a non inclusive memory permissions architecture for
play

A Non-Inclusive Memory Permissions Architecture for Protection - PowerPoint PPT Presentation

Oct 20, 2022 •101 likes •872 views

A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse Elwell 1 Ryan Riley 2 Nael Abu-Ghazaleh 1 Dmitry Ponomarev 1 1 State University of New York at Binghamton Department of Computer Science 2 Qatar

  1. A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse Elwell 1 Ryan Riley 2 Nael Abu-Ghazaleh 1 Dmitry Ponomarev 1 1 State University of New York at Binghamton Department of Computer Science 2 Qatar University Department of Computer Science 20th International Symposium on High Performance Computer Architecture February 17th, 2014

  2. Introduction & Motivation System software (Hypervisor/OS) is steadily increasing in complexity Complexity leads to vulberabilities Software Lines of Code Vulnerabilities KVM 30K 38 Xen 200K 59 Linux kernel 15M 228 A single vulnerability in system software can allow an attacker to compromise the entire system Binghamton University / Qatar University HPCA 2014 2 / 25

  3. Example 1: Malicious Supervisor Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout OS User Binghamton University / Qatar University HPCA 2014 3 / 25

  4. Example 1: Malicious Supervisor Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout OS User Sensitive READ-WRITE NO USER/SUPERVISOR Data Binghamton University / Qatar University HPCA 2014 3 / 25

  5. Example 1: Malicious Supervisor Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout Buffer OS User Sensitive READ-WRITE NO USER/SUPERVISOR Data Binghamton University / Qatar University HPCA 2014 3 / 25

  6. Example 1: Malicious Supervisor Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout Buffer Copy Sensitive READ-WRITE NO USER/SUPERVISOR Data Binghamton University / Qatar University HPCA 2014 3 / 25

  7. Example 1: Malicious Supervisor Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout Sensitive Data OS User Sensitive READ-WRITE NO USER/SUPERVISOR Data Binghamton University / Qatar University HPCA 2014 3 / 25

  8. Example 1: Malicious Supervisor Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout Sensitive Data OS User Sensitive READ-WRITE NO USER/SUPERVISOR Data Binghamton University / Qatar University HPCA 2014 3 / 25

  9. Example 2: return-2-user Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout OS User Binghamton University / Qatar University HPCA 2014 4 / 25

  10. Example 2: return-2-user Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout OS User Malicious READ-WRITE YES USER/SUPERVISOR Code Binghamton University / Qatar University HPCA 2014 4 / 25

  11. Example 2: return-2-user Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout Code System Call OS User Malicious READ-WRITE YES USER/SUPERVISOR Code Binghamton University / Qatar University HPCA 2014 4 / 25

  12. Example 2: return-2-user Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout Vulnerability Code Exploited OS User Malicious READ-WRITE YES USER/SUPERVISOR Code Binghamton University / Qatar University HPCA 2014 4 / 25

  13. Example 2: return-2-user Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout Code OS Privileges OS User Malicious READ-WRITE YES USER/SUPERVISOR Code Binghamton University / Qatar University HPCA 2014 4 / 25

  14. Example 2: return-2-user Attack x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Memory Layout Code OS Privileges OS User Malicious READ-WRITE YES USER/SUPERVISOR Code Binghamton University / Qatar University HPCA 2014 4 / 25

  15. Cross-Layer Attack Flows App App App Guest OS Guest OS Hypervisor Binghamton University / Qatar University HPCA 2014 5 / 25

  16. Cross-Layer Attack Flows App App App ret-2-user Guest OS Guest OS Hypervisor Binghamton University / Qatar University HPCA 2014 5 / 25

  17. Cross-Layer Attack Flows App App App ret-2-user Guest OS Guest OS ret-2-VM Hypervisor Binghamton University / Qatar University HPCA 2014 5 / 25

  18. Cross-Layer Attack Flows App App App ret-2-user Guest OS Guest OS ret-2-VM Hypervisor Binghamton University / Qatar University HPCA 2014 5 / 25

  19. Cross-Layer Attack Flows App App App ret-2-user Guest OS Guest OS ret-2-VM Hypervisor Binghamton University / Qatar University HPCA 2014 5 / 25

  20. Cross-Layer Attack Flows App App App ret-2-user Guest OS Guest OS ret-2-VM Hypervisor Binghamton University / Qatar University HPCA 2014 5 / 25

  21. Non-Inclusive Memory Permissions Current Inclusive x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Binghamton University / Qatar University HPCA 2014 6 / 25

  22. Non-Inclusive Memory Permissions Current Inclusive x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Binghamton University / Qatar University HPCA 2014 6 / 25

  23. Non-Inclusive Memory Permissions Current Inclusive x86-64 Memory Permissions EXECUTABLE SUPERVISOR OR READ-ONLY OR YES/NO USER/SUPERVISOR READ-WRITE Non-Inclusive Memory Permissions (NIMP) Hypervisor Operating System User-Level Read Write Execute Read Write Execute Read Write Execute Binghamton University / Qatar University HPCA 2014 6 / 25

  24. Mitigating Malicious Supervisor Attacks Non-Inclusive Memory Permissions Operating System User-Level Memory Layout Read Write Execute Read Write Execute Buffer Copy Sensitive NO NO NO YES YES NO Data Binghamton University / Qatar University HPCA 2014 7 / 25

  25. Mitigating Malicious Supervisor Attacks Non-Inclusive Memory Permissions Operating System User-Level Memory Layout Read Write Execute Read Write Execute Buffer OS EXCEPTION! User Sensitive NO NO NO YES YES NO Data Binghamton University / Qatar University HPCA 2014 7 / 25

  26. Mitigating Malicious Supervisor Attacks Non-Inclusive Memory Permissions Operating System User-Level Memory Layout Read Write Execute Read Write Execute Buffer OS EXCEPTION! User Sensitive NO NO NO YES YES NO Data Binghamton University / Qatar University HPCA 2014 7 / 25

  27. Mitigating return-2-user Attacks Non-Inclusive Memory Permissions Operating System User-Level Memory Layout Read Write Execute Read Write Execute Code OS Privileges OS User Malicious NO NO NO YES YES YES Code Binghamton University / Qatar University HPCA 2014 8 / 25

  28. Mitigating return-2-user Attacks Non-Inclusive Memory Permissions Operating System User-Level Memory Layout Read Write Execute Read Write Execute Code OS EXCEPTION! User Malicious NO NO NO YES YES YES Code Binghamton University / Qatar University HPCA 2014 8 / 25

  29. Mitigating return-2-user Attacks Non-Inclusive Memory Permissions Operating System User-Level Memory Layout Read Write Execute Read Write Execute Code OS EXCEPTION! User Malicious NO NO NO YES YES YES Code Binghamton University / Qatar University HPCA 2014 8 / 25

  30. NIMP Design Overview Permission Store Binghamton University / Qatar University HPCA 2014 9 / 25

  31. NIMP Design Overview Memory Permission Change Requests Memory Permission Permission Store Manager Binghamton University / Qatar University HPCA 2014 9 / 25

  32. NIMP Design Overview Memory Access Memory Permission Requests Change Requests Memory Permission Permission Permission Reference Store Manager Monitor Memory Access Decision Binghamton University / Qatar University HPCA 2014 9 / 25

  33. The Permission Store 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Hypervisor OS User P Reserved S T R W X R W X R W X Binghamton University / Qatar University HPCA 2014 10 / 25

  34. The Permission Store (Protected Memory) PS Entry 0 Permission Store 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 PS Entry 1 Hypervisor OS User P Reserved S PS Entry 2 T R W X R W X R W X . . . PS Entry N Physical Memory Binghamton University / Qatar University HPCA 2014 10 / 25

  35. The Permission Store (Protected Memory) PS Entry 0 Permission Store 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 PS Entry 1 Hypervisor OS User P Reserved S PS Entry 2 T R W X R W X R W X . . . PS Entry N PS_BASE Register Physical Memory Binghamton University / Qatar University HPCA 2014 10 / 25

  36. Augmenting TLBs to Store PS Entries TLB Virtual Physical Virtual Address Address Permissions 0x12345000 0x09ABC000 NX U RO . . . . . . . . . Binghamton University / Qatar University HPCA 2014 11 / 25

Recommend

Architecture Caches Main memory Interconnect system System/Memory bus I/O

Architecture Caches Main memory Interconnect system System/Memory bus I/O

Calcolatori Elettronici e Sistemi Operativi System architecture CPU(s) Memory hierarchy Architecture Caches Main memory Interconnect system System/Memory bus I/O busses ata, eisa, i2c, ide, pci, pcmcia, scsi, spi,

653 views • 21 slides
Relational Access Control with Bivalent Permissions in a Social Web/ Collaboration Architecture

Relational Access Control with Bivalent Permissions in a Social Web/ Collaboration Architecture

Relational Access Control with Bivalent Permissions in a Social Web/ Collaboration Architecture Todd Davies and Mike D. Mintz Symbolic Systems Program Stanford University http://deme.stanford.edu This paper is about access control. But we

267 views • 26 slides
Memory Prefetching Nima Honarmand Spring 2016 :: CSE 502 Computer Architecture The memory

Memory Prefetching Nima Honarmand Spring 2016 :: CSE 502 Computer Architecture The memory

Spring 2016 :: CSE 502 Computer Architecture Memory Prefetching Nima Honarmand Spring 2016 :: CSE 502 Computer Architecture The memory wall 10000 Performance 1000 Processor 100 10 Memory 1 1985 1990 1995 2000 2005 2010

312 views • 29 slides
The Structural Anatomy and Institutional Architecture of Inclusive Growth in SSA Erik Thorbecke

The Structural Anatomy and Institutional Architecture of Inclusive Growth in SSA Erik Thorbecke

The Structural Anatomy and Institutional Architecture of Inclusive Growth in SSA Erik Thorbecke Keynote Presentation for UNU/WIDER Conference on Inclusive Growth in Africa, Helsinki, September 20-21, 2013 Introduction

721 views • 54 slides
COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline Permissions: Part 2 umask - Set Default Permissions Special Permissions Changing Identities su - Run a New Shell as Another

288 views • 11 slides
Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language

Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language

Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language Arts to Several of the slides used in this presentation All Students were originally created by one or more of the following individuals and are

526 views • 26 slides
Internal Roles Internal features: privileged mode, memory protection, file access permissions,

Internal Roles Internal features: privileged mode, memory protection, file access permissions,

Internal Roles Internal features: privileged mode, memory protection, file access permissions, etc. What do they accomplish? What is the real goal? Whom do we protect Internal features protect the operating system against users

536 views • 26 slides
Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich Joint work with : Stefan Heule, Rustan Leino, Peter Mller ETH Zurich Microsoft Research ETH Zurich Overview Verification of

436 views • 42 slides
von Neumann von Neumann vs. Harvard von Neumann Same memory holds data, instructions.

von Neumann von Neumann vs. Harvard von Neumann Same memory holds data, instructions.

Computer Architecture Microprocessor Architecture in a nutshell Alternative approaches Separation of CPU and memory distinguishes programmable computer. Two opposite examples CPU fetches instructions from memory. SHARC

343 views • 7 slides
Memory Prefetching Instructor: Nima Honarmand Spring 2015 :: CSE 502 Computer Architecture

Memory Prefetching Instructor: Nima Honarmand Spring 2015 :: CSE 502 Computer Architecture

Spring 2015 :: CSE 502 Computer Architecture Memory Prefetching Instructor: Nima Honarmand Spring 2015 :: CSE 502 Computer Architecture The memory wall 10000 Performance 1000 Processor 100 10 Memory 1 1985 1990 1995 2000 2005

337 views • 30 slides
CSE 502: Computer Architecture Memory Hierarchy & Caches Motivation 10000 Performance

CSE 502: Computer Architecture Memory Hierarchy & Caches Motivation 10000 Performance

CSE 502: Computer Architecture Memory Hierarchy & Caches Motivation 10000 Performance 1000 Processor 100 10 Memory 1 1985 1990 1995 2000 2005 2010 Want memory to appear: As fast as CPU As large as required by all of

587 views • 39 slides
COMP 590-154: Computer Architecture Shared-Memory Multi-Processors Shared-Memory Multiprocessors

COMP 590-154: Computer Architecture Shared-Memory Multi-Processors Shared-Memory Multiprocessors

COMP 590-154: Computer Architecture Shared-Memory Multi-Processors Shared-Memory Multiprocessors Multiple threads use shared memory (address space) SysV Shared Memory or Threads in software Communication implicit via loads

548 views • 40 slides
1 5.1 Introduction A Typical Memory Hierarchy Memory Technology q Take advantage of the

1 5.1 Introduction A Typical Memory Hierarchy Memory Technology q Take advantage of the

Review: Major Components of a Computer Processor Devices Memory Control Hierarchy Input Memory Datapath Output Original slides from: Computer Architecture A Quantitative Approach Hennessy, Patterson Memory Main Cache Secondary

388 views • 10 slides
1 Memory Read Transaction (1) Memory Read Transaction (2) CPU places address A on the memory

1 Memory Read Transaction (1) Memory Read Transaction (2) CPU places address A on the memory

Today Storage technologies and trends Locality of reference The Memory Hierarchy Caching in the memory hierarchy CSci 2021: Machine Architecture and Organization November 5th-7th, 2018 Your instructor: Stephen McCamant Based on

368 views • 11 slides
CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and

CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and

CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and optimizations] Day14: February 22, 2000 Virtual Memory Caltech CS184b Winter2001 -- DeHon 1 Today Problems memory size

699 views • 20 slides
All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do companies gain by getting your permission? Typical permissions requested by apps How to check up on apps already on your phone App safety

134 views • 11 slides
Computer Architecture Memory System Virendra Singh Associate Professor Computer Architecture

Computer Architecture Memory System Virendra Singh Associate Professor Computer Architecture

Computer Architecture Memory System Virendra Singh Associate Professor Computer Architecture and Dependable Systems Lab Department of Electrical Engineering Indian Institute of Technology Bombay http://www.ee.iitb.ac.in/~viren/ E-mail:

252 views • 23 slides
1 Memory Read Transaction (1) Memory Read Transaction (2) CPU places address A on the memory

1 Memory Read Transaction (1) Memory Read Transaction (2) CPU places address A on the memory

Today Storage technologies and trends Locality of reference The Memory Hierarchy Caching in the memory hierarchy CSci 2021: Machine Architecture and Organization March 30th-April 1st, 2020 Your instructor: Stephen McCamant Based on

637 views • 10 slides
? Group 6 ? ? CPU ? CPU Memory We want multiple processors to share memory

? Group 6 ? ? CPU ? CPU Memory We want multiple processors to share memory

Shared Memory Architecture Shared Memory Bus for Multiprocessor Systems Memory CPU ? Mat Laibowitz and Albert Chiou ? ? ? ? Group 6 ? ? CPU ? CPU Memory We want multiple processors to share memory Question: How do we

286 views • 5 slides
Optimization of Pattern Matching Algorithm for Memory Based Architecture Cheng-Hung Lin, Yu-Tang

Optimization of Pattern Matching Algorithm for Memory Based Architecture Cheng-Hung Lin, Yu-Tang

Optimization of Pattern Matching Algorithm for Memory Based Architecture Cheng-Hung Lin, Yu-Tang Tai, and Shih-Chieh Chang National Tsing Hua University, Taiwan, R.O.C Outline Memory architecture for string matching Basic idea Novel

501 views • 33 slides
CS4617 Computer Architecture Lecture 3: Memory Hierarchy 1 Dr J Vaughan September 15, 2014 1/25

CS4617 Computer Architecture Lecture 3: Memory Hierarchy 1 Dr J Vaughan September 15, 2014 1/25

CS4617 Computer Architecture Lecture 3: Memory Hierarchy 1 Dr J Vaughan September 15, 2014 1/25 Important terms Cache fully associative write allocate Virtual memory dirty bit unified cache Memory stall cycles block offset misses per

528 views • 25 slides
1 3. Simple Memory System Cache Address Translation Example #1 16 lines, 4-byte block size

1 3. Simple Memory System Cache Address Translation Example #1 16 lines, 4-byte block size

Today Simple memory system example Case study: Core i7/Linux memory system Virtual Memory: Systems Memory mapping CSci 2021: Machine Architecture and Organization April 20th-22nd, 2020 Your instructor: Stephen McCamant Based on

587 views • 5 slides
pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78 NFSv4 WG Meeting, July 28, 2010 Sorin Faibish sfaibish@emc.com David Black - EMC Mike Eisler - NetApp Jason Glasgow - Google Problem Statement

376 views • 6 slides
Memory driven architecture: flipping the inequality computing vs. memory 1 The talk covers

Memory driven architecture: flipping the inequality computing vs. memory 1 The talk covers

Uri Weiser Professor of Engineering Technion Memory driven architecture: flipping the inequality computing vs. memory 1 The talk covers research done by: Prof. Y. Etsion, Dr. Z. Guz, Prof. I. Keidar, Prof. A. Kolodny, S. Kvatinsky, Prof I.

416 views • 37 slides

More recommend