memory safety for low level software hardware interactions
play

Memory Safety for Low- Level Software/Hardware Interactions John - PowerPoint PPT Presentation

Mar 29, 2024 •26 likes •556 views

Memory Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray Vikram Adve Montreal or Bust! Memory Safety Future is Bright User-space memory safety is improving Safe languages SAFECode, CCured, Baggy

  1. Memory Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray Vikram Adve Montreal or Bust!

  2. Memory Safety Future is Bright  User-space memory safety is improving  Safe languages  SAFECode, CCured, Baggy bounds checking, Softbound, etc  Memory safety for operating systems exists!  Singularity (C#), SPIN (Modula-3)  Linux on Secure Virtual Architecture (C)

  3. A New Enemy Arises: Software/Hardware Interactions  What is a low-level software-hardware interaction?  Instruction that manipulates hardware resources  Below semantics of the programming language  Perfectly type-safe code ! But:  Can corrupt control-flow or data-flow  Examples:  Processor State  I/O Objects  MMU mappings

  4. Memory Safety: Processor State  Operating systems explicitly manage Processor State  Processor states saved in memory buffers  Type-safe stores can modify a saved processor state  Can subvert control/data-flow integrity P R1 R2 Pointer in OS R3 PC SP Memory

  5. Memory Safety: Processor State  Operating systems explicitly manage Processor State  Processor states saved in memory buffers  Type-safe stores can modify a saved processor state  Can subvert control/data-flow integrity P R1 R2 Pointer in OS R3 PC SP Memory

  6. Memory Safety: Processor State  Operating systems explicitly manage Processor State  Processor states saved in memory buffers  Type-safe stores can modify a saved processor state  Can subvert control/data-flow integrity Context Switch P R1 R1 R2 R2 Pointer in OS R3 R3 PC PC SP SP Memory CPU

  7. Memory Safety: I/O  I/O device memory and RAM in same address space  However, I/O memory is different  I/O memory incompatible with standard compiler analysis  I/O memory has side effects on hardware  Intel E1000E Bug on Linux 2.6  Invalid write on I/O memory  Damaged Intel E1000E Network Cards  Potential DoS Attack

  8. Memory Safety: MMU T1* P1  MMU can violate type Memory Pointers safety T2* P2 Virtual Physical Memory Memory

  9. Memory Safety: MMU T1* P1  MMU can violate type Memory Pointers safety T2* P2 Virtual Physical Memory Memory

  10. Memory Safety: MMU T1* P1  MMU can violate type Memory Pointers safety T2* P2 Virtual Physical Memory Memory  MMU can make kernel pages User accessible to user-space Kernel  BID9356, BID9686, BID18177 (www.securityfocus.com) Virtual Physical Memory Memory

  11. Memory Safety: MMU T1* P1  MMU can violate type Memory Pointers safety T2* P2 Virtual Physical Memory Memory  MMU can make kernel pages User accessible to user-space Kernel  BID9356, BID9686, BID18177 (www.securityfocus.com) Virtual Physical Memory Memory

  12. It’s Already Here!  Intel E1000E Bug  MMU exploits in Linux Need solutions before these attacks become more sophisticated and commonplace!

  13. SVA-OS: Memory Safety for Low- Level Software-Hardware Interactions  First system to provide comprehensive memory safety for low-level software/hardware interactions  Linux 2.4.22 on Secure Virtual Architecture (SVA)  Compiler analysis and runtime checks  Little overhead above and beyond traditional memory safety  Effective at preventing software/hardware exploits

  14. Outline  Motivation  High-level Solutions  Design of SVA-OS  Experimental Results  Future Work and Conclusions

  15. Foundations: What Do We Need?  System that provides traditional memory safety  SVA-OS will preserve memory safety  Examples  Type-safe languages, e.g. Singularity  Compiler techniques for commodity operating systems, e.g. Secure Virtual Architecture (SVA)

  16. Solution: Processor State  New instruction to save old state and restore new state  State saved in internal SVA-OS memory  State referenced by ID returned from VM  Policy left to OS  Scheduling, context switching, signal delivery ID1 ID2 ID3 Process 1: ID 1 R1 R1 R1 R2 R2 R2 Process 3: ID 2 PC PC PC SP SP SP Process 8: ID 3 OS SVA-OS Memory CPU Task Structures

  17. Solution: Memory Mapped I/O  New instruction to map I/O memory into address space  New instructions to load/store I/O objects  Add run-time checks to ensure that:  Regular load/stores access memory  I/O accesses access I/O memory P1 iostore (v, *p1); Memory Pointer P2 store (v, *p2); I/O Pointer

  18. Solution: Memory Mapped I/O  New instruction to map I/O memory into address space  New instructions to load/store I/O objects  Add run-time checks to ensure that:  Regular load/stores access memory  I/O accesses access I/O memory P1 iostore (v, *p1); Memory Pointer P2 store (v, *p2); I/O Pointer

  19. Solution: Memory Mapped I/O  New instruction to map I/O memory into address space  New instructions to load/store I/O objects  Add run-time checks to ensure that:  Regular load/stores access memory  I/O accesses access I/O memory P1 iostore (v, *p1); Memory Pointer P2 store (v, *p2); I/O Pointer

  20. Solution: MMU  Add run-time checks on MMU updates  Mapping kernel memory into user-space  Mapping data inconsistent with types  Same mechanism as VMMs  Finer-grain checks T1* P1 User Kernel T2* P2 Virtual Physical Virtual Physical Memory Memory Memory Memory

  21. Solution: MMU  Add run-time checks on MMU updates  Mapping kernel memory into user-space  Mapping data inconsistent with types  Same mechanism as VMMs  Finer-grain checks T1* P1 User Kernel T2* P2 Virtual Physical Virtual Physical Memory Memory Memory Memory

  22. Solution: MMU  Add run-time checks on MMU updates  Mapping kernel memory into user-space  Mapping data inconsistent with types  Same mechanism as VMMs  Finer-grain checks T1* P1 User Kernel T2* P2 Virtual Physical Virtual Physical Memory Memory Memory Memory

  23. Solution: MMU  Add run-time checks on MMU updates  Mapping kernel memory into user-space  Mapping data inconsistent with types  Same mechanism as VMMs  Finer-grain checks T1* P1 User Kernel T2* P2 Virtual Physical Virtual Physical Memory Memory Memory Memory

  24. Solution: MMU  Add run-time checks on MMU updates  Mapping kernel memory into user-space  Mapping data inconsistent with types  Same mechanism as VMMs  Finer-grain checks T1* P1 User Kernel T2* P2 Virtual Physical Virtual Physical Memory Memory Memory Memory

  25. Outline  Motivation  High-level Solutions  Design of SVA-OS  Experimental Results  Future Work and Conclusions

  26. Secure Virtual Architecture 1  Compiler-based virtual machine  Hosts a commodity OS (e.g., Linux)  Provides traditional memory safety guarantees (control-flow and data-flow integrity) OS Kernel OS Memory Allocator SVA ISA Safety Compiler Native Code Generator SVA Virtual Machine SVA Run-time Memory Safety Library Run-time Library Native ISA Hardware Hardware 1 Criswell et al. [SOSP 2007]

  27. From SVA to SVA-OS  Extend the SVA software/hardware interface  New instructions control software/hardware interactions  Enforce memory safety for low-level operations  Use static analysis when possible  Add run-time checks when necessary

  28. Solution: Processor State  Save old state and place new state in a single instruction  sva_swap_integer  Return opaque handle  Buffer saved in SVA-OS memory  Buffer released on sva_swap_integer call ID1 ID2 ID3 Process 1: ID 1 R1 R1 R1 R2 R2 R2 Process 3: ID 2 PC PC PC SP SP SP Process 8: ID 3 OS SVA-OS Memory CPU Task Structures

  29. Solution: Processor State  Save old state and place new state in a single instruction  sva_swap_integer  Return opaque handle  Buffer saved in SVA-OS memory  Buffer released on sva_swap_integer call ID1 ID2 Process 1: ID 1 R1 R1 R1 R2 R2 R2 Process 3: ID 2 PC PC PC SP SP SP Process 8: ID 3 OS SVA-OS Memory CPU Task Structures

  30. Solution: Memory Mapped I/O  Operating system uses a pseudo-allocator  Map I/O objects into virtual address space  New instructions for I/O reads and writes  sva_io_readb , sva_io_writeb  Compiler marks I/O memory as type-unknown  Load/store check on each access  Load/store checks on memory objects that alias

  31. Solution: MMU  VMM-like interface to declare and update MMU mappings  sva_declare_l1_page , sva_declare_l2_page  sva_update_l1_mapping , sva_update_l2_mapping  Runtime checks for typed memory  Pointer analysis in SVA segregates data by types  SVA-OS ensures this stays consistent  Run-time checks for dividing memory  SVA-OS memory and kernel memory  Kernel memory and user-space memory  I/O memory and regular kernel memory

  32. Linux 2.4 Port on SVA-OS  Less than 100 lines changes from original SVA Linux port  switch_to ➞ sva_swap_integer  readb ➞ sva_io_readb  set_pte ➞ sva_update_l1_mapping  pte_alloc_one ➞ sva_declare_l1_page  Compiler changes:  Allocation of I/O objects: ioremap

  33. Outline  Motivation  High-level Solutions  Design of SVA-OS  Experimental Results  Future Work and Conclusions

  34. Does It Work?  Tested two real world MMU exploits  BID9356, BID9686 on Linux 2.4  BID18177 exploit code not available  Injected errors into our Linux 2.4 port  New system calls  Studied the E1000E Intel Network bug  Paper study because only on Linux 2.6

Recommend

Lecture 3 Hardware and Software 3. Hardware and Softw are 4. High Level Languages 5.

Lecture 3 Hardware and Software 3. Hardware and Softw are 4. High Level Languages 5.

1. Introduction 2. Binary Representation Lecture 3 Hardware and Software 3. Hardware and Softw are 4. High Level Languages 5. Standard input and output Hardware has been defined as 6. Operators, expression and statem ents the

238 views • 3 slides
Shared Memory Multiprocessors Logical design and software interactions 1 Shared Memory

Shared Memory Multiprocessors Logical design and software interactions 1 Shared Memory

Shared Memory Multiprocessors Logical design and software interactions 1 Shared Memory Multiprocessors Symmetric Multiprocessors (SMPs) Symmetric access to all of main memory from any processor Dominate the server market Building blocks

1.33k views • 107 slides
The Memory Hierarchy 10/25/16 Transition First half of course: hardware focus How the

The Memory Hierarchy 10/25/16 Transition First half of course: hardware focus How the

The Memory Hierarchy 10/25/16 Transition First half of course: hardware focus How the hardware is constructed How the hardware works How to interact with hardware Second half: performance and software systems Memory

480 views • 35 slides
Cap5 - Shared Memory Multiprocessors Logical design and software interactions 1 Shared Memory

Cap5 - Shared Memory Multiprocessors Logical design and software interactions 1 Shared Memory

Adaptado dos slides da editora por Mario Crtes IC/Unicamp Cap5 - Shared Memory Multiprocessors Logical design and software interactions 1 Shared Memory Multiprocessors Symmetric Multiprocessors (SMPs) Symmetric access to all of main

1.5k views • 110 slides
Memory corruption: Why we cant have nice things Mathias Payer (@gannimo)

Memory corruption: Why we cant have nice things Mathias Payer (@gannimo)

Memory corruption: Why we cant have nice things Mathias Payer (@gannimo) http://hexhive.github.io Software is unsafe and insecure Low-level languages (C/C++) trade type safety and memory safety for performance Programmer responsible

602 views • 39 slides
COSMOS: Coordination of High-Level Synthesis and Memory Optimization for Hardware Accelerators

COSMOS: Coordination of High-Level Synthesis and Memory Optimization for Hardware Accelerators

ACM/IEEE CODES+ISSS 2017, Seoul, South Korea COSMOS: Coordination of High-Level Synthesis and Memory Optimization for Hardware Accelerators Luca Piccolboni, Paolo Mantovani, Giuseppe Di Guglielmo, Luca Carloni Columbia University, New York,

624 views • 61 slides
CheriABI Hardware enforced memory safety for FreeBSD Brooks Davis , Robert N. M. Watson,

CheriABI Hardware enforced memory safety for FreeBSD Brooks Davis , Robert N. M. Watson,

CheriABI Hardware enforced memory safety for FreeBSD Brooks Davis , Robert N. M. Watson, Alexander Richardson, Peter G. Neumann, Simon W. Moore, John Baldwin, David Chisnall, James Clarke, Nathaniel Wesley Filardo, Khilan Gudka, Alexandre

430 views • 29 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Software security Security is a form

2.11k views • 190 slides
Our Domain Level 1 BBBEE Contributor South African Designed and Manufactured RSE Software and

Our Domain Level 1 BBBEE Contributor South African Designed and Manufactured RSE Software and

Traffic Management Technologies Road Safety: An Operational Perspective Sean Heathcote VP Operations & Delivery - Africa Our Domain Level 1 BBBEE Contributor South African Designed and Manufactured RSE Software and Hardware

326 views • 17 slides
software and hardware for the Internet of Things. Choose hardware Design hardware Design

software and hardware for the Internet of Things. Choose hardware Design hardware Design

Zeidman Technologies has created a fundamentally new way to develop embedded software and hardware for the Internet of Things. Choose hardware Design hardware Design software Initial hardware choices determine Integrate functionality and

185 views • 15 slides
A Realistic Evaluation of Memory Hardware Errors and Software System Susceptibility Xin Li 1

A Realistic Evaluation of Memory Hardware Errors and Software System Susceptibility Xin Li 1

A Realistic Evaluation of Memory Hardware Errors and Software System Susceptibility Xin Li 1 Michael Huang 1 Kai Shen 2 Lingkun Chu 3 1 Department of Electrical and Computer Engineering University of Rochester 2 Department of Computer Science

504 views • 29 slides
Hardware-Software Interface Memory addressing, C language, pointers Assertions, debugging

Hardware-Software Interface Memory addressing, C language, pointers Assertions, debugging

CS 240 Stage 2 Hardware-Software Interface Memory addressing, C language, pointers Assertions, debugging Machine code, assembly language, program translation Control flow Procedures, stacks Data layout, security, linking and loading Program,

415 views • 30 slides
Hardware-Software Interface Memory addressing, C language, pointers Assertions, debugging

Hardware-Software Interface Memory addressing, C language, pointers Assertions, debugging

CS 240 Stage 2 Hardware-Software Interface Memory addressing, C language, pointers Assertions, debugging Machine code, assembly language, program translation Control flow Procedures, stacks Data layout, security, linking and loading Program,

822 views • 29 slides
Unit 7: Virtual Memory TLBs and memory hierarchy issues

Unit 7: Virtual Memory TLBs and memory hierarchy issues

This Unit: Virtual Memory App App App The operating system (OS) System software A super-application Hardware support for an OS CIS 501: Computer Architecture Mem CPU I/O Virtual memory Page tables and address translation

554 views • 10 slides
Hardware Transactional Memory on Haswell EP Viktor Leis Technische Universitt Mnchen 1 / 14

Hardware Transactional Memory on Haswell EP Viktor Leis Technische Universitt Mnchen 1 / 14

Hardware Transactional Memory on Haswell EP Viktor Leis Technische Universitt Mnchen 1 / 14 Introduction Intels new mid-level server platform: Haswell EP up to 18 cores per socket (up to 72 hardware threads with 2 sockets)

890 views • 9 slides
Flexible Hardware Design at Flexible Hardware Design at Low Levels of Abstraction Low Levels of

Flexible Hardware Design at Flexible Hardware Design at Low Levels of Abstraction Low Levels of

Flexible Hardware Design at Flexible Hardware Design at Low Levels of Abstraction Low Levels of Abstraction Emil Axelsson Hardware Description and Verification May 2009 Why low-level? Why low-level? Related question: Why is some software

908 views • 51 slides
CS-527 Software Security Memory Safety Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security Memory Safety Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security Memory Safety Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Eternal War in Memory Table of Contents

658 views • 38 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Analyzing security Security

1.41k views • 107 slides
High Performance Hardware, High Performance Hardware, Memory & CPU Memory & CPU Step

High Performance Hardware, High Performance Hardware, Memory & CPU Memory & CPU Step

High Performance Hardware, High Performance Hardware, Memory & CPU Memory & CPU Step Back, Look Inside, Many Dont Insight, not numbers! Face real world 6 GB/s CPU B K 2 3 cache 2 GB Rubin H. Landau Rubin H. Landau RAM 2

671 views • 13 slides
Advanced Breakpointing Software Breakpoints INT 3 Memory

Advanced Breakpointing Software Breakpoints INT 3 Memory

Advanced Breakpointing Software Breakpoints INT 3 Memory Breakpoints Page guarding Hardware Breakpoints CPU hardware 2 Software Breakpoints

482 views • 35 slides
This Unit: Virtual Memory App App App The operating system (OS) System software A

This Unit: Virtual Memory App App App The operating system (OS) System software A

This Unit: Virtual Memory App App App The operating system (OS) System software A super-application CIS 371 Hardware support for an OS Mem CPU I/O Virtual memory Computer Organization and Design Page tables and address

239 views • 10 slides
Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to

Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to

Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to Computer Security Logistics announcements Day 3: Low-level vulnerabilities Basic memory-safety problems Stephen McCamant Where overflows come from

521 views • 9 slides
Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to

Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to

Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to Computer Security Intermission: gdb demo Day 3: Low-level vulnerabilities Basic memory-safety problems Stephen McCamant Where overflows come from

401 views • 8 slides
CS 134: Operating Systems I/O Hardware 1 / 23 Overview CS34 Overview 2013-05-17 Hardware

CS 134: Operating Systems I/O Hardware 1 / 23 Overview CS34 Overview 2013-05-17 Hardware

CS34 2013-05-17 CS 134: Operating Systems I/O Hardware CS 134: Operating Systems I/O Hardware 1 / 23 Overview CS34 Overview 2013-05-17 Hardware Devices Communication Methods Overview Software Low-Level Mid-Level Upper-Level

409 views • 25 slides

More recommend