compilation and optimization with security annotations
play

Compilation and optimization with security annotations Son Tuan Vu - PowerPoint PPT Presentation

Aug 22, 2022 •129 likes •820 views

Compilation and optimization with security annotations Son Tuan Vu Advisors: Karine Heydemann, Arnaud de Grandmaison, Albert Cohen Team Alsoc Laboratoire dInformatique de Paris 6 08 April 2019 Son Tuan Vu (LIP6) EuroLLVM 2019 08 April

  1. Compilation and optimization with security annotations Son Tuan Vu Advisors: Karine Heydemann, Arnaud de Grandmaison, Albert Cohen Team Alsoc Laboratoire d’Informatique de Paris 6 08 April 2019 Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 1 / 34

  2. Outline Introduction 1 Proposed solutions 2 Conclusion 3 References 4 Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 2 / 34

  3. Background and motivation Annotations = program properties + extra information Applied to security, safety, real-time, optimization - Program functional analysis Annotations Performance - Code optimization - WCET analysis - Side-channel Safety attacks analysis Expressing program Providing extra properties information - Fault attacks analysis - Automatic code Security hardening - ... Annotations are consumed by program analysis or transformation Source level to binary level Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 3 / 34

  4. Related work Annotation languages GNU attributes, Microsoft’s SAL, JML for Java, ACSL for C, etc. At source-level ⇒ No annotation language covers the wide range of security properties Other usages than specifying program behaviors Augment compiler optimizations [NZ13] Automatic code hardening at compilation time [Hil14] Flow information for Worst-Case Execution Time (WCET) analysis at binary level [SCG + 18] ⇒ No compiler propagating annotations until the binary other than WCET-aware compilers Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 4 / 34

  5. Examples of properties: authentication code [DPP + 16] int verifyPIN(char *cardPin , char *userPin , int *cnt) { int i; int diff; if (* cnt > 0) { diff = 0; // Comparison loop for (i = 0; i < PIN_SIZE; i++) if (userPin[i] != cardPin[i]) diff = 1; // Loop protection against fault attacks if (i != PIN_SIZE) return BOOL_FALSE; if (diff == 0) { // PIN codes match *cnt = MAX_ATTEMPT ; return BOOL_TRUE; } else { // PIN codes differ (* cnt)--; return BOOL_FALSE; } } return BOOL_FALSE; } Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 5 / 34

  6. Examples of properties: authentication code [DPP + 16] int verifyPIN(char *cardPin , char *userPin , int *cnt) { int i; int diff; if (* cnt > 0) { diff = 0; // Comparison loop for (i = 0; i < PIN_SIZE; i++) if (userPin[i] != cardPin[i]) diff = 1; // Loop protection against fault attacks if (i != PIN_SIZE) return BOOL_FALSE; if (diff == 0) { // PIN codes match *cnt = MAX_ATTEMPT ; return BOOL_TRUE; } else { // PIN codes differ (* cnt)--; return BOOL_FALSE; } } return BOOL_FALSE; } Functional property: verifyPIN returns BOOL_TRUE only when PIN codes match Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 5 / 34

  7. Examples of properties: authentication code [DPP + 16] int verifyPIN(char *cardPin , char *userPin , int *cnt) { int i; int diff; if (* cnt > 0) { diff = 0; // Comparison loop for (i = 0; i < PIN_SIZE; i++) if (userPin[i] != cardPin[i]) diff = 1; // Loop protection against fault attacks if (i != PIN_SIZE) return BOOL_FALSE; if (diff == 0) { // PIN codes match *cnt = MAX_ATTEMPT ; return BOOL_TRUE; } else { // PIN codes differ (* cnt)--; return BOOL_FALSE; } } return BOOL_FALSE; } Non-functional property: Card PIN code must be kept secret Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 5 / 34

  8. Examples of properties: authentication code [DPP + 16] int verifyPIN(char *cardPin , char *userPin , int *cnt) { int i; int diff; if (* cnt > 0) { diff = 0; /* ********* Comparison loop ********* */ for (i = 0; i < PIN_SIZE; i++) if (userPin[i] != cardPin[i]) diff = 1; // Loop protection against fault attacks if (i != PIN_SIZE) return BOOL_FALSE; if (diff == 0) { // PIN codes match *cnt = MAX_ATTEMPT ; return BOOL_TRUE; } else { // PIN codes differ (* cnt)--; return BOOL_FALSE; } } return BOOL_FALSE; } Non-functional property: Comparison loop must be executed exactly PIN_SIZE times Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 5 / 34

  9. Examples of properties: authentication code [DPP + 16] int verifyPIN(char *cardPin , char *userPin , int *cnt) { int i; int diff; if (* cnt > 0) { diff = 0; // Comparison loop for (i = 0; i < PIN_SIZE; i++) if (userPin[i] != cardPin[i]) diff = 1; /* ********* Loop protection against fault attacks ********* */ if (i != PIN_SIZE) return BOOL_FALSE; if (diff == 0) { // PIN codes match *cnt = MAX_ATTEMPT ; return BOOL_TRUE; } else { // PIN codes differ (* cnt)--; return BOOL_FALSE; } } return BOOL_FALSE; } Non-functional property: Loop protection should not be removed by compiler optimizations Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 5 / 34

  10. Problem statement (3) (1) (2) Binary analysis Binary Annotated Compiler tool + source code Annotations Source code analysis tool 1 A source-level annotation language to express a wide range of properties 2 An annotation-aware, optimizing, LLVM-based compilation framework which consumes/produces/propagates annotations 3 A binary-level representation for the source-level annotation language Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 6 / 34

  11. Outline Introduction 1 Proposed solutions 2 Source-level annotation language Binary-level representation of the annotation language Annotations in LLVM: representation and propagation Conclusion 3 References 4 Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 7 / 34

  12. Outline Introduction 1 Proposed solutions 2 Source-level annotation language Binary-level representation of the annotation language Annotations in LLVM: representation and propagation Conclusion 3 References 4 Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 8 / 34

  13. Annotation language by example: functional properties ACSL already allows specifying program functional properties verifyPIN returns BOOL_TRUE only when PIN codes match #define ANNOT(s) __attribute__ (( annotate(s))) // Function annotation ANNOT("\\ ensures \\ result == BOOL_TRUE &&" " \\ forall i; 0 <= i < PIN_SIZE: userPin[i] == cardPin[i];" "\\ ensures \\ result == BOOL_FALSE &&" " \\ exists i; 0 <= i < PIN_SIZE: userPin[i] != cardPin[i];") int verifyPIN(char *cardPin , char *userPin , int *cnt) { ... } Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 9 / 34

  14. Annotation language by example: non-functional properties Introduce semantic predicates to specify non-functional properties Card PIN code must be kept secret #define ANNOT(s) __attribute__ (( annotate(s))) // Variable annotation int verifyPIN(ANNOT("\\ invariant \\ secret ()") char *cardPin , char *userPin , int *cnt) { ... } Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 10 / 34

  15. Annotation language by example: non-functional properties Introduce semantic predicates to specify non-functional properties Loop protection does not get removed #define ANNOT(s) __attribute__ (( annotate(s))) int verifyPIN(char *cardPin , char *userPin , int *cnt) { int i; int diff; if (* cnt > 0) { diff = 0; for (i = 0; i < PIN_SIZE; i++) if (userPin[i] != cardPin[i]) diff = 1; // Statement annotation prop1: ANNOT("\\ ensures \\ sensitive ();") if (i != PIN_SIZE) return BOOL_FALSE; if (diff == 0) { *cnt = MAX_ATTEMPT ; return BOOL_TRUE; } else { (* cnt)--; return BOOL_FALSE; } } return BOOL_FALSE; } Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 11 / 34

  16. Annotation language by example: side-effect properties Introduce semantic variables to capture side-effects of the code Comparison loop must be executed exactly PIN_SIZE times #define ANNOT(s) __attribute__ (( annotate(s))) int verifyPIN(char *cardPin , char *userPin , int *cnt) { int i; int diff; if (* cnt > 0) { diff = 0; // Statement annotation prop1: ANNOT("\\ ensures \\ count () == PIN_SIZE;") for (i = 0; i < PIN_SIZE; i++) if (userPin[i] != cardPin[i]) diff = 1; if (i != PIN_SIZE) return BOOL_FALSE; if (diff == 0) { *cnt = MAX_ATTEMPT ; return BOOL_TRUE; } else { (* cnt)--; return BOOL_FALSE; } } return BOOL_FALSE; } Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 12 / 34

  17. Annotation language summary Annotation = Annotated Entity ∧ Predicate ∧ Predicate Variables Annotated Entity = Function ∨ Variable ∨ Statement Predicate = Logic Predicate ∨ Semantic Predicate Predicate Variable = Variable Referenced in Predicate Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 13 / 34

  18. Outline Introduction 1 Proposed solutions 2 Source-level annotation language Binary-level representation of the annotation language Annotations in LLVM: representation and propagation Conclusion 3 References 4 Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 14 / 34

  19. Extending DWARF debugging format Executable program = tree of Debugging Information Entries (DIEs) DIE = tag + attribute(s) + child DIEs (if any) Introduce new tags and attributes to represent annotations and semantic variables Annotated Annotation Annotation entity Subprogram "count == 10" "argc == 3" "main" 0xA0 ... 0xAB Semantic Parameter Variable "argc" "count" Function annotation Statement annotation Son Tuan Vu (LIP6) EuroLLVM 2019 08 April 2019 15 / 34

Recommend

JVM Optimization 101 Sebastian Zarnekow itemis Static vs Dynamic Compilation AOT vs JIT JIT

JVM Optimization 101 Sebastian Zarnekow itemis Static vs Dynamic Compilation AOT vs JIT JIT

JVM Optimization 101 Sebastian Zarnekow itemis Static vs Dynamic Compilation AOT vs JIT JIT Compilation Compiled when needed Maybe immediately before execution ...or when the VM decides its important ...or never? JIT Compilation

757 views • 28 slides
1 Reflection on code annotations Classification of Code Annotations (1) Code annotations may

1 Reflection on code annotations Classification of Code Annotations (1) Code annotations may

SW Development and WCET analysis for real-time applications SW is mostly written in imperative programming Classifications of Code languages Annotations and Discussion of Trend: graphical interfaces like state charts Compiler-Support

361 views • 3 slides
Performance Potential of Optimization Phase Selection During Dynamic JIT Compilation Michael R.

Performance Potential of Optimization Phase Selection During Dynamic JIT Compilation Michael R.

Performance Potential of Optimization Phase Selection During Dynamic JIT Compilation Performance Potential of Optimization Phase Selection During Dynamic JIT Compilation Michael R. Jantz Prasad A. Kulkarni Electrical Engineering and Computer

540 views • 20 slides
Analyses, Hardware/Software Compilation, Code Optimization for Complex Dataflow HPC Applications

Analyses, Hardware/Software Compilation, Code Optimization for Complex Dataflow HPC Applications

Analyses, Hardware/Software Compilation, Code Optimization for Complex Dataflow HPC Applications CASH team proposal (Compilation and Analyses for Software and Hardware) Matthieu Moy and Christophe Alias and Laure Gonnord University of Lyon 1 /

264 views • 24 slides
From Open Annotations to W3C Web Annotations (and the impact on IIIF Presentation API 3.0)

From Open Annotations to W3C Web Annotations (and the impact on IIIF Presentation API 3.0)

From Open Annotations to W3C Web Annotations (and the impact on IIIF Presentation API 3.0) Simeon Warner (Cornell University) https://orcid.org/0000-0002-7970-7855 much input from Rob Sanderson (J. Paul Getty Trust)

340 views • 14 slides
A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke

A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke

A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke Huisman Alejandro Tamalet Radboud University Nijmegen, The Netherlands Introduction: The Goal Trusted devices (smart phones, PDA, smart

787 views • 42 slides
8 JDT embraces Type Annotations JDT embraces Type Annotations Java 8 ready Stephan Herrmann GK

8 JDT embraces Type Annotations JDT embraces Type Annotations Java 8 ready Stephan Herrmann GK

8 8 JDT embraces Type Annotations JDT embraces Type Annotations Java 8 ready Stephan Herrmann GK Software 8 Eclipse and Java 8 Java 8 features supported: JSR308 - Type Annotations. JEP120 - Repeating Annotations. JEP118 -

745 views • 35 slides
Extending the Polyhedral Compilation Model for Debugging and Optimization of SPMD-style Explicitly

Extending the Polyhedral Compilation Model for Debugging and Optimization of SPMD-style Explicitly

Extending the Polyhedral Compilation Model for Debugging and Optimization of SPMD-style Explicitly Parallel Programs Prasanth Chatarasi Masters Thesis Defense Habanero Extreme Scale Software Research Group Department of Computer Science Rice

429 views • 42 slides
JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed

JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed

JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed Execution Phases Assembly Loading &amp; Initialization JIT Compilation JIT Optimizations Whats new in NGEN 4.0? When to use NGEN? 2 Running Code

484 views • 46 slides
Security Types Preserving Compilation Tamara Rezk (Joint work with Gilles Barthe and Amitabh

Security Types Preserving Compilation Tamara Rezk (Joint work with Gilles Barthe and Amitabh

Security Types Preserving Compilation Tamara Rezk (Joint work with Gilles Barthe and Amitabh Basu) E VEREST T EAM INRIA S OPHIA A NTIPOLIS http://www-sop.inria.fr/everest/ CASSIS - March 2004 Security Types Preserving Compilation p.1/18

408 views • 18 slides
Dynamic Compilation and Optimization of Packet Processing Programs Gbor Rtvri, Lszl

Dynamic Compilation and Optimization of Packet Processing Programs Gbor Rtvri, Lszl

Dynamic Compilation and Optimization of Packet Processing Programs Gbor Rtvri, Lszl Molnr, Gbor Enyedi, Gergely Pongrcz MTA-BME Information Systems Research Group TrafficLab, Ericsson Research, Hungary Preface: Dynamic

314 views • 17 slides
The Compilation Process Preprocessing: o processes include-files, conditional compilation and

The Compilation Process Preprocessing: o processes include-files, conditional compilation and

4/1/14 The Compilation Process Preprocessing: o processes include-files, conditional compilation and macros. Compilation: Writing Large Programs o takes the output of the preprocessor and the source code, and generates assembler

271 views • 6 slides
Compiling with Optimizations Compilers usually have options to apply optimization

Compiling with Optimizations Compilers usually have options to apply optimization

13.1 13.2 Compiling with Optimizations Compilers usually have options to apply optimization Example: gcc/g++ -O n -O0 : ____ optimization (the default); generates unoptimized code but has the CS356 Unit 13 __________ compilation

530 views • 11 slides
Web Annotations Building the Experience Annotation An annotation is something added. It is not

Web Annotations Building the Experience Annotation An annotation is something added. It is not

Web Annotations Building the Experience Annotation An annotation is something added. It is not the primary content, or even the secondary content. It is the association. Annotation (cont.) Annotations exist already - Links - Block quotes

452 views • 14 slides
MODELLING AND EXCHANGING ANNOTATIONS FOR EUROPEANA PROJECTS Hugo Manguinhas, Antoine Isaac,

MODELLING AND EXCHANGING ANNOTATIONS FOR EUROPEANA PROJECTS Hugo Manguinhas, Antoine Isaac,

MODELLING AND EXCHANGING ANNOTATIONS FOR EUROPEANA PROJECTS Hugo Manguinhas, Antoine Isaac, Valentine Charles, Sergiu Gordea, Maarten Brinkerink, Alessio Piccioli, Breandn Knowlton SWIB15: Semantic Web in Libraries Why are annotations

465 views • 17 slides
Security Automation and Optimization using HP-NA Florian Ecard SNE master student Supervisor:

Security Automation and Optimization using HP-NA Florian Ecard SNE master student Supervisor:

Security Automation and Optimization using HP-NA Florian Ecard SNE master student Supervisor: Olivier Willm 4 th February 2015 Security Automation and Optimization using HP-NA - What is HP Network Automation? - What were the objectives with

483 views • 13 slides
CrowdTruth Metrics for Capturing Ambiguity Interlinking Workers, Annotations and Input Data

CrowdTruth Metrics for Capturing Ambiguity Interlinking Workers, Annotations and Input Data

CrowdTruth Metrics for Capturing Ambiguity Interlinking Workers, Annotations and Input Data Traditional Humans provide annotations establishing the ground Human truth = the correct output for each example (the gold standard ) Annotation

317 views • 10 slides
Poselets: Body Part Detectors Trained Using 3D Human Pose Annotations Lubomir Bourdev and

Poselets: Body Part Detectors Trained Using 3D Human Pose Annotations Lubomir Bourdev and

Poselets: Body Part Detectors Trained Using 3D Human Pose Annotations Lubomir Bourdev and Jitendra Malik Experiments Presented by Randall Smith Friday, November 2, 12 1 Outline Introduction Dataset Overview Annotations

733 views • 52 slides
Extending ensembldb : MySQL backend and protein annotations Johannes Rainer (EURAC research,

Extending ensembldb : MySQL backend and protein annotations Johannes Rainer (EURAC research,

Extending ensembldb : MySQL backend and protein annotations Johannes Rainer (EURAC research, Italy), Sebastian Gibb, Laurent Gatto (CPU Cambridge, UK) December 7, 2016 Introduction ensembldb : retrieve gene &amp; transcript annotations.

389 views • 16 slides
Game Theory: Lecture #8 Outline: Individual Optimization Security Strategies Optimization

Game Theory: Lecture #8 Outline: Individual Optimization Security Strategies Optimization

Game Theory: Lecture #8 Outline: Individual Optimization Security Strategies Optimization and Strategy Previous focus: Given individual preferences, compute group preference? Given individual preferences, compute satisfactory

343 views • 9 slides
Using null type annotations in practice Till Brychcy, Mercateo EclipseCon Europe, 2017 What

Using null type annotations in practice Till Brychcy, Mercateo EclipseCon Europe, 2017 What

Using null type annotations in practice Till Brychcy, Mercateo EclipseCon Europe, 2017 What they are, why and when to use them @Nullable vs. java.util.Optional Configuration choices Switching from declaration annotations to type

859 views • 34 slides
MID-YEAR MOBILITY DATA 1 PURPOSE The following slides are a compilation of the mid-year

MID-YEAR MOBILITY DATA 1 PURPOSE The following slides are a compilation of the mid-year

COMPILATION OF MID-YEAR MOBILITY DATA 1 PURPOSE The following slides are a compilation of the mid-year mobility data analysis presented at the Cross Sector Collaboration Task Force during the May 24 and June 28 meetings. This compilation has

485 views • 37 slides
Lexical Analysis Scanners, Regular expressions, and Automata cs4713 1 Phases of compilation

Lexical Analysis Scanners, Regular expressions, and Automata cs4713 1 Phases of compilation

Lexical Analysis Scanners, Regular expressions, and Automata cs4713 1 Phases of compilation Compilers Read input program optimization translate into machine code front end mid end back end Code Lexical

469 views • 36 slides
MC: Meta-level Compilation Extending the Process of Code Compilation with Application-Specific

MC: Meta-level Compilation Extending the Process of Code Compilation with Application-Specific

MC: Meta-level Compilation Extending the Process of Code Compilation with Application-Specific Information for the layman developer (code monkey) Gaurav S. Kc 8 th October, 2003 Gaurav S. Kc, 1 http://www.cs.columbia.edu/~gskc/ Outline

360 views • 13 slides

More recommend