bunshin compositing security mechanisms through
play

Bunshin: Compositing Security Mechanisms through Diversification - PowerPoint PPT Presentation

Jul 02, 2023 •137 likes •698 views

Bunshin: Compositing Security Mechanisms through Diversification Meng Xu, Kangjie Lu, Taesoo Kim, Wenke Lee Georgia Institute of Technology 1 Memory Corruptions Are Costly 2 3 4 Name your phone Nexus 5X %x.%x 5 Battle against

  1. Bunshin: Compositing Security Mechanisms through Diversification Meng Xu, Kangjie Lu, Taesoo Kim, Wenke Lee Georgia Institute of Technology 1

  2. Memory Corruptions Are Costly… 2

  3. 3

  4. 4

  5. Name your phone “Nexus 5X %x.%x” 5

  6. Battle against Memory Errors Existing security mechanisms: W ⊕ R, ASLR, CFI → Not hard to by pass 6

  7. Battle against Memory Errors Existing security mechanisms: W ⊕ R, ASLR, CFI → Not hard to by pass Protect all dangerous operation using sanity checks : → Auto-applied at compile time void foo(T *a) { if(!is_valid_address(a) { void foo(T *a) { Sanitize report_and_abort(); *a = 0x1234; } } *a = 0x1234; } 7

  8. Battle against Memory Errors Memory Error Main Causes Defenses Lack of length check Integer overflow Softbound Out-of-bound read/write AddressSanitizer Format string bug Bad type casting Dangling pointer CETS Use-after-free AddressSanitizer Double free Lack of initialization Data structure alignment MemorySanitizer Uninitialized read Subword copying Divide-by-zero Pointer misalignment UndefinedBehaviorSanitizer Undefined behaviors Null-pointer dereference 8

  9. Comprehensive Protection: Goal and Reality • Accumulated execution slowdown • Example: Softbound + CETS → 110% slowdown • Implementation conflicts • Example: AddressSanitizer and MemorySanitizer 9

  10. Comprehensive Protection with Bunshin • Accumulated execution slowdown • Example: Softbound + CETS → 110% slowdown • Bunshin: Reduce to 60% or 40% (depends on the config) • Implementation conflicts • Example: AddressSanitizer and MemorySanitizer • Bunshin: Seamlessly enforce conflicting sanitizers 10

  11. The N-Version Way Input Program Output 11

  12. The N-Version Way Input Virtualization Input Variant 1 Program Variant 2 Variant 3 Output Synchronize Execution & Consolidate Outputs Output 12

  13. The N-Version Way Input (benign) Virtualization Input Variant 1 Program Variant 2 Variant 3 Output Synchronize Execution & Consolidate Outputs Output (consensus) 13

  14. The N-Version Way Input (malicious) Virtualization Input Variant 1 Program Variant 2 Variant 3 Output Synchronize Execution & Consolidate Outputs Output (divergence) 14

  15. The N-Version Way Input (malicious) Virtualization Input An attacker has to simultaneously compromise all variants in order to to compromise the whole system Variant 1 Program Variant 2 Variant 3 Output Synchronize Execution & Consolidate Outputs Output (divergence) 15

  16. Similar Ideas • Two variants placed in disjoint memory partitions [ N-Variant Systems ] • Two variants with stacks growing in di ff erent directions [ Orchestra ] • Multiple variants with randomized heap object locations [ DieHard ] • Multiple versions of the same program [ Varan, Mx ] 16

  17. Bunshin Overview • Goal: • Reduce slowdown caused by security mechanisms • Enable di ff erent or even conflicting mechanisms 17

  18. Challenges for Bunshin • How to generate these variants? • What properties they should have? • How to make them appear as one to outsiders? • What is a “behavior” and what is a divergence? • What if the sanitizers introduces new behaviors? • Multi-threading support? 18

  19. Variant Generation Intuitions • Scope of protection required → Sanitizers selected Memory Error Defenses Softbound, AddressSanitizer Out-of-bound read/write CETS, AddressSanitizer Use-after-free MemorySanitizer Uninitialized read UndefinedBehaviorSanitizer Undefined behaviors • Instrumented checks by each sanitizer void foo(T *a) { void bar(T *b) { if(!is_valid_address(a) { if(!is_valid_address(b) { report_and_abort(); report_and_abort(); } } *a = 0x1234; *b = 0x5678; } } 19

  20. Variant Generation Principles • Check distribution • Sanitizer distribution 20

  21. Check Distribution Input Virtualization Input Partition 1 Partition 1 Partition 2 Partition 2 Partition 3 Partition 3 Variant 1 Program Variant 2 Variant 3 Output Synchronize Execution & Consolidate Outputs Output 21

  22. Sanitizer Distribution Input Virtualization Input A A M M D U D U E E D N D N M M R D R D O O E E E E R R S F S F Y Y S S Variant 1 Program Variant 2 Variant 3 Output Synchronize Execution & Consolidate Outputs Output 22

  23. Cost Profiling • Calculate the slowdown caused by the sanity checks void foo(T *a) { timing_start(); void foo(T *a) { if(!is_valid_address(a) { timing_start(); report_and_abort(); *a = 0x1234; } timing_end(); *a = 0x1234; } timing_end(); } 23

  24. Cost Distribution • Equally distribute overhead to variants so that they execute at the same speed 17% 17% Foo Foo Variant 1 (52% overhead) 35% Baz 28% Bar 35% Baz 28% Bar Variant 2 (48% overhead) 20% 20% Qux Qux 24

  25. Variant Generation Process Source code Variant generator Costs profiling Security opt. Variants mechanisms Overhead (e.g., ASan, MSan, UBSan) full distribution w/ MSan w/ ASan opt. ... ... Variant compiling w/ UBSan w/ ASan selective 25

  26. Variant Sync Considerations • What is a behavior and what is a divergence? • System call (both order and arguments) • How to hook it? • By patching the system call table with a kernel module • What if di ff erent sanitizers introduce di ff erent system calls? • Sync only when a program is in its main function • Do not check system calls for memory management 26

  27. System Call Synchronization Partition 1 Partition 2 Partition 3 Userspace Leader Follower 1 Follower 2 Kernel Syscall number Arguments Execution result sync slot 27

  28. System Call Synchronization Partition 1 Partition 2 Partition 3 Userspace Leader Follower 1 Follower 2 ① Leader enters syscall Kernel Syscall number Arguments Execution result sync slot 28

  29. System Call Synchronization Partition 1 Partition 2 Partition 3 Userspace Leader Follower 1 Follower 2 Kernel ② Followers enter syscall Syscall number Arguments Execution result sync slot 29

  30. System Call Synchronization Partition 1 Partition 2 Partition 3 Userspace Leader Follower 1 Follower 2 Kernel Syscall number Arguments ③ Kernel execute the syscall only once Execution result sync slot 30

  31. System Call Synchronization Partition 1 Partition 2 Partition 3 Userspace Leader Follower 1 Follower 2 Kernel Syscall number ④ Leader fetches syscall result ④ Followers fetch syscall result Arguments Execution result sync slot 31

  32. Strict and Selective Lockstep Partition 1 Partition 2 Partition 3 Userspace Leader Follower 1 Follower 2 Followers read at Kernel their own speed Leader writes at the next available slot sync ring buffer 32

  33. Strict and Selective Lockstep Partition 1 Partition 2 Partition 3 Userspace Leader Follower 1 Follower 2 Kernel Always strictly synchronized for “write” related system calls sync ring buffer 33

  34. Strict and Selective Lockstep Partition 1 Partition 2 Selective-locksteps mitigates address leaks Partition 3 Address leak involves a "write" Userspace Leader Follower 1 Follower 2 system call and with ASLR enabled, such leak attempt will be captured Kernel Reduce sync. overhead by 3% - 5% Always strictly synchronized for “write” related system calls sync ring buffer 34

  35. Multi-threading Support Before fork Original Execution group After fork New Execution group Leader Follower 1 Follower 2 New ring buffer 35

  36. Multi-threading Support Before fork Works if there is Original Execution group no interleaving between threads After fork New Execution group Leader Follower 1 Follower 2 New ring buffer 36

  37. Multi-threading Support Leader Follower 1 Follower 2 Userspace Record Enforce Enforce Kernel Total order of lock acquisition and releases 37

  38. Multi-threading Support Leader Follower 1 Follower 2 Userspace Works under Record Enforce Enforce weak determinism Kernel (data race-free programs) Implementation specific ( pthread APIs only) Total order of lock acquisition and releases 38

  39. Evaluate Bunshin • Robustness and Security • E ffi ciency and Scalability • Protection Distribution Case Studies 39

  40. Robustness Benchmark Single/Multi-thread Featuer Pass ? Single SPEC CPU2006 Multi CPU Intensive SPLASH-2x Multi 6 out of 13 PARSEC Single lighttpd I/O Intensive Multi nginx Single Interpreter python, php 40

  41. Security • RIPE Benchmark Config Succeed Probabilistic Failed Not possible 114 16 720 2990 Default 8 0 842 2990 AddressSanitizer 8 0 842 2990 Bunshin • Real-world CVEs Config CVE Exploits Sanitizer Detect 2013-2028 Blind ROP AddressSanitizer nginx-1.4.0 2016-5636 Integer overflow AddressSanitizer cpython-2.7.10 2015-4602 Type confusion AddressSanitizer php-5.6.6 2014-0160 Heartbleed AddressSanitizer openssl-1.0.1a 2014-3581 Null dereference UndefinedBehaviorSanitizer httpd-2.4.10 41

  42. Performance Benchmark Items Strict-Lockstep Selective-Lockstep Max 17.5% 14.7% SPEC CPU2006 Min 1.6% 1.0% (19 Programs) Ave 8.6% 5.6% Max 21.4% 18.9% SPLASH-2X / PARSEC Min 10.7% 6.6% (19 Programs) Ave 16.6% 14.5% lighttpd Ave 1.44% 1.21% 1MB File Request nginx Ave 1.71% 1.41% 1MB File Request

Recommend

CS4405 Compositing Digital Compositing Digital compositing is the

CS4405 Compositing Digital Compositing Digital compositing is the

CS4405 Compositing Digital Compositing Digital compositing is the digitally manipulated integration of at least two source images to produce a new image The

656 views • 18 slides
FOG; COMPOSITING 1 OUTLINE Fog Compositing Blending Transparency Clipping

FOG; COMPOSITING 1 OUTLINE Fog Compositing Blending Transparency Clipping

FOG; COMPOSITING 1 OUTLINE Fog Compositing Blending Transparency Clipping 3D Textures Noise 2 FOG Atmospheric haze Provides more realism in a scene Also provides more sense of scene depth Simple

967 views • 33 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Local Shape Editing at the Compositing Stage Carlos J. Zubiaga, Gal Guennebaud, Romain Vergne,

Local Shape Editing at the Compositing Stage Carlos J. Zubiaga, Gal Guennebaud, Romain Vergne,

Local Shape Editing at the Compositing Stage Carlos J. Zubiaga, Gal Guennebaud, Romain Vergne, Pascal Barla Compositing Shading Buffers Diffuse Reflection Final Image Transparent Subsurface Emission Compositing Auxiliary Buffers

719 views • 35 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Different aspects of security User authentication Protection mechanisms

Security Overview Different aspects of security User authentication Protection mechanisms

CS399 New Beginnings Jonathan Walpole Security Overview Different aspects of security User authentication Protection mechanisms Attacks: - trojan horses, spoofing, logic bombs, trap doors, buffer overflow attacks, viruses, worms, mobile

825 views • 59 slides
Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

CSS441 Introduction Concepts Architecture Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

678 views • 23 slides
Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks Ivan

Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks Ivan

The Automotive Network Threats Protection mechanisms Conclusion Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks Ivan Studnia Vincent Nicomette Eric Alata Yves Deswarte Mohamed Ka aniche Renault

752 views • 40 slides
SCADA deep inside: protocols and security mechanisms Aleksandr Timorin

SCADA deep inside: protocols and security mechanisms Aleksandr Timorin

SCADA deep inside: protocols and security mechanisms Aleksandr Timorin 05|06|07 September 2014 # whoami penetration tester at Positive Technologies SCADA security researcher, main specialisation -

1.03k views • 81 slides
Security Assessment of Authentication and Authorization Mechanisms in Ethereum, Quorum,

Security Assessment of Authentication and Authorization Mechanisms in Ethereum, Quorum,

Security Assessment of Authentication and Authorization Mechanisms in Ethereum, Quorum, Hyperledger Fabric and Corda Marie-Jeanne Lagarde, Master's thesis 2018-2019 Agenda Introduction Motivation 1. Scope 2. Research Questions 3.

467 views • 35 slides
Experimentation with network-based security mechanisms GENI Security Workshop UC Davis G.

Experimentation with network-based security mechanisms GENI Security Workshop UC Davis G.

Experimentation with network-based security mechanisms GENI Security Workshop UC Davis G. Kesidis January 22-23, 2009 EE and CSE Depts Penn State kesidis@engr.psu.edu . George Kesidis, Penn State University GENI Security Workshop 01/22/09

277 views • 12 slides
Presentations Evaluating the Effectiveness of Security Mechanisms at Scale David Nicol

Presentations Evaluating the Effectiveness of Security Mechanisms at Scale David Nicol

Trustworthy Cyber Infrastructure for the Power Grid Presentations Evaluating the Effectiveness of Security Mechanisms at Scale David Nicol University of Illinois Dartmouth College Cornell University Washington State

335 views • 7 slides
Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography and system mechanisms meet They allow trust to be taken from where it exists to where it s needed But they are

941 views • 67 slides
Dynamically Scheduled Region-Based Image Compositing A.V.Pascal Grosset, Aaron Knoll, &

Dynamically Scheduled Region-Based Image Compositing A.V.Pascal Grosset, Aaron Knoll, &

Eurographics Symposium on Parallel Graphics and Visualization (2016) W. Bethel, E. Gobbetti (Editors) Dynamically Scheduled Region-Based Image Compositing A.V.Pascal Grosset, Aaron Knoll, & Charles Hansen Scientific Computing and Imaging

296 views • 10 slides
TOD-Tree: Task-Overlapped Direct send Tree Image Compositing for Hybrid MPI Parallelism

TOD-Tree: Task-Overlapped Direct send Tree Image Compositing for Hybrid MPI Parallelism

Eurographics Symposium on Parallel Graphics and Visualization (2015) C. Dachsbacher, P. Navrtil (Editors) TOD-Tree: Task-Overlapped Direct send Tree Image Compositing for Hybrid MPI Parallelism A.V.Pascal Grosset, Manasa Prasad, Cameron

233 views • 10 slides
CS-527 Software Security Defense Mechanisms Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Defense Mechanisms Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Defense Mechanisms Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 A model for Control-Flow Hijack attacks

673 views • 41 slides
Rendering & Compositing Jeremy Huddleston Companion Maya/Renderman/Shake Data:

Rendering & Compositing Jeremy Huddleston Companion Maya/Renderman/Shake Data:

Rendering & Compositing Jeremy Huddleston Companion Maya/Renderman/Shake Data: http://cloud.cs.berkeley.edu/~cnm/lectures/S09 Helpful Resources Misc CG Tutorials with a CS-slant http://www.fundza.com RMS 3.0 Documentation

466 views • 23 slides
I know what you did last summer: New persistent tracking mechanisms in the wild Stefano Belloro

I know what you did last summer: New persistent tracking mechanisms in the wild Stefano Belloro

I know what you did last summer: New persistent tracking mechanisms in the wild Stefano Belloro & Dr Alexios Mylonas $whoami Currently: Lecturer, Cyber Security @BU Previously: PhD in Cyber Security & BSc @AUEB MSc

576 views • 31 slides
lecture 20 Image Compositing - chroma keying - alpha - F over B - OpenGL blending -

lecture 20 Image Compositing - chroma keying - alpha - F over B - OpenGL blending -

lecture 20 Image Compositing - chroma keying - alpha - F over B - OpenGL blending - chroma keying revisited: "pulling a matte" Organization of Course 1: Viewing transformations 2: Visibility, geometry modelling 3:

685 views • 41 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
Security Mechanisms Rahul Hiran , Niklas Carlsson, Nahid Shahmehri Linkping University, Sweden

Security Mechanisms Rahul Hiran , Niklas Carlsson, Nahid Shahmehri Linkping University, Sweden

Does Scale, Size, and Locality Matter? Evaluation of Collaborative BGP Security Mechanisms Rahul Hiran , Niklas Carlsson, Nahid Shahmehri Linkping University, Sweden 1 Routing attacks increasingly common Each day there are large numbers of

894 views • 58 slides
Software Security Ge Zhang Security: When is it software problem Network Problem: caused by

Software Security Ge Zhang Security: When is it software problem Network Problem: caused by

Software Security Ge Zhang Security: When is it software problem Network Problem: caused by the flaws in networking mechanisms such as network protocols. OS Problem: caused by the flaws in OS mechanisms such OS resource management

976 views • 64 slides
Chapter 9: Security Security The security environment Basics of cryptography User

Chapter 9: Security Security The security environment Basics of cryptography User

Chapter 9: Security Security The security environment Basics of cryptography User authentication Attacks from inside the system Attacks from outside the system Protection mechanisms Trusted systems Chapter 9: Security

801 views • 65 slides

More recommend