Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kyushu University Koji Inoue ICECS'061 Supporting A Dynamic Program Signature: An Intrusion Detection Framework for Microprocessors Koji Inoue Department.

Published byBrandon Daniels Modified over 8 years ago

Similar presentations

Presentation on theme: "Kyushu University Koji Inoue ICECS'061 Supporting A Dynamic Program Signature: An Intrusion Detection Framework for Microprocessors Koji Inoue Department."— Presentation transcript:

1 Kyushu University Koji Inoue ICECS'061 Supporting A Dynamic Program Signature: An Intrusion Detection Framework for Microprocessors Koji Inoue Department of Informatics, Kyushu University Japan Science and Technology Agency

2 Kyushu University Koji Inoue ICECS'062 Background Trusted Program Malicious Program Clock Gating Signal Gating DVS ResizingDrowsy Operation Selective Activation Pipelining SuperScalar Branch Prediction Value Prediction On-chip Cache OOO Exe. ILP TLP MLP

3 Kyushu University Koji Inoue ICECS'063 The Goal of This Research Architectural Support for Run-Time Program Authentication Pipelining SuperScalar Branch Prediction Value Prediction On-chip Cache OOO Exe. ILP TLP MLP Clock Gating Signal Gating DVS ResizingDrowsy Operation Selective Activation

4 Kyushu University Koji Inoue ICECS'064 Outline Introduction Processor Level Intrusion Detection (Conventional) Supporting A Dynamic Signature Evaluation Security Strength Performance and Cost Overhead Conclusions

5 Kyushu University Koji Inoue ICECS'065 Search Malicious Programs Allow to Execute Only Authenticated Programs Virus Scan ( Pattern Matching ) Virus Scan ( Rule Matching ) Static Dynamic Certificate (w/ Key) Static Dynamic Problems  Require Virus Lists  Impossible to Detect Unkonwn Virus Problems  Corruption of key check programs  Hijack of the program execution control of authenticated programs What Is The Problem of Current Intrusion Detection? (1/2)

6 Kyushu University Koji Inoue ICECS'066 What Is The Problem of Current Intrusion Detection? (2/2) Dynamic Program Authentication[Wanger’01] Extract a Rule (or Behavior) From the Program Code Check the Rule at Run Time Program static analysis Behavior Model compile object code CPU Execution D. Wagner and D. Dean, "Intrusion Detection via Static Analysis," IEEE Symposium on Security and Privacy, May 2001 Problems Limits of The Extracted Rule Can NOT Detect Viruses Which Have The Same Rule

7 Kyushu University Koji Inoue ICECS'067 Outline Introduction Processor Level Intrusion Detection (Conventional) Supporting A Dynamic Signature Evaluation Security Strength Performance and Cost Overhead Conclusions

8 Kyushu University Koji Inoue ICECS'068 Determine an execution behavior for the program authentication from a secret key E.g., Memory-Access Pattern Control the execution behavior at compile time Monitor the execution behavior at run time E.g., Hardware Profiler Program Behavior Model compile object code Secret Key CPU Behavior Model ? Concept of Dynamic Program Signature

9 Kyushu University Koji Inoue ICECS'069 Program End of Execution Hijacking of Execution Control HW Profiler Address X is Accessed in Every N Instructions! N Instructions HW Profiler Attack Code Dynamic Execution Behavior for Program Authentication

10 Kyushu University Koji Inoue ICECS'0610 How Can We Control The Execution Behavior At Compile Time? Branches Unify the size of basic blocks Speculative/OOO Execution Monitor the sequence of committed instructions Basic Block A special instruction to generate a dynamic signature Unified Basic Block original

11 Kyushu University Koji Inoue ICECS'0611 Outline Introduction Processor Level Intrusion Detection (Conventional) Supporting A Dynamic Signature Evaluation Security Strength Performance and Cost Overhead Conclusions

12 Kyushu University Koji Inoue ICECS'0612 Security Strength The attacker knows the secret key information and algorithm how to determine the pre-defined behavior The attack codes are inserted at the compile time The attacker can predict the pre-defined behavior Provability: 1/(2 ADDRbit-width +2 N ) where N is the candidate of the unified basic-block size The size of malicious code is smaller than that of unified basic-block E.g., less than 5 or 30 instructions We can NOT detect malicious attacks if

13 Kyushu University Koji Inoue ICECS'0613 Evaluation Code size (Cost) Execution time (Performance) Experimental Environment ARMSimplescalar StrongARM model Support the dynamic signature Benchmark programs SPECint95 ( 129.compress ) Dynamic Signature Unified basic-block size : from 5 to 25 instructions #of key-load instructions in each basic block: 1 Performance/Cost Overhead (1/2)

14 Kyushu University Koji Inoue ICECS'0614 Code size x5 in maximum, and x1.7 in minimum Execution time overhead 50% in max. and 10% in min. Load for Key Nop Original Performance/Cost Overhead (2/2)

15 Kyushu University Koji Inoue ICECS'0615 Outline Introduction Processor Level Intrusion Detection (Conventional) Supporting A Dynamic Signature Evaluation Security Strength Performance and Cost Overhead Conclusions

16 Kyushu University Koji Inoue ICECS'0616 Summary Supporting Dynamic Program Signature Run-time execution authentication Detect the execution of malicious programs Overhead Evaluation (unified BB size = 5 inst.) Code size: about x1.7 Execution Time: about x1.1 Future Work Support secure compilation Explore the tradeoff between security and cost, performance, and also energy consumption Conclusions

Download ppt "Kyushu University Koji Inoue ICECS'061 Supporting A Dynamic Program Signature: An Intrusion Detection Framework for Microprocessors Koji Inoue Department."

Similar presentations

HW 2 is out! Due 9/25!. CS 6290 Static Exploitation of ILP.

HW 2 is out! Due 9/25!. CS 6290 Static Exploitation of ILP.
Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
Our approach! 6.9% Perfect L2 cache (hit rate 100% ) 1MB L2 cache Cholesky 47% speedup BASE: All cores are used to execute the application-threads. PB-GS(PB-LS)

Our approach! 6.9% Perfect L2 cache (hit rate 100% ) 1MB L2 cache Cholesky 47% speedup BASE: All cores are used to execute the application-threads. PB-GS(PB-LS)
POLITECNICO DI MILANO Parallelism in wonderland: are you ready to see how deep the rabbit hole goes? ILP: VLIW Architectures Marco D. Santambrogio:

POLITECNICO DI MILANO Parallelism in wonderland: are you ready to see how deep the rabbit hole goes? ILP: VLIW Architectures Marco D. Santambrogio:
Zhiguo Ge, Weng-Fai Wong, and Hock-Beng Lim Proceedings of the Design, Automation, and Test in Europe Conference, 2007 (DATE’07) April 2007 2015/4/17.

Zhiguo Ge, Weng-Fai Wong, and Hock-Beng Lim Proceedings of the Design, Automation, and Test in Europe Conference, 2007 (DATE’07) April /4/17.
Department of Computer Science iGPU: Exception Support and Speculative Execution on GPUs Jaikrishnan Menon, Marc de Kruijf Karthikeyan Sankaralingam Vertical.

Department of Computer Science iGPU: Exception Support and Speculative Execution on GPUs Jaikrishnan Menon, Marc de Kruijf Karthikeyan Sankaralingam Vertical.
Computer Architecture 2011 – Out-Of-Order Execution 1 Computer Architecture Out-Of-Order Execution Lihu Rappoport and Adi Yoaz.

Computer Architecture 2011 – Out-Of-Order Execution 1 Computer Architecture Out-Of-Order Execution Lihu Rappoport and Adi Yoaz.
Instruction Level Parallelism (ILP) Colin Stevens.

Instruction Level Parallelism (ILP) Colin Stevens.
Chia-Yen Hsieh Laboratory for Reliable Computing Microarchitecture-Level Power Management Iyer, A. Marculescu, D., Member, IEEE IEEE Transaction on VLSI.

Chia-Yen Hsieh Laboratory for Reliable Computing Microarchitecture-Level Power Management Iyer, A. Marculescu, D., Member, IEEE IEEE Transaction on VLSI.
Memory Redundancy Elimination to Improve Application Energy Efficiency Keith Cooper and Li Xu Rice University October 2003.

Memory Redundancy Elimination to Improve Application Energy Efficiency Keith Cooper and Li Xu Rice University October 2003.
Scheduling Reusable Instructions for Power Reduction J.S. Hu, N. Vijaykrishnan, S. Kim, M. Kandemir, and M.J. Irwin Proceedings of the Design, Automation.

Scheduling Reusable Instructions for Power Reduction J.S. Hu, N. Vijaykrishnan, S. Kim, M. Kandemir, and M.J. Irwin Proceedings of the Design, Automation.
Computer Architecture 2011 – out-of-order execution (lec 7) 1 Computer Architecture Out-of-order execution By Dan Tsafrir, 11/4/2011 Presentation based.

Computer Architecture 2011 – out-of-order execution (lec 7) 1 Computer Architecture Out-of-order execution By Dan Tsafrir, 11/4/2011 Presentation based.
Energy Efficient Instruction Cache for Wide-issue Processors Alex Veidenbaum Information and Computer Science University of California, Irvine.

Energy Efficient Instruction Cache for Wide-issue Processors Alex Veidenbaum Information and Computer Science University of California, Irvine.
Multiscalar processors

Multiscalar processors
7/2/2015445_23 1 Pipelining ECE-445 Computer Organization Dr. Ron Hayne Electrical and Computer Engineering.

7/2/ _23 1 Pipelining ECE-445 Computer Organization Dr. Ron Hayne Electrical and Computer Engineering.
Computer Architecture 2010 – Out-Of-Order Execution 1 Computer Architecture Out-Of-Order Execution Lihu Rappoport and Adi Yoaz.

Computer Architecture 2010 – Out-Of-Order Execution 1 Computer Architecture Out-Of-Order Execution Lihu Rappoport and Adi Yoaz.
Architectural and Compiler Techniques for Energy Reduction in High-Performance Microprocessors Nikolaos Bellas, Ibrahim N. Hajj, Fellow, IEEE, Constantine.

Architectural and Compiler Techniques for Energy Reduction in High-Performance Microprocessors Nikolaos Bellas, Ibrahim N. Hajj, Fellow, IEEE, Constantine.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Korea Univ B-Fetch: Branch Prediction Directed Prefetching for In-Order Processors 컴퓨터 · 전파통신공학과 2015020802 최병준 1 Computer Engineering and Systems Group.

Korea Univ B-Fetch: Branch Prediction Directed Prefetching for In-Order Processors 컴퓨터 · 전파통신공학과 최병준 1 Computer Engineering and Systems Group.

Similar presentations

Ads by Google