system security overview
play

System Security Overview with an Emphasis on Security Issues for - PowerPoint PPT Presentation

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part 2) Byoungyoung Lee ( ) byoungyoung@snu.ac.kr Seoul National University 1 Outline Part1. Bugs in File Systems Semantic inconsistency


  1. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below 26

  2. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Should not be allowed. 26

  3. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Permission checks will be done later Should not be allowed. 26

  4. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Permission checks will be done later Should not be allowed. 26

  5. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Permission checks will be done later Should not be allowed. kernel's data value will be stored in array, which can be retrieved using flush+reload 26

  6. Mitigating Meltdown • Kernel Page Table Isolation • KAISER [ESSoS 17] 27

  7. Side Channels in SGX • Page fault • Controlled Channel Attack [S&P 15] • Cache • Software Grand Exposure [WOOT 17] • Branch prediction • Branch shadowing [Security 17] • Transient out-of-order execution • Foreshadow [Security 18] • Bus snooping  All of these are about memory access 28

  8. SGX's Threat Model SGX CPU Cache MEE 29

  9. SGX's Threat Model Only CPU is trusted SGX CPU Cache MEE All the rest are untrusted 29

  10. SGX's Threat Model Only CPU is trusted SGX CPU Cache MEE Any data leaving CPU is All the rest are untrusted encrypted by Memory Encryption Engine (MEE) 29

  11. Attacking SGX SGX CPU Cache MEE 30

  12. Attacking SGX Bus snooping: Access patterns SGX CPU are still visible Cache MEE 30

  13. Attacking SGX Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible 30

  14. Attacking SGX Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible Cache side channels 30

  15. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 31

  16. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) Request: C B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 31

  17. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) Request: C B E k (Tomato) C E k (Apple) Response: E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 31

  18. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) Request: C B E k (Tomato) C E k (Apple) Response: E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) Server learns client asked for “C” G E k (Cherry) How to make client’s query private? 31

  19. Easy Solution: Ask Everything Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 32

  20. Easy Solution: Ask Everything Server Client Key Value Request: A,B,C,D,…,G A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 32

  21. Easy Solution: Ask Everything Server Client Key Value Request: A,B,C,D,…,G A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Bluberry), D E k (Banana) E k (Tomato), …, E k (Cherry) E E k (Orange) F E k (Mango) G E k (Cherry) 32

  22. Easy Solution: Ask Everything Server Client Key Value Request: A,B,C,D,…,G A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Bluberry), D E k (Banana) E k (Tomato), …, E k (Cherry) E E k (Orange) F E k (Mango) Secure but too much overhead G E k (Cherry) 32

  23. Better Solution: Ask k tuples [S&P 98] Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 33

  24. Better Solution: Ask k tuples [S&P 98] Server Client Key Value Request: A,C A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 33

  25. Better Solution: Ask k tuples [S&P 98] Server Client Key Value Request: A,C A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Blueberry), D E k (Banana) E k (Apple) E E k (Orange) F E k (Mango) G E k (Cherry) 33

  26. Better Solution: Ask k tuples [S&P 98] Server Client Key Value Request: A,C A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Blueberry), D E k (Banana) E k (Apple) E E k (Orange) F E k (Mango) Provides k-1 ambiguity - So called k-anonymity [S&P 98] G E k (Cherry) Limited security guarantees - See l-diversity [ICDE 06], t-closeness [ICDE 07] 33

  27. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  28. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  29. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) E k (Banana) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  30. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  31. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  32. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  33. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), E k (Banana) C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  34. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), E k (Banana) C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E k (Blueberry) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  35. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), E k (Banana) C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Blueberry) E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) Key-Value mapping always changes 34

  36. Path ORAM [CCS 13] ORAM Client ORAM Server Position Map Stash 35

  37. Path ORAM [CCS 13] ORAM Client ORAM Server Position Map Stash Tree-like data structures - Client: Position map, stash - Server: ORAM Tree with real/dummy nodes 35

  38. ORAM-based solutions for Memory Access SGX CPU Cache MEE 36

  39. ORAM-based solutions for Memory Access Bus snooping: Access patterns SGX CPU are still visible Cache MEE 36

  40. ORAM-based solutions for Memory Access Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible 36

  41. ORAM-based solutions for Memory Access Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible Cache side channels 36

  42. Mitigation: ORAM-based Memory Controller SGX CPU ORAM ORAM Cache Server Client ObfusMem [ISCA 17], SDIMM [HPCA 18] - ORAM-based Memory Controller 37

  43. Mitigation: ORAM-based Memory Controller Patterns are secured SGX CPU using ORAM protocols ORAM ORAM Cache Server Client ObfusMem [ISCA 17], SDIMM [HPCA 18] - ORAM-based Memory Controller 37

  44. Mitigation: ORAM-based Memory Controller Patterns are secured SGX CPU using ORAM protocols ORAM ORAM Cache Server Client ObfusMem [ISCA 17], SDIMM [HPCA 18] - ORAM-based Memory Controller 37

  45. Mitigation: Place Trust in DRAM SGX CPU Bus snooping Cache MEE InvisiMem [ISCA 17] - Place trust in DRAM - All address and data bus traffics are encrypted  Note: SGX only encrypts values in data bus - Communication patterns are normalized 38

  46. Mitigation: Place Trust in DRAM SGX CPU Bus snooping Cache MEE InvisiMem [ISCA 17] - Place trust in DRAM - All address and data bus traffics are encrypted  Note: SGX only encrypts values in data bus - Communication patterns are normalized 38

  47. Mitigation: Place Trust in DRAM SGX CPU Bus snooping Cache MEE InvisiMem [ISCA 17] - Place trust in DRAM - All address and data bus traffics are encrypted  Note: SGX only encrypts values in data bus - Communication patterns are normalized 38

Recommend


More recommend