complete information flow tracking from gates up
play

Complete Information Flow Tracking from Gates Up Mohit Tiwari, Xun - PowerPoint PPT Presentation

Mar 27, 2023 •363 likes •1.43k views

Complete Information Flow Tracking from Gates Up Mohit Tiwari, Xun Li, Hassan M G Wassel, Frederic T Chong, Timothy Sherwood Presented by Mengjia Yan Based on slides from Mohit Tiwari Goal: Non-Interference High Low Low system Sink

  1. Analysis Technique: GLIFT a a b b t t Conservative. If one of a and b is tainted, the output is tainted. o o t AND Shadow AND for labels

  2. Motivation: Require Precise Information Flow 010101… D Q reset clock • Conventional OR-ing of labels monotonic

  3. Motivation: Require Precise Information Flow 010101… D Q reset clock • Conventional OR-ing of labels monotonic

  4. Motivation: Require Precise Information Flow 010101… D Q reset clock • Conventional OR-ing of labels monotonic

  5. Motivation: Require Precise Information Flow 010101… D Q reset clock • Conventional OR-ing of labels monotonic

  6. Motivation: Require Precise Information Flow 010101… D Q reset clock • Conventional OR-ing of labels monotonic

  7. Motivation: Require Precise Information Flow 010101… D Q reset clock • Conventional OR-ing of labels monotonic

  8. Precise Information Flow: AND Gate untainted tainted a b o 0 0 0 0 0 a b o 0

  9. Precise Information Flow: AND Gate untainted tainted a b o 0 1 0 0 0 a b 0 1 0 o 0

  10. Precise Information Flow: AND Gate untainted tainted a b o 0 1 0 0 0 When a=0, b can not affect a b 0 1 0 the value of the output. à no-interference o 0

  11. Precise Information Flow: AND Gate untainted tainted a b o 0 1 0 0 0 When a=0, b can not affect a b 0 1 0 the value of the output. 1 0 0 à no-interference 1 1 1 o 0 0 0 0 0 0 1

  12. Precise Information Flow: AND Gate untainted tainted a b o 0 1 0 0 0 When a=0, b can not affect a b 0 1 0 the value of the output. 1 0 0 à no-interference 1 1 1 o 0 0 0 0 0 0 1 Use both inputs and input labels

  13. Analysis Technique: GLIFT a b t b a t a a b b t t o o t o t

  14. Sound Composition of Shadow Logic a b s t1 t2 o

  15. Sound Composition of Shadow Logic s s a t b t s a s b t t t1 t2 o t

  16. MUX: Gatekeeper of trust b a b a a b s * 1 0 s s o o o

  17. MUX: Gatekeeper of trust b a b a a b s * 1 0 s s o o o

  18. MUX: Gatekeeper of trust b a b a a b s * 1 0 s s o o o

  19. Implicit Information Flows: Taint Explosion +4 PC jump target is jump? Instr Mem R2 Reg File through R1 decode

  20. Implicit Information Flows: Taint Explosion if (secret==1) +4 out = 1 PC tmp = 5 jump target is jump? Instr Mem R2 Reg File through R1 decode

  21. Implicit Information Flows: Taint Explosion if (secret==1) +4 out = 1 PC tmp = 5 jump target is jump? Instr Mem R2 Reg File through R1 decode

  22. Implicit Information Flows: Taint Explosion if (secret==1) +4 out = 1 PC PC tmp = 5 jump target is jump? Instr Mem R2 Reg File through R1 decode Conditional execution taints critical state (PC)

  23. Implicit Information Flows: Taint Explosion if (secret==1) +4 out = 1 PC PC tmp = 5 jump target is jump? Instr Mem R2 Reg File through R1 decode Conditional execution taints critical state (PC)

  24. Implicit Information Flows: Taint Explosion if (secret==1) +4 out = 1 PC PC tmp = 5 jump target is jump? Instr Mem R2 Reg File through R1 decode Conditional execution taints critical state (PC)

  25. Implicit Information Flows: Taint Explosion if (secret==1) +4 out = 1 PC PC tmp = 5 jump target is jump? Instr Mem R2 Reg File through R1 decode Conditional execution taints critical state (PC)

  26. Implicit Information Flows: Taint Explosion if (secret==1) +4 out out = 1 PC PC tmp tmp = 5 jump target is jump? Instr Mem R2 Reg File through R1 decode Conditional execution taints critical state (PC)

  27. Convert Implicit Flow to Explicit Flow if (secret==1) out = 1 +4 tmp = 5 PC jump target is jump? P0 = secret Instr Mem (P0) out = 1 tmp = 5 R2 Reg File through R1 decode 6.888 Fall 2020 22

  28. Convert Implicit Flow to Explicit Flow if (secret==1) out = 1 +4 tmp = 5 PC jump target is jump? P0 = secret Instr Mem (P0) out = 1 tmp = 5 R2 Reg File through R1 decode 6.888 Fall 2020 22

  29. Convert Implicit Flow to Explicit Flow if (secret==1) out = 1 +4 tmp = 5 PC jump target is jump? P0 = secret Instr Mem (P0) out = 1 P0 tmp = 5 R2 Reg File through R1 decode 6.888 Fall 2020 22

  30. Convert Implicit Flow to Explicit Flow if (secret==1) out = 1 +4 tmp = 5 PC jump target is jump? P0 = secret Instr Mem (P0) out = 1 P0 tmp = 5 R2 Reg out File through R1 decode 6.888 Fall 2020 22

  31. Convert Implicit Flow to Explicit Flow if (secret==1) out = 1 +4 tmp = 5 PC jump target is jump? P0 = secret P0 = secret Instr Mem (P0) out = 1 (P0) out = 1 P0 tmp = 5 tmp = 5 R2 Reg out File through R1 decode 6.888 Fall 2020 22

  32. Convert Implicit Flow to Explicit Flow if (secret==1) out = 1 +4 tmp = 5 PC jump target is jump? P0 = secret Instr Mem (P0) out = 1 5 P0 tmp = 5 R2 Reg out File through R1 decode 6.888 Fall 2020 23

  33. Convert Implicit Flow to Explicit Flow if (secret==1) out = 1 +4 tmp = 5 PC jump target is jump? P0 = secret Instr Mem (P0) out = 1 5 P0 tmp = 5 R2 Reg out File through R1 decode 6.888 Fall 2020 23

  34. Convert Implicit Flow to Explicit Flow if (secret==1) out = 1 +4 tmp = 5 PC jump target is jump? P0 = secret Instr Mem (P0) out = 1 5 P0 tmp = 5 R2 Reg out File tmp through R1 decode 6.888 Fall 2020 23

  35. Convert Implicit Flow to Explicit Flow if (secret==1) out = 1 +4 tmp = 5 PC jump target is jump? P0 = secret P0 = secret Instr Mem (P0) out = 1 (P0) out = 1 5 P0 tmp = 5 tmp = 5 R2 Reg out File tmp through R1 decode 6.888 Fall 2020 23

  36. Similar Mechanisms for Loop/Load/Store • Variable length loops à fixed size loops (bounding) • Indirect loads/stores à Direct loads/stores 6.888 Fall 2020 24

  37. Similar Mechanisms for Loop/Load/Store • Variable length loops à fixed size loops (bounding) • Indirect loads/stores à Direct loads/stores - Harder to program and inefficient + Verifiable system 6.888 Fall 2020 24

  38. Similar Mechanisms for Loop/Load/Store • Variable length loops à fixed size loops (bounding) • Indirect loads/stores à Direct loads/stores - Harder to program and inefficient + Verifiable system • Recommend to read their follow-on work: • Execution Leases: A Hardware-Supported Mechanism for Enforcing Strong Non-Interference ; Tiwari et al.; MICRO’09 6.888 Fall 2020 24

  39. Evaluation + Security - Area overhead/Power consumption - Performance overhead - Programmability 6.888 Fall 2020 25

  40. Evaluation + Security - Area overhead/Power consumption - Performance overhead - Programmability Appropriate use cases: • When critical or sensitive operations need to be performed, a co-processor augmented with these abilities could be an attractive option. 6.888 Fall 2020 25

  41. Discussion Questions

  42. Discussion Questions on Taint Tracking • Who designates an input as untrusted/trusted? Where in the architecture/implementation does an input first get marked as untrustworthy? 6.888 Fall 2020 27

  43. Discussion Questions on Taint Tracking • Who designates an input as untrusted/trusted? Where in the architecture/implementation does an input first get marked as untrustworthy? • Can/should there be a method of promoting data from untrusted to trusted? (from High to Low) 6.888 Fall 2020 27

  44. Discussion Questions on Taint Tracking • Who designates an input as untrusted/trusted? Where in the architecture/implementation does an input first get marked as untrustworthy? • Can/should there be a method of promoting data from untrusted to trusted? (from High to Low) • How does the GLIFT method handle optimizations such as out-of-order execution, speculation etc? Will the proposed architecture be able to detect covert and side channel attacks such as Meltdown and Spectre? 6.888 Fall 2020 27

  45. Example MLS System Example Satellite Application. [Tzvetan Metodi, Aerospace Corp.] Interrupt Handlers (Non-sensitive) Command Kernel and Time I/O Mission Mission Crypto Telemetry Diagnostics Keeping Secret Secret Unclass. Interface

  46. Example MLS System Example Satellite Application. [Tzvetan Metodi, Aerospace Corp.] Interrupt Handlers (Non-sensitive) Command Kernel and Time I/O Mission Mission Crypto Telemetry Diagnostics Keeping Secret Secret Unclass. Interface Primary Execution Schedule Execution Time Note: Since this is not a real schedule, the processes are not in any sensible execution order

  47. Example MLS System Example Satellite Application. [Tzvetan Metodi, Aerospace Corp.] Interrupt Handlers (Sensitive) Interrupt Handlers (Non-sensitive) Command Kernel and Time I/O Mission Mission Crypto Telemetry Diagnostics Keeping Secret Secret Unclass. Interface Primary Execution Schedule Execution Time Note: Since this is not a real schedule, the processes are not in any sensible execution order

  48. Example MLS System Example Satellite Application. [Tzvetan Metodi, Aerospace Corp.] Interrupt Handlers (Sensitive) Interrupt Handlers (Non-sensitive) Command Kernel and Time I/O Mission Mission Crypto Telemetry Diagnostics Keeping Secret Secret Unclass. Interface Primary Execution Schedule Execution Time Note: Since this is not a real schedule, the processes are not in any sensible execution order Non-sensitive Sensitive

  49. Example: Satellite System

  50. Example: Satellite System Untrusted & Secret Trusted & Secret Untrusted & Unclassified Trusted & Unclassified

  51. Example: Satellite System Untrusted & Secret Trusted & Secret Untrusted & Unclassified Trusted & Unclassified Kernel, Interrupt Handlers (Unclassified), Time Keeping Programs

  52. Example: Satellite System Untrusted & Secret Trusted & Secret Untrusted & Unclassified Diagnostics, Telemetry Interfaces Trusted & Unclassified Kernel, Interrupt Handlers (Unclassified), Time Keeping Programs

  53. Example: Satellite System Untrusted & Secret Trusted & Secret Untrusted & Unclassified Custom code on Secret data Diagnostics, Telemetry Interfaces Trusted & Unclassified Kernel, Interrupt Handlers (Unclassified), Time Keeping Programs

  54. Example: Satellite System Untrusted & Secret Libraries (e.g. encryption) that operate on Secret data Trusted & Secret Untrusted & Unclassified Custom code on Secret data Diagnostics, Telemetry Interfaces Trusted & Unclassified Kernel, Interrupt Handlers (Unclassified), Time Keeping Programs

  55. Discussion Questions on Use Cases • One specific use case: What if we needed to load in a new firmware blob to compute a new function. Could we send it in encrypted and have a way of validating and then trusting it? 6.888 Fall 2020 30

  56. Discussion Questions on Use Cases • One specific use case: What if we needed to load in a new firmware blob to compute a new function. Could we send it in encrypted and have a way of validating and then trusting it? • In the end, it seems the ISA is the secure step, and the trust bits are just useful in validating the design. (Does the restricted ISA make program secure against side channels?) 6.888 Fall 2020 30

  57. Discussion Questions on Use Cases • One specific use case: What if we needed to load in a new firmware blob to compute a new function. Could we send it in encrypted and have a way of validating and then trusting it? • In the end, it seems the ISA is the secure step, and the trust bits are just useful in validating the design. (Does the restricted ISA make program secure against side channels?) • This kind of processor would be a pain to program. If most applications on it are small, important kernels, such as AES, would it not be better to produce a specially tuned ASIC/IP core? 6.888 Fall 2020 30

  58. Discussion Questions on Use Cases • One specific use case: What if we needed to load in a new firmware blob to compute a new function. Could we send it in encrypted and have a way of validating and then trusting it? • In the end, it seems the ISA is the secure step, and the trust bits are just useful in validating the design. (Does the restricted ISA make program secure against side channels?) • This kind of processor would be a pain to program. If most applications on it are small, important kernels, such as AES, would it not be better to produce a specially tuned ASIC/IP core? • Are there any programs or algorithms that are rendered impossible (or extremely difficult) to write as a result of the limitations that they've placed on loops? 6.888 Fall 2020 30

  59. Discussion Questions on Future Work • Rather than implementing a CPU with this restricted ISA, since this is used only for edge case computation, could an FPGA-based enclave in a traditional CPU be used with this ISA instead as a cost-effective implementation? 6.888 Fall 2020 31

  60. Discussion Questions on Future Work • Rather than implementing a CPU with this restricted ISA, since this is used only for edge case computation, could an FPGA-based enclave in a traditional CPU be used with this ISA instead as a cost-effective implementation? • Rather than apply the concept of gate level flow tracking to the ISA, I envision further work that could apply the same concepts to FPGA tooling. 6.888 Fall 2020 31

Recommend

Complete Information Flow Tracking from Gates Up Mohit Tiwari, Xun Li, Hassan M G Wassel,

Complete Information Flow Tracking from Gates Up Mohit Tiwari, Xun Li, Hassan M G Wassel,

Complete Information Flow Tracking from Gates Up Mohit Tiwari, Xun Li, Hassan M G Wassel, Frederic T Chong, Timothy Sherwood Presented by Mengjia Yan Based on slides from Mohit Tiwari Goal: Non-Interference Non-Interference: a change in a

604 views • 32 slides
Last Week Logic gates are built out of transistors There are many different logic gates

Last Week Logic gates are built out of transistors There are many different logic gates

10/26/2009 Last Week Logic gates are built out of transistors There are many different logic gates NAND is functionally complete Digital circuits process data using gates Half and full adder 1 10/26/2009 This week

762 views • 37 slides
Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site

Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site

Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks Matthew Van Gundy and Hao Chen University of California, Davis 16th Annual Network & Distributed System Security Symposium

1.08k views • 80 slides
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones William Enck Peter Gilbert Byung-Gon Chun Landon P. Cox Jaeyeon Jung Patrick McDaniel Anmol N. Sheth Presentation by Krzysztof Pawlowski

447 views • 30 slides
RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking Y.

RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking Y.

RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking Y. Ji, S. Lee, E. Downing, et.al. CCS17 Presented by: Mohammad A. Noureddine CS563 Fall 2018 No Shortage of Recent Breaches! 1 Investigating

804 views • 28 slides
PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators Luca

PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators Luca

ACM/IEEE CODES+ISSS 2018, Turin, Italy PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators Luca Piccolboni, Giuseppe Di Guglielmo and Luca P. Carloni Columbia University, NY, USA Systems-on-Chip (SoCs) Are

851 views • 50 slides
Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan , Michael

Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan , Michael

Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan , Michael Dalton, Christos Kozyrakis Computer Systems Laboratory Stanford University Motivation Dynamic analysis help better understand SW behavior

350 views • 24 slides
Information Flow Tracking Andrei Sabelfeld Chalmers https://www.cse.chalmers.se/~andrei EWSCS

Information Flow Tracking Andrei Sabelfeld Chalmers https://www.cse.chalmers.se/~andrei EWSCS

Information Flow Tracking Andrei Sabelfeld Chalmers https://www.cse.chalmers.se/~andrei EWSCS 2019 Language c ::= skip | x:=exp | c;c | if exp then c else c | while exp do c 2 Explicit flows high (secret) l:=h insecure low (public)

555 views • 27 slides
Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete

Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete

EUropean Best Information through Regional Outcomes in Diabetes Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete and accurate data for Public Health in Europe? The case of BIRO/EUBIROD Diabetes

325 views • 20 slides
Building Hardware Systems for Information Flow Tracking Hari Kannan Computer Systems Laboratory

Building Hardware Systems for Information Flow Tracking Hari Kannan Computer Systems Laboratory

Building Hardware Systems for Information Flow Tracking Hari Kannan Computer Systems Laboratory Stanford University The Computer Security Crisis More systems are online, vulnerable Banking, Power, Water, Government

673 views • 56 slides
1. The code that we have written is, as I pointed out already, a complete code that can be

1. The code that we have written is, as I pointed out already, a complete code that can be

1. The code that we have written is, as I pointed out already, a complete code that can be used to solve DNS of Multiphase Flows Simple Front Tracking real problems---or as real as the assumption of a two-dimensional flow allows for.

240 views • 10 slides
On-demand Inter-process Information Flow Tracking Yang Ji, Sangho Lee, Evan Downing, Weiren Wang,

On-demand Inter-process Information Flow Tracking Yang Ji, Sangho Lee, Evan Downing, Weiren Wang,

RAIN: Refinable Attack Investigation with On-demand Inter-process Information Flow Tracking Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, and Wenke Lee ACM CCS 2017 Oct 31, 2017 More and more

1.28k views • 88 slides
On-demand Inter-process Information Flow Tracking Yang Ji, Sangho Lee, Evan Downing, Weiren Wang,

On-demand Inter-process Information Flow Tracking Yang Ji, Sangho Lee, Evan Downing, Weiren Wang,

RAIN: Refinable Attack Investigation with On-demand Inter-process Information Flow Tracking Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, and Wenke Lee ACM CCS 2017 Oct 31, 2017 More and more

870 views • 27 slides
IntFlow: Integer Error Handling With Information Flow Tracking Marios Pomonis Theofilos Petsios

IntFlow: Integer Error Handling With Information Flow Tracking Marios Pomonis Theofilos Petsios

IntFlow: Integer Error Handling With Information Flow Tracking Marios Pomonis Theofilos Petsios Kangkook Jee Michalis Polychronakis Angelos D. Keromytis December 7, 2014 Columbia University mpomonis@cs.columbia.edu IntFlow Columbia

463 views • 32 slides
Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security: the big picture 3. Dimensions and principles of declassification 4. Dynamic vs. static security enforcement 5. Tracking information flow in web

641 views • 30 slides
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

1k views • 21 slides
May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples of information flow controls Android phone Firewalls Confinement Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide

487 views • 32 slides
Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic

Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic

Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic Information Flow Tracking Tracking G. Edward Suh Suh, , Jae Jae W. Lee, David W. Lee, David G. Edward Zhang, Srinivas Srinivas Devadas Devadas

547 views • 26 slides
Deep Tracking & Flow Instructor - Simon Lucey 16-623 - Designing Computer Vision Apps Today

Deep Tracking & Flow Instructor - Simon Lucey 16-623 - Designing Computer Vision Apps Today

Deep Tracking & Flow Instructor - Simon Lucey 16-623 - Designing Computer Vision Apps Today Deep Features Deep Tracking Deep Flow Primary Visual Cortex

980 views • 82 slides
Deep Tracking & Flow Instructor - Simon Lucey 16-423 - Designing Computer Vision Apps Today

Deep Tracking & Flow Instructor - Simon Lucey 16-423 - Designing Computer Vision Apps Today

Deep Tracking & Flow Instructor - Simon Lucey 16-423 - Designing Computer Vision Apps Today Deep Features Deep Tracking Deep Flow Primary Visual Cortex

1.18k views • 90 slides
Chapter 4 Programming Hardware Gates and Circuits Information 2-2 Chapter Goals Computers

Chapter 4 Programming Hardware Gates and Circuits Information 2-2 Chapter Goals Computers

2018/10/17 Communication Application Operating System Chapter 4 Programming Hardware Gates and Circuits Information 2-2 Chapter Goals Computers and Electricity Identify the basic gates and describe the Gate

317 views • 8 slides
Object Tracking Computer Vision Fall 2018 Columbia University Homework 5 Released last

Object Tracking Computer Vision Fall 2018 Columbia University Homework 5 Released last

Object Tracking Computer Vision Fall 2018 Columbia University Homework 5 Released last night Due November 26th Start it today no extensions! Optical Flow Optical flow field: assign a flow vector to each pixel Visualize:

656 views • 54 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
Computer Vision Aided Structural Identification: Feature Tracking Using Particle Tracking

Computer Vision Aided Structural Identification: Feature Tracking Using Particle Tracking

Computer Vision Aided Structural Identification: Feature Tracking Using Particle Tracking Velocimetry versus Optical Flow Yunus Emre Harmanci 1 , Zhilu Lai 1 , Utku Glan 2 , Markus Holzner 2 and Eleni Chatzi 1 1 Institute of Structural

469 views • 12 slides

More recommend