Ironclad Apps: End-to-End Security via Automated Full-System Verification. Danfeng Zhang
|
|
- Ralph Greene
- 5 years ago
- Views:
Transcription
1 Ironclad Apps: End-to-End Security via Automated Full-System Verification Chris Hawblitzel Jon Howell Jay Lorch Arjun Narayan Bryan Parno Danfeng Zhang Brian Zill
2 Online and Mobile Security Chase Online, the Chase Mobile app and the Chase Mobile website use Secure Socket Layer (SSL) technology We periodically review our operations and business practices to make sure they comply with the corporate policies and procedures we follow to protect confidential information 2
3 An Ironclad app guarantees to remote parties that every instruction it executes adheres to a high-level security spec. My personal data My password will never leak will not be misused 3
4 Ironclad combines: Late launch Trusted Computing Software verification push ebp mov ebp, esp sub esp, 4 mov eax, 8 4
5 Ironclad combines: Late launch Trusted Computing Software verification Secure Remote Equivalence Entire software stack Reasonable effort push ebp mov ebp, esp sub esp, 4 mov eax, 8 5
6 Verification implies: No buffer overflows No code injection No type-safety flaws No information disclosures No crypto implementation flaws We always know what the app will do with private data! push ebp mov ebp, esp sub esp, 4 mov eax, 8 We don t prove: Absence of side channels Liveness Physical security 6
7 Verification goals End-to-end security Complete Low-level Rapid development Non-goal: Verify existing code push ebp mov ebp, esp sub esp, 4 mov eax, 8 Long-term: Performance matches unsafe code 7
8 Verification methodology = Trusted = Untrusted Ironclad... spec translator Highlevel spec Lowlevel spec Verifier Verifiable, high-level implementation mov edx, 2 Ironclad compiler predicate if (edx IsPrime(p:int) >= eax) { { 2 goto <= p loopend; } && forall x :: 2 <= x < p ==> p % x!= 0 } call edx := Mov(2); loop: invariant 2 <= edx < eax; invariant MemInv(...); Verifiable assembly language procedure CheckPrimality(p:int) returns (b:bool) requires p >= 0; ensures b == IsPrime(p); { var divisor := 2; while divisor < p { invariant 2 <= divisor <= p;... Assembler + Linker loop:... cmp edx, eax jae loopend 8
9 Verification methodology: Benefits Highlevel development Rapid spec Verifiable, high-level implementation Ironclad spec translator Simple and declarative Lowlevel spec Ironclad compiler Verifiable assembly language Arbitrarily complex Verifier Low-level verification Assembler + Linker 9
10 Writing trustworthy specifications Idiomatic specification = 3439 pages 1,364 lines of spec ( < 60 instructions ) = 795 pages procedure instr_add(..., x:reg, y:reg) ensures x := (x + y) % 0x ; lines of spec (secure randomness + attestation) type core = core(regs:[int]int, eip:int,..., segments, paging,...); type machine = machine(cores:[int]core, mem:[int]int, io:iostate); Hardware specs 10
11 Writing trustworthy specifications App spec Lib specs predicate ValidTransition(old_state:NotaryState, new_state:notarystate, request:request, response:response,...) { Idiomatic specification Spec reviews match request... case AdvanceCounter => function SHA256(messageBits:seq<int>) response.advancecntrresponse? : seq<int> requires && new_state.ctr messagebits == < old_state.ctr power2(64); + 1 requires && response.sig IsBitSeq(messageBits); == RSA_Sign(old_state.ctr, request) { &&... }... OS specs Hardware specs 11
12 Architecture App spec App Std. Lib App Common Lib specs UDP/IP Datatypes RSA Ethernet SHA-256 BigNum Net Driver TPM Driver Core Math OS specs Late launch Segments IOMMU Device IO GC Verve++ Hardware specs 12
13 Challenge: Whole-system verification procedure CheckPrimality(p:int) returns (b:bool) requires p >= 0; ensures b == IsPrime(p); { var divisor := 2; while divisor < p invariant 2 <= divisor <= p; {... Functional verification (correctness) F( all ) possible inputs all permitted output words procedure instr_outb(..., x:reg) requires???? push ebp mov ebp, esp sub esp, 4 mov eax, 8 13
14 Solution: Relational verification procedure instr_inb(..., x:reg) ensures public(x); procedure instr_outb(..., x:reg) requires public(x); push ebp mov ebp, esp sub esp, 4 mov eax, 8 Declassifier Declassify X by proving the abstract app would have output X 14
15 Rapid verification Automated tools Modular verification Shared verification IronBuild 15
16 Ironclad Apps Password Protector Notary password abc123 monkey qwerty letmein dragon baseball iloveyou trustno1 Trusted Incrementer Differentially Private DB Insert datum Query Key pair Database Privacy budget 16
17 Lessons learned Automated Automatic Opaque attributes Non-recursive functions Addition & subtraction Mul/div/mod by small constants Forall/exists Arrays/seqs Recursive functions General mul/div/mod Verification works! App Std. Lib App Common How to write concise UDP/IP specs Datatypes RSA How to write Ethernet libraries SHA-256 BigNum Net Driver TPM Driver Core Math Benefits of refinement types Late Device Segments IOMMU GC launch IO 1 st Version: Secure, but non-functional Custom math library 17
18 Eval: Proof burden ~3 person-years Previously 22+ pys Apps Crypto (SHA, HMAC, RSA) BigInt Lib Math Lib Std. Lib (bytes, words, arrays) UDP/IP/Ethernet Network Driver TPM Driver OS Proof hints : Implementation LoC Average 4.8 : 1 Previously > 25 : Ratio 18
19 Eval: System size Trusted Spec Implementation Apps Crypto (SHA, HMAC, RSA) BigInt Lib Math Lib Std. Lib (bytes, words, arrays) UDP/IP/Ethernet Network Driver TPM Driver OS Software Hardware 1796 LoC 1750 LoC SW Impl : Spec = 3.9 : LoC 41,566 instructions 23.1 : Lines 19
20 Eval: Performance SHA-256 RSA private (1024) ns/b Cut by 84% Within 30% of OpenSSL ms Improved by 8300x Still 22x too slow
21 Related work Early security kernels Examples: KVM/370, VAX VMM, SCOMP, GEMSOS Formally specified, but no connection to implementation Recent verified systems Examples: sel4, VCC, PROSPER, CompCert, Jitk Focus on one layer Many verify C code => Good performance Typically less automation => More human proof burden 21
22 Conclusions Ironclad guarantees end-to-end security to remote parties: Every instruction meets the app s security spec Achieved via: New and modified tools A methodology for rapid verification of systems software Verification of systems code is quite feasible! Thank you! ironclad@microsoft.com 22
Ironclad Apps: End-to-End Security via Automated Full-System Verification
Ironclad Apps: End-to-End Security via Automated Full-System Verification Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, Brian Zill Microsoft Research University
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationHyperkernel: Push-Button Verification of an OS Kernel
Hyperkernel: Push-Button Verification of an OS Kernel Luke Nelson, Helgi Sigurbjarnarson, Kaiyuan Zhang, Dylan Johnson, James Bornholt, Emina Torlak, and Xi Wang The OS Kernel is a critical component Essential
More informationMaking Verifiable Computation Useful
Making Verifiable Computation Useful Bryan Parno Carnegie Mellon University 1 Rapid Perf Improvements 100x100 matrix mult. Verifier Latency Prover Overhead ~10 23 x 72 Trillion years! ~10 16 x Cost fell
More informationVale: Verifying High-Performance Cryptographic Assembly Code
Vale: Verifying High-Performance Cryptographic Assembly Code Barry Bond 1, Chris Hawblitzel 1, Manos Kapritsos 2, K. Rustan M. Leino 1, Jacob R. Lorch 1, Bryan Parno 3, Ashay Rane 4, Srinath Setty 1, Laure
More informationGerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish
Gerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish Thomas Sewell Harvey Tuch Simon Winwood 1 microkernel
More informationCSCI 334: Principles of Programming Languages. Computer Architecture (a really really fast introduction) Lecture 11: Control Structures II
1 byte{ 1 byte{ CSCI 334: Principles of Programming Languages Lecture 11: Control Structures II Computer Architecture (a really really fast introduction) Instructor: Dan Barowy Memory Instructions main
More informationAdam Chlipala University of California, Berkeley ICFP 2006
Modular Development of Certified Program Verifiers with a Proof Assistant Adam Chlipala University of California, Berkeley ICFP 2006 1 Who Watches the Watcher? Program Verifier Might want to ensure: Memory
More informationEECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution
1. (40 points) Write the following subroutine in x86 assembly: Recall that: int f(int v1, int v2, int v3) { int x = v1 + v2; urn (x + v3) * (x v3); Subroutine arguments are passed on the stack, and can
More information*the Everest VERified End-to-end Secure Transport. Verified Secure Implementations for the HTTPS Ecosystem mitls & Everest*
*the Everest VERified End-to-end Secure Transport Verified Secure Implementations for the HTTPS Ecosystem mitls & Everest* Edge Clients Services & Applications curl WebKit Skype IIS Apache HTTPS Ecosystem
More informationFormal methods for software security
Formal methods for software security Thomas Jensen, INRIA Forum "Méthodes formelles" Toulouse, 31 January 2017 Formal methods for software security Formal methods for software security Confidentiality
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationCSE 227 Computer Security Spring 2010 S f o t ftware D f e enses I Ste St f e an f Sa v Sa a v g a e g
CSE 227 Computer Security Spring 2010 Software Df Defenses I Stefan Savage Kinds of defenses Eliminate violation of runtime model Better languages, code analysis Don t allow bad input Input validation
More informationDesigning Systems for Push-Button Verification
Designing Systems for Push-Button Verification Luke Nelson, Helgi Sigurbjarnarson, Xi Wang Joint work with James Bornholt, Dylan Johnson, Arvind Krishnamurthy, EminaTorlak, Kaiyuan Zhang Formal verification
More informationVerdi: A Framework for Implementing and Formally Verifying Distributed Systems
Verdi: A Framework for Implementing and Formally Verifying Distributed Systems Key-value store VST James R. Wilcox, Doug Woos, Pavel Panchekha, Zach Tatlock, Xi Wang, Michael D. Ernst, Thomas Anderson
More informationFlicker: An Execution Infrastructure for TCB Minimization
Flicker: An Execution Infrastructure for TCB Minimization Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Hiroshi Isozaki (EuroSys 08) Presented by: Tianyuan Liu Oct 31, 2017 Outline Motivation
More informationCNIT 127: Exploit Development. Ch 1: Before you begin. Updated
CNIT 127: Exploit Development Ch 1: Before you begin Updated 1-14-16 Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as Denial
More informationStack -- Memory which holds register contents. Will keep the EIP of the next address after the call
Call without Parameter Value Transfer What are involved? ESP Stack Pointer Register Grows by 4 for EIP (return address) storage Stack -- Memory which holds register contents Will keep the EIP of the next
More informationSubprograms: Local Variables
Subprograms: Local Variables ICS312 Machine-Level and Systems Programming Henri Casanova (henric@hawaii.edu) Local Variables in Subprograms In all the examples we have seen so far, the subprograms were
More informationMachine and Assembly Language Principles
Machine and Assembly Language Principles Assembly language instruction is synonymous with a machine instruction. Therefore, need to understand machine instructions and on what they operate - the architecture.
More informationLecture Notes for 04/04/06: UNTRUSTED CODE Fatima Zarinni.
Lecture Notes for 04/04/06 UNTRUSTED CODE Fatima Zarinni. Last class we started to talk about the different System Solutions for Stack Overflow. We are going to continue the subject. Stages of Stack Overflow
More informationUniversità Ca Foscari Venezia
Stack Overflow Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Introduction Buffer overflow is due to careless programming in unsafe languages like C
More informationBetriebssysteme und Sicherheit Sicherheit. Buffer Overflows
Betriebssysteme und Sicherheit Sicherheit Buffer Overflows Software Vulnerabilities Implementation error Input validation Attacker-supplied input can lead to Corruption Code execution... Even remote exploitation
More informationGoal. Introduce the bases used in the remaining of the book. This includes
Fundamentals of Secure System Modelling Springer, 2017 Chapter 1: Introduction Raimundas Matulevičius University of Tartu, Estonia, rma@ut.ee Goal Introduce the bases used in the remaining of the book.
More informationThe Evolution of Secure Operating Systems
The Evolution of Secure Operating Systems Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University 1 Operating Systems
More informationCompilers Crash Course
Compilers Crash Course Prof. Michael Clarkson CSci 6907.85 Spring 2014 Slides Acknowledgment: Prof. Andrew Myers (Cornell) What are Compilers? Translators from one representation of program code to another
More informationDr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD /12/2014 Slide 1
Dr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD 21252 rkarne@towson.edu 11/12/2014 Slide 1 Intel x86 Aseembly Language Assembly Language Assembly Language
More informationComputer Systems Lecture 9
Computer Systems Lecture 9 CPU Registers in x86 CPU status flags EFLAG: The Flag register holds the CPU status flags The status flags are separate bits in EFLAG where information on important conditions
More informationLeveraging Intel SGX to Create a Nondisclosure Cryptographic library
CS 2530 - Computer and Network Security Project presentation Leveraging Intel SGX to Create a Nondisclosure Cryptographic library Mohammad H Mofrad & Spencer L Gray University of Pittsburgh Thursday, December
More informationBrowser Security Guarantees through Formal Shim Verification
Browser Security Guarantees through Formal Shim Verification Dongseok Jang Zachary Tatlock Sorin Lerner UC San Diego Browsers: Critical Infrastructure Ubiquitous: many platforms, sensitive apps Vulnerable:
More informationAmplifying. Only stack module can alter, read x So process doesn t get capability, but needs it when x is referenced a problem!
Amplifying Allows temporary increase of privileges Needed for modular programming Module pushes, pops data onto stack module stack endmodule. Variable x declared of type stack var x: module; Only stack
More information4. Jump to *RA 4. StackGuard 5. Execute code 5. Instruction Set Randomization 6. Make system call 6. System call Randomization
04/04/06 Lecture Notes Untrusted Beili Wang Stages of Static Overflow Solution 1. Find bug in 1. Static Analysis 2. Send overflowing input 2. CCured 3. Overwrite return address 3. Address Space Randomization
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall 2011.
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz I: Solutions Please do not write in the boxes below. I (xx/20) II (xx/10) III (xx/16)
More informationA Study on the Preservation on Cryptographic Constant-Time Security in the CompCert Compiler
A Study on the Preservation on Cryptographic Constant-Time Security in the CompCert Compiler Alix Trieu FOSAD 2018, Bertinoro Univ Rennes, Inria, CNRS, IRISA August 29th, 2018 1 / 20 Side-channels Crypto
More informationThe most common type of certificates are public key certificates. Such server has a certificate is a common shorthand for: there exists a certificate
1 2 The most common type of certificates are public key certificates. Such server has a certificate is a common shorthand for: there exists a certificate signed by some certification authority, which certifies
More informationCS61 Section Solutions 3
CS61 Section Solutions 3 (Week of 10/1-10/5) 1. Assembly Operand Specifiers 2. Condition Codes 3. Jumps 4. Control Flow Loops 5. Procedure Calls 1. Assembly Operand Specifiers Q1 Operand Value %eax 0x104
More informationAmplifying. Examples
Amplifying Allows temporary increase of privileges Needed for modular programming Module pushes, pops data onto stack module stack endmodule. Variable x declared of type stack var x: module; Only stack
More informationIslamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 10. Advanced Procedures
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 10 Advanced Procedures May, 2014 1 Assembly Language LAB Stack Parameters There are
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationIntel Software Guard Extensions
Intel Software Guard Extensions Dr. Matthias Hahn, Intel Deutschland GmbH July 12 th 2017 cryptovision Mindshare, Gelsenkirchen Intel SGX Making Headlines Premium Content requiring Intel SGX on PC Intel
More informationCombining program verification with component-based architectures. Alexander Senier BOB 2018 Berlin, February 23rd, 2018
Combining program verification with component-based architectures Alexander Senier BOB 2018 Berlin, February 23rd, 2018 About Componolit 2 What happens when we use what's best? 3 What s Best? Mid-90ies:
More informationIntroduction to Reverse Engineering. Alan Padilla, Ricardo Alanis, Stephen Ballenger, Luke Castro, Jake Rawlins
Introduction to Reverse Engineering Alan Padilla, Ricardo Alanis, Stephen Ballenger, Luke Castro, Jake Rawlins Reverse Engineering (of Software) What is it? What is it for? Binary exploitation (the cool
More informationCMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 16, SPRING 2013 TOPICS TODAY Project 6 Perils & Pitfalls of Memory Allocation C Function Call Conventions in Assembly Language PERILS
More informationOutline. x86 Architecture
Data Representation Code Representation Summary Data Representation Code Representation Summary Code Representation Summary Outline CS 6V81-05: System Security and Malicious Code Analysis 1 2 Data Representation
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More information16.317: Microprocessor Systems Design I Fall 2015
16.317: Microprocessor Systems Design I Fall 2015 Exam 2 Solution 1. (16 points, 4 points per part) Multiple choice For each of the multiple choice questions below, clearly indicate your response by circling
More informationProgram Verification (6EC version only)
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language
More informationReversing Basics A Practical Approach
Reversing Basics A Practical Approach Author: Amit Malik (DouBle_Zer0) E-Mail: m.amit30@gmail.com Note: Keep Out of Reach of Children/Danger-Software Poison. Download EXE/Crackme: https://sites.google.com/site/hacking1now/crackmes
More informationSECOMP Efficient Formally Secure Compilers to a Tagged Architecture. Cătălin Hrițcu INRIA Paris
SECOMP Efficient Formally Secure Compilers to a Tagged Architecture Cătălin Hrițcu INRIA Paris 1 SECOMP Efficient Formally Secure Compilers to a Tagged Architecture Cătălin Hrițcu INRIA Paris 5 year vision
More informationProgram Exploitation Intro
Program Exploitation Intro x86 Assembly 04//2018 Security 1 Univeristà Ca Foscari, Venezia What is Program Exploitation "Making a program do something unexpected and not planned" The right bugs can be
More informationProtection. Thierry Sans
Protection Thierry Sans Protecting Programs How to lower the risk of a program security flaw resulting from a bug? 1. Build better programs 2. Build better operating systems Build Better Programs Why are
More informationCIS 4360 Secure Computer Systems Secured System Boot
CIS 4360 Secure Computer Systems Secured System Boot Professor Qiang Zeng Spring 2017 Previous Class Attacks against System Boot Bootkit Evil Maid Attack Bios-kit Attacks against RAM DMA Attack Cold Boot
More informationTrends in Automated Verification
Trends in Automated Verification K. Rustan M. Leino Senior Principal Engineer Automated Reasoning Group (ARG), Amazon Web Services 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
More informationNon-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/XP
A NGSSoftware Insight Security Research Publication Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/20/XP David Litchfield (david@ngssoftware.com) 5 th March 22 www.ngssoftware.com
More informationCS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly
Raluca Popa Spring 2018 CS 161 Computer Security Discussion 1 Week of January 22, 2018: GDB and x86 assembly Objective: Studying memory vulnerabilities requires being able to read assembly and step through
More informationPRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG
PRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG Table of contents Introduction Binary Disassembly Return Address Defense Prototype Implementation Experimental Results Conclusion Buffer Over2low Attacks
More informationRootkits n Stuff
Rootkits n Stuff www.sigmil.org What a rootkit is(n t) IS Software intended to conceal running processes, files, etc from the OS A way to maintain control of a system after compromising it. ISN T A buffer
More informationBinding and Storage. COMP 524: Programming Language Concepts Björn B. Brandenburg. The University of North Carolina at Chapel Hill
Binding and Storage Björn B. Brandenburg The University of North Carolina at Chapel Hill Based in part on slides and notes by S. Olivier, A. Block, N. Fisher, F. Hernandez-Campos, and D. Stotts. What s
More informationMemory Safety (cont d) Software Security
Memory Safety (cont d) Software Security CS 161: Computer Security Prof. Raluca Ada Popa January 17, 2016 Some slides credit to David Wagner and Nick Weaver Announcements Discussion sections and office
More informationTesting. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?
Testing ECE/CS 5780/6780: Embedded System Design Scott R. Little Lecture 24: Introduction to Software Testing and Verification What is software testing? Running a program in order to find bugs (faults,
More informationGaps in Static Analysis Tool Capabilities. Providing World-Class Services for World-Class Competitiveness
Gaps in Static Analysis Tool Capabilities 1 Overview Gaps in Static Analysis tools as identified during the evaluation of five (5) commercially available static analysis tools Collaborative effort between
More informationTurning proof assistants into programming assistants
Turning proof assistants into programming assistants ST Winter Meeting, 3 Feb 2015 Magnus Myréen Why? Why combine proof- and programming assistants? Why proofs? Testing cannot show absence of bugs. Some
More informationIntelligent Terminal System Based on Trusted Platform Module
American Journal of Mobile Systems, Applications and Services Vol. 4, No. 3, 2018, pp. 13-18 http://www.aiscience.org/journal/ajmsas ISSN: 2471-7282 (Print); ISSN: 2471-7290 (Online) Intelligent Terminal
More informationOlder geometric based addressing is called CHS for cylinder-head-sector. This triple value uniquely identifies every sector.
Review: On Disk Structures At the most basic level, a HDD is a collection of individually addressable sectors or blocks that are physically distributed across the surface of the platters. Older geometric
More informationSOEN228, Winter Revision 1.2 Date: October 25,
SOEN228, Winter 2003 Revision 1.2 Date: October 25, 2003 1 Contents Flags Mnemonics Basic I/O Exercises Overview of sample programs 2 Flag Register The flag register stores the condition flags that retain
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationSchool of Computer & Communication Sciences École Polytechnique Fédérale de Lausanne
Principles of Dependable Systems Building Reliable Software School of Computer & Communication Sciences École Polytechnique Fédérale de Lausanne Winter 2006-2007 Outline Class Projects: mtgs next week
More informationHyperkernel: Push-Button Verification of an OS Kernel
Hyperkernel: Push-Button Verification of an OS Kernel Luke Nelson, Helgi Sigurbjarnarson, Kaiyuan Zhang, Dylan Johnson, James Bornholt, Emina Torlak, and Xi Wang University of Washington {lukenels,helgi,kaiyuanz,dgj16,bornholt,emina,xi}@cs.washington.edu
More informationAssembly Language Lab # 9
Faculty of Engineering Computer Engineering Department Islamic University of Gaza 2011 Assembly Language Lab # 9 Stacks and Subroutines Eng. Doaa Abu Jabal Assembly Language Lab # 9 Stacks and Subroutines
More informationExploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it
Exploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it 29.11.2012 Secure Software Engineering Andreas Follner 1 Andreas Follner Graduated earlier
More informationIntroduction to Information Security Miscellaneous
Introduction to Information Security Miscellaneous 1 NOP Slides 1120 RET 1000? To implement a buffer overflow, you need to know: The overflow size (from the buffer start to the return address) The stack
More informationAssuring Software Protection in Virtual Machines
Assuring Software Protection in Virtual Machines Andrew W. Appel Princeton University 1 Software system built from components Less-trusted components More-trusted components (non-core functions) INTERFACE
More informationComputer Security CS 426 Lecture 17
Computer Security CS 426 Lecture 17 Trusted Computing Base. Orange Book, Common Criteria Elisa Bertino Purdue University IN, USA bertino@cs.purdue.edu 1 Trusted vs. Trustworthy A component of a system
More informationChapter 2. lw $s1,100($s2) $s1 = Memory[$s2+100] sw $s1,100($s2) Memory[$s2+100] = $s1
Chapter 2 1 MIPS Instructions Instruction Meaning add $s1,$s2,$s3 $s1 = $s2 + $s3 sub $s1,$s2,$s3 $s1 = $s2 $s3 addi $s1,$s2,4 $s1 = $s2 + 4 ori $s1,$s2,4 $s2 = $s2 4 lw $s1,100($s2) $s1 = Memory[$s2+100]
More informationLow-Level Essentials for Understanding Security Problems Aurélien Francillon
Low-Level Essentials for Understanding Security Problems Aurélien Francillon francill@eurecom.fr Computer Architecture The modern computer architecture is based on Von Neumann Two main parts: CPU (Central
More informationLecture 08 Control-flow Hijacking Defenses
Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation
More information4) C = 96 * B 5) 1 and 3 only 6) 2 and 4 only
Instructions: The following questions use the AT&T (GNU) syntax for x86-32 assembly code, as in the course notes. Submit your answers to these questions to the Curator as OQ05 by the posted due date and
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationCS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
More informationIslamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 7. Procedures and the Stack
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 7 Procedures and the Stack April, 2014 1 Assembly Language LAB Runtime Stack and Stack
More informationAuthenticated Encryption in TLS
Authenticated Encryption in TLS Same modelling & verification approach concrete security: each lossy step documented by a game and a reduction (or an assumption) on paper Standardized complications - multiple
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationThe IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta
1 The IA-32 Stack and Function Calls CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta 2 Important Registers used with the Stack EIP: ESP: EBP: 3 Important Registers used with the Stack EIP:
More informationFaCT. A Flexible, Constant-Time Programming Language
, Gary Soeller, Fraser Brown, Brian Johannesmeyer, Yunlu Huang, Ranjit Jhala, Deian Stefan A Flexible, Constant-Time Programming Language Timing side channels Secret key Crypto Plaintext Encrypted Timing
More informationManifest Safety and Security. Robert Harper Carnegie Mellon University
Manifest Safety and Security Robert Harper Carnegie Mellon University Collaborators This work is, in part, joint with Lujo Bauer, Karl Crary, Peter Lee, Mike Reiter, and Frank Pfenning at Carnegie Mellon.
More informationSirrix AG security technologies. TPM Laboratory I. Marcel Selhorst etiss 2007 Bochum Sirrix AG
TPM Laboratory I Marcel Selhorst m.selhorst@sirrix.com etiss 2007 Bochum What's this? 00 00 DC 76 4A 0B 1E 53 2F FF 81 13 92 5D A8 33 E4 2 C4 00 FC 8E 81 E1 24 6F 09 79 EA 84 32 9B 67 C8 76 00 0C C6 FD
More informationComputer Processors. Part 2. Components of a Processor. Execution Unit The ALU. Execution Unit. The Brains of the Box. Processors. Execution Unit (EU)
Part 2 Computer Processors Processors The Brains of the Box Computer Processors Components of a Processor The Central Processing Unit (CPU) is the most complex part of a computer In fact, it is the computer
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationCSE351 Autumn 2012 Midterm Exam (5 Nov 2012)
CSE351 Autumn 2012 Midterm Exam (5 Nov 2012) Please read through the entire examination first! We designed this exam so that it can be completed in 50 minutes and, hopefully, this estimate will prove to
More informationCNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux
CNIT 127: Exploit Development Ch 2: Stack Overflows in Linux Stack-based Buffer Overflows Most popular and best understood exploitation method Aleph One's "Smashing the Stack for Fun and Profit" (1996)
More informationPinocchio: Nearly Practical Verifiable Computation. Bryan Pano, Jon Howell, Craig Gentry, Mariana Raykova
Pinocchio: Nearly Practical Verifiable Computation Bryan Pano, Jon Howell, Craig Gentry, Mariana Raykova Presentated by Phd@ECE,UMD Hui Zhang wayne.huizhang@gmail.com Introduction Outsourcing complex computation
More informationAS08-C++ and Assembly Calling and Returning. CS220 Logic Design AS08-C++ and Assembly. AS08-C++ and Assembly Calling Conventions
CS220 Logic Design Outline Calling Conventions Multi-module Programs 1 Calling and Returning We have already seen how the call instruction is used to execute a subprogram. call pushes the address of the
More informationU23 - Binary Exploitation
U23 - Binary Exploitation Stratum Auhuur robbje@aachen.ccc.de November 21, 2016 Context OS: Linux Context OS: Linux CPU: x86 (32 bit) Context OS: Linux CPU: x86 (32 bit) Address Space Layout Randomization:
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationRuntime Checking for Program Verification Systems
Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification
More informationMachine Language, Assemblers and Linkers"
Machine Language, Assemblers and Linkers 1 Goals for this Lecture Help you to learn about: IA-32 machine language The assembly and linking processes 2 1 Why Learn Machine Language Last stop on the language
More informationIronFleet. Dmitry Bondarenko, Yixuan Chen
IronFleet Dmitry Bondarenko, Yixuan Chen A short survey How many people have the confidence that your Paxos implementation has no bug? How many people have proved that the implementation is correct? Why
More informationReview Questions. 1 The DRAM problem [5 points] Suggest a solution. 2 Big versus Little Endian Addressing [5 points]
Review Questions 1 The DRAM problem [5 points] Suggest a solution 2 Big versus Little Endian Addressing [5 points] Consider the 32-bit hexadecimal number 0x21d3ea7d. 1. What is the binary representation
More informationSoftware Security: Vulnerability Analysis
Computer Security Course. Software Security: Vulnerability Analysis Program Verification Program Verification How to prove a program free of buffer overflows? Precondition Postcondition Loop invariants
More information