A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory

Size: px

Start display at page:

Download "A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory"

Bethany Hawkins
6 years ago
Views:

1 A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory Maximilian Seitzer, Michael Gruhn, Tilo Müller Friedrich Alexander Universität Erlangen-Nürnberg

2 Introduction Context: physical security Attacker has physical access to running system. 3

3 Introduction Context: physical security Attacker has physical access to running system. Ultimate problem: RAM is insecure. Cold boot attack, DMA attack 4

4 Introduction Context: physical security Attacker has physical access to running system. Ultimate problem: RAM is insecure. Cold boot attack, DMA attack Attacker has access to all kinds of sensitive data in memory, e.g.: Full disk encryption keys Code and data of running programs 5

5 Introduction Existing solutions to protect hard disk encryption: Run encryption on hardware (FDE) Run encryption on CPU (e.g. TRESOR) 6

6 Introduction Existing solutions to protect hard disk encryption: Run encryption on hardware (FDE) Run encryption on CPU (e.g. TRESOR) Possible solution: encrypt RAM With software: cheap, but slow With hardware: efficient, but expensive 7

7 Introduction Existing solutions to protect hard disk encryption: Run encryption on hardware (FDE) Run encryption on CPU (e.g. TRESOR) Possible solution: encrypt RAM With software: cheap, but slow With hardware: efficient, but expensive Our approach: Executing programs securely by not using RAM for sensitive data 8

8 Initial Situation Code and data are residing in RAM unprotected. RAM code CPU registers data 9

9 Idea: secure execution environment Move execution into CPU Encrypt program segments within RAM RAM CPU code data bytecode interpreter registers code data 10

10 Idea: secure execution environment Move execution into CPU Encrypt program segments within RAM Employ secure encryption: TRESOR RAM CPU code data bytecode interpreter registers code data 11

11 A program s lifecycle 13

12 A program s lifecycle Compiler produces encrypted bytecode.scll compiler source code user space 14

13 A program s lifecycle Front end invokes execution.scll compiler source code front end user space 15

14 A program s lifecycle Front end invokes execution.scll compiler source code back end front end user space sys-interface kernel space 16

15 A program s lifecycle Back end executes encrypted program.scll compiler source code back end front end user space sys-interface kernel space 17

16 A program s lifecycle Results are passed back to the user.scll compiler source code back end front end results user space sys-interface kernel space 18

17 Memory Layout Interpreter simulates instructions on program state 19

18 Memory Layout Interpreter simulates instructions on program state Interpreter manages three memory segments 20

19 Memory Layout Interpreter simulates instructions on program state Interpreter manages three memory segments code segment instructions instruction pointer 21

20 Memory Layout Interpreter simulates instructions on program state Interpreter manages three memory segments code segment instructions call stack variables instruction pointer stack pointer return addresses arguments 22

21 Memory Layout Interpreter simulates instructions on program state Interpreter manages three memory segments code segment call stack operand stack instruction pointer instructions stack pointer variables return addresses arguments stack pointer operands return values 23

22 Memory Layout The row registers contain a decrypted slice of a memory segment. The interpreter always loads the slices containing the currently needed data into the registers. instruction pointer code segment call stack operand stack instructions stack pointer variables return addresses arguments stack pointer operands return values CPU row registers (128 bit SSE registers) 24

23 Achieving Security Against Memory Attacks Obviously encrypt memory 28

24 Achieving Security Against Memory Attacks Obviously encrypt memory For this, AES has to run entirely on the CPU. Provided by an adapted TRESOR implementation, utilizing the instruction sets AVX and AES-NI. 29

25 Achieving Security Against Memory Attacks Obviously encrypt memory For this, AES has to run entirely on the CPU. Provided by an adapted TRESOR implementation, utilizing the instruction sets AVX and AES-NI. Problem: Context switches Operating system saves CPU registers to RAM Solution: deny context switches to happen 30

Beginning of atomic section Load state into registers

26 Achieving Security Against Memory Attacks Execution gets divided into atomic sections. Beginning of atomic section Load state into registers Process instructions End of atomic section Save state, clear registers 31

27 Bytecode Language Functionalities: Local variables Arithmetic: add, sub, mul, div, mod Conditional and unconditional jumps Function calls Input via commandline parameters, Output via print. 32

28 Bytecode Language Functionalities: Local variables Arithmetic: add, sub, mul, div, mod Conditional and unconditional jumps Function calls Input via commandline parameters, Output via print. Restrictions: Only one data type (integer) No arrays No global memory segment 33

29 runtime Evaluation: Performance Averaged runtime of three benchmark programs with four different languages 100% 80% 60% 40% 25,3% 20% 0% 0,9% 0,7% Interpreter Python Java C 35

30 runtime Evaluation: Performance Averaged runtime of three benchmark programs with four different languages 100% 80% without encryption 60% 40% 20% 22,4% 25,3% 0% 0,9% 0,7% Interpreter Python Java C 36

31 Evaluation: Security Protection against memory attacks: By design, neither key nor program state should leak into RAM. Scans of several different memory dumps for keys, code and data did not return any findings. 37

32 Evaluation: Security Protection against memory attacks: By design, neither key nor program state should leak into RAM. Scans of several different memory dumps for keys, code and data did not return any findings. But: TRESOR-Hunt (Blass & Robertson, 2012) DMA write attack Malicious code gets injected and executed in kernel context. Preventable e.g. with device whitelisting or IOMMU. 38

33 Future Work Extension of bytecode language More data types, arrays, global datasegment, Make execution of real software secure 40

34 Future Work Extension of bytecode language More data types, arrays, global datasegment, Make execution of real software secure Performance improvements through AVX-512 Additional register space allows caching New instructions allow to simplify implementation 41

35 Conclusion We present the concept of a secure execution environment in form of a bytecode interpreter which executes programs without using RAM for sensitive data. Proof of concept implementation is available for x86-64 Linux. Interpreter protects against memory attacks. Interpreter is around factor 4 slower than Python, with most time spent on encryption. 42

36 Thank you for your attention Any questions? 43

Isolating Operating System Components with Intel SGX

SysTEX 16 Trento, Italy Isolating Operating System Components with Intel SGX Lars Richter, Johannes Götzfried, Tilo Müller Department of Computer Science FAU Erlangen-Nuremberg, Germany December 12, 2016