isolation
play

Isolation William Arthur , Sahil Madeka, Reetuparna Das, Todd Austin - PowerPoint PPT Presentation

Mar 27, 2024 •328 likes •654 views

Locking Down Insecure Indirection with Hardware-Based Control-Data Isolation William Arthur , Sahil Madeka, Reetuparna Das, Todd Austin MICRO, Waikiki, Hawaii, US December 7 th 2015 Goal of this work MAKE SOFTWARE MORE SECURE Reducing the

  1. Locking Down Insecure Indirection with Hardware-Based Control-Data Isolation William Arthur , Sahil Madeka, Reetuparna Das, Todd Austin MICRO, Waikiki, Hawaii, US December 7 th 2015

  2. Goal of this work MAKE SOFTWARE MORE SECURE Reducing the software attack surface by subtracting the root cause leading to many software exploits today Accomplished by locking down insecure indirection 2

  3. Locking Down Insecure Indirection (1) Every control transfer in executing application comes from the programmer: Every PC address encoded in instructions, OR Is derived from secure hardware structures Executing application always adheres to the programmer-defined control-flow graph Stopping control-flow attacks which derail the CFG 3

  4. Locking Down Insecure Indirection (2) Achieved by hardware-software co-design Software: Eliminate all indirect control-flow instructions – via Control-Data Isolation (CDI) [1] Hardware: Memoization of secure control transitions in secure hardware – via Indirect Edge Cache [1] Getting in Control of Your Control Flow with Control-Data Isolation , Arthur et al., CGO 2015 4

  5. Outline Software (in)security – Control-Flow Attack Software (in)security Hardware-Based Control-Data Isolation Hardware-Based Control-Data Isolation Measure performance and security Measure performance and security Conclusions Conclusions 5

  6. Control-Flow Attack Control-Flow Attacks violate, at runtime, the CFG of an application by corrupting the PC with user-injected data return ????? Buffer Overflow local variables, return Heap Spray attack value Return-to-libc code Code Gadgets Stack Smash buffer 6

  7. Outline Software (in)security Hardware-Based Control-Data Isolation Measure performance and security Conclusions 7

  8. Control-Data Isolation int bar() { int bar() { int bar() { // function code // function code // function code return; if ([%esp]==_ret1) } jump _ret1; return; Vulnerable Code else if ([%esp]==_ret2) } jump _ret1; ret Vulnerable Code else call _abort; } White-list of valid “ Sled ” of conditional branches CFG edges and direct jumps 9

  9. Hardware-Based CDI Software- only CDI (CGO ’15) retains higher than desired runtime overheads for some applications – 31% for gcc Key insight: Caching previously executed sled edges obviates subsequent re- executions of the sled Addition of hardware edge cache 11

  10. Hardware-Based CDI Algorithm Indirect Instruction Execute (*jmp, *call, ret) Instructions Hit? Check Edge Cache Cache for <source,target> <source,target> of taken branch pair Miss? Fall-through to sled , retain Taken branch <source> from sled 12

  11. Hardware-Based CDI Algorithm Indirect Instruction Execute (jmp, call, ret) Instructions Hit? Check Edge Cache Cache for <source,target> <source,target> of taken branch pair Miss? Fall-through to sled , retain Taken branch <source> from sled 13

  12. Hardware-Based CDI Algorithm Indirect Instruction Execute (*jmp, *call, ret) Instructions Hit? Check Edge Cache Cache for <source,target> <source,target> of taken branch pair Miss? Fall-through to sled, retain Taken branch <source> from sled 14

  13. Hardware-Based CDI Algorithm Indirect Instruction Execute (jmp, call, ret) Instructions Hit? Check Edge Cache Cache for <source,target> <source,target> of taken branch pair Miss? Fall-through to sled , retain Taken branch <source> from sled 15

  14. Hardware-Based CDI Algorithm Indirect Instruction Execute (jmp, call, ret) Instructions Hit? Check Edge Cache Cache for <source,target> <source,target> of taken branch pair Miss? Fall-through to sled , retain Taken branch <source> from sled 16

  15. Hardware-Based CDI Algorithm Indirect Instruction Execute (jmp, call, ret) Instructions Hit? Check Edge Cache Cache for <source,target> <source,target> of taken branch pair Miss? Fall-through to sled, retain Taken branch <source> from sled 17

  16. Hardware-Based CDI Algorithm Indirect Instruction Execute (jmp, call, ret) Instructions Hit? Check Edge Place Cache for <source,target> in the Edge <source,target> Cache pair Miss? Fall-through to sled, retain Taken branch <source> from sled 18

  17. Hardware-Based CDI Algorithm Indirect Instruction Execute (jmp, call, ret) Instructions Hit? Check Edge Cache Cache for <source,target> <source,target> of taken branch pair Miss? Fall-through to sled, retain Taken branch <source> from sled 19

  18. Hardware-Based CDI Algorithm Indirect Instruction Execute (*jmp, *call, ret) Instructions Hit? Check Edge Cache Cache for <source,target> <source,target> of taken branch pair Miss? Fall-through to sled, retain Taken branch <source> from sled 20

  19. Hardware-Based CDI Algorithm Indirect Instruction Execute (jmp, call, ret) Instructions Hit? Check Edge Cache Cache for <source,target> <source,target> of taken branch pair Miss? Fall-through to sled , retain Taken branch <source> from sled 21

  20. Edge Cache(1) New hardware structure – edge cache Memoization of most recent indirect edges 22

  21. Edge Cache(2) Fetch Edge Cache Squash, execute <src,target> sled Commit No = Retire Yes 23

  22. Edge Cache(2) PC BTB Fetch Target Edge Index Cache Squash, GHR execute <src,target> sled Commit No = Retire Yes 24

  23. Challenges Edge Cache Source Target U V Address Address tag, full address 128 + 2 bits per entry! 1k entries = 16 kB 26

  24. Region Table Edge Cache Source Target Region Region G G U V Addr. Offset Addr. Offset Pointer(S) Pointer(T) offset, 18 bits index, 5 bits 27

  25. Region Table Edge Cache Source Target Region Region G G U V Addr. Offset Addr. Offset Pointer(S) Pointer(T) Region Table Region Address G U V 28

  26. Region Table Edge Cache Source Target Region Region G G U V Addr. Offset Addr. Offset Pointer(S) Pointer(T) 50 bits per Region Table entry! Region Address G U V 1k entries 6.75 kB total Region Offset full address 29

  27. Outline Software (in)security Hardware-Based Control-Data Isolation Measure performance and security Conclusions 30

  28. Experimental Setup gem5 architectural simulator Detailed O3 cpu model, configured similar to Intel Haswell processor, x86-64 SPECINT 2000 & 2006 1,024-entry edge cache 4-way set associative 32-entry region table 31

  29. Speedup Over Native Execution 1.2 0.995 Hardware-Based CDI Software-Based CDI 1 0.8 0.84 0.6 0.4 0.2 0 Benchmark Applications Branch prediction – 6% speedup 400.perlbench vs BTB 32

  30. Security Average Indirect target Reduction – AIR [2] Measure of the reduction in the software attack surface 99.999%+ reduction in indirect target set Average of tens of targets per indirect Previous works : average of tens of thousands of targets per indirect instruction [2] Control Flow Integrity for COTS Binaries , Zhang and Sekar, USENIX Security 2013 33

  31. Conclusions Locking down insecure indirection can eliminate contemporary control-flow attacks Hardware-based control-data isolation efficiently realizes this capability Minimal runtime overhead – 0 . 5% 34

  32. Thank You Questions? 35

Recommend

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable Isolation Dan Ports Kevin Grittner MIT Wisconsin Court System Saturday, May 21, 2011 1 Overview Serializable isolation makes it easier to reason

922 views • 60 slides
ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating

ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating

ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating auxiliary isolation rooms (CDC) SCRUBBERS - 1 ea to serve patient room, and 1 for Airlock Typically deployed on supplied wheel platform

144 views • 3 slides
Virtual Machine Introspection Isolation Interpretation Interposition Isolation

Virtual Machine Introspection Isolation Interpretation Interposition Isolation

Virtual Machine Introspection Isolation Interpretation Interposition Isolation From in-guest kernel/userspace Provided by Xen Buggy emulation blurres the line From trusted computing base (TCB) Possible via Xen

286 views • 26 slides
2 Fault Isolation &amp; Restoration Manual Fault Isolation &amp; Restoration The

2 Fault Isolation &amp; Restoration Manual Fault Isolation &amp; Restoration The

1 Self Healing Network (Centralized Restoration Gateway) IEEE PES 2015 General Meeting 2 Fault Isolation &amp; Restoration Manual Fault Isolation &amp; Restoration The operator makes switching decisions Automatic Fault Location

724 views • 22 slides
GCC Highlighted Products GSure Gel Extraction kit GSure Soil DNA Isolation kit GSure Sputum DNA

GCC Highlighted Products GSure Gel Extraction kit GSure Soil DNA Isolation kit GSure Sputum DNA

GSure Bacterial genomic DNA isolation kit GCC Highlighted Products GSure Gel Extraction kit GSure Soil DNA Isolation kit GSure Sputum DNA Isolation Kit GSure Stool DNA Isolation Kit GSure Urine DNA Isolation Kit GSure Yeast RNA

455 views • 23 slides
Introduction to pixel track isolation The purpose of track isolation algorithm is an additional

Introduction to pixel track isolation The purpose of track isolation algorithm is an additional

Introduction to pixel track isolation The purpose of track isolation algorithm is an additional improvement of level-1 pixel trigger performance. Procedure of pixel track isolation Reconstructed pixel tracks using kinematic parameters

669 views • 27 slides
#KEEPTHECONVERSATIONGOING Sick pay and self isolation Day one right SSP for up to 14 days

#KEEPTHECONVERSATIONGOING Sick pay and self isolation Day one right SSP for up to 14 days

#KEEPTHECONVERSATIONGOING Sick pay and self isolation Day one right SSP for up to 14 days will be reimbursed Self isolation notes from online 111 Self isolation and pay Working from Home Everyone should be working

398 views • 12 slides
Using technology to reduce social isolation: research on dementia and social isolation Professor

Using technology to reduce social isolation: research on dementia and social isolation Professor

Using technology to reduce social isolation: research on dementia and social isolation Professor Josie Tetley Dr Emma-Reetta Koivunen Ageing and Long Term Conditions Group Faculty of Health, Psychology &amp; Social Care Manchester

338 views • 19 slides
456 457 458 The purpose of shallow trench isolation (STI) is to provide isolation between

456 457 458 The purpose of shallow trench isolation (STI) is to provide isolation between

In this module we would review a typical gate first, poly-Si gate CMOS process flow. 456 457 458 The purpose of shallow trench isolation (STI) is to provide isolation between individual devices in a CMSO chip. Typical process details and the

381 views • 8 slides
W E OFTEN THINK : Isolation is when others leave us alone ( and its often true) B UT WE TEND

W E OFTEN THINK : Isolation is when others leave us alone ( and its often true) B UT WE TEND

W HEN F EELINGS OF I SOLATION B ECOME A R OADBLOCK Joe &amp; Cindi Ferrini Joeferrini.com Cindiferrini.com W E OFTEN THINK : Isolation is when others leave us alone ( and its often true) B UT WE TEND TOWARD ISOLATION PULLING AWAY FROM :

723 views • 18 slides
ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Possibly with multiple tenants Setting OS: users / processes Browser: webpages / browser extensions Cloud: virtual machines (VMs)

272 views • 25 slides
Derandomizing Isolation in Space-Bounded Settings Dieter van Melkebeek and Gautam Prakriya

Derandomizing Isolation in Space-Bounded Settings Dieter van Melkebeek and Gautam Prakriya

Derandomizing Isolation in Space-Bounded Settings Dieter van Melkebeek and Gautam Prakriya University of Wisconsin-Madison 6 July 2017 Isolation Isolation Computational Problem : instance x set of solutions for x . Eg.:

876 views • 42 slides
Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and

Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and

Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and Communication Jinyu Gu , Xinyue Wu, Wentai Li, Nian Liu, Zeyu Mi, Yubin Xia, Haibo Chen Monolithic Kernel and Microkernel 2 Monolithic Kernel and

336 views • 23 slides
Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer

Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer

Isolation problem for Web Mashups Formal definition of Capability Safe languages Solving the Isolation problem using Capabilit Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer Science, Stanford

1.01k views • 43 slides
Language Based isolation of Untrusted JavaScript Ankur Taly Dept. of Computer Science, Stanford

Language Based isolation of Untrusted JavaScript Ankur Taly Dept. of Computer Science, Stanford

Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Language Based isolation of Untrusted JavaScript Ankur Taly Dept. of Computer Science, Stanford University Joint work

650 views • 46 slides
2019-20 DNA Biology New Products RNA Biology PROTEIN Biology MOLECULAR Biology Plant DNA

2019-20 DNA Biology New Products RNA Biology PROTEIN Biology MOLECULAR Biology Plant DNA

Catalogue 2019-20 DNA Biology New Products RNA Biology PROTEIN Biology MOLECULAR Biology Plant DNA Isolation kit OLIGO Synthesis Soil DNA isolation kit Fungal DNA isolation kit Blood RNA isolation kit G-SNAP in -gel protein visualization

1.71k views • 101 slides
FEAR OF SOCIAL ISOLATION Aman Pandya 11481 A modified version of social isolation experiment

FEAR OF SOCIAL ISOLATION Aman Pandya 11481 A modified version of social isolation experiment

FEAR OF SOCIAL ISOLATION Aman Pandya 11481 A modified version of social isolation experiment by Shoemaker, Breen and Stamper. Experiment mainly to test an assumption from the Spiral of Silence theory by Elisabeth Noelle-Neumann Spiral

464 views • 14 slides
Madeleine Elliott me8133@gmail.com Lonel onelines ess a and nd I Isolation A Survey of

Madeleine Elliott me8133@gmail.com Lonel onelines ess a and nd I Isolation A Survey of

Madeleine Elliott me8133@gmail.com Lonel onelines ess a and nd I Isolation A Survey of Initiatives to Combat Loneliness and Isolation in the North East Region Personal Risk Factors Sensory loss Loss of mobility Lower income

551 views • 18 slides
Loneliness and Social Isolation Select Committee Topics Defining social isolation and

Loneliness and Social Isolation Select Committee Topics Defining social isolation and

Loneliness and Social Isolation Select Committee Topics Defining social isolation and loneliness Understanding impact Understanding the extent of the issue Key challenges Overview of what KCC is doing Defining loneliness and

507 views • 34 slides
Improving HVM Domain Isolation and Performance Jun Nakajima - jun.nakajima@intel.com Daniel

Improving HVM Domain Isolation and Performance Jun Nakajima - jun.nakajima@intel.com Daniel

Improving HVM Domain Isolation and Performance Jun Nakajima - jun.nakajima@intel.com Daniel Stekloff dsteklof@us.ibm.com September 2006 Goals HVM Domain Isolation Move QEMU Device Model Out of Domain0 and Into Stub Domain Allow

263 views • 13 slides
CPI 2 : CPU performance isolation for shared compute clusters 1. Xiao Zhang 2. Eric Tune 3.

CPI 2 : CPU performance isolation for shared compute clusters 1. Xiao Zhang 2. Eric Tune 3.

CPI 2 : CPU performance isolation for shared compute clusters 1. Xiao Zhang 2. Eric Tune 3. Robert Hagmann 4. Rohit Jnagal 5. Vrigo Gokhale 6. John Wilkes Class Presentation : Siddhartha Biswas 1 Abstract: 1. Performance isolation is

803 views • 26 slides
Smart city, Seniors, and the Opportunities to Tackle Social Isolation Using Technologies Long

Smart city, Seniors, and the Opportunities to Tackle Social Isolation Using Technologies Long

Smart city, Seniors, and the Opportunities to Tackle Social Isolation Using Technologies Long Pham Social Isolation and Technology Conference Waterford 10th February 2017 1 Agenda Introduction CorkCitiEngage Measuring topics

601 views • 42 slides
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel and Suman Janna Some slides are from

1.03k views • 58 slides
Efficient Software-Based Fault Isolation Robert Wahbe Steven Lucco Thomas E. Anderson Susan L.

Efficient Software-Based Fault Isolation Robert Wahbe Steven Lucco Thomas E. Anderson Susan L.

Efficient Software-Based Fault Isolation Robert Wahbe Steven Lucco Thomas E. Anderson Susan L. Graham Presenter: Christopher Head Approaches to Isolation Address Spaces Software Isolation Control read/write Control read/write

455 views • 17 slides

More recommend