Download presentation
Presentation is loading. Please wait.
Published byFrancis Harper Modified over 8 years ago
1
sotiris@ics.forth.grwww.sharcs-project.eu 1 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH
2
sotiris@ics.forth.grwww.sharcs-project.eu Project Details Start date: 2015-01-01 Duration: 36 months Budget: 3,105,762 Coordinator: FORTH Academia FORTH Vrije Universiteit Chalmers TU Braunschweig Industry Neurasmus BV OnApp Limited IBM Ltd Elektrobit GMBH 2
3
sotiris@ics.forth.grwww.sharcs-project.eu Overview Design, build and demonstrate secure-by-design system architectures that achieve end-to-end security Analyze and extend each H/W and S/W layer Technologies developed directly utilizable by applications and services that require end-to-end security 3
4
sotiris@ics.forth.grwww.sharcs-project.eu Motivation Systems are as secure as their weakest link Must think in terms of end-to-end security Security is typically applied in layers Tighten up one layer and attackers move to another Ultimately security mechanisms must be pushed down to the H/W Immutability; Clean and simple API; Secure foundation; Efficiency H/W on-chip resources are no longer a problem Billions of transistors on-chip; Exploit parallelism and H/W Pushing security to the H/W Benefit: performance, energy/power-efficiency; Challenge: flexibility Global adoption of embedded systems No widely deployed security software 4
5
sotiris@ics.forth.grwww.sharcs-project.eu Objectives 1. Extend existing H/W and S/W platforms towards developing secure- by-design enabling technologies 2. Leverage H/W technology features present in today’s processors and embedded devices to facilitate S/W-layer security 3. Build methods and tools for providing maximum possible security- by-design guarantees for legacy systems 4. Evaluate acceptance, effectiveness and platform independence of SHARCS technologies and processes 5. Create high impact in the security and trustworthiness of ICT systems 5
6
sotiris@ics.forth.grwww.sharcs-project.eu SHARCS Framework 6
7
sotiris@ics.forth.grwww.sharcs-project.eu Hardware Architecture Instruction Set Randomization Defense against code injection Minimal performance/area overhead (~1%) Additional hardware inside MMU Control Flow Integrity Defense against code reuse attacks Minimal performance/area overhead (~1%) ISA extension & additional registers/memory Main memory encryption Defense against main memory disclosure attacks Effective even against cold boot attacks Affordable runtime overhead if customized hardware is deployed 7
8
sotiris@ics.forth.grwww.sharcs-project.eu Runtime and Software Tools 8 GPU encryption keys protection Keys are stored in GPU registers/memory Secure against whole main memory disclosure Accelerated cryptographic operations GPU Network Intrusion Detection Based on signature matching Computational intensive High throughput, highly parallel Inexpensive, commodity, programmable
9
sotiris@ics.forth.grwww.sharcs-project.eu Applications - Pilots 9 Medical Automotive Cloud
10
sotiris@ics.forth.grwww.sharcs-project.eu Implantable Medical Device (attacks) 10 Operation modification Data-log manipulation Data theft
11
sotiris@ics.forth.grwww.sharcs-project.eu Implantable Medical Device (defenses) 11 Control Flow Integrity Instruction Set Randomization Memory Encryption
12
sotiris@ics.forth.grwww.sharcs-project.eu Automotive Application (attacks) Data/code modification Program flow modification Large-scale exploit DoS 12
13
sotiris@ics.forth.grwww.sharcs-project.eu Automotive Application (defenses) Control Flow Integrity Instruction Set Randomization Memory Encryption 13
14
sotiris@ics.forth.grwww.sharcs-project.eu Cloud Application (attacks) Unauthorized access Date modification Breach or loss of data … 14
15
sotiris@ics.forth.grwww.sharcs-project.eu Cloud Application (defenses) GPU keys protection GPU NIDS 15
16
sotiris@ics.forth.grwww.sharcs-project.eu SHARCS Applications 16
17
sotiris@ics.forth.grwww.sharcs-project.eu More Information Visit us on the web: sharcs-project.eu Follow us on Twitter: @sharcs_project Like us on Facebook: facebook.com/sharcsproject Email us at: sotiris@ics.forth.gr 17
18
sotiris@ics.forth.grwww.sharcs-project.eu 18 SHARCS: Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis FORTH
19
sotiris@ics.forth.grwww.sharcs-project.eu Defense against ROP 19
20
sotiris@ics.forth.grwww.sharcs-project.eu Defense against JOP 20
21
sotiris@ics.forth.grwww.sharcs-project.eu Instruction Set Randomization 21
22
sotiris@ics.forth.grwww.sharcs-project.eu Memory Encryption with software 22
23
sotiris@ics.forth.grwww.sharcs-project.eu Memory Encryption with hardware 23
24
sotiris@ics.forth.grwww.sharcs-project.eu Candidate Hardware Extensions Instruction Set Randomization Control Flow Integrity Information Flow Tracking Secure H/W Memory Fine-grained Memory Protection Dynamic Type Safety 24
25
sotiris@ics.forth.grwww.sharcs-project.eu SHARCS Methodology 25
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.