIC Architecture Wen-mei Hwu Department of Electrical and Computer Engineering.
RISC and Pipelining Prof. Sin-Min Lee Department of Computer Science.

RISC and Pipelining Prof. Sin-Min Lee Department of Computer Science.
1 Pipelining Part 2 CS448. 2 Data Hazards Data hazards occur when the pipeline changes the order of read/write accesses to operands that differs from.

1 Pipelining Part 2 CS Data Hazards Data hazards occur when the pipeline changes the order of read/write accesses to operands that differs from.
Control path Recall that the control path is the physical entity in a processor which: fetches instructions, fetches operands, decodes instructions, schedules.

Control path Recall that the control path is the physical entity in a processor which: fetches instructions, fetches operands, decodes instructions, schedules.
Mehmet Can Vuran, Instructor University of Nebraska-Lincoln Acknowledgement: Overheads adapted from those provided by the authors of the textbook.

Mehmet Can Vuran, Instructor University of Nebraska-Lincoln Acknowledgement: Overheads adapted from those provided by the authors of the textbook.
1 ITCS 3181 Logic and Computer Systems B. Wilkinson Slides9.ppt Modification date: March 30, 2015 Processor Design.

1 ITCS 3181 Logic and Computer Systems B. Wilkinson Slides9.ppt Modification date: March 30, 2015 Processor Design.
Pipeline Computer Organization II 1 Hazards Situations that prevent starting the next instruction in the next cycle Structural hazards – A required resource.

Pipeline Computer Organization II 1 Hazards Situations that prevent starting the next instruction in the next cycle Structural hazards – A required resource.
Zhiguo Ge, Weng-Fai Wong, and Hock-Beng Lim Proceedings of the Design, Automation, and Test in Europe Conference, 2007 (DATE’07) April 2007 2015/4/17.

Zhiguo Ge, Weng-Fai Wong, and Hock-Beng Lim Proceedings of the Design, Automation, and Test in Europe Conference, 2007 (DATE’07) April /4/17.
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
9/20/6Lecture 3 - Instruction Set - Al1 Exception Handling (2)

9/20/6Lecture 3 - Instruction Set - Al1 Exception Handling (2)
Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science.

Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science.
1/1/ / faculty of Electrical Engineering eindhoven university of technology Architectures of Digital Information Systems Part 1: Interrupts and DMA dr.ir.

1/1/ / faculty of Electrical Engineering eindhoven university of technology Architectures of Digital Information Systems Part 1: Interrupts and DMA dr.ir.
Lecture 2-Berkeley RISC Penghui Zhang Guanming Wang Hang Zhang.

Lecture 2-Berkeley RISC Penghui Zhang Guanming Wang Hang Zhang.
Instruction-Level Parallelism (ILP)

Instruction-Level Parallelism (ILP)
Chapter 8. Pipelining. Instruction Hazards Overview Whenever the stream of instructions supplied by the instruction fetch unit is interrupted, the pipeline.

Chapter 8. Pipelining. Instruction Hazards Overview Whenever the stream of instructions supplied by the instruction fetch unit is interrupted, the pipeline.
1/1/ / faculty of Electrical Engineering eindhoven university of technology Introduction Part 3: Input/output and co-processors dr.ir. A.C. Verschueren.

1/1/ / faculty of Electrical Engineering eindhoven university of technology Introduction Part 3: Input/output and co-processors dr.ir. A.C. Verschueren.
RUGRAT: Runtime Test Case Generation using Dynamic Compilers Ben Breech NASA Goddard Space Flight Center Lori Pollock John Cavazos University of Delaware.

RUGRAT: Runtime Test Case Generation using Dynamic Compilers Ben Breech NASA Goddard Space Flight Center Lori Pollock John Cavazos University of Delaware.
Mary Jane Irwin ( ) [Adapted from Computer Organization and Design,

Mary Jane Irwin ( ) [Adapted from Computer Organization and Design,

Similar presentations

Ads by Google