case cache assisted secure execu3on on arm processors
play

CaSE: Cache-Assisted Secure Execu3on on ARM Processors N1NG N1NG - PowerPoint PPT Presentation

Dec 24, 2023 •200 likes •552 views

CaSE: Cache-Assisted Secure Execu3on on ARM Processors N1NG N1NG ZHANG ZHANG , KUN SUN, WENJING LOU, TOM HOU Who am I ? - 10 years, working on different security products data forensic, mul;-level security systems - did my undergrad @

  1. CaSE: Cache-Assisted Secure Execu3on on ARM Processors N1NG N1NG ZHANG ZHANG , KUN SUN, WENJING LOU, TOM HOU

  2. Who am I ? - 10 years, working on different security products – data forensic, mul;-level security systems - did my undergrad @ Umass – middle of no where - did my Ph.D @ VT in DC. – nice area, but I never got to go out ! - back to industry doing interes;ng things – or not - lastly, I am also an adjunct assistant professor at the complex network and security research laboratory (CNSR) at Virginia Tech

  3. Talk Outline ü Mo;va;on and Background – Why this work ? ü Threat Model – What are we defending against ? ü CaSE: Cache-Assisted Secure Execu;on – How does it work? ü CaSE highlight – Challenges ? ü Evalua;on – How did we do ? ü Conclusion and future Work

  4. Cyber ALacks

  5. Threat to Mobile devices

  6. But how does it really work ?

  7. Buffer overflow - What is a soRware stack

  8. SoRware Exploits – Can you spot the bug ?

  9. What happened ? Tests array

  10. Before and ARer J

  11. So are we doomed ? The best you can do ?

  12. ARM TrustZone – Trusted Execu3on Environment (TEE) System Wide Protec;on Secure World Normal World ü Divides system resources into two worlds ü Normal World runs the content rich OS ü Secure World runs security cri;cal services ü The protec;on of resources includes - processor, memory and IO devices

  13. Many Products use ARM TrustZone

  14. Smart Devices Going Mo Mobile bile

  15. Physical Level ALack

  16. Hardware ALacks - Cold Boot ALack

  17. What can you recover ?

  18. And whatever else that are in memory

  19. Previous Works on Coldboot Defense TRESOR Sec 2011 – Register-based RAM-less AES encryp;on Copker NDSS 2014 – Cache-based RAM-less RSA encryp;on PixelVault CCS 2014 – GPU based RAM-less encryp;on Sentry ASPLOS 2015 – Cache-based RAM-less encryp;on Mimosa S&P 2015 – Transac;onal-based RAM-less encryp;on

  20. Mul3-vector Adversary

  21. Introducing CaSE - Goals ü Defense against Mul;-Vector adversary ü Physical memory disclosure a_ack – Cold boot ü Compromised rich OS ü Provide confiden;ality and integrity to both the code and data of the binaries in TEE ü Confiden;ality – Protects IP, secret code, sensi;ve data ü Integrity – Program behavior

  22. Threat Model System On Chip (SoC) Processor Cache NonSecure Secure Cache Cache NonSecure Normal World Memory Secure Memory DRAM NonSecure Rich OS Secure OS

  23. Case-Assisted Execu3on in Secure World System On Chip (SoC) Processor Cache 0101010110101101 1001 1101 Context Secure storage Packer 1101 0101 0101010110101101 NonSecure Normal World Memory Secure Memory DRAM Secure OS NonSecure Rich OS

  24. Case-Assisted Execu3on in Normal World System On Chip (SoC) Processor Cache 0101010110101101 0101010110101101011010100 1001 0101 1101 1101 CaSE Context Secure Manager storage Packer 1101 0101 0101 1101 0101010110101101 0101010110101101011010100 Secure Memory NonSecure Normal World Memory DRAM NonSecure OS Secure Rich OS

  25. Cache Architecture Details

  26. Controlling the Cache ü Cache Locking is available through L2 cache lockdown CP15 coprocessor ü The granularity of locking is per cache way ü On Cortex-A8, which has 8 way total 256KB L2 unified cache

  27. SoC-Bound Execu3on – Cache Locking

  28. Self Modifying Program System On Chip (SoC) L1 Instruc;on Cache L1 Data Cache L2 Unified Cache

  29. Self Modifying Program System On Chip (SoC) L1 Instruc;on Cache L1 Data Cache L2 Unified Cache

  30. Evalua3on Feasibility of using Cache as Memory

  31. Evalua3on Performance Impact to the Applica3on

  32. Performance Impact to the System

  33. Conclusion ü A secure cache-assisted SoC-bound execu;on framework ü Provide confiden;ality and integrity to sensi;ve code and data of applica;ons ü Protect against both sodware a_acks and cold boot a_ack. ü In the future, we would like to further study efficient method to provide OS support to the TEE.

  34. What other things did I do ? - Differen;al privacy in data mining - ICC 11 - Reverse engineer ASUS BIOS - Trusted Cloud Compu;ng – CNS 14 - An;-memory forensic framework – HIVES – ASIACCS 15 - Cache-based rootkits – EUROSP 16 - Case – Cached-assisted security execu;on – SP16 - Augmented reality authen;ca;on – TRUSTED – CCS16 Feel free to contact me at Ningzhang.info / ningzh@vt.edu

Recommend

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING LOU, TOM HOU Talk Outline Motivation and Background Why this work ? Threat Model What are we defending against ? CaSE:

248 views • 21 slides
Cache Coherency Cache coherent processors most current value for an address is the last

Cache Coherency Cache coherent processors most current value for an address is the last

Cache Coherency Cache coherent processors most current value for an address is the last write all reading processors must get the most current value Cache coherency problem update from a writing processor is not known to other

719 views • 30 slides
Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors Max

Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors Max

Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors Max Doblas , Ioannis-Vatistas Kostalabros , Miquel Moret and Carles Hernndez Computer Sciences - Runtime Aware Architecture, Barcelona

1.17k views • 30 slides
mutexes / barriers / monitors 1 last time cache coherency multiple cores, each with own cache

mutexes / barriers / monitors 1 last time cache coherency multiple cores, each with own cache

mutexes / barriers / monitors 1 last time cache coherency multiple cores, each with own cache at most one cache with modifjed value watch other processors accesses to monitor value use invalidation to prevent others from getting modifjed

757 views • 75 slides
1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

Cache Performance Metrics Cache miss rate: number of cache misses divided by number of accesses Lecture 14: Hardware Approaches for Cache Optimizations Cache hit time: the time between sending address and data returning from cache Cache

608 views • 4 slides
1 Implementation Snoop Caches Implementing Snooping Caches Write Races: Multiple processors

1 Implementation Snoop Caches Implementing Snooping Caches Write Races: Multiple processors

An Example Snoopy Protocol Invalidation protocol, write-back cache Each block of memory is in one state: Cache Coherence and Memory Clean in all caches and up-to-date in memory (Shared) Consistency OR Dirty in exactly one cache

507 views • 3 slides
Hybrid cache architecture for high-speed packet processing Z. Liu, K. Zheng and B. Liu Abstract:

Hybrid cache architecture for high-speed packet processing Z. Liu, K. Zheng and B. Liu Abstract:

Hybrid cache architecture for high-speed packet processing Z. Liu, K. Zheng and B. Liu Abstract: The exposed memory hierarchies employed in many network processors (NPs) are expensive in terms of meeting the worst-case processing requirement.

427 views • 8 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
Online Cache Modeling for Commodity Multicore Processors Richard West, Puneet Zaroo, Carl A.

Online Cache Modeling for Commodity Multicore Processors Richard West, Puneet Zaroo, Carl A.

Online Cache Modeling for Commodity Multicore Processors Richard West, Puneet Zaroo, Carl A. Waldspurger and Xiao Zhang Contact: richwest@cs.bu.edu Computer Science The Big Picture . . . Application threads VM VM VM VM VM . . .

404 views • 23 slides
Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency Requirements of performance, availability, and disconnected operation require us to relax the goal of semantic transparency. - HTTP 1.1 specification

598 views • 13 slides
Worst-case Bounds and Optimized Cache on M th Request Cache Insertion Policies under Elastic

Worst-case Bounds and Optimized Cache on M th Request Cache Insertion Policies under Elastic

Worst-case Bounds and Optimized Cache on M th Request Cache Insertion Policies under Elastic Conditions Niklas Carlsson, Linkping University Derek Eager, University of Saskatchewan Proc. IFIP Performance , Toulouse, France, Dec. 2018. Motivation

1.07k views • 89 slides
Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology New Security Challenges Current computer

411 views • 26 slides
DAWG : A Defense Against Cache Timing Attacks in Speculative Execution Processors Vladimir

DAWG : A Defense Against Cache Timing Attacks in Speculative Execution Processors Vladimir

DAWG : A Defense Against Cache Timing Attacks in Speculative Execution Processors Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, Joel Emer {vlk, ilebedev, saman, devadas, emer}@csail.mit.edu MICRO'18

949 views • 78 slides
Joint Wireless Information and Energy Transfer in Cache-assisted Relaying Systems IEEE Wireless

Joint Wireless Information and Energy Transfer in Cache-assisted Relaying Systems IEEE Wireless

Joint Wireless Information and Energy Transfer in Cache-assisted Relaying Systems IEEE Wireless Communications and Networking Conference 2018 16 th April, 2018 Sumit Gautam , Thang X. Vu, Symeon Chatzinotas, Bjrn Ottersten {sumit.gautam,

853 views • 20 slides
Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser |

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser |

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser LCA, Gold Coast, QLD, 2020-01-15 https://trustworthy.systems What is seL4? A 30-Year Dream 3 | LCA |

886 views • 36 slides
L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache, and all blocks initially marked as not valid , Given the main memory word addresses 0 1 2 3 4 3 4 15, calculate Cache hit rate. Cache Index

654 views • 9 slides
Model-Assisted Generative Adversarial Networks Leigh Whitehead ICL Seminar 05/06/20

Model-Assisted Generative Adversarial Networks Leigh Whitehead ICL Seminar 05/06/20

Model-Assisted Generative Adversarial Networks Leigh Whitehead ICL Seminar 05/06/20 Overview What are Generative Adversarial Networks (GANs)? The Model-Assisted GAN Case Studies Case Study I (from the paper) Case

834 views • 50 slides
Bullet Cache Balancing speed and usability in a cache server Ivan Voras

Bullet Cache Balancing speed and usability in a cache server Ivan Voras

Bullet Cache Balancing speed and usability in a cache server Ivan Voras <ivoras@freebsd.org> What is it? People know what memcached is... mostly Example use case: So you have a web page which is just dynamic enough so you

657 views • 40 slides
SGX IR Secure Information Retrieval with Trusted Processors Fahad Shaon, Murat Kantarcioglu The

SGX IR Secure Information Retrieval with Trusted Processors Fahad Shaon, Murat Kantarcioglu The

UT DALLAS Erik%Jonsson%School%of%Engineering%&%Computer%Science SGX IR Secure Information Retrieval with Trusted Processors Fahad Shaon, Murat Kantarcioglu The University of Texas at Dallas FEARLESS engineering FEARLESS engineering 1 / 29

660 views • 33 slides
Execution Secure Processors Eurocrypt May 1 st , 2017 Rafael Pass, Elaine Shi, Florian Tramr

Execution Secure Processors Eurocrypt May 1 st , 2017 Rafael Pass, Elaine Shi, Florian Tramr

Formal Abstractions for Attested Execution Secure Processors Eurocrypt May 1 st , 2017 Rafael Pass, Elaine Shi, Florian Tramr Trusted hardware: Different communities, different world views 2 Trusted hardware: Different communities,

929 views • 72 slides
What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache

What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache

What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache Performance Proc/Regs L1-Cache Bigger Faster L2-Cache Memory hierarchy concept, cache L3-Cache (optional) design fundamentals, set-associative

303 views • 4 slides
Highly-Associative Caches for Low-Power Processors

Highly-Associative Caches for Low-Power Processors

Highly-Associative Caches for Low-Power Processors Motivation n Cache uses 30-60%

203 views • 9 slides
A Case for Clumsy Packet Processors Arindam Mallik and Gokhan Memik Electrical and Computer

A Case for Clumsy Packet Processors Arindam Mallik and Gokhan Memik Electrical and Computer

A Case for Clumsy Packet Processors Arindam Mallik and Gokhan Memik Electrical and Computer Engineering Dept. Northwestern University Overview Faults Correctness is overrated What if the higher levels take care of it? Processor

709 views • 26 slides
Cache Performance Associativity Replacement Samira Khan Cache Performance March 28,

Cache Performance Associativity Replacement Samira Khan Cache Performance March 28,

3/28/17 Agenda Review from last lecture Cache access Cache Performance Associativity Replacement Samira Khan Cache Performance March 28, 2017 Direct-Mapped Cache: Placement and Access Cache Abstraction and Metrics 00 | 000

518 views • 16 slides

More recommend