a control flow integrity based trust model ge zhu akhilesh tyagi iowa state university
Post on 22-Dec-2015
219 views
TRANSCRIPT
![Page 1: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/1.jpg)
A Control Flow Integrity Based Trust Model
Ge Zhu
Akhilesh Tyagi
Iowa State University
![Page 2: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/2.jpg)
Trust Model
Many definitions of trust. Typically transaction level trust
propagation/policy. Self-assessment of trust. A trust policy & security policy specification. Compiler level support for embedding
security/trust policy monitoring.
![Page 3: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/3.jpg)
Program level trust
Traditional trust– Static (w.r.t. program, potentially dynamic w.r.t. inf
ormation)– Transaction level
Program level trust– Real-time– Program level
![Page 4: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/4.jpg)
Architecture/Hardware Trust Support
TCPA (TCG) Trusted Platform Module– Crypto co-processor (RSA -512, 768, 1024, 2048
bits; SHA-1; HMAC)– Components for asymmetric key generation,
RNG, IO.– TPM may use symmetric encryption internally.– May implement other asymmetric components
such as DSA or elliptic curve.– Endorsement keys/Attestation keys
![Page 5: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/5.jpg)
Architecture/Hardware Trust Support
TPM allows for a trust layer in a PDA, PC, Cell Phone.
e.g. Integrity of the boot-up process. Allows for protection of intellectual property
(keys, other data, programs).
![Page 6: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/6.jpg)
a. Get Kp+ and using KC
+ decrypt HASH{Kp
+}b. Validate HASH{KP
+} == MDc. Generate KS
d. Encrypt KS{S/w} and KP+{KS}
Chip Man.
Trusted Component
S/w VBob’ CPU
trus
ted
K C+
2: KP+ , KC
-{HASH{KP+
}}
a. Get KS using KP-
b. Decrypt S/w using KS
c. Validate HASH{S/w} == MD
Software distribution model
3: KS{S/w}, KP+{KS},
HASH{S/w}
![Page 7: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/7.jpg)
H/W System Level Trust
Devdas et al use VLSI process variations to generate a signature of each hardware component.
Develop a trust engine that composes system level trust?
Trusted Circuits?
![Page 8: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/8.jpg)
Back to Program Level Trust
The underlying thesis is that control flow integrity of a program is a good indicator of its trustworthiness.
Our hypothesis is that any program behavior compromise whether through data contamination or control contamination eventually is visible as control flow anomaly.
![Page 9: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/9.jpg)
Basic scheme (cont.)
We associate a dynamite trust level, a value in the range [0,1] with a subset of monitored entities in a program, which could be data structures or control flow edges.
At runtime, the trust value will change according to embedded checks in the control flow.
Trust here is an estimation of the likelihood of not breaching a given trust policy.
![Page 10: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/10.jpg)
Control flow checking framework
McCluskey et al. proposed to use control flow signatures for fault tolerance in a processor.
The signature model contains:– Each basic block i assigned a unique ID– Invariant: global register GR contains ID of the cur
rent block at exit.– Difference value for incoming edge (j,i) where j is t
he parent node for i,– Check for the consistency at i.
iID
ijij IDIDD ,
![Page 11: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/11.jpg)
Travel over one edge
Suppose control flow travels through (a,b). At block a, we have
At block b, we need to check:
a
b c
d
aIDGR
} { )( ,
errorthenIDGRif
DGRGR
b
ba
![Page 12: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/12.jpg)
Control Flow Checking (CFC)`Framework
The integrity of any subset of control flow edges can be dynamically monitored.
Which ones should be monitored? How to specify these sets (ones that are monitorable)?
Schnieder: security automata; Ligatti et al: Edit automata.
![Page 13: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/13.jpg)
CFC Integrity Framework
Monitored programP
Security Automata
(DFA)
∑
Enforcement actions
![Page 14: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/14.jpg)
CFC Integrity Framework
A predefined set of monitored program events form ∑: each malloc call, access to the private key, buffer overflow – control flow edge after the procedure call return.
What kind of finite sequences specify a safety property?
Security and edit automaton.
![Page 15: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/15.jpg)
Control flow checking automata
An automaton is defined by the quintuple
whereis a finite set of states,
is a finite set of symbols called the input alphabet,
is the transition function,
is the initial state,
is a finite set of final states.
),,,,( FqQM s
Q
sq
F
![Page 16: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/16.jpg)
CFC automata (cont.)
A CFC automata is a security automaton which satisfies:
))),((,()2(
. ofpartition set a forms,and
},),'(|{and},{
where,)()1(
|
|
s
saa
aass
asa
qaqaQq
QQQ
qaqqQqQ
QQQ
![Page 17: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/17.jpg)
CFC DFA Example
Build a control flow checking automaton for a simple program:
int main(int argc, char **argv){
if (argc>5) { printf("argc>5\n"); }
else { printf("argc<5\n"); };
return;
}
![Page 18: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/18.jpg)
Example (cont.)
bb 1: if (argc>5)
bb 2: printf(“argc>5”);
bb 3: printf(“argc<5”)
bb 4: return;
1
4
2 3
![Page 19: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/19.jpg)
Example (cont.)
The CFC DFA is defined by
where:
Notice that en is the event generated by control flow entering a new basic block.
),,,,( FqQM s
}4{
}4),3(,4),2(
,3),1(,2),1(,1),{(
},,{
}4,3,2,1,{
44
321
4,321
F
enen
enenenq
enenenen
s
s
![Page 20: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/20.jpg)
Embed CFC automata into program
The input to our algorithm would be a CFC DFA and a program Prog that needs to obey the security automaton. The output of our algorithm is a program Prog' with CFC DFA embedded into source code.
We assume:– P: The set of program states– Q: The set of automaton states– S: The set of code insertion spots in the program
![Page 21: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/21.jpg)
Embed (cont.)
)()( , and For )2(
).()( , and For (1)
:properties twofollowing
thehas assume Westates. program into
statesautomaton maps which predicate theis
)(where,:
:
pfqfbaQpQq
pfqfQpQq
f
QQQPQf
PQf
QPQPba
QPQPaa
QP
asaQP
QP
![Page 22: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/22.jpg)
Embed (cont.)
spot. programcertain at state
programcurrent theis what decide branch to lconditiona
use could weheld,not is (1) wehresituation,complex In
)()( ,,For (3)
: thatassume wereason, simplicityFor spots. code into states
program maps which predicate theis :
:
vfufvuPvu
SPf
SPf
PSPS
PS
PS
![Page 23: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/23.jpg)
Parent set
qp
s
q
ParentParent
qpqpQqp
FqQM
qaqqParent
have then wespot, program same a into
mapped are , and and , have wewhere
),,,,,(DFA CFC aFor :1 Theorem
theorem.following thehave weAnd .
forset parent theis }),'(|'{
![Page 24: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/24.jpg)
Theorem 1 proof
Done. . a is fact that
with thescontradict This .),( and ),( know
then we, As .,:
exists e that therknow we(2),(1), From ).()(
i.e., , that know we(3), From ).()(
know, weAs ).( and )( that Assume
. that assume weand
, i.e., stands,contrary theSuppose
DFACFCM
parqar
ParentParentrQqQpa
qfpf
vuvfuf
qfvpfu
ParentParentr
ParentParent
qpaa
QPQP
PSPS
QPQP
qp
qp
![Page 25: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/25.jpg)
Example 1
Electronic commerce example (F. Bession et al., "Model checking security properties of control flow graphs")
The security automaton ensures that either there are no writes or all the codes leading to write have Debit permission.
Ewrite stands for the action of write. Pdebit stands for the permission to debit.
![Page 26: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/26.jpg)
Example 1 (cont.)
0
1
2 3
writeE
writeE
writeDebit EP
writeE
true
true
writeDebit EP
![Page 27: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/27.jpg)
Example 1 (cont.)
0
1
2 3’
writeE
writeE writeDebit EP
writeE
true
true
writeDebit EP
1’ true
qs writeDebit EP
2’ writeE
3 true
![Page 28: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/28.jpg)
Example 2
F. Schneider, “Enforceable security policies” The following security automaton specifies
that there can be no send action after a file read action has been performed.
![Page 29: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/29.jpg)
Example 2 (cont.)
qnfr qfr
not FileRead not Send
FileRead
![Page 30: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/30.jpg)
Example 2 (cont.)
qnfr qfr
not FileRead not Send
FileRead qs not FileRead
qfr not Send
![Page 31: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/31.jpg)
Example 2 (cont.)
qs
q1 FileRead qf
q2
Send
FileRead
Send
Send
![Page 32: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/32.jpg)
Trust Policy
We view trust with respect to a specified security policy.
If a security policy is violated, trust w.r.t. that attribute is lowered.
Trust policy just an enhancement of security policy accounting for updates of the trust value.
![Page 33: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/33.jpg)
Trust Automaton
Trust automaton:
t is the trust update function: t(q,a) = val Could be a multi-dimensional update. When trust is lowered below a certain threshold, an
exception could be raised. Exception could call an appropriate service such as
intrusion detection system or trust authentication service.
),,,,,( FqtQM s
![Page 34: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/34.jpg)
Experimental results
We have compiled and run two of the SPEC2000 benchmarks gzip and mcf to evaluate both static and dynamic system overhead.
![Page 35: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/35.jpg)
Experimental results (cont.)
Static system overhead
Dynamic system overhead
Program Old blocks
New blocks
Increased Old Insns
New Insns
%Increase
gzip 1730 3945 128.03% 17429 73047 319.11%
mcf 395 962 143.54% 4565 17937 292.92%
Program Number of dynamic checks (billion)
Reference Time
Base Runtime
Base ratio
164.gzip 128 1400 11969 11.7
181.mcf 22 1800 1611 112
![Page 36: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/36.jpg)
Architecture Level support
The performance overhead will be significantly reduced if the architecture manages the trust attributes.– Associate extra attributes with branch instructions:– BEQ R1, target, BBID, D– Being implemented in SimpleScalar.
![Page 37: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/37.jpg)
Trust Engine Based processor
ProcessorCore
BEQ R1, target,BBID, D
GR
XOR
=?
Yes, raise exception
![Page 38: A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649d7f5503460f94a622a7/html5/thumbnails/38.jpg)
Conclusions
We proposed a control flow integrity based trust model.
program's self assessment of trust. compiler driven approach. performance overhead. Trust engine based architecture for higher
efficiency.