Lucas Davi University of Duisburg-Essen, Germany ICRI-SC Associated Researcher

Transcription

1 17 th May 2017, ICRI-SC Retreat, Darmstadt, Germany Can Systems ever be Protected against Run-time Attacks? Lucas Davi University of Duisburg-Essen, Germany ICRI-SC Associated Researcher

2 Motivation

3 Motivation App A App B

4 Motivation App A exploit bugs App B

5 Motivation App A exploit bugs App B App M inject malicious code

6 Motivation App A exploit bugs App B App M inject malicious code

7 Motivation App A exploit bugs App B App M inject malicious code Large attack surface for remote malware attacks and software exploits on embedded systems [Costin et al., USENIX Security 2014 and Chen et al., NDSS 2016 ]

8 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] Adversary Memory write Program flow

9 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] A B C D E F Adversary Memory write Program flow

10 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] A B Basic Block ENTRY asm_ins, EXIT Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] C D E F Adversary Memory write Program flow

11 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] A B Basic Block ENTRY asm_ins, EXIT Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] C D E F Adversary Memory write Program flow

12 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] A B Basic Block ENTRY asm_ins, EXIT Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] C D E X F inject malicious code Adversary Memory write Program flow

13 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Basic Block Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] A ENTRY asm_ins, EXIT B C D E corrupt code pointer X F inject malicious code Adversary Memory write Program flow

14 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Basic Block Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] A ENTRY asm_ins, EXIT B C D E corrupt code pointer DEP X F inject malicious code Adversary Memory write Program flow

15 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Basic Block Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] A ENTRY asm_ins, EXIT B C D E corrupt code pointer DEP X F inject malicious code Adversary Memory write Program flow

16 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Basic Block Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] A ENTRY asm_ins, EXIT A C D B E corrupt code pointer C D B E DEP X F inject malicious code Adversary F Memory write Program flow

17 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] C D A B E Basic Block switch(opmode) ENTRY case recovery: C asm_ins, case op1: D EXIT case op2: E,F corrupt code pointer Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] C D A B E DEP X F inject malicious code Adversary F Memory write Program flow

18 Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] C D A B E Basic Block switch(opmode) ENTRY case recovery: C asm_ins, case op1: D EXIT case op2: E,F corrupt code pointer Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] C D A B E DEP X F inject malicious code Adversary corrupt data pointer/variable F Memory write Program flow

19 Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] 19

20 Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] A B C E D F 20

21 Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] A B C E D F Memory Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] 21

22 Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] D A E F B C Memory (randomized) Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] 22

23 Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] D A E F B C Memory (randomized) Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] C E A B D F 23

24 Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] D A E F B C Memory (randomized) Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] Label_3 C E Label_5 A B Label_1 Label_2 D F Label_6 Label_4 24

25 Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] D A E F B C Memory (randomized) Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] Label_3 C E Label_5 A B Label_1 Label_2 D F Label_6 Label_4 25

26 Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] D A E F B C Memory (randomized) Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] Exit(B) == Label_5 Label_3 C E Label_5 A B Label_1 Label_2 D F Label_6 Label_4 26

27 Our Research on Return-Oriented Programming Attacks Jump-Oriented Programming with Checkoway et al. CCS 2010 Just-in-time Code Reuse with Snow et al. IEEE S&P 2013 Stitching Gadgets Davi et al. USENIX Sec COOP with Schuster et al. IEEE S&P 2015 Losing Control with Conti et al. CCS 2015

28 Our Research on Return-Oriented Programming Attacks Undermines Shadow Stacks Jump-Oriented Programming with Checkoway et al. Just-in-time Code Reuse with Snow et al. Stitching Gadgets Davi et al. COOP with Schuster et al. Losing Control with Conti et al. CCS 2010 IEEE S&P 2013 USENIX Sec IEEE S&P 2015 CCS 2015

29 Our Research on Return-Oriented Programming Attacks Undermines Shadow Stacks Jump-Oriented Programming with Checkoway et al. Just-in-time Code Reuse with Snow et al. Stitching Gadgets Davi et al. COOP with Schuster et al. Losing Control with Conti et al. CCS 2010 IEEE S&P 2013 USENIX Sec IEEE S&P 2015 CCS 2015 Bypasses fine-grained code randomization (incl. ASLR)

30 Our Research on Return-Oriented Programming Attacks Undermines Shadow Stacks Attacks against Microsoft EMET Jump-Oriented Programming with Checkoway et al. Just-in-time Code Reuse with Snow et al. Stitching Gadgets Davi et al. COOP with Schuster et al. Losing Control with Conti et al. CCS 2010 IEEE S&P 2013 USENIX Sec IEEE S&P 2015 CCS 2015 Bypasses fine-grained code randomization (incl. ASLR)

31 Our Research on Return-Oriented Programming Attacks Undermines Shadow Stacks Attacks against Microsoft EMET Jump-Oriented Programming with Checkoway et al. Just-in-time Code Reuse with Snow et al. Stitching Gadgets Davi et al. COOP with Schuster et al. Losing Control with Conti et al. CCS 2010 IEEE S&P 2013 USENIX Sec IEEE S&P 2015 CCS 2015 Bypasses fine-grained code randomization (incl. ASLR) Limitations of Binary-CFI

32 Our Research on Return-Oriented Programming Attacks Undermines Shadow Stacks Attacks against Microsoft EMET Bypasses Google s Forward-Edge CFI Jump-Oriented Programming with Checkoway et al. Just-in-time Code Reuse with Snow et al. Stitching Gadgets Davi et al. COOP with Schuster et al. Losing Control with Conti et al. CCS 2010 IEEE S&P 2013 USENIX Sec IEEE S&P 2015 CCS 2015 Bypasses fine-grained code randomization (incl. ASLR) Limitations of Binary-CFI

33 HAFIX: Hardware Flow Integrity Extensions [O. Arias, L. Davi, M. Hanreich, Y. Jin, P. Koeberl, D. Paul, A.-R. Sadeghi, D. Sullivan, DAC 2015, Best Paper]

34 State 0 Normal Execution Big Picture

35 Big Picture State 0 Normal Execution Function Call Indirect Jump Function Return

36 Big Picture State 0 Normal Execution CFI State Only CFI instructions allowed Function Call Indirect Jump Function Return

37 Big Picture State 0 Normal Execution Function Call Indirect Jump Function Return CFI State Only CFI instructions allowed CFI_CALL label CFI_JMP label CFI_RET label

38 Big Picture State 0 Normal Execution Function Call Indirect Jump Function Return CFI State Only CFI instructions allowed CFI_CALL label CFI_JMP label CFI_RET label

39 Big Picture State 0 Normal Execution Function Call Indirect Jump Function Return CFI State Only CFI instructions allowed CFI_CALL label CFI_JMP label CFI_RET label

40 Overview on HAFIX

41 Overview on HAFIX Contributions Efficient CFI hardware implementation for Intel Siskiyou Peak and SPARC-LEON3 Dedicated CFI instructions and memory

42 Overview on HAFIX Contributions Efficient CFI hardware implementation for Intel Siskiyou Peak and SPARC-LEON3 Dedicated CFI instructions and memory HAFIX Policies 1. Function returns only allowed to target active call sites or the last active call site 2. Function calls need to target a valid function entry

43 Overview on HAFIX Contributions Efficient CFI hardware implementation for Intel Siskiyou Peak and SPARC-LEON3 Dedicated CFI instructions and memory HAFIX Policies 1. Function returns only allowed to target active call sites or the last active call site 2. Function calls need to target a valid function entry Limitations No policy enforcement for indirect jumps Coarse-grained policy for indirect calls

44 HAFIX++ Strategy Without Tactics: Policy-Agnostic Hardware-Enhanced Control-Flow Integrity [Dean Sullivan, Orlando Arias, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Yier Jin, DAC 2016]

45 What about attacks inside the benign control flow? How can we attest control-flow paths of an application?

46 C-FLAT: Control-Flow Attestation of Embedded Systems Software Tigist Abera, N. Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, Gene Tsudik ACM CCS 2016

47 C-FLAT: Big Picture Verifier Prover App A

48 C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis

49 C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis P 1 P 2

50 C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis LP 1 P 1 P 2

51 C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis LP 1 Path Measurement App A P 1 P 1, #LP 1 P 2 P 1 P 2

52 C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis LP 1 Path Measurement App A Run-Time Path Measurement P 1 P 1, #LP 1 P 2 P 1 P 2

53 C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis LP 1 Path Measurement App A Run-Time Path Measurement P 1 P 1, #LP 1 P 2 P 1 P 2 P* 2

54 C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis Path Measurement Control-Flow Validation Run-Time Path Measurement LP 1 App A P 1 P 1, #LP 1 P 2 P 1 P 2 P* 2

55 C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis Path Measurement Control-Flow Validation Run-Time Path Measurement LP 1 App A P 1 P 1, #LP 1 P 2 P* 2 P 1 P 2 P* 2

56 C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis Path Measurement Control-Flow Validation Run-Time Path Measurement LP 1 App A P 1 P 1, #LP 1 P 2 P* 2 P 1 P 2 P* x P* 2

57 C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis Path Measurement Control-Flow Validation Run-Time Path Measurement LP 1 App A P 1 P* x P 1, #LP 1 P 2 P* 2 P 1 P 2 P* x P* 2

58 How to attest the executed control flows without transmitting all executed branches?

59 C-FLAT Measurement Function Cumulative Hash Value: H i = H ( H i-1, N ) H i-1 -- previous hash result N -- instruction block (node) just executed A B C D E F

60 C-FLAT Measurement Function Cumulative Hash Value: H i = H ( H i-1, N ) H i-1 -- previous hash result N -- instruction block (node) just executed A H 1 = H(0,A) B C D E F

61 C-FLAT Measurement Function Cumulative Hash Value: H i = H ( H i-1, N ) H i-1 -- previous hash result N -- instruction block (node) just executed H 2 = H( H 1,B) H 1 = H(0,A) A B C D E F

62 C-FLAT Measurement Function Cumulative Hash Value: H i = H ( H i-1, N ) H i-1 -- previous hash result N -- instruction block (node) just executed H 2 = H( H 1,B) H 1 = H(0,A) A B C D E H 3 = H( H 2,C) H 4 = H( H 2,D) F

63 C-FLAT Measurement Function Cumulative Hash Value: H i = H ( H i-1, N ) H i-1 -- previous hash result N -- instruction block (node) just executed H 2 = H( H 1,B) H 1 = H(0,A) A B C D H 3 = H( H 2,C) H 4 = H( H 2,D) E F H 5 = H( H 2,E) H 6 = H( H 5,F)

64 Loops are a challenge! Different loop paths and loop iterations lead to many valid hash values

65 C-FLAT Approach: Treat loops as sub-graphs and report their hash values and # of iterations separately

66 C-FLAT Approach: Treat loops as sub-graphs and report their hash values and # of iterations separately H Final H loop-entry Loop Entry Hash H loop_1,#h loop_1 H loop_2,#h loop_2 Loop Hash,Iteration

67 Prototype Architecture Implementation on Raspberry Pi 2 Application Binary Trampolines Measurement Engine and Attestation Hardware

68 Prototype Architecture Implementation on Raspberry Pi 2 Application Binary Trampolines Measurement Engine and Attestation Hardware

69 Prototype Architecture Implementation on Raspberry Pi 2 Application Binary Trampolines Measurement Engine and Attestation Hardware

70 Prototype Architecture Implementation on Raspberry Pi 2 Application Binary Trampolines Measurement Engine and Attestation Hardware

71 Evaluation: Case Studies Syringe Pump Soldering Iron Temperature Controller

72 Syringe Pump Source: open-syringe-pump

73 Syringe Pump Source: open-syringe-pump Original implementation targets Arduino boards We ported the code to Raspberry Pi 13,000 instructions with 332 CFG edges of which 20 are loops Main functions are set-quantity and move-syringe

74 Applying C-FLAT to Syringe Pump main() while (1) { if (serialready()) { processserial(); } } Please note that this slide shows a simplified view of the Syringe pump code and control-flow graph.

75 Applying C-FLAT to Syringe Pump main() while (1) { if (serialready()) { cfa_init; processserial(); cfa_quote; } } Please note that this slide shows a simplified view of the Syringe pump code and control-flow graph.

76 Applying C-FLAT to Syringe Pump main() while (1) { if (serialready()) { cfa_init; processserial(); cfa_quote; } } processserial() if (input == + ) { action(push,bolus); updatescreen(); } else if (input == - ) { action(pull,bolus); updatescreen(); } action(direction,bolus) steps = bolus * steps_per_ml if (direction == PUSH) { /* set stepper direction */ } else { /* PULL */ /* set stepper direction */ } for (steps) { /* move stepper */ } bolus = dose of drug; volume of cylinder for a particular height x Please note that this slide shows a simplified view of the Syringe pump code and control-flow graph.

77 Applying C-FLAT to Syringe Pump while (1) { if (serialready()) { cfa_init; processserial(); 1 cfa_quote; 14 } } if (input == + ) { action(push,bolus); 3 updatescreen(); 9 } else if (input == - ) { } main() processserial() action(pull,bolus); updatescreen(); action(direction,bolus) steps = bolus * steps_per_ml if (direction == PUSH) { /* set stepper direction */ } else { /* PULL */ /* set stepper direction */ } for (steps) { /* move stepper */ } bolus = dose of drug; volume of cylinder for a particular height x Please note that this slide shows a simplified view of the Syringe pump code and control-flow graph.

78 Final Hash Measurements action(direction,bolus) steps = bolus * steps_per_ml if (direction = PUSH) { /* set stepper direction */ } else /* PULL */ /* set stepper direction */ } for (steps) { /* move stepper */ }

79 Final Hash Measurements action(direction,bolus) steps = bolus * steps_per_ml if (direction = PUSH) { /* set stepper direction */ } else /* PULL */ /* set stepper direction */ } for (steps) { /* move stepper */ } Final Measurements for PUSH, PULL operations: b3 c5 ca c4 6f dc 6a d0 4a af a e0 9a f a7 0b 06 f0 ba e

80 Final Hash Measurements action(direction,bolus) steps = bolus * steps_per_ml if (direction = PUSH) { /* set stepper direction */ } else /* PULL */ /* set stepper direction */ } for (steps) { /* move stepper */ } Final Measurements for PUSH, PULL operations: b3 c5 ca c4 6f dc 6a d0 4a af a e0 9a f a7 0b 06 f0 ba e Loop Measurement: fb fc e d7 ac 32 5d 65 eb c (#iterations)

81 C-FLAT Log for PUSH action PUSH 0.1 ml Used ml Bolus ml [INFO] cfa_quote: f 9e bb a5 f7 5d 2a dc 8a 7b 5f [INFO] loop[000]: b3 c5 ca c4 6f dc 6a d0 4a af a [INFO] path[000]: fb fc e d7 ac 32 5d 65 eb c (682) [INFO] loop[001]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (1) [INFO] loop[002]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc e (2) [INFO] loop[003]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (3) [INFO] loop[004]: f5 77 b7 94 bd 6c 81 e2 2f 36 da ad cd df 56 6e [INFO] path[000]: 67 c6 5e d bc 4a 5d 60 a f4 ed (9) [INFO] path[001]: af 09 0f d5 64 f4 39 b4 7a 0d c (2) [INFO] loop[005]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (1) [INFO] loop[006]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc e (2) [INFO] loop[007]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (3) [INFO] loop[008]: ca 34 cb 8a 0b 8a f 59 e9 b2 8d [INFO] path[000]: 67 c6 5e d bc 4a 5d 60 a f4 ed (10) [INFO] path[001]: af 09 0f d5 64 f4 39 b4 7a 0d c (2) [INFO] loop[009]: 2d c f1 61 b d 0a 96 be be a8 1f [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (13) [INFO] loop[010]: d2 32 da 39 c8 7f 0d bb 13 c0 a7 12 7d 4b 0c ce [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (2) [INFO] loop[011]: 73 e3 be b a 59 1b 2b c c6 36 [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (14) [INFO] loop[012]: c dd c 0d 37 f6 d3 be fd 09 [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (2) PUSH 0.2 ml Used ml Bolus ml [INFO] cfa_quote: f 9e bb a5 f7 5d 2a dc 8a 7b 5f [INFO] loop[000]: b3 c5 ca c4 6f dc 6a d0 4a af a [INFO] path[000]: fb fc e d7 ac 32 5d 65 eb c (1365) [INFO] loop[001]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (1) [INFO] loop[002]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc e (2) [INFO] loop[003]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (3) [INFO] loop[004]: f5 77 b7 94 bd 6c 81 e2 2f 36 da ad cd df 56 6e [INFO] path[000]: 67 c6 5e d bc 4a 5d 60 a f4 ed (9) [INFO] path[001]: af 09 0f d5 64 f4 39 b4 7a 0d c (2) [INFO] loop[005]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (1) [INFO] loop[006]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc e (2) [INFO] loop[007]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (3) [INFO] loop[008]: ca 34 cb 8a 0b 8a f 59 e9 b2 8d [INFO] path[000]: 67 c6 5e d bc 4a 5d 60 a f4 ed (10) [INFO] path[001]: af 09 0f d5 64 f4 39 b4 7a 0d c (2) [INFO] loop[009]: 2d c f1 61 b d 0a 96 be be a8 1f [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (13) [INFO] loop[010]: d2 32 da 39 c8 7f 0d bb 13 c0 a7 12 7d 4b 0c ce [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (2) [INFO] loop[011]: 73 e3 be b a 59 1b 2b c c6 36 [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (14) [INFO] loop[012]: c dd c 0d 37 f6 d3 be fd 09 [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (2)

82 C-FLAT Log for PUSH action PUSH 0.1 ml Used ml Bolus ml [INFO] cfa_quote: f 9e bb a5 f7 5d 2a dc 8a 7b 5f PUSH 0.2 ml Used ml Bolus ml [INFO] cfa_quote: f 9e bb a5 f7 5d 2a dc 8a 7b 5f [INFO] loop[000]: b3 c5 ca c4 6f dc 6a d0 4a af a [INFO] path[000]: fb fc e d7 ac 32 5d 65 eb c (682) [INFO] loop[001]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (1) [INFO] loop[002]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc e (2) [INFO] loop[003]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (3) [INFO] loop[004]: f5 77 b7 94 bd 6c 81 e2 2f 36 da ad cd df 56 6e [INFO] path[000]: 67 c6 5e d bc 4a 5d 60 a f4 ed (9) [INFO] path[001]: af 09 0f d5 64 f4 39 b4 7a 0d c (2) [INFO] loop[005]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (1) [INFO] loop[006]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc e (2) [INFO] loop[007]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (3) [INFO] loop[008]: ca 34 cb 8a 0b 8a f 59 e9 b2 8d [INFO] path[000]: 67 c6 5e d bc 4a 5d 60 a f4 ed (10) [INFO] path[001]: af 09 0f d5 64 f4 39 b4 7a 0d c (2) [INFO] loop[009]: 2d c f1 61 b d 0a 96 be be a8 1f [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (13) [INFO] loop[010]: d2 32 da 39 c8 7f 0d bb 13 c0 a7 12 7d 4b 0c ce [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (2) [INFO] loop[011]: 73 e3 be b a 59 1b 2b c c6 36 [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (14) [INFO] loop[012]: c dd c 0d 37 f6 d3 be fd 09 [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (2) [INFO] loop[000]: b3 c5 ca c4 6f dc 6a d0 4a af a [INFO] path[000]: fb fc e d7 ac 32 5d 65 eb c (1365) [INFO] loop[001]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (1) [INFO] loop[002]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc e (2) [INFO] loop[003]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (3) [INFO] loop[004]: f5 77 b7 94 bd 6c 81 e2 2f 36 da ad cd df 56 6e [INFO] path[000]: 67 c6 5e d bc 4a 5d 60 a f4 ed (9) [INFO] path[001]: af 09 0f d5 64 f4 39 b4 7a 0d c (2) [INFO] loop[005]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (1) [INFO] loop[006]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc e (2) [INFO] loop[007]: eb a d2 3b c6 19 f d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be (3) [INFO] loop[008]: ca 34 cb 8a 0b 8a f 59 e9 b2 8d [INFO] path[000]: 67 c6 5e d bc 4a 5d 60 a f4 ed (10) [INFO] path[001]: af 09 0f d5 64 f4 39 b4 7a 0d c (2) [INFO] loop[009]: 2d c f1 61 b d 0a 96 be be a8 1f [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (13) [INFO] loop[010]: d2 32 da 39 c8 7f 0d bb 13 c0 a7 12 7d 4b 0c ce [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (2) [INFO] loop[011]: 73 e3 be b a 59 1b 2b c c6 36 [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (14) [INFO] loop[012]: c dd c 0d 37 f6 d3 be fd 09 [INFO] path[000]: 74 af 0f dc 3b 17 ff d0 db fe b (2) Only the number of loop iterations is different per bolus 682 (0.1 ml), 1365 (0.2 ml)

83 Attacking the Syringe Pumb Constructed several exploits to validate the effectiveness of C-FLAT Control-flow attack uses ROP to dispense liquid at unexpected time C-FLAT detects attack due to unexpected measurement Non-control-data attack that dispenses more liquid than requested C-FLAT detects attack due to an unexpectedly high number of loop iterations

84 Discussion on C-FLAT C-FLAT attests control flow Pure data attacks that don t affect control flow are not covered

85 Discussion on C-FLAT C-FLAT attests control flow Pure data attacks that don t affect control flow are not covered Scalability depends on program size and complexity We target typical (simple) embedded software, e.g., Syringe Pump that scales well for C-FLAT

86 Discussion on C-FLAT C-FLAT attests control flow Pure data attacks that don t affect control flow are not covered Scalability depends on program size and complexity We target typical (simple) embedded software, e.g., Syringe Pump that scales well for C-FLAT Reducing context switch overhead ARMv8 Cortex-A53 needs ~3700 cycles at 800MHz; TrustZone-M only requires a few cycles

87 Open Challenges

88 Open Challenges

89 Open Challenges CFI enforcement in the context of real-time operating systems and autonomous system

90 Open Challenges CFI enforcement in the context of real-time operating systems and autonomous system Addressing new attack techniques (e.g., dataoriented exploits, rowhammer)

91 Open Challenges CFI enforcement in the context of real-time operating systems and autonomous system Addressing new attack techniques (e.g., dataoriented exploits, rowhammer) Control-flow attestation of a network of devices inside an autonomous car

92 Open Challenges CFI enforcement in the context of real-time operating systems and autonomous system Addressing new attack techniques (e.g., dataoriented exploits, rowhammer) Control-flow attestation of a network of devices inside an autonomous car Data-flow attestation