Program Partitioning Program Partitioning for Secure E xecution - PowerPoint PPT Presentation

Program Partitioning Program Partitioning for Secure E xecution for Secure E xecution Cha rle s W. O’ Do nne ll G. E dwa rd Suh Srini De va da s Se pte mb e r 24, 2004 4 th MI T CSAI L Co mpute r Arc hite c ture Wo rksho p

Licensing Licensing $o ftwa re L ic e nsing impo rta nt ⇒ So ftwa re ma king mo ne y Jo b s a fte r g ra dua tio n Alte rna tive s pro b le ma tic Se rvic e inste a d o f so ftwa re F re e so ftwa re , b ug suppo rt Pa st me tho ds po o r Online L ic e nse Authe ntic a tio n Se ria l Numb e rs Do ng le s Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 2

Polling No Good Polling No Good Do ng le / Online Ve rific a tio n simply polling “Che c ks” a re no t c ritic a l to a pplic a tio n’ s func tio na lity E a sily b ypa sse d Control Flows: Start Program Start Program Serial Authenticate Run Program Number Run Program Authenticate Dongle Run Program Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 3

Secure CPUs? Secure CPUs? GIS to the re sc ue ? AE E nc rypt a pplic a tio n, tie to CPU/ ma c hine Pe o ple use ma ny ma c hine s T ie L ic e nse to a Pe rso n? Ma jo r pro b le ms with Se c ure CPUs? T he y’ re slo w T he y do n’ t run ve ry fa st (Se rio usly, simply c a n’ t b e a t “no rma l” CPUs) Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 4

Portable Protected Processor (PPP) Portable Protected Processor (PPP) Se c ure CPU (e ntire trust b a se ) o n a sing le do ng le So le ly ide ntifie d a s yo urs (PUF ) Put o n yo ur ke yc ha in Dumb te rmina ls e xe c ute a ll c o de via PPP (who lly e nc rypte d just fo r yo u) using this do ng le PPP CPU PUF ARxHe8#9 mov eax,0x5 Yt3(2Sx! cmp eax,sp But this wo uld b e e ve n slowe r Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 5

Only use PPP when necessary Only use PPP when necessary “Che c k” PPP like o ld do ng le s (But wa y c o o le r b e c a use sma rte r? ) F unda me nta lly sa me pro b le m Minima l re q uire me nts: (1) Pro te c te d Pro g ra m r e s yo ur PPP to wo rk e quir (2) Pro te c te d Pro g ra m can e ncr ypt so me pro prie ta ry a lg o rithms Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 6

Program Partitioning Program Partitioning Pa rtitio n the pro g ra m into plain a nd e ncr ypte d te xt E xe c ute e nc rypte d te xt (o nly) o n PPP E nc rypte d “c o de ” is no t use le ss (like do ng le c he c ks) b ut c ritic a l to the e xe c utio n o f the a pplic a tio n Ca n a lso e nc rypt pro prie ta ry a lg o rithms Start Snood™ Start Snood™ draw_snoods() draw_snoods() PPP E5AxPO22qWuzB shoot_snood() shoot_snood() free_snoods() free_snoods() PPP up_score() 8Tz03HJfe28mQ up_score() Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 7

Partitioning Balance Partitioning Balance E nc rypte d re g io ns o n c ritic a l pa th nc rypte d re g io ns sma ll, imita te -a b le ? E draw_snoods() draw_snoods() PPP E5AxPO22qWuzB E5AxPO22qWuzB copy_shoot() shoot_snood() free_snoods() free_snoods() Balance wha t po rtio ns to e nc rypt, whic h no t to ⇒ L e ss e nc ryptio n fa ste r ⇒ Mo re e nc ryptio n ha rde r to re ve rse -e ng ine e r Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 8

Solution Requirements Solution Requirements o me so lutio n sho uld a nswe r… S Adve rsa ria l Mo de l o r Parame te rizable me tho do lo g y fo r diffe re nt a dve rsa rie s Me tric fo r “le ve l o f se c urity” T ra nsitio n po int stra te g y a nd a tta c k re pulsio n Arc hite c tura l mo dific a tio ns fo r spe e d Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 9

Transitions: Toy ideas Transitions: Toy ideas Co mpile r & Huma n De te rmine d E a sie r with c o mpile r in trust-b a se L a ng ua g e -le ve l de finitio n fo r pro prie ta ry a lg o rithms Co ntro l flo w g ra ph inte rpre ta tio n Co mpile r de te rmina tio n o f c ritic a l pa ths Mo nito r c o de a dditio n I nte rwo ve n with re q uire d c o de Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 10

Attack Complexity: Toy ideas Attack Complexity: Toy ideas Ob fusc a tio n te c hniq ue s I nc re a se s I ng re ss a nd E g re ss c o unt Co ntro l flo w g ra ph unio nizing with unre la te d flo w Simila r to wa te rma rking te c hniq ue s Da ta flo w g ra ph ma nipula tio ns Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 11

Architectural Modifications: Toy Ideas Architectural Modifications: Toy Ideas PPP ha s slo w inte rfa c e PPP T ry to ke e p/ re use da ta within PPP But simplifie s a tta c k Ne e d ve ry fa st switc hing b e twe e n Ho st PC a nd PPP Mig ht ne e d e xtra c o nte xt o r ta g g e d a wa re ne ss Ho st CPU multita sking Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 12

Beyond Licensing Beyond Licensing PPP uniq ue ly ide ntifie s you with a pplic a tio n Pe rso na lize d se tting s Se c ure I de ntity situa tio ns (o nline purc ha se , e tc ) Ne e d stro ng e r pr ivacy mo de l E nd-to -e nd pro te c tio n o f da ta le a ving PPP Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 13

Summary Summary PPP tie d to lic e nse o f so ftwa re Pa rtitio n e nc rypte d a nd pla in te xt o f a pplic a tio n so ftwa re a lo ng c ritic a l pa th Co mpile r & Huma n de te rmine d tra nsfo rma tio ns to de fe nd a tta c ks a nd pro te c t I P Arc hite c tura l c ha ng e s ne e de d fo r e ffic ie nc y E xte nding PPP g ive s mo re po ssib ilitie s Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 14

Thanks Thanks Program Partitioning for Secure Execution | 4 th MIT CSAIL Computer Architecture Workshop 15