cse 610 special topics system security attack and defense
play

CSE 610 Special Topics: System Security - Attack and Defense for - PowerPoint PPT Presentation

Aug 06, 2023 •97 likes •535 views

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Frnczk 408, North campus Time: Monday, 5:20 PM - 8:10 PM Todays Agenda 1. Cache side channel attack Speed Gap Between CPU and

  1. CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Frnczk 408, North campus Time: Monday, 5:20 PM - 8:10 PM

  2. Today’s Agenda 1. Cache side channel attack

  3. Speed Gap Between CPU and DRAM

  4. Memory Hierarchy A tradeoff between Speed, Cost and Capacity

  5. CPU Cache A cache is a small amount of fast, expensive memory (SRAM). The cache goes between the CPU and the main memory (DRAM). It keeps a copy of the most frequently used data from the main memory. All levels of caches are integrated onto the processor chip.

  6. Access Time Access Time in 2012 Cache Static RAM 0.5 - 2.5 ns Memory Dynamic RAM 50- 70 ns Secondary Flash 5,000 - 50,000 ns Magnetic disks 5,000,000 - 20,000,000 ns

  7. Cache Hits and Misses A cache hit occurs if the cache contains the data that we’re looking for. A cache miss occurs if the cache does not contain the requested data.

  8. Cache Hierarchy L1 Cache is closest to the CPU. Usually divided in Code and Data cache L2 and L3 cache are usually unified.

  9. Cache Hierarchy

  10. Cache Hierarchy

  12. Cache Line/Block The minimum unit of information that can be either present or not present in a cache. 64 bytes in modern Intel and ARM CPUs

  13. n -Way Set-Associative Cache Any given block/line in the main memory may be cached in any of the n cache lines in one cache set .

  14. n -Way Set-Associative Cache 31 13 12 6 5 0 Tag Set, Index Offset 32KB 4-way set-associative data cache, 64 bytes per line Number of sets = Cache Size / (Number of ways * Line size) = 32 * 1024 / (4 * 64) = 128

  15. n -Way Set-Associative Cache 31 13 12 6 5 0 Tag Set, Index Offset 32KB 4-way set-associative data cache, 64 bytes per line 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  16. n -Way Set-Associative Cache 31 13 12 6 5 0 Tag Set, Index Offset 32KB 4-way set-associative data cache, 64 bytes per line 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  17. n -Way Set-Associative Cache 31 13 12 6 5 0 Tag Set, Index Offset 32KB 4-way set-associative data cache, 64 bytes per line 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  18. n -Way Set-Associative Cache 31 13 12 6 5 0 Tag Set, Index Offset 32KB 4-way set-associative data cache, 64 bytes per line 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  19. n -Way Set-Associative Cache 31 13 12 6 5 0 Tag Set, Index Offset 32KB 4-way set-associative data cache, 64 bytes per line 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  20. n -Way Set-Associative Cache 31 13 12 6 5 0 Tag Set, Index Offset 32KB 4-way set-associative data cache, 64 bytes per line 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  21. Cache Line/Block Content 31 13 12 6 5 0 Tag Set, Index Offset 32KB 4-way set-associative data cache, 64 bytes per line 0 0 0 0 V Tag Data D ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  22. Congruent Addresses Each memory address maps to one of these cache sets. Memory addresses that map to the same cache set are called congruent . Congruent addresses compete for cache lines within the same set, where replacement policy needs to decide which line will be replaced.

  23. Replacement Algorithm Least recently used (LRU) First in first out (FIFO) Least frequently used (LFU) Random

  24. Cache Side-Channel Attacks Cache side-channel attacks utilize time differences between a cache hit and a cache miss to infer whether specific code/data has been accessed.

  25. Cache Side-Channel Attack 0x2FFC 0x00000000 r0 0x3000 ; Assume r0 = 0x3000 0x3000 0x00000001 r1 ? ; Load a word: 0x3004 0x00000002 Registers LDR r1, [r0] Memory

  26. Cache Side-Channel Attack 0x2FFC 0x00000000 r0 0x3000 ; Assume r0 = 0x3000 0x3000 0x00000001 r1 0x0001 ; Load a word: 0x3004 0x00000002 Registers LDR r1, [r0] Memory

  27. Cache Side-Channel Attack 0x2FFC 0x00000000 r0 0x3000 ; Assume r0 = 0x3000 0x3000 0x00000001 r1 ? ; Load a word: 0x3004 0x00000002 Registers LDR r1, [r0] Memory Way 0 Way 1 ... Cache

  28. Cache Side-Channel Attack 0x2FFC 0x00000000 r0 0x3000 ; Assume r0 = 0x3000 0x3000 0x00000001 r1 0x0001 ; Load a word: 0x3004 0x00000002 Registers LDR r1, [r0] Memory Way 0 Way 1 ... Cache

  29. Cache Side-Channel Attack 0x2FFC 0x00000000 r0 0x3000 ; Assume r0 = 0x3000 0x3000 0x00000001 r1 0x0001 ; Load a word: 0x3004 0x00000002 Registers LDR r1, [r0] Memory Way 0 Way 1 ... Cache

  30. Cache Side-Channel Attack 0x2FFC 0x00000000 r0 0x3000 ; Assume r0 = 0x3000 0x3000 0x00000001 r1 0x0001 ; Load a word: 0x3004 0x00000002 Registers LDR r1, [r0] Memory Way 0 Way 1 ... Cache

  31. Cache Side-Channel Attack 0x2FFC 0x00000000 r0 0x3000 ; Assume r0 = 0x3000 0x3000 0x00000001 r1 0x0001 ; Load a word: 0x3004 0x00000002 Registers ;Get current time t1 Memory LDR r1, [r0] Way 0 Way 1 ... ;Get current time t2; t2 - t1 Cache

  32. Attack Primitives Evict+Time Prime+Probe Flush+Flush Flush+Reload Evict+Reload

  33. Moritz Lipp, Cache Attacks on ARM, Graz University Of Technology

  34. Prime+Probe Step 1 Prime: Attacker occupies a set Attacker Address Space Victim Address Space 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  35. Prime+Probe Step 1 Prime: Attacker occupies a set Attacker Address Space Victim Address Space 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  36. Prime+Probe Step 2: Victim runs Attacker Address Space Victim Address Space 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  37. Prime+Probe Step 3 Probe: Attacker accesses memory again and measures the time Attacker Address Space Victim Address Space 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  38. Flush+Reload A memory block is cached Attacker Address Space Victim Address Space 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  39. Flush+Reload Step 1 Flush: Attacker flushes this memory block out of cache Attacker Address Space Victim Address Space 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  40. Flush+Reload Step 2 Reload: Victim may / may not access that block again Attacker Address Space Victim Address Space 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

  41. Flush+Reload Step 3 Probe: Attacker accesses that block again and measure Attacker Address Space Victim Address Space 0 0 0 0 ... ... ... ... 127 127 127 127 Way 0 Way 1 Way 2 Way 3

Recommend

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Frnczk 408, North campus Time: Monday, 5:20 PM - 8:10 PM Last Class 1. Defenses a. Direct defense b. Stack Cookie; Canary -

713 views • 26 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Frnczk 408, North campus Time: Monday, 5:20 PM - 8:10 PM Last Class 1. Defenses a. Address Space Layout Randomization (ASLR)

872 views • 19 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Online Time: Monday, 5:20 PM - 8:10 PM First off, Logistics! Turn on camera if possible Classes are recorded and released

1.42k views • 116 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Frnczk 408, North campus Time: Monday, 5:20 PM - 8:10 PM Announcements 1. Final Exam : 12/14 2020 7:15PM-10:15PM. Same format as

483 views • 15 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Online Time: Monday, 5:20 PM - 8:10 PM Last Class 1. Stack-based buffer overflow-1 a. Brief history of buffer overflow b.

873 views • 73 slides
Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense

Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense

Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense Prevention DOS/DDoS Types Vulnerability attack Flooding attack DoS vs DDoS DoS: Attack is launched from single host Less

614 views • 26 slides
ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack & GOT Overwrite Attack Dr. Si Chen (schen@wcupa.edu) Review Page 2 ret2libc Attack Page 3 libc C standard library Provides

662 views • 36 slides
Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

www.securing.pl Pawel Rzepa Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in - Pentesting - Cloud security assessment Blog: https://medium.com/@rzepsky @Rzepsky

1.1k views • 63 slides
Attacking JAVA Serialized Communication Manish S. Saindane Who am I ? Security Researcher

Attacking JAVA Serialized Communication Manish S. Saindane Who am I ? Security Researcher

ATTACK & & ATTACK labs DEFENSE DEFENSE Attacking JAVA Serialized Communication Manish S. Saindane Who am I ? Security Researcher Working as a Lead Applica8on Security Specialist for an interna8onal so:ware development and

577 views • 28 slides
Preview question Which of these defense techniques would completely prevent a ROP attack from

Preview question Which of these defense techniques would completely prevent a ROP attack from

Preview question Which of these defense techniques would completely prevent a ROP attack from returning from an intended CSci 5271 return instruction to an unintended gadget? Introduction to Computer Security A. ASLR Day 6: Low-level defenses

125 views • 9 slides
Exploit Development 101 ATTACK & DEFENSE HISTORY OF WINDOWS BUFFER OVERFLOW Peter Chi

Exploit Development 101 ATTACK & DEFENSE HISTORY OF WINDOWS BUFFER OVERFLOW Peter Chi

Exploit Development 101 ATTACK & DEFENSE HISTORY OF WINDOWS BUFFER OVERFLOW Peter Chi chiwp@tw.ibm.com 2020/08/11 About Me IBM CDL Software Engineer Columbia Univ. Master of Science Computer Security Track OSCP / OSCE / eWPT /

1.11k views • 22 slides
Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine Learning in Real-World Computer Vision Systems Long Beach, CA, USA 1 Outline Background and Motivation Project-based Defense Mechanism

761 views • 72 slides
Web security With material from Dave Levin, Mike Hicks, Lujo Bauer Previously Attack and

Web security With material from Dave Levin, Mike Hicks, Lujo Bauer Previously Attack and

Web security With material from Dave Levin, Mike Hicks, Lujo Bauer Previously Attack and defense at host machines Applications written in C and C++ Violations of memory safety Web security now Attacking web services

830 views • 37 slides
CMPSC 497 Special Topics: Software Security Trent Jaeger Systems and Internet

CMPSC 497 Special Topics: Software Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Special Topics: Software Security Trent Jaeger

745 views • 27 slides
Protection and Security Threat is potential security violation Attack is attempt to breach

Protection and Security Threat is potential security violation Attack is attempt to breach

CSC 4103 - Operating Systems The Security Problem Spring 2007 Security must consider external environment of the system, and protect the system resources Lecture - XX Intruders (crackers) attempt to breach security Protection and

195 views • 4 slides
Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu -

Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu -

Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu - peteresnyder.com Surveillance Defense 1. Good Practices 2. System / PC Security 3. Mobile Security 4. Browser Security 5. Secure Networking Tools

443 views • 27 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Special Topics in Cryptography Mohammad Mahmoody Last time How to combine CPA security +

Special Topics in Cryptography Mohammad Mahmoody Last time How to combine CPA security +

Special Topics in Cryptography Mohammad Mahmoody Last time How to combine CPA security + MACS: Security against active attacks CCA secure private-key encryption Today Public-key encryption and key-agreement RSA (PKE) and

358 views • 14 slides
Security & Compliance Thursday, September 4 2014 What is a security breach/attack? A

Security & Compliance Thursday, September 4 2014 What is a security breach/attack? A

Security & Compliance Thursday, September 4 2014 What is a security breach/attack? A security breach/attack is defined as an event in which a corporations network is compromised or an individuals name plus Social Security Name (SSN),

890 views • 12 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
Attacking with HTML5 Lavakumar Kuppan Who am I ? Web Security Researcher of Attack and

Attacking with HTML5 Lavakumar Kuppan Who am I ? Web Security Researcher of Attack and

A TTACK TTACK & D EFENSE EFENSE labs Attacking with HTML5 Lavakumar Kuppan Who am I ? Web Security Researcher of Attack and Defense Labs, www.andlabs.org Penetration Tester @ really big bank Author of Imposter & Shell

872 views • 58 slides
Bro 2.0 and Beyond Network Attack Detection and Defense Early Warning Systems Schloss Dagstuhl,

Bro 2.0 and Beyond Network Attack Detection and Defense Early Warning Systems Schloss Dagstuhl,

The Bro Network Security Monitor Bro 2.0 and Beyond Network Attack Detection and Defense Early Warning Systems Schloss Dagstuhl, 2012 Dagstuhl 2012 2 Outline Bro Introduction Much different from the typical IDS you may know Hot off

742 views • 63 slides
Defense Security Service Defense Security Service Cybersecurity Operations Division

Defense Security Service Defense Security Service Cybersecurity Operations Division

UNCLASSIFIED//FOUO Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED//FOUO UNCLASSIFIED Defense Security Service DSS Mission Capability DSS Supports national security and

490 views • 33 slides
17-654: Analysis of Software Systems Spring 2005 4/21/2005 Topics Timing attack

17-654: Analysis of Software Systems Spring 2005 4/21/2005 Topics Timing attack

17-654: Analysis of Software Systems Spring 2005 4/21/2005 Topics Timing attack Algorithms leak information Nice example of practice trumping theoretical security Hardening algorithms: randomization Privilege separation

1.11k views • 69 slides

More recommend