snu ee shin jin woo

SNU EE

Shin Jin Woo

Enabling Trusted Software Integrity

2005. 11. 28

http://java.sun.com/

Java Virtual MachineJava Virtual Machine22

1. Motivation

2. What is SPEF?

3. Preliminaries

4. Installation Mode

5. Flowchart of SPEF

system

6. Implementation of SPEF

7. Experimental Results

8. Future Works

Table of Contents


1. Motivation

Module 1

• Installation of distrusted software

Security Attacks

• Redirection of execution flow to malicious code ex) buffer overflow (stack smashing)


1. Motivation

Module 1

• Intrusion Detection

Existing Techniques

• Formal Verification

- Scan system resources - Detect the activity of intrusive agents

- Set a formally defined methods- Do a static analysis on the code to ensure security

Intrusion Prevention

A New Approach


2. What is SPEF?

Module 1

• What is it?

SPEF(Secure Program Execution Framework)

• What does it do?

- An demonstration of an intrusion prevention system- A framework of architectural and compilation mechanisms

- Force an adversary to solve an intractable task- Install S/W binary by encoding a set of constraints

• Is the system secure now?

- Force the trusted user to inject intrusive S/W- The best we can hope!!


2. What is SPEF?

Module 1SPEF(Secure Program Execution Framework)• How do we encode constraints into binary?

- Store a secret key inside processor H/W

- Only S/W installer can access the key

- Used the key to setup constraints

- Embed the constraints into the binary

- Verify the binary at run-time

we need special installation mode


3. Preliminaries

Module 1Processor-Unique Identifier• R/O register with unique secret key for each

CPU

Software Delivery

compiledbinary

master copy

CPU ID

augmentedbinary

working copy

installation process

store/execute in working copy form


4. Installation Mode

Module 1Installation Mode

• Only let the installer access the CPU ID

- Secure atomic installation without interrupts- Do not write to CPU ID or disclose ID off chip- Before completion, overwrite on-chip memory

• Disable Context Switching

• Store and call the installer in BIOS-like fashion

- Disable all H/W & S/W interrupts


5. Flowchart of SPEF system

Components and Procedures

Most of the time, I-block = basic blockif basic block is too large, parse it

I-block (Instruction Block)



Constraint Encoding• Domain ordering

- Assign a unique identifier to each component- Must be invariant under transformation ex) sorting instructions with preserved dependencies

• Transformation-Invariant Hash (TI-hash)- A sequence of bits used to generate constraints- Must be invariant under transformation ex) control-flow graphs, instruction types, constant value

• Constraint Embedding- Constraints are embedded into I-block using bit-stream ex) modify the orders of the instruction in the I-block



Program Execution

• Verification Process

- consists of same three steps

- instead of embedding, analyze the matching

- if complete match, execute the I-block

- else, send abort signal to OS to terminate the process



Implementation Specification• Use ARM instruction sets

- simplistic RISC-type

- availability of tools that support additional logic

• Use of Intel’s x86

- sophisticated super-scalar pipelined ALUs

- variable length instructions

- test the result using Mediabench (MPEG, JPEG..)

They have shown this work in a paper published in 2004



Requirements for Constraint Types• High degree of freedom

- need a large number of distinct representation of I-block

• Functional transparency- transformation must not alter program’s funtionality

• Transformation invariance- constraints encoding must be the same before/after

• Effective implementation - constraint verifier must be fast and require few gates

• Low performance overhead- should have minimal performance overhead



Instruction Reordering• Reorder the instructions within I-block

- a technique in optimized compilation

• Domain Ordering

Degree of Freedom

the number of ways the I-block can be transformed such thatthe functionality of the I-block is preserved

- sort the instructions with

• Compute Random Bitstring- using TI-hash and encryption method

• Constraint Embedding



Instruction Reordering



More Constraint Types

• Basic Block Reordering

• Permuted Register Assignment

• Conditional Branch Selection

• Filling Unused Instruction Fields

• Toggling the Signs of Imme. Operands

Combinations of these types can greatly improve DOF



DOF of Instruction SchedulingDOF of Instruction Scheduling

Cummulative DOF



DOF of Instruction SchedulingEffective CPI


8. Future Works

DOF of Instruction SchedulingA H/W-S/W Platform for Intrusion Prevention

snu ee shin jin woo

Documents