system security overview
play

System Security Overview with an Emphasis on Security Issues for - PowerPoint PPT Presentation

Mar 26, 2023 •111 likes •1.27k views

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part 2) Byoungyoung Lee ( ) byoungyoung@snu.ac.kr Seoul National University 1 Outline Part1. Bugs in File Systems Semantic inconsistency

  1. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below 26

  2. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Should not be allowed. 26

  3. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Permission checks will be done later Should not be allowed. 26

  4. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Permission checks will be done later Should not be allowed. 26

  5. Meltdown • Permission check for transient instructions is only done • when committing them • Suppose we are running a user-level program below Fetching a kernel address. Permission checks will be done later Should not be allowed. kernel's data value will be stored in array, which can be retrieved using flush+reload 26

  6. Mitigating Meltdown • Kernel Page Table Isolation • KAISER [ESSoS 17] 27

  7. Side Channels in SGX • Page fault • Controlled Channel Attack [S&P 15] • Cache • Software Grand Exposure [WOOT 17] • Branch prediction • Branch shadowing [Security 17] • Transient out-of-order execution • Foreshadow [Security 18] • Bus snooping  All of these are about memory access 28

  8. SGX's Threat Model SGX CPU Cache MEE 29

  9. SGX's Threat Model Only CPU is trusted SGX CPU Cache MEE All the rest are untrusted 29

  10. SGX's Threat Model Only CPU is trusted SGX CPU Cache MEE Any data leaving CPU is All the rest are untrusted encrypted by Memory Encryption Engine (MEE) 29

  11. Attacking SGX SGX CPU Cache MEE 30

  12. Attacking SGX Bus snooping: Access patterns SGX CPU are still visible Cache MEE 30

  13. Attacking SGX Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible 30

  14. Attacking SGX Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible Cache side channels 30

  15. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 31

  16. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) Request: C B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 31

  17. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) Request: C B E k (Tomato) C E k (Apple) Response: E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 31

  18. Why Does Access Patterns Matter? Server Client Key Value A E k (Blueberry) Request: C B E k (Tomato) C E k (Apple) Response: E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) Server learns client asked for “C” G E k (Cherry) How to make client’s query private? 31

  19. Easy Solution: Ask Everything Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 32

  20. Easy Solution: Ask Everything Server Client Key Value Request: A,B,C,D,…,G A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 32

  21. Easy Solution: Ask Everything Server Client Key Value Request: A,B,C,D,…,G A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Bluberry), D E k (Banana) E k (Tomato), …, E k (Cherry) E E k (Orange) F E k (Mango) G E k (Cherry) 32

  22. Easy Solution: Ask Everything Server Client Key Value Request: A,B,C,D,…,G A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Bluberry), D E k (Banana) E k (Tomato), …, E k (Cherry) E E k (Orange) F E k (Mango) Secure but too much overhead G E k (Cherry) 32

  23. Better Solution: Ask k tuples [S&P 98] Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 33

  24. Better Solution: Ask k tuples [S&P 98] Server Client Key Value Request: A,C A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 33

  25. Better Solution: Ask k tuples [S&P 98] Server Client Key Value Request: A,C A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Blueberry), D E k (Banana) E k (Apple) E E k (Orange) F E k (Mango) G E k (Cherry) 33

  26. Better Solution: Ask k tuples [S&P 98] Server Client Key Value Request: A,C A E k (Blueberry) B E k (Tomato) C E k (Apple) Response: E k (Blueberry), D E k (Banana) E k (Apple) E E k (Orange) F E k (Mango) Provides k-1 ambiguity - So called k-anonymity [S&P 98] G E k (Cherry) Limited security guarantees - See l-diversity [ICDE 06], t-closeness [ICDE 07] 33

  27. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  28. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) C E k (Apple) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  29. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) E k (Banana) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  30. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) F E k (Mango) G E k (Cherry) 34

  31. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  32. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  33. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), E k (Banana) C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  34. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), E k (Banana) C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Banana) E k (Blueberry) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) 34

  35. Oblivious RAM (ORAM): Idea Sketch Server Client Key Value Request: A,C,D E k (Apple) A E k (Blueberry) B E k (Tomato) Response: E k (Blueberry), E k (Banana) C E k (Apple) E k (Apple) Shuffle E k (Banana) D E k (Blueberry) E k (Banana) E E k (Orange) Write-back: A: E k (Apple), C: E k (Banana) F E k (Mango) D: E k (Blueberry) G E k (Cherry) Key-Value mapping always changes 34

  36. Path ORAM [CCS 13] ORAM Client ORAM Server Position Map Stash 35

  37. Path ORAM [CCS 13] ORAM Client ORAM Server Position Map Stash Tree-like data structures - Client: Position map, stash - Server: ORAM Tree with real/dummy nodes 35

  38. ORAM-based solutions for Memory Access SGX CPU Cache MEE 36

  39. ORAM-based solutions for Memory Access Bus snooping: Access patterns SGX CPU are still visible Cache MEE 36

  40. ORAM-based solutions for Memory Access Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible 36

  41. ORAM-based solutions for Memory Access Bus snooping: Access patterns SGX CPU are still visible Cache MEE Monitor syscalls: Access patterns are still visible Cache side channels 36

  42. Mitigation: ORAM-based Memory Controller SGX CPU ORAM ORAM Cache Server Client ObfusMem [ISCA 17], SDIMM [HPCA 18] - ORAM-based Memory Controller 37

  43. Mitigation: ORAM-based Memory Controller Patterns are secured SGX CPU using ORAM protocols ORAM ORAM Cache Server Client ObfusMem [ISCA 17], SDIMM [HPCA 18] - ORAM-based Memory Controller 37

  44. Mitigation: ORAM-based Memory Controller Patterns are secured SGX CPU using ORAM protocols ORAM ORAM Cache Server Client ObfusMem [ISCA 17], SDIMM [HPCA 18] - ORAM-based Memory Controller 37

  45. Mitigation: Place Trust in DRAM SGX CPU Bus snooping Cache MEE InvisiMem [ISCA 17] - Place trust in DRAM - All address and data bus traffics are encrypted  Note: SGX only encrypts values in data bus - Communication patterns are normalized 38

  46. Mitigation: Place Trust in DRAM SGX CPU Bus snooping Cache MEE InvisiMem [ISCA 17] - Place trust in DRAM - All address and data bus traffics are encrypted  Note: SGX only encrypts values in data bus - Communication patterns are normalized 38

  47. Mitigation: Place Trust in DRAM SGX CPU Bus snooping Cache MEE InvisiMem [ISCA 17] - Place trust in DRAM - All address and data bus traffics are encrypted  Note: SGX only encrypts values in data bus - Communication patterns are normalized 38

Recommend

Overview System Security Scanning Security Scanning and Discovery Important Security Web

Overview System Security Scanning Security Scanning and Discovery Important Security Web

Overview System Security Scanning Security Scanning and Discovery Important Security Web Sites Fingerprinting OS FingerPrinting IP Stacks Share Scans Chapter 14 SNMP Vulnerabilities FingerPrinting TCP/IP Services

439 views • 8 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
SYSTEM OF SYTEMS SECURITY (SOSSEC) OVERVIEW 1 VISION A fully capable System of Systems for

SYSTEM OF SYTEMS SECURITY (SOSSEC) OVERVIEW 1 VISION A fully capable System of Systems for

SYSTEM OF SYTEMS SECURITY (SOSSEC) OVERVIEW 1 VISION A fully capable System of Systems for Homeland Security/Homeland Defense that enables decisive Action to prevent, mitigate, respond and recover from all catastrophic incidents regardless

528 views • 27 slides
Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables http://outflux.net/slides/2013/drupal/tunables.pdf R0Ng DrupalCon Portland 2013 Kees Cook <keescook@google.com> (pronounced Case) Who is

474 views • 33 slides
System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part 1) Byoungyoung Lee ( ) byoungyoung@snu.ac.kr Seoul National University 1 Speaker: Byoungyoung Lee ( ) Research areas:

1.47k views • 106 slides
GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

National Taiwan University Department of Computer Science and Information Engineering GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin Phone Lin Ph.D. Ph.D. Email: plin@csie.ntu.edu.tw Email:

686 views • 41 slides
OSSAMS Open Source Security Assessment Management System

OSSAMS Open Source Security Assessment Management System

OSSAMS Open Source Security Assessment Management System System Overview Purpose To provide a framework for security assessors to correlate and

438 views • 12 slides
System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University System Security 2 Security in computer systems Hardware (System)

838 views • 56 slides
Protection and Security Threat is potential security violation Attack is attempt to breach

Protection and Security Threat is potential security violation Attack is attempt to breach

CSC 4103 - Operating Systems The Security Problem Spring 2007 Security must consider external environment of the system, and protect the system resources Lecture - XX Intruders (crackers) attempt to breach security Protection and

195 views • 4 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Overview Security Maintenance Practices and Principles Securing Operating Systems Patches,

Overview Security Maintenance Practices and Principles Securing Operating Systems Patches,

Overview Security Maintenance Practices and Principles Securing Operating Systems Patches, Fixes, Revisions Antivirus Software Post-Install Security Checklist: Windows/UNIX File System Security Issues Chapter 10 User

361 views • 8 slides
System Security System Security Aurlien Francillon francill@eurecom.fr Administrativa...

System Security System Security Aurlien Francillon francill@eurecom.fr Administrativa...

System Security System Security Aurlien Francillon francill@eurecom.fr Administrativa... Administrativa... About me Assistant professor at Eurecom since 2011 Doing security research Embedded systems (MCU, smart phones,...)

1.21k views • 100 slides
Module 20: Security The Security Problem Authentication Program Threats System

Module 20: Security The Security Problem Authentication Program Threats System

Module 20: Security The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption Silberschatz and Galvin 1999 Operating System Concepts 20.1 The Security Problem Security must

155 views • 11 slides
Network and Certificate System Security Requirements Network and Certificate System Security

Network and Certificate System Security Requirements Network and Certificate System Security

Network and Certificate System Security Requirements Network and Certificate System Security Requirements (NCSSR) Effective 1 January 2013 No amendments since passed Included in WebTrust Principles and Criteria for Certification

253 views • 7 slides
Virginia Retirement System Overview Presented to: Commission on Employee Retirement Security and

Virginia Retirement System Overview Presented to: Commission on Employee Retirement Security and

Virginia Retirement System Overview Presented to: Commission on Employee Retirement Security and Pension Reform July 11, 2016 Patricia S. Bishop, VRS Director VRS Overview VRS Total Membership Plan 1 Plan 2 Hybrid* Total 89,979 37,571

597 views • 38 slides
Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and

Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and

Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and Implementation Activities . Joe Weiss, PE, CISM Executive Consultant Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Stuart

947 views • 49 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats

Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats

Unit OS7: Security 7.1. The Security Problem Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats Security

518 views • 6 slides
Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and

Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and

Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and Implementation Activities . Joe Weiss, PE, CISM Executive Consultant KEMA, Inc. (408) 253-7934 joe.weiss@kema.com Stuart Katzke, Ph.D. Senior

764 views • 40 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
Module 19: Security The Security Problem Authentication Program Threats System

Module 19: Security The Security Problem Authentication Program Threats System

Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT Operating System Concepts Silberschatz, Galvin and Gagne 2002

425 views • 9 slides
IS ARCHITECTURE OVERVIEW 2110684 Information System Architecture Natawut Nupairoj, Ph.D. Course

IS ARCHITECTURE OVERVIEW 2110684 Information System Architecture Natawut Nupairoj, Ph.D. Course

2110684 - IS Architecture Overview IS ARCHITECTURE OVERVIEW 2110684 Information System Architecture Natawut Nupairoj, Ph.D. Course Plan Overview and Background Concepts Core Infrastructure System Management / Security / Tuning

751 views • 41 slides
System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System

System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System

System Aware Cyber Security Barry M. Horowitz, PI University of Virginia November, 2012 System Aware Cyber Security Operates at the system application-layer , For security inside of the network and perimeter protection provided for the

164 views • 3 slides

More recommend