SGXBounds Memory Safety for Shielded Execution
|
|
- Antonia Lyons
- 6 years ago
- Views:
Transcription
1 SGXBounds Memory Safety for Shielded Execution Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia *, Pascal Felber, Christof Fetzer TU Dresden, * The University of Edinburgh, University of Neuchâtel
2 Security in the Cloud Security is a key barrier to adoption of cloud computing 1
3 Security in the Cloud Security is a key barrier to adoption of cloud computing Attackers compromise confidentiality and integrity 1
4 Security in the Cloud Security is a key barrier to adoption of cloud computing Attackers compromise confidentiality and integrity Malicious host (e.g., cloud provider) Software vulnerabilities 1
5 Security in the Cloud Security is a key barrier to adoption of cloud computing Attackers compromise confidentiality and integrity Malicious host (e.g., cloud provider) Software vulnerabilities Virtual Address Space Shielded execution (SGX Enclave) Malicious OS 1
6 Security in the Cloud Security is a key barrier to adoption of cloud computing Attackers compromise confidentiality and integrity Malicious host (e.g., cloud provider) Software vulnerabilities Virtual Address Space Shielded execution (SGX Enclave) 1
7 Security in the Cloud Security is a key barrier to adoption of cloud computing Attackers compromise confidentiality and integrity Malicious host (e.g., cloud provider) Software vulnerabilities Virtual Address Space Heartbleed Shielded execution (SGX Enclave) Cloudbleed 1
8 Protecting against Attacks SGX Enclave (malicious host) 2
9 Protecting against Attacks SGX Enclave (malicious host) + Memory safety (vulnerabilities) 2
10 Protecting against Attacks SGX Enclave (malicious host) + Memory safety (vulnerabilities) AddressSanitizer (software-based) Intel MPX (hardware-based) 2
11 Protecting against Attacks SGX Enclave (malicious host) + Memory safety (vulnerabilities) AddressSanitizer (software-based) Intel MPX (hardware-based) State-of-the-art memory-safety mechanisms are inefficient! 2
12 State-of-the-Art: SQLite example 3
13 State-of-the-Art: SQLite example lower better 3
14 State-of-the-Art: SQLite example lower better 3
15 State-of-the-Art: SQLite example lower better 3
16 State-of-the-Art: SQLite example lower better 3
17 SGX Enclave (malicious host) + Memory safety (vulnerabilities) How to make it efficient? 3
18 State-of-the-Art: SQLite example lower better 3
19 State-of-the-Art: SQLite example lower better SGXBounds is practical 3
20 Motivation Constraints of SGX enclaves Design of SGXBounds Implementation of SGXBounds Evaluation
21 Motivation Constraints of SGX enclaves Design of SGXBounds Implementation of SGXBounds Evaluation
22 Constraints of SGX Enclaves Why AddressSanitizer and Intel MPX perform poorly under SGX? Virtual Address Space Shielded execution (SGX Enclave) 4
23 Constraints of SGX Enclaves Why AddressSanitizer and Intel MPX perform poorly under SGX? Increased latency of memory accesses Virtual Address Space Shielded execution (SGX Enclave) 4
24 Constraints of SGX Enclaves Why AddressSanitizer and Intel MPX perform poorly under SGX? Increased latency of memory accesses Physical Address Space Virtual Address Space Shielded execution (SGX Enclave) CPU Cache (8MB) Enclave Page Cache (94MB) DRAM (64GB) 4
25 Constraints of SGX Enclaves Why AddressSanitizer and Intel MPX perform poorly under SGX? Increased latency of memory accesses Physical Address Space Virtual Address Space MEE encryption (1-12x) Shielded execution (SGX Enclave) CPU Cache (8MB) Enclave Page Cache (94MB) DRAM (64GB) 4
26 Constraints of SGX Enclaves Why AddressSanitizer and Intel MPX perform poorly under SGX? Increased latency of memory accesses Physical Address Space Virtual Address Space EPC paging (2-2000x) MEE encryption (1-12x) Shielded execution (SGX Enclave) CPU Cache (8MB) Enclave Page Cache (94MB) DRAM (64GB) 4
27 Constraints of SGX Enclaves Why AddressSanitizer and Intel MPX perform poorly under SGX? Increased latency of memory accesses Limited enclave memory (4GB) Physical Address Space Virtual Address Space EPC paging (2-2000x) 4GB MEE encryption (1-12x) Shielded execution (SGX Enclave) CPU Cache (8MB) Enclave Page Cache (94MB) DRAM (64GB) 4
28 State-of-the-Art: Metadata Layout Assumptions of AddressSanitizer and Intel MPX violated in SGX! 5
29 State-of-the-Art: Metadata Layout Assumptions of AddressSanitizer and Intel MPX violated in SGX! 512MB AddressSanitizer Intel MPX Bounds Table 1 shadow object Bounds Directory red zone object object red zone pointer pointer 5
30 State-of-the-Art: Metadata Layout Assumptions of AddressSanitizer and Intel MPX violated in SGX! Fast accesses to metadata Almost endless memory 512MB AddressSanitizer Intel MPX Bounds Table 1 shadow object Bounds Directory red zone object object red zone pointer pointer 5
31 State-of-the-Art: Metadata Layout Assumptions of AddressSanitizer and Intel MPX violated in SGX! Fast accesses to metadata increased latency Almost endless memory limited enclave memory 512MB AddressSanitizer Intel MPX Bounds Table 1 shadow object Bounds Directory red zone object object red zone pointer pointer 5
32 State-of-the-Art: Metadata Layout Assumptions of AddressSanitizer and Intel MPX violated in SGX! Fast accesses to metadata increased latency Almost endless memory limited enclave memory 512MB AddressSanitizer Intel MPX Bounds Table 1 shadow object Inefficient! Bounds Directory red zone object object red zone pointer pointer 5
33 Motivation Constraints of SGX enclaves Design of SGXBounds Implementation of SGXBounds Evaluation
34 SGXBounds: Metadata Layout Memory contraints of SGX dictated design of SGXBounds 6
35 SGXBounds: Metadata Layout Memory contraints of SGX dictated design of SGXBounds Increased latency minimize accesses to metadata 6
36 SGXBounds: Metadata Layout Memory contraints of SGX dictated design of SGXBounds Increased latency minimize accesses to metadata Limited enclave memory minimize space of metadata 6
37 SGXBounds: Metadata Layout Memory contraints of SGX dictated design of SGXBounds Increased latency minimize accesses to metadata Limited enclave memory minimize space of metadata SGXBounds object pointer 6
38 SGXBounds: Metadata Layout Memory contraints of SGX dictated design of SGXBounds Increased latency minimize accesses to metadata Limited enclave memory minimize space of metadata SGXBounds object pointer 6
39 SGXBounds: Metadata Layout Memory contraints of SGX dictated design of SGXBounds Increased latency minimize accesses to metadata Limited enclave memory minimize space of metadata LB 4B SGXBounds object 63 UB 31 0 pointer 6
40 SGXBounds: Metadata Layout Memory contraints of SGX dictated design of SGXBounds Increased latency minimize accesses to metadata Limited enclave memory minimize space of metadata LB 4B SGXBounds object Upper bound (UB) in pointer Lower bound (LB) per object 63 UB 31 0 pointer 6
41 SGXBounds: Metadata Layout Memory contraints of SGX dictated design of SGXBounds Increased latency minimize accesses to metadata Limited enclave memory minimize space of metadata LB 4B SGXBounds object Upper bound (UB) in pointer Lower bound (LB) per object 63 UB 31 pointer 0 Out-of-the-box multithreading (unlike MPX) 6
42 SGXBounds: Detecting Vulnerabilities How SGXBounds detects vulnerabilities like Heartbleed? SGXBounds LB object UB pointer 7
43 SGXBounds: Detecting Vulnerabilities How SGXBounds detects vulnerabilities like Heartbleed? SGXBounds LB password LB object UB pointer 7
44 SGXBounds: Detecting Vulnerabilities How SGXBounds detects vulnerabilities like Heartbleed? Data leak through write(socket, pointer, objlen) SGXBounds LB password LB object UB pointer 7
45 SGXBounds: Detecting Vulnerabilities How SGXBounds detects vulnerabilities like Heartbleed? Data leak through write(socket, pointer, objlen) SGXBounds LB password LB object UB pointer 7
46 SGXBounds: Detecting Vulnerabilities How SGXBounds detects vulnerabilities like Heartbleed? Data leak through write(socket, pointer, objlen) Protect using efficient bounds checks SGXBounds Bounds-check before each memory access: LB pointer UB LB password LB object UB pointer 7
47 SGXBounds: Detecting Vulnerabilities How SGXBounds detects vulnerabilities like Heartbleed? Data leak through write(socket, pointer, objlen) Protect using efficient bounds checks SGXBounds Bounds-check before each memory access: LB pointer UB LB password embedded in tagged pointer LB object UB pointer 7
48 SGXBounds: Detecting Vulnerabilities How SGXBounds detects vulnerabilities like Heartbleed? Data leak through write(socket, pointer, objlen) Protect using efficient bounds checks SGXBounds Bounds-check before each memory access: LB pointer UB LB password LB embedded in tagged pointer loaded from memory based on UB object UB pointer 7
49 Motivation Constraints of SGX enclaves Design of SGXBounds Implementation of SGXBounds Evaluation
50 SGXBounds: Implementation SGXBounds (LLVM pass) 8
51 SGXBounds: Implementation Source code SGXBounds (LLVM pass) Shielded app (e.g., SCONE) 8
52 SGXBounds: Implementation Source code SGXBounds (LLVM pass) Shielded app (e.g., SCONE) Operating System CPU SGX RAM 8
53 SGXBounds: Implementation Source code SGXBounds (LLVM pass) Shielded app (e.g., SCONE) Operating System CPU SGX RAM Advanced features: 8
54 SGXBounds: Implementation Source code SGXBounds (LLVM pass) Shielded app (e.g., SCONE) Operating System CPU SGX RAM Advanced features: Tolerating errors with boundless memory Metadata management support Compile-time optimizations 8
55 SGXBounds: Implementation Source code SGXBounds (LLVM pass) Shielded app (e.g., SCONE) Operating System CPU SGX RAM Advanced features: Tolerating errors with boundless memory Metadata management support Compile-time optimizations See paper for details 8
56 Motivation Constraints of SGX enclaves Design of SGXBounds Implementation of SGXBounds Evaluation
57 Motivation Constraints of SGX enclaves Design of SGXBounds Implementation of SGXBounds Evaluation Benchmark suites Case studies Security
58 Benchmark Suites ASan MPX SGXBounds 9
59 Benchmark Suites ASan Phoenix 1.41 MPX 2.27 SGXBounds
60 Benchmark Suites ASan MPX SGXBounds Phoenix PARSEC * 1.20 * some programs failed due to insufficient memory 9
61 Benchmark Suites ASan MPX SGXBounds Phoenix PARSEC * 1.20 SPEC * 1.41 * some programs failed due to insufficient memory 9
62 Case Studies 10
63 Case Studies 10
64 Case Studies 10
65 Case Studies MPX: EPC thrashing on Memcached 10
66 Case Studies MPX: EPC thrashing on Memcached ASan: metadata overload on Nginx 10
67 Case Studies MPX: EPC thrashing on Memcached ASan: metadata overload on Nginx SGXBounds: no corner cases 10
68 Security guarantees 11
69 Security guarantees RIPE synthetic benchmark: Similar guarantees as ASan and MPX 11
70 Security guarantees RIPE synthetic benchmark: Similar guarantees as ASan and MPX Real-world vulnerabilities detected and tolerated: Memcached denial-of-service Nginx stack buffer overflow Apache Heartbleed 11
71 Motivation Constraints of SGX enclaves Design of SGXBounds Implementation of SGXBounds Evaluation
72 Conclusion 12
73 Conclusion Security is barrier to adoption of cloud computing Use shielded execution with Intel SGX 12
74 Conclusion Security is barrier to adoption of cloud computing Use shielded execution with Intel SGX Insufficient to protect against SW vulnerabilities Use memory defense like ASan and MPX 12
75 Conclusion Security is barrier to adoption of cloud computing Use shielded execution with Intel SGX Insufficient to protect against SW vulnerabilities Use memory defense like ASan and MPX ASan and MPX perform poorly in SGX enclaves Their memory assumptions are violated in SGX 12
76 Conclusion Security is barrier to adoption of cloud computing Use shielded execution with Intel SGX Insufficient to protect against SW vulnerabilities Use memory defense like ASan and MPX ASan and MPX perform poorly in SGX enclaves Their memory assumptions are violated in SGX SGXBounds: memory safety for shielded execution 12
77 Conclusion Security is barrier to adoption of cloud computing Use shielded execution with Intel SGX Insufficient to protect against SW vulnerabilities Use memory defense like ASan and MPX ASan and MPX perform poorly in SGX enclaves Their memory assumptions are violated in SGX SGXBounds: memory safety for shielded execution Thank you! 12
78 Backup slides
79 Intel SGX and SCONE Virtual Address Space SCONE Asynchronous syscalls Application Libraries SGX Enclave (legacy app with SCONE) Network shield FS shield M:N user threading Modified Musl C library V. Costan, S. Devadas. Intel SGX Explained. IACR Cryptology eprint Archive '16 S. Arnautov et al. SCONE: Secure linux containers with Intel SGX. OSDI'16
80 SGXBounds: Implementation Source code SGXBounds (LLVM pass) Application Operating System CPU Native a = add x, i store 42, a SGXBounds x = specify_bounds(x, x+n) a = add x, i aptr = extract_ptr(a) UB = extract_upper_bound(a) LB = load_lower_bound(ub) if (aptr < LB or aptr >= UB): handle_error(aptr) store 42, a SGX RAM
81 Related Work (SPEC CPU2006 outside of SGX enclave) Perf Mem Comments 146% 116% FP/FN for multithreaded AddressSanitizer 38% 292% BaggyBounds1 70% 12% Not publicly available Low-Fat Pointers2 54% 12% Not publicly available SGXBounds 55% 0% (this work) Intel MPX 1 P. Akritidis et al. Baggy Bounds Checking: An efficient and backwards-compatible defense against out-of-bounds errors. Usenix Security'09 2 G. Duck et al. Stack Bounds Protection with Low Fat Pointers. NDSS'17
82 SGXBounds: Implementation SGXBounds (LLVM pass) Source code App (in SCONE) Operating System CPU SGX RAM Instrumentation: data: lower bound metadata after each allocated object pointers: upper bound metadata in each data pointer code: bounds-check before each memory access
83 Security guarantees D T detected? tolerated? MPX RIPE benchmark ASan SGXBounds 2/16 8/16 8/16 Memcached CVE D (T) D (T) D (T) Nginx CVE D (T) D (T) D (T) Apache Heartbleed D (T) D (T) D (T)
84 Case Studies: Full Picture
85 Classes of Defenses against Attacks CF control flow hijack, DO data-only attack, IL information leak
86 SGXBounds and Boundless Memory 63 rcx 31 UB 0 pointer p (p+offset) < LB (p+offset) UB out-ofbounds *(p+offset) referent object Lower Bound (LB) LB victim object Upper Bound (UB) mapping: aligned(p) -> chunk out-of-bounds access LRU cache chunk 1 M. chunk chunk redirect access Rinard et al. A dynamic technique for eliminating buffer overflow vulnerabilities (and other memory errors). ACSAC'04
87 SGXBounds: Outside of Enclaves
SCONE: Secure Linux Container Environments with Intel SGX
SCONE: Secure Linux Container Environments with Intel SGX S. Arnautov, B. Trach, F. Gregor, Thomas Knauth, and A. Martin, Technische Universität Dresden; C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe,
More informationGraphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij
Graphene-SGX A Practical Library OS for Unmodified Applications on SGX Chia-Che Tsai Donald E. Porter Mona Vij Intel SGX: Trusted Execution on Untrusted Hosts Processing Sensitive Data (Ex: Medical Records)
More informationVarys. Protecting SGX Enclaves From Practical Side-Channel Attacks. Oleksii Oleksenko, Bohdan Trach. Mark Silberstein
Varys Protecting SGX Enclaves From Practical Side-Channel Attacks Oleksii Oleksenko, Bohdan Trach Robert Krahn, Andre Martin, Christof Fetzer Mark Silberstein Key issue of the cloud: We cannot trust it
More informationObliviate: A Data Oblivious File System for Intel SGX. Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee
Obliviate: A Data Oblivious File System for Intel SGX Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee 1 Clouds? The Ultimate Dream? User Clouds 2 Clouds? The Ultimate Dream? User Clouds
More informationHAFT Hardware-Assisted Fault Tolerance
HAFT Hardware-Assisted Fault Tolerance Dmitrii Kuvaiskii Rasha Faqeh Pramod Bhatotia Christof Fetzer Technische Universität Dresden Pascal Felber Université de Neuchâtel Hardware Errors in the Wild Online
More informationElzar Triple Modular Redundancy using Intel AVX
Elzar Triple Modular Redundancy using Intel AVX Dmitrii Kuvaiskii Oleksii Oleksenko Pramod Bhatotia Christof Fetzer Pascal Felber Hardware Errors in the Wild Online services run in huge data centers 1
More informationLocking Down the Processor via the Rowhammer Attack
SGX-BOMB: Locking Down the Processor via the Rowhammer Attack Yeongjin Jang*, Jaehyuk Lee, Sangho Lee, and Taesoo Kim Oregon State University* KAIST Georgia Institute of Technology TL;DR SGX locks up the
More informationThe benefits and costs of writing a POSIX kernel in a high-level language
1 / 38 The benefits and costs of writing a POSIX kernel in a high-level language Cody Cutler, M. Frans Kaashoek, Robert T. Morris MIT CSAIL Should we use high-level languages to build OS kernels? 2 / 38
More informationRacing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. CS 563 Young Li 10/31/18
Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races CS 563 Young Li 10/31/18 Intel Software Guard extensions (SGX) and Hyper-Threading What is Intel SGX? Set of
More informationSGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 3b SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees Slide deck extracted from Kamran s tutorial on SGX and Chenglu s security analysis
More informationBoundless Memory Blocks
Boundless Memory Blocks Cristian Cadar Massachusetts Institute of Technology (now Stanford University) M. Rinard, D. Dumitran D. Roy, T. Leu Massachusetts Institute of Technology Annual Computer Security
More informationEleos: Exit-Less OS Services for SGX Enclaves
Eleos: Exit-Less OS Services for SGX Enclaves Meni Orenbach Marina Minkin Pavel Lifshits Mark Silberstein Accelerated Computing Systems Lab Haifa, Israel What do we do? Improve performance: I/O intensive
More informationHA2lloc: Hardware-Assisted Secure Allocator
HA2lloc: Hardware-Assisted Secure Allocator Orlando Arias, Dean Sullivan, Yier Jin {oarias,dean.sullivan}@knights.ucf.edu yier.jin@ece.ufl.edu University of Central Florida University of Florida June 25,
More informationStack Bounds Protection with Low Fat Pointers
Stack Bounds Protection with Low Fat Pointers Gregory J. Duck, Roland H.C. Yap, and Lorenzo Cavallaro NDSS 2017 Overview Heap Bounds Protection with Low Fat Pointers, CC 2016 Stack New method for detecting
More informationControlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. Yuanzhong Xu, Weidong Cui, Marcus Peinado
: Deterministic Side Channels for Untrusted Operating Systems Yuanzhong Xu, Weidong Cui, Marcus Peinado 2 Goal Protect the data of applications running on remote hardware 3 New tech Trusted Platform Modules
More informationPreventing Use-after-free with Dangling Pointers Nullification
Preventing Use-after-free with Dangling Pointers Nullification Byoungyoung Lee, Chengyu Song, Yeongjin Jang Tielei Wang, Taesoo Kim, Long Lu, Wenke Lee Georgia Institute of Technology Stony Brook University
More informationA Comparison Study of Intel SGX and AMD Memory Encryption Technology
A Comparison Study of Intel SGX and AMD Memory Encryption Technology Saeid Mofrad, Fengwei Zhang Shiyong Lu Wayne State University {saeid.mofrad, Fengwei, Shiyong}@wayne.edu Weidong Shi (Larry) University
More informationSafeBricks: Shielding Network Functions in the Cloud
SafeBricks: Shielding Network Functions in the Cloud Rishabh Poddar, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley Network Functions (NFs) in the cloud Clients 2 Enterprise Destination Network
More informationIntroduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
More informationSoK: Eternal War in Memory
SoK: Eternal War in Memory László Szekeres, Mathias Payer, Tao Wei, Dawn Song Presenter: Wajih 11/7/2017 Some slides are taken from original S&P presentation 1 What is SoK paper? Systematization of Knowledge
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationShreds: S H R E. Fine-grained Execution Units with Private Memory. Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu D S
Shreds: S H R E D S Fine-grained Execution Units with Private Memory Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu RiS3 Lab / Computer Science / Stony Brook University 1 Execution Units
More informationScotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage
Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage Kevin Leach 1, Fengwei Zhang 2, and Westley Weimer 1 1 University of Michigan, 2 Wayne State University
More informationSecure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Attacks
: Defending Against Cache-Based Side Channel Attacks Mengjia Yan, Bhargava Gopireddy, Thomas Shull, Josep Torrellas University of Illinois at Urbana-Champaign http://iacoma.cs.uiuc.edu Presented by Mengjia
More informationIsolating Operating System Components with Intel SGX
SysTEX 16 Trento, Italy Isolating Operating System Components with Intel SGX Lars Richter, Johannes Götzfried, Tilo Müller Department of Computer Science FAU Erlangen-Nuremberg, Germany December 12, 2016
More informationA program execution is memory safe so long as memory access errors never occur:
A program execution is memory safe so long as memory access errors never occur: Buffer overflows, null pointer dereference, use after free, use of uninitialized memory, illegal free Memory safety categories
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationFile Systems. Kartik Gopalan. Chapter 4 From Tanenbaum s Modern Operating System
File Systems Kartik Gopalan Chapter 4 From Tanenbaum s Modern Operating System 1 What is a File System? File system is the OS component that organizes data on the raw storage device. Data, by itself, is
More informationCFIXX: Object Type Integrity. Nathan Burow, Derrick McKee, Scott A. Carr, Mathias Payer
CFIXX: Object Type Integrity Nathan Burow, Derrick McKee, Scott A. Carr, Mathias Payer Control-Flow Hijacking Attacks C / C++ are ubiquitous and insecure Browsers: Chrome, Firefox, Internet Explorer Servers:
More informationEE 457 Unit 7b. Main Memory Organization
1 EE 457 Unit 7b Main Memory Organization 2 Motivation Organize main memory to Facilitate byte-addressability while maintaining Efficient fetching of the words in a cache block Low order interleaving (L.O.I)
More informationSanctum: Minimal HW Extensions for Strong SW Isolation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7a Sanctum: Minimal HW Extensions for Strong SW Isolation Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical &
More informationRyoan: A Distributed Sandbox for Untrusted Computation on Secret Data
Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel University of Texas at Austin OSDI 2016 Presented by John Alsop
More informationHDFI: Hardware-Assisted Data-flow Isolation
HDFI: Hardware-Assisted Data-flow Isolation Presented by Ben Schreiber Chengyu Song 1, Hyungon Moon 2, Monjur Alam 1, Insu Yun 1, Byoungyoung Lee 1, Taesoo Kim 1, Wenke Lee 1, Yunheung Paek 2 1 Georgia
More informationCIS 4360 Secure Computer Systems SGX
CIS 4360 Secure Computer Systems SGX Professor Qiang Zeng Spring 2017 Some slides are stolen from Intel docs Previous Class UEFI Secure Boot Windows s Trusted Boot Intel s Trusted Boot CIS 4360 Secure
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationCS 550 Operating Systems Spring File System
1 CS 550 Operating Systems Spring 2018 File System 2 OS Abstractions Process: virtualization of CPU Address space: virtualization of memory The above to allow a program to run as if it is in its own private,
More informationSoftware Solutions to Micro-architectural Side Channels. Yinqian Zhang Assistant Professor Computer Science & Engineering The Ohio State University
Software Solutions to Micro-architectural Side Channels Yinqian Zhang Assistant Professor Computer Science & Engineering The Ohio State University Introduction Research interests Computer system security
More informationMemory Defenses. The Elevation from Obscurity to Headlines. Rajeev Balasubramonian School of Computing, University of Utah
Memory Defenses The Elevation from Obscurity to Headlines Rajeev Balasubramonian School of Computing, University of Utah Image sources: pinterest, gizmodo 2 Spectre Overview Victim Code x is controlled
More informationARMlock: Hardware-based Fault Isolation for ARM
ARMlock: Hardware-based Fault Isolation for ARM Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang North Carolina State University Xi an Jiaotong University Florida State University Software is Complicated
More informationEndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution
: Scalable Functions Using -Side Trusted Execution Image CC-BY-SA Victorgrigas David Goltzsche, 1 Signe Rüsch, 1 Manuel Nieke, 1 Sébastien Vaucher, 2 Nico Weichbrodt, 1 Valerio Schiavoni, 2 Pierre-Louis
More informationCling: A Memory Allocator to Mitigate Dangling Pointers. Periklis Akritidis
Cling: A Memory Allocator to Mitigate Dangling Pointers Periklis Akritidis --2010 Use-after-free Vulnerabilities Accessing Memory Through Dangling Pointers Techniques : Heap Spraying, Feng Shui Manual
More informationWORKLOAD CHARACTERIZATION OF INTERACTIVE CLOUD SERVICES BIG AND SMALL SERVER PLATFORMS
WORKLOAD CHARACTERIZATION OF INTERACTIVE CLOUD SERVICES ON BIG AND SMALL SERVER PLATFORMS Shuang Chen*, Shay Galon**, Christina Delimitrou*, Srilatha Manne**, and José Martínez* *Cornell University **Cavium
More informationMobilizing the Micro-Ops: Exploiting Context Sensitive Decoding for Security and Energy Efficiency
Mobilizing the Micro-Ops: Exploiting Context Sensitive Decoding for Security and Energy Efficiency Mohammadkazem Taram, Ashish Venkat, Dean Tullsen University of California, San Diego The Tension between
More informationHow to Sandbox IIS Automatically without 0 False Positive and Negative
How to Sandbox IIS Automatically without 0 False Positive and Negative Professor Tzi-cker Chiueh Computer Science Department Stony Brook University chiueh@cs.sunysb.edu 1/10/06 Blackhat Federal 2006 1
More informationPageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on. Blaise-Pascal Tine Sudhakar Yalamanchili
PageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on Blaise-Pascal Tine Sudhakar Yalamanchili Outline Background: Memory Security Motivation Proposed Solution Implementation Evaluation Conclusion
More informationLeaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX W. Wang, G. Chen, X, Pan, Y. Zhang, XF. Wang, V. Bindschaedler, H. Tang, C. Gunter. September 19, 2017 Motivation Intel
More informationEnhancing Memory Error Detection for Large-Scale Applications and Fuzz testing
Enhancing Memory Error Detection for Large-Scale Applications and Fuzz testing Wookhyun Han, Byunggil Joe, Byoungyoung Lee *, Chengyu Song, Insik Shin KAIST, * Purdue, UCR 1 Memory error Heartbleed Shellshock
More informationFile system internals Tanenbaum, Chapter 4. COMP3231 Operating Systems
File system internals Tanenbaum, Chapter 4 COMP3231 Operating Systems Architecture of the OS storage stack Application File system: Hides physical location of data on the disk Exposes: directory hierarchy,
More informationInference of Memory Bounds
Research Review 2017 Will Klieber, software security researcher Joint work with Will Snavely public release and unlimited distribution. 1 Copyright 2017 Carnegie Mellon University. All Rights Reserved.
More informationUndermining Information Hiding (And What to do About it)
Undermining Information Hiding (And What to do About it) Enes Göktaş, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, Herbert Bos Overview Mitigating
More informationEnhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization
Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Anton Kuijsten Andrew S. Tanenbaum Vrije Universiteit Amsterdam 21st USENIX Security Symposium Bellevue,
More informationLow level security. Andrew Ruef
Low level security Andrew Ruef What s going on Stuff is getting hacked all the time We re writing tons of software Often with little regard to reliability let alone security The regulatory environment
More informationSecurity through Multi-Layer Diversity
Security through Multi-Layer Diversity Meng Xu (Qualifying Examination Presentation) 1 Bringing Diversity to Computing Monoculture Current computing monoculture leaves our infrastructure vulnerable to
More informationSPECTRES, VIRTUAL GHOSTS, AND HARDWARE SUPPORT
SPECTRES, VIRTUAL GHOSTS, AND HARDWARE SUPPORT Xiaowan Dong Zhuojia Shen John Criswell Alan Cox Sandhya Dwarkadas University of Rochester University of Rochester University of Rochester Rice University
More informationSpectre Returns! Speculation Attacks Using Return Stack Buffer
Spectre Returns! Speculation Attacks Using Return Stack Buffer Esmaeil Mohammadian, Khaled N. Khasawneh, Chengyue Song and Nael Abu-Ghazaleh University of California, Riverside WOOT 2018 BALTIMORE, USA
More informationSistemas Operacionais I. Valeria Menezes Bastos
Sistemas Operacionais I Valeria Menezes Bastos Operating Systems: Internals and Design Principles Chapter 1 Computer System Overview Eighth Edition By William Stallings Summary Basic Elements Evolution
More informationProtection. Thierry Sans
Protection Thierry Sans Protecting Programs How to lower the risk of a program security flaw resulting from a bug? 1. Build better programs 2. Build better operating systems Build Better Programs Why are
More informationDesigning a True Direct-Access File System with DevFS
Designing a True Direct-Access File System with DevFS Sudarsun Kannan, Andrea Arpaci-Dusseau, Remzi Arpaci-Dusseau University of Wisconsin-Madison Yuangang Wang, Jun Xu, Gopinath Palani Huawei Technologies
More informationIX: A Protected Dataplane Operating System for High Throughput and Low Latency
IX: A Protected Dataplane Operating System for High Throughput and Low Latency Belay, A. et al. Proc. of the 11th USENIX Symp. on OSDI, pp. 49-65, 2014. Reviewed by Chun-Yu and Xinghao Li Summary In this
More informationControlled- Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
Controlled- Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems Yuanzhong Xu, Weidong Cui, Marcus Peinado The University of Texas at Austin, Microsoft Research San Jose, CA May
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationT-SGX: Eradicating Controlled-Channel
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs Ming-Wei Shih Sangho Lee Taesoo Kim Marcus Peinado Georgia Institute of Technology Microsoft Research 2 3 Intel SGX aims to secure
More informationFile System Internals. Jo, Heeseung
File System Internals Jo, Heeseung Today's Topics File system implementation File descriptor table, File table Virtual file system File system design issues Directory implementation: filename -> metadata
More informationRuntime Defenses against Memory Corruption
CS 380S Runtime Defenses against Memory Corruption Vitaly Shmatikov slide 1 Reading Assignment Cowan et al. Buffer overflows: Attacks and defenses for the vulnerability of the decade (DISCEX 2000). Avijit,
More informationBanshee: Bandwidth-Efficient DRAM Caching via Software/Hardware Cooperation!
Banshee: Bandwidth-Efficient DRAM Caching via Software/Hardware Cooperation! Xiangyao Yu 1, Christopher Hughes 2, Nadathur Satish 2, Onur Mutlu 3, Srinivas Devadas 1 1 MIT 2 Intel Labs 3 ETH Zürich 1 High-Bandwidth
More informationIntel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron
Real World Cryptography Conference 2016 6-8 January 2016, Stanford, CA, USA Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron Intel Corp., Intel Development Center,
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 X. Chen, T, Garfinkel, E. Lewis, P. Subrahmanyam, C. Waldspurger, D. Boneh, J. Dwoskin,
More informationCOMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
More informationLeveraging Intel SGX to Create a Nondisclosure Cryptographic library
CS 2530 - Computer and Network Security Project presentation Leveraging Intel SGX to Create a Nondisclosure Cryptographic library Mohammad H Mofrad & Spencer L Gray University of Pittsburgh Thursday, December
More informationAzor: Using Two-level Block Selection to Improve SSD-based I/O caches
Azor: Using Two-level Block Selection to Improve SSD-based I/O caches Yannis Klonatos, Thanos Makatos, Manolis Marazakis, Michail D. Flouris, Angelos Bilas {klonatos, makatos, maraz, flouris, bilas}@ics.forth.gr
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 Reference Monitor Observes execution of the program/process At what level? Possibilities:
More information2 nd Half. Memory management Disk management Network and Security Virtual machine
Final Review 1 2 nd Half Memory management Disk management Network and Security Virtual machine 2 Abstraction Virtual Memory (VM) 4GB (32bit) linear address space for each process Reality 1GB of actual
More informationAuthenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas
Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model
More informationBaggy bounds with LLVM
Baggy bounds with LLVM Anton Anastasov Chirantan Ekbote Travis Hance 6.858 Project Final Report 1 Introduction Buffer overflows are a well-known security problem; a simple buffer-overflow bug can often
More informationEnhancing Memory Error Detection for Larg e-scale Applications and Fuzz testing
Enhancing Memory Error Detection for Larg e-scale Applications and Fuzz testing Wookhyun Han, Byunggil Joe, Byoungyoung Lee *, C hengyu Song, Insik Shin KAIST, * Purdue, UCR 1 Memory error Heartbleed Shellshock
More informationInject malicious code Call any library functions Modify the original code
Inject malicious code Call any library functions Modify the original code 2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks 2 3 Sadeghi, Davi TU Darmstadt
More informationMemory Safety for Low- Level Software/Hardware Interactions
Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray Montreal or Bust! Vikram Adve Safety Future is Bright User-space memory safety is improving Safe languages SAFECode,
More informationQuickRec: Prototyping an Intel Architecture Extension for Record and Replay of Multithreaded Programs
QuickRec: Prototyping an Intel Architecture Extension for Record and Replay of Multithreaded Programs Intel: Gilles Pokam, Klaus Danne, Cristiano Pereira, Rolf Kassa, Tim Kranich, Shiliang Hu, Justin Gottschlich
More informationVirtual Memory Virtual memory first used to relive programmers from the burden of managing overlays.
CSE420 Virtual Memory Prof. Mokhtar Aboelaze York University Based on Slides by Prof. L. Bhuyan (UCR) Prof. M. Shaaban (RIT) Virtual Memory Virtual memory first used to relive programmers from the burden
More informationGPUfs: Integrating a file system with GPUs
GPUfs: Integrating a file system with GPUs Mark Silberstein (UT Austin/Technion) Bryan Ford (Yale), Idit Keidar (Technion) Emmett Witchel (UT Austin) 1 Traditional System Architecture Applications OS CPU
More informationTRUSTSHADOW: SECURE EXECUTION OF UNMODIFIED APPLICATIONS WITH ARM TRUSTZONE Florian Olschewski
TRUSTSHADOW: SECURE EXECUTION OF UNMODIFIED APPLICATIONS WITH ARM TRUSTZONE 14.11.2018 Florian Olschewski 1 OUTLINE 1) Introduction 2) Trustzone 3) Threat Model 4) Overview 5) Runtime System 6) Implementation
More informationAttacking the Linux PRNG on Android. David Kaplan, Sagi Kedmi, Roee Hay & Avi Dayan IBM Security Systems
Attacking the Linux PRNG on Android David Kaplan, Sagi Kedmi, Roee Hay & Avi Dayan IBM Security Systems MOTIVATION motivation_keystore_buffer_overflow We discovered CVE-2014-3100, a stack-based Buffer
More informationFlexSC. Flexible System Call Scheduling with Exception-Less System Calls. Livio Soares and Michael Stumm. University of Toronto
FlexSC Flexible System Call Scheduling with Exception-Less System Calls Livio Soares and Michael Stumm University of Toronto Motivation The synchronous system call interface is a legacy from the single
More informationNew features in AddressSanitizer. LLVM developer meeting Nov 7, 2013 Alexey Samsonov, Kostya Serebryany
New features in AddressSanitizer LLVM developer meeting Nov 7, 2013 Alexey Samsonov, Kostya Serebryany Agenda AddressSanitizer (ASan): a quick reminder New features: Initialization-order-fiasco Stack-use-after-scope
More informationAdaptive Android Kernel Live Patching
USENIX Security Symposium 2017 Adaptive Android Kernel Live Patching Yue Chen 1, Yulong Zhang 2, Zhi Wang 1, Liangzhao Xia 2, Chenfu Bao 2, Tao Wei 2 Florida State University 1 Baidu X-Lab 2 Android Kernel
More informationMemory Management Outline. Operating Systems. Motivation. Paging Implementation. Accessing Invalid Pages. Performance of Demand Paging
Memory Management Outline Operating Systems Processes (done) Memory Management Basic (done) Paging (done) Virtual memory Virtual Memory (Chapter.) Motivation Logical address space larger than physical
More informationCLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.
CLASS AGENDA INTEL SGX OVERVIEW... DEVELOPER TOOLKIT... DEVELOPING FOR INTEL SGX... BREAK FOR LUNCH... PROVISIONING SECRETS... DATA SEALING...... 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00
More informationSecuring Software Applications Using Dynamic Dataflow Analysis. OWASP June 16, The OWASP Foundation
Securing Software Applications Using Dynamic Dataflow Analysis Steve Cook OWASP June 16, 2010 0 Southwest Research Institute scook@swri.org (210) 522-6322 Copyright The OWASP Foundation Permission is granted
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationAerie: Flexible File-System Interfaces to Storage-Class Memory [Eurosys 2014] Operating System Design Yongju Song
Aerie: Flexible File-System Interfaces to Storage-Class Memory [Eurosys 2014] Operating System Design Yongju Song Outline 1. Storage-Class Memory (SCM) 2. Motivation 3. Design of Aerie 4. File System Features
More informationRuntime Integrity Checking for Exploit Mitigation on Embedded Devices
Runtime Integrity Checking for Exploit Mitigation on Embedded Devices Matthias Neugschwandtner IBM Research, Zurich eug@zurich.ibm.com Collin Mulliner Northeastern University, Boston collin@mulliner.org
More informationAccelerating Pointer Chasing in 3D-Stacked Memory: Challenges, Mechanisms, Evaluation Kevin Hsieh
Accelerating Pointer Chasing in 3D-Stacked : Challenges, Mechanisms, Evaluation Kevin Hsieh Samira Khan, Nandita Vijaykumar, Kevin K. Chang, Amirali Boroumand, Saugata Ghose, Onur Mutlu Executive Summary
More informationSoftware security, secure programming
Software security, secure programming Lecture 4: Protecting your code against software vulnerabilities? (overview) Master on Cybersecurity Master MoSiG Academic Year 2017-2018 Preamble Bad news several
More informationLecture Notes: Unleashing MAYHEM on Binary Code
Lecture Notes: Unleashing MAYHEM on Binary Code Rui Zhang February 22, 2017 1 Finding Exploitable Bugs 1.1 Main Challenge in Exploit Generation Exploring enough of the state space of an application to
More informationENEE 457: Computer Systems Security. Lecture 16 Buffer Overflow Attacks
ENEE 457: Computer Systems Security Lecture 16 Buffer Overflow Attacks Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College Park Buffer overflow
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationReadings and References. Virtual Memory. Virtual Memory. Virtual Memory VPN. Reading. CSE Computer Systems December 5, 2001.
Readings and References Virtual Memory Reading Chapter through.., Operating System Concepts, Silberschatz, Galvin, and Gagne CSE - Computer Systems December, Other References Chapter, Inside Microsoft
More informationWhen Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins
When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins Michael Schwarz, Moritz Lipp michael.schwarz@iaik.tugraz.at, moritz.lipp@iaik.tugraz.at Abstract In our talk, we show that despite all
More informationAvanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.
Avanan for G Suite Technical Overview Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7
More information238P: Operating Systems. Lecture 5: Address translation. Anton Burtsev January, 2018
238P: Operating Systems Lecture 5: Address translation Anton Burtsev January, 2018 Two programs one memory Very much like car sharing What are we aiming for? Illusion of a private address space Identical
More information