Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH.

Similar presentations


Presentation on theme: "1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH."— Presentation transcript:

1 sotiris@ics.forth.grwww.sharcs-project.eu 1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH

2 sotiris@ics.forth.grwww.sharcs-project.eu Project Details  Start date: 2015-01-01  Duration: 36 months  Budget: 3,105,762  Coordinator: FORTH  Academia  FORTH  Vrije Universiteit  Chalmers  TU Braunschweig  Industry  Neurasmus BV  OnApp Limited  IBM Ltd  Elektrobit GMBH 2

3 sotiris@ics.forth.grwww.sharcs-project.eu Overview  Design, build and demonstrate secure-by-design system architectures that achieve end-to-end security  Analyze and extend each H/W and S/W layer  Technologies developed directly utilizable by applications and services that require end-to-end security 3

4 sotiris@ics.forth.grwww.sharcs-project.eu Motivation  Systems are as secure as their weakest link  Must think in terms of end-to-end security  Security is typically applied in layers  Tighten up one layer and attackers move to another  Ultimately security mechanisms must be pushed down to the H/W  Immutability; Clean and simple API; Secure foundation; Efficiency  H/W on-chip resources are no longer a problem  Billions of transistors on-chip; Exploit parallelism and H/W  Pushing security to the H/W  Benefit: performance, energy/power-efficiency; Challenge: flexibility  Global adoption of embedded systems  No widely deployed security software 4

5 sotiris@ics.forth.grwww.sharcs-project.eu Objectives 1. Extend existing H/W and S/W platforms towards developing secure- by-design enabling technologies 2. Leverage H/W technology features present in today’s processors and embedded devices to facilitate S/W-layer security 3. Build methods and tools for providing maximum possible security- by-design guarantees for legacy systems 4. Evaluate acceptance, effectiveness and platform independence of SHARCS technologies and processes 5. Create high impact in the security and trustworthiness of ICT systems 5

6 sotiris@ics.forth.grwww.sharcs-project.eu SHARCS Framework 6

7 sotiris@ics.forth.grwww.sharcs-project.eu Hardware Architecture  Instruction Set Randomization  Defense against code injection  Minimal performance/area overhead (~1%)  Additional hardware inside MMU  Control Flow Integrity  Defense against code reuse attacks  Minimal performance/area overhead (~1%)  ISA extension & additional registers/memory  Main memory encryption  Defense against main memory disclosure attacks  Effective even against cold boot attacks  Affordable runtime overhead if customized hardware is deployed 7

8 sotiris@ics.forth.grwww.sharcs-project.eu Runtime and Software Tools 8  GPU encryption keys protection  Keys are stored in GPU registers/memory  Secure against whole main memory disclosure  Accelerated cryptographic operations  GPU Network Intrusion Detection  Based on signature matching  Computational intensive  High throughput, highly parallel  Inexpensive, commodity, programmable

9 sotiris@ics.forth.grwww.sharcs-project.eu Applications - Pilots 9  Medical  Automotive  Cloud

10 sotiris@ics.forth.grwww.sharcs-project.eu Implantable Medical Device (attacks) 10  Operation modification  Data-log manipulation  Data theft

11 sotiris@ics.forth.grwww.sharcs-project.eu Implantable Medical Device (defenses) 11  Control Flow Integrity  Instruction Set Randomization  Memory Encryption

12 sotiris@ics.forth.grwww.sharcs-project.eu Automotive Application (attacks)  Data/code modification  Program flow modification  Large-scale exploit  DoS 12

13 sotiris@ics.forth.grwww.sharcs-project.eu Automotive Application (defenses)  Control Flow Integrity  Instruction Set Randomization  Memory Encryption 13

14 sotiris@ics.forth.grwww.sharcs-project.eu Cloud Application (attacks)  Unauthorized access  Date modification  Breach or loss of data  … 14

15 sotiris@ics.forth.grwww.sharcs-project.eu Cloud Application (defenses)  GPU keys protection  GPU NIDS 15

16 sotiris@ics.forth.grwww.sharcs-project.eu SHARCS Applications 16

17 sotiris@ics.forth.grwww.sharcs-project.eu More Information  Visit us on the web: sharcs-project.eu  Follow us on Twitter: @sharcs_project  Like us on Facebook: facebook.com/sharcsproject  Email us at: sotiris@ics.forth.gr 17

18 sotiris@ics.forth.grwww.sharcs-project.eu 18 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH

19 sotiris@ics.forth.grwww.sharcs-project.eu Defense against ROP 19

20 sotiris@ics.forth.grwww.sharcs-project.eu Defense against JOP 20

21 sotiris@ics.forth.grwww.sharcs-project.eu Instruction Set Randomization 21

22 sotiris@ics.forth.grwww.sharcs-project.eu Memory Encryption with software 22

23 sotiris@ics.forth.grwww.sharcs-project.eu Memory Encryption with hardware 23

24 sotiris@ics.forth.grwww.sharcs-project.eu Candidate Hardware Extensions  Instruction Set Randomization  Control Flow Integrity  Information Flow Tracking  Secure H/W Memory  Fine-grained Memory Protection  Dynamic Type Safety 24

25 sotiris@ics.forth.grwww.sharcs-project.eu SHARCS Methodology 25


Download ppt "1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH."

Similar presentations


Ads by Google