secure multi execution
play

Secure Multi-Execution Dominique Devriese Frank Piessens - PowerPoint PPT Presentation

Jul 30, 2023 •313 likes •622 views

Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 1 / 24 Secure Multi-Execution Outline Secure Multi-Execution

  1. Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 1 / 24

  2. Secure Multi-Execution Outline Secure Multi-Execution Introduction Informal Overview Formal Properties Experimental Results Conclusion Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 2 / 24

  3. Secure Multi-Execution Introduction Introduction ◮ Information Flow Analysis has received much attention: ◮ Static analysis methods: From Denning to JFlow/JIF and FlowCaml But: ◮ Substantial Programmer Effort ◮ In general undecidable statically ◮ Hard to handle exceptions, parallellism, timing covert channel ◮ Dynamic methods: Many practical but unsound methods, some sound and somewhat practical methods But: ◮ Some use cases require sound methods (e.g. web page scripts) ◮ No existing monitor can precisely enforce non-interference ◮ Hard to handle exceptions, parallellism, timing covert channel Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 3 / 24

  4. Secure Multi-Execution Introduction Secure Multi-Execution Secure Multi-Execution ◮ A novel dynamic enforcement technique for non-interference ◮ Nice theoretical properties ◮ Strong soundness guarantee ◮ The first (afawk) sound and precise enforcement method ◮ Practical in some scenario’s ◮ Performance measurements ◮ Browser implementation possible? Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 4 / 24

  5. Secure Multi-Execution Informal Overview Outline Secure Multi-Execution Introduction Informal Overview Formal Properties Experimental Results Conclusion Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 5 / 24

  6. Secure Multi-Execution Informal Overview Information Flow Analysis 1 var text = document.getElementById (’email-input’).text; 2 3 var abc = 0; 4 if(text.indexOf(’abc’)!=-1) { abc = 1 }; 5 var url = ’http://example.com/img.jpg’ + ’?t=’ + escape(text) + abc; 6 7 document.getElementById(’banner-img’) .src = url; 8 Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 6 / 24

  7. Secure Multi-Execution Informal Overview Information Flow Analysis 1 var text = document.getElementById Input at level H (’email-input’).text; 2 3 var abc = 0; 4 if(text.indexOf(’abc’)!=-1) { abc = 1 }; 5 var url = ’http://example.com/img.jpg’ + ’?t=’ + escape(text) + abc; 6 7 document.getElementById(’banner-img’) .src = url; Output at level L 8 Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 6 / 24

  8. Secure Multi-Execution Informal Overview Timing Covert Channel 1 function time(f) { var t = new Date().getTime(); 2 f(); 3 return new Date().getTime() - t; 4 5 } 6 function f() { if(abc != 0) { 7 for(var i = 0; i < 10000; ++i) {} 8 } 9 10 } 11 var abcLo = 0 12 if(time(f) > 10) { abcLo = 1; 13 14 } Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 7 / 24

  9. Secure Multi-Execution Informal Overview Termination Covert Channel 1 while(abc == 0) {} 2 img.url = ’http://example.com/img.jpg’; Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 8 / 24

  10. Secure Multi-Execution Informal Overview Secure Multi-Execution L H 1 var t = (...).text 1 var t = (...).text 2 var abc = 0 2 var abc = 0 3 if(t.indexOf(’abc’)!=-1) 3 if(t.indexOf(’abc’)!=-1) { abc = 1 } { abc = 1 } 4 4 5 var url = baseUrl + ’?t=’ 5 var url = baseUrl + ’?t=’ + escape(t) + abc + escape(t) + abc 6 6 7 (...).src = url 7 (...).src = url Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 9 / 24

  11. Secure Multi-Execution Informal Overview Secure Multi-Execution L H undefined 1 var t = (...).text 1 var t = (...).text 2 var abc = 0 2 var abc = 0 3 if(t.indexOf(’abc’)!=-1) 3 if(t.indexOf(’abc’)!=-1) { abc = 1 } { abc = 1 } 4 4 5 var url = baseUrl + ’?t=’ 5 var url = baseUrl + ’?t=’ + escape(t) + abc + escape(t) + abc 6 6 7 (...).src = url 7 (...).src = url Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 9 / 24

  12. Secure Multi-Execution Informal Overview Secure Multi-Execution L H undefined 1 var t = (...).text 1 var t = (...).text 2 var abc = 0 2 var abc = 0 3 if(t.indexOf(’abc’)!=-1) 3 if(t.indexOf(’abc’)!=-1) { abc = 1 } { abc = 1 } 4 4 5 var url = baseUrl + ’?t=’ 5 var url = baseUrl + ’?t=’ + escape(t) + abc + escape(t) + abc 6 6 7 (...).src = url 7 (...).src = url Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 9 / 24

  13. Secure Multi-Execution Informal Overview Input Side Effects L H undefined 1 var t = (...).text 1 var t = (...).text 2 var c = window.confirm 2 var c = window.confirm 3 if( c("Send e-mail?") ) 3 if( c("Send e-mail?") ) { (...) } { (...) } 4 4 5 var abc = 0 5 var abc = 0 6 if(t.indexOf(’abc’)!=-1) 6 if(t.indexOf(’abc’)!=-1) { abc = 1 } { abc = 1 } 7 7 8 var url = baseUrl + ’?t=’ 8 var url = baseUrl + ’?t=’ + escape(t) + abc + escape(t) + abc 9 9 10 (...).src = url 10 (...).src = url Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 10 / 24

  14. Secure Multi-Execution Informal Overview Input Side Effects L H undefined 1 var t = (...).text 1 var t = (...).text 2 var c = window.confirm 2 var c = window.confirm 3 if( c("Send e-mail?") ) 3 if( c("Send e-mail?") ) { (...) } { (...) } 4 4 5 var abc = 0 5 var abc = 0 6 if(t.indexOf(’abc’)!=-1) 6 if(t.indexOf(’abc’)!=-1) { abc = 1 } { abc = 1 } 7 7 8 var url = baseUrl + ’?t=’ 8 var url = baseUrl + ’?t=’ + escape(t) + abc + escape(t) + abc 9 9 10 (...).src = url 10 (...).src = url Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 10 / 24

  15. Secure Multi-Execution Informal Overview Secure Multi-Execution Properties ◮ “Obviously” sound: Only execution at high level can see the real high inputs Only execution at low level can produce low outputs ◮ “Obviously” precise: If a program is non-interferent, then changing high inputs in low executions will not change their low behaviour Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 11 / 24

  16. Secure Multi-Execution Formal Properties Outline Secure Multi-Execution Introduction Informal Overview Formal Properties Experimental Results Conclusion Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 12 / 24

  17. Secure Multi-Execution Formal Properties Non-interference A formalization of information flow policies Assume: ◮ sets of input channels C i , output channels C o ◮ security level lattice L ◮ σ in : C i → L , σ out : C o → L ◮ inputs I : C i → ( N → Int ), outputs O : C o → List [ Int ] ◮ I = l I ′ iff I ( c i ) = I ′ ( c i ) for all c i such that σ in ( c i ) ≤ l Definition A program P is (termination-insensitively) non-interferent if for all security levels l and inputs I = l I ′ , where P terminates for I and I ′ with outputs O and O ′ , we have that O = l O ′ . Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 13 / 24

  18. Secure Multi-Execution Formal Properties Soundness Definition (Strong non-interference) A program P is timing-sensitively non-interferent or strongly → ∗ if for all security non-interferent with relation to a given semantics ֒ levels l ∈ L , for all n ≥ 0, for all program inputs I and I ′ such that I = l I ′ holds that if → n ( p , O ) , ( P , I ) ֒ then → n � � P , I ′ � p ′ , O ′ � , ֒ and p ′ = l p and O ′ = l O . Theorem (Soundness of Secure Multi-Execution) Any program P is strongly non-interferent under secure multi-execution, using the select lowprio scheduler function. Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 14 / 24

  19. Secure Multi-Execution Formal Properties Precision Theorem (Precision of Secure Multi-Execution) Suppose we have a (termination-sensitively) non-interferent program P. Suppose that ( P , I ) � ∗ ( p , O ) (terminates) for some I, p and O. Then ( P , I ) = ⊲ ∗ ( p , O ) . Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 15 / 24

  20. Secure Multi-Execution Experimental Results Outline Secure Multi-Execution Introduction Informal Overview Formal Properties Experimental Results Conclusion Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 16 / 24

  21. Secure Multi-Execution Experimental Results Experimental Results ◮ Spidermonkey Javascript engine, no real browser ◮ 2 security levels ◮ Dual-core PC ◮ 3 types of execution: ◮ Standard execution ◮ Serial Multi-Execution ◮ Parallel Multi-Execution ◮ Benchmarks: ◮ Google Chrome V8 Benchmark Suite: crypto, deltablue, earley-boyer, raytrace, regexp, richards, splay ◮ io: model I/O functions: hi input, hi output, lo input, lo output: some calculations + I/O at different security levels Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 17 / 24

Recommend

Precise Exceptions and Out-of-Order Execution Samira Khan Multi-Cycle Execution Not all

Precise Exceptions and Out-of-Order Execution Samira Khan Multi-Cycle Execution Not all

Precise Exceptions and Out-of-Order Execution Samira Khan Multi-Cycle Execution Not all instructions take the same amount of time for execution Idea: Have multiple different functional units that take different number of cycles

749 views • 39 slides
Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic

Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic

Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic Information Flow Tracking Tracking G. Edward Suh Suh, , Jae Jae W. Lee, David W. Lee, David G. Edward Zhang, Srinivas Srinivas Devadas Devadas

547 views • 26 slides
Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its

Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its

Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its Verification Mads Dam KTH Royal Institute of Technology BISS spring school, Bertinoro 2018 The Goal Hypervisor Context switch: Fixed round-robin

1.16k views • 67 slides
Provably Secure Execution Platforms - Lecture One: Introduction Mads Dam KTH Royal Institute

Provably Secure Execution Platforms - Lecture One: Introduction Mads Dam KTH Royal Institute

Provably Secure Execution Platforms - Lecture One: Introduction Mads Dam KTH Royal Institute of Technology Thanks to Roberto Guanciale, Musard Balliu, Christoph Baumann, Hamed Nemati, Oliver Schwarz, Victor Do, Christian Gehrmann, Jonas

1.41k views • 114 slides
Secure SDN Authentication &amp; Authorization for Multi-tenancy (DNS based PKI model) Author:

Secure SDN Authentication &amp; Authorization for Multi-tenancy (DNS based PKI model) Author:

IETF94 2 Nov. 2015 Yokohama SDNRG WG Secure SDN Authentication &amp; Authorization for Multi-tenancy (DNS based PKI model) Author: www.huawei.com Hosnieh Rafiee Ietf{at}rozanak.com Motivation Problem: secure SDN authentication,

546 views • 10 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 26 Secure multi-party computation (MPC) MPC allows a group of mutually

882 views • 51 slides
CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING LOU, TOM HOU Talk Outline Motivation and Background Why this work ? Threat Model What are we defending against ? CaSE:

248 views • 21 slides
System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario Werner May 7, 2020 Graz University of Technology Why do we care about code? www.tugraz.at 10:20 July 18 W i r e l e s s - G A D S L G

599 views • 49 slides
SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, Peng Ning Samsung KNOX R&amp;D, Samsung Research America Motivation Operating system kernels

543 views • 25 slides
CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves Meni

CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves Meni

CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves Meni Orenbach (Technion), Yan Michalevsky (Anjuna), Christof Fetzer (TU Dresden, Scone), Mark Silberstein (Technion) Published in USENIX ATC19

744 views • 24 slides
A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun

A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun

A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun Shei Secure and Dependable Software Systems (SenSe) Haralambos Mouratidis Stylianos Kapetanakis Aidan Delaney Overview What is Cloud Computing?

774 views • 56 slides
Multi-Solver Support in Symbolic Execution Hristina Palikareva, Cristian Cadar SMT Workshop 2014,

Multi-Solver Support in Symbolic Execution Hristina Palikareva, Cristian Cadar SMT Workshop 2014,

Multi-Solver Support in Symbolic Execution Hristina Palikareva, Cristian Cadar SMT Workshop 2014, Vienna, 17 July 2014 Dynamic Symbolic Execution Automated program analysis technique that employs an SMT solver to systematically explore paths

503 views • 39 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Using Efficient Access Control To Protect Multi-Task Execution LI Yan Background Background

Using Efficient Access Control To Protect Multi-Task Execution LI Yan Background Background

Using Efficient Access Control To Protect Multi-Task Execution LI Yan Background Background Task an activity that needs to be accomplished by individual users or a team of users within a defined period of time Multi-task

743 views • 10 slides
Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach , Oleksii Oleksenko, Franz Gregor,

Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach , Oleksii Oleksenko, Franz Gregor,

Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach , Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia, Christof Fetzer ACM SYSTOR 2019 FaaS Paradigm of Cloud Computing Function Runtime Guest OS Function Hypervisor Host OS FaaS

1.34k views • 98 slides
Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work with Alessandro Chiesa Eli Ben-Sasson Daniel Genkin 1 Technion Cryptoday June 16, 2011 Motivation 3 Motivation INTEGRITY CONFIDENTIALITY

725 views • 50 slides
Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H. Hubert Chan, Jonathan Katz, Ka Kartik Nay ayak, Antigoni Polychroniadou, Elaine Shi Defini De ning ng an n Obl Oblivious us RAM Example request

812 views • 33 slides
Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without Honest Majority: GMW Protocol MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure

465 views • 12 slides
Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure Multi-Party Computation (MPC) Security D 1 D 2 D 4 D 3 Secure Multi-Party Computation (MPC) Security D 1 D 2 1 2 4 3 D 4 D 3 Secure

1.36k views • 124 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides

More recommend