the dragonbeam framework hardware protected security
play

The DragonBeam Framework: Hardware-Protected Security Modules for - PowerPoint PPT Presentation

Aug 31, 2022 •455 likes •928 views

The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection Man-Ki Yoon, Mihai Christodorescu, Lui Sha, Sibin Mohan University of Illinois at Urbana-Champaign Qualcomm Research Silicon Valley June 6, 2016

  1. The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection Man-Ki Yoon, Mihai Christodorescu, Lui Sha, Sibin Mohan University of Illinois at Urbana-Champaign Qualcomm Research Silicon Valley June 6, 2016

  2. Security Monitoring In-place External Monitoring Monitoring Applicatio Applicatio Applicatio Applicatio n n n n Application Application OS OS The DragonBeam Framework

  3. Security Monitoring In-place External Monitoring Monitoring Applicatio Applicatio Applicatio Applicatio n n n n Application Application OS OS Unsafety of the monitor The DragonBeam Framework

  4. Security Monitoring In-place External Monitoring Monitoring Applicatio Applicatio Applicatio Applicatio n n n n Application Application OS OS Semantic gap Unsafety of the monitor The DragonBeam Framework

  5. DragonBeam Framework Applicatio Applicatio n n Application OS Command/Response Secure Layer Untrusted Layer The DragonBeam Framework

  6. DragonBeam Framework Monitored Core Secure Core Applicatio Applicatio n n Application Secure SecMan Memory OS SKM Command/Response Secure Layer Untrusted Layer The DragonBeam Framework

  7. DragonBeam Framework Monitored Core Secure Core Applicatio Applicatio n n Application Secure SecMan Memory OS SKM Command/Response Secure Layer Untrusted Layer Secure Kernel Module - Performs security monitoring operations - Expands the observability - Protected by Secure Core The DragonBeam Framework

  8. DragonBeam Framework Monitored Core Secure Core Applicatio Applicatio n n Application Secure SecMan Memory OS SKM Command/Response Secure Layer Untrusted Layer Secure Kernel Module Manager - Commands SKM to perform security operations - Analyzes monitored information - Guarantees the integrity and the liveness of SKM The DragonBeam Framework

  9. DragonBeam Framework Monitored Core Secure Core Applicatio Applicatio n n Application Secure SecMan Memory OS SKM Command/Response Secure Layer Untrusted Layer Secure Memory - Secure communication channel between SKM and SecMan - Only accessible by SKM or Secure Core - Also hosts SecMan code/data The DragonBeam Framework

  10. Example Use Case SecMan Time SKM SKM SecMan Secure Data Memory The DragonBeam Framework

  11. Example Use Case SecMan Sends Command Time SKM SKM SecMan check_syscall_table () { send_cmd(CMD_SYSCALL_TABLE); settimer(TIMEOUT); } Secure Data Memory The DragonBeam Framework

  12. Example Use Case SecMan Sends Command Time SKM SKM SecMan check_syscall_table () { 1 send_cmd(CMD_SYSCALL_TABLE); settimer(TIMEOUT); } Secure Data Memory The DragonBeam Framework

  13. Example Use Case SecMan Sends Command Time SKM SKM SecMan skm_ISR () { check_syscall_table () { save sp; 1 send_cmd(CMD_SYSCALL_TABLE); move sp to secure stack; switch (*CMD) { settimer(TIMEOUT); … } 2 case CMD_SYSCALL_TABLE: send_syscall_table(); break; … } restore sp; } Secure Data Memory The DragonBeam Framework

  14. Example Use Case SecMan Sends Command Time Collects Information SKM SKM SecMan skm_ISR () { check_syscall_table () { save sp; 1 send_cmd(CMD_SYSCALL_TABLE); move sp to secure stack; switch (*CMD) { settimer(TIMEOUT); … } 2 case CMD_SYSCALL_TABLE: send_syscall_table(); break; … } 3 restore sp; } Secure Data Memory send_syscall_table () { get cur_syscall_table; for each entry i write cur_syscall_table[i]; response_ready(); } The DragonBeam Framework

  15. Example Use Case SecMan Sends Command Time Collects Information SKM SKM SecMan skm_ISR () { check_syscall_table () { save sp; 1 send_cmd(CMD_SYSCALL_TABLE); move sp to secure stack; switch (*CMD) { settimer(TIMEOUT); … } 2 case CMD_SYSCALL_TABLE: send_syscall_table(); break; … } 3 restore sp; } 4 Secure Data Memory send_syscall_table () { get cur_syscall_table; for each entry i write cur_syscall_table[i]; response_ready(); } The DragonBeam Framework

  16. Example Use Case SecMan Sends Command Analyzes Data Time Collects Information SKM SKM SecMan skm_ISR () { check_syscall_table () { save sp; 1 send_cmd(CMD_SYSCALL_TABLE); move sp to secure stack; switch (*CMD) { settimer(TIMEOUT); … } 2 case CMD_SYSCALL_TABLE: send_syscall_table(); break; … recv_syscall_table () { } 3 5 cleartimer(TIMEOUT); restore sp; } retrieve current syscall table; for each entry i 4 if (cur.table[i]!=org.table[i]) Secure Data Memory send_syscall_table () { Raise alert! get cur_syscall_table; } for each entry i write cur_syscall_table[i]; response_ready(); } The DragonBeam Framework

  17. Challenges Monitored Core Secure Core Applicatio Applicatio n n Application Secure SecMan Memory OS SKM Command/Response • SKM identification • Secure memory access control • SKM integrity and liveness guarantee The DragonBeam Framework

  18. SKM Registration SKM .text • Requested by SKM, verified by SecMan Base address • Calculates a hash of SKM’s code • Directly from physical frames SKM Size Page SecMan SKM Size SKM Loading Virtual Address Space Registration request Page table Information Page Table Hierarchy Physical Address Space The DragonBeam Framework

  19. SKM Registration SKM .text • Requested by SKM, verified by SecMan Base address • Calculates a hash of SKM’s code • Directly from physical frames SKM Size Page SecMan SKM Size SKM Loading Virtual Address Space Registration request Find phys. frames of Page table SKM .text Information Page Table Hierarchy SKM .text Physical Frames Physical Address Space The DragonBeam Framework

  20. SKM Registration SKM .text • Requested by SKM, verified by SecMan Base address • Calculates a hash of SKM’s code • Directly from physical frames SKM Size Page SecMan SKM Size SKM Loading Virtual Address Space Registration request Find phys. frames of Page table SKM .text Information Page Table Hierarchy Calculate the hash SKM .text of SKM .text Physical Frames Match Not Begin Halt and operations alarm Physical Address Space The DragonBeam Framework

  21. Secure Memory Access Control • Who initiated memory transaction? • Use the current program counter and page mapping information Secure Memory RAM Array Registered .text info Program Within Counter Monitored SKM .text? Core Page Table Same with the Base registered one? Address Registered Page Malicious SKM Table info Module The DragonBeam Framework

  22. Secure Memory Access Control • What if attacker modifies SKM’s page mapping? Physical Address Space Page Table Hierarchy Virtual Address Space SKM .text Physical Base Frames PC Size PC The DragonBeam Framework

  23. Secure Memory Access Control • What if attacker modifies SKM’s page mapping? Physical Address Space Page Table Hierarchy Virtual Address Space SKM .text Physical Base Frames PC Size PC Page Table Hierarchy PC Altered Malicious Module’s Physical Frames The DragonBeam Framework

  24. Secure Memory Access Control • What if attacker modifies SKM’s page mapping? • Solution : Regularly translate virt-to-phys address and verifies SKM .text hash Physical Address Space Page Table Hierarchy Virtual Address Space SKM .text Physical Base Frames PC Size PC Page Table Hierarchy PC Altered Malicious Module’s Physical Frames The DragonBeam Framework

  25. Heartbeat and Hashing • Heartbeat • Checks if SKM is alive • Only SKM can respond Timeout SecMan Requests for HB Receives HB Sends HB SKM Time The DragonBeam Framework

  26. Heartbeat and Hashing • Heartbeat • Checks if SKM is alive • Only SKM can respond Timeout SecMan Requests for HB Receives HB Sends HB SKM Time • SKM .text hashing • Checks if SKM’s code and page mapping have not been altered The DragonBeam Framework

  27. Random Check Intervals • To prevent TOCTTOU (Time Of Check To Time Of Use) attacks • Attacker cannot guess the pattern of checks SKM SKM SKM SKM SecMan HB HB HS HB HS HB HS OP OP OP OP SKM SKM SKM HB HB OP OP Time SKM Operation Heartbeat Hashing SKM HB HS (Request/Send/Receive) SKM .text OP (Send/Response/Analysis) The DragonBeam Framework

  28. Implementation • Leon3 processor on Xilinx ZC702 FPGA Leon3 Core 1 Leon3 Core 2 • SPARC V8, soft-core (Monitored Core) (Secure Core) AHBRAM • 83.3 MHz Secure Memory • 256 MB Instruction Instruction Secure Pipeline Pipeline SecMan PC PC Data/Stack Controller Unused MMU MMU CTP CTP Base Access Size Control CTP AMBA AHB BUS AHB2AXI AHB2APB Bridge Bridge Multiprocessor SKM Main Interrupt Memory Linux Controller IRQ IRQ The DragonBeam Framework

  29. Implementation • Leon3 processor on Xilinx Leon3 on-chip SRAM (128KB) ZC702 FPGA Leon3 Core 1 Leon3 Core 2 • SPARC V8, soft-core (Monitored Core) (Secure Core) AHBRAM • 83.3 MHz Secure Memory • 256 MB Instruction Instruction Secure Pipeline Pipeline SecMan PC PC Data/Stack Controller Unused MMU MMU CTP CTP Base Access Size Control CTP AMBA AHB BUS AHB2AXI AHB2APB Bridge Bridge Multiprocessor SKM Main Interrupt Memory Linux Controller IRQ IRQ The DragonBeam Framework

Recommend

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware pentester Who am I ? Julien Moinard - Electronic engineer @opale-security (French company) - Security consultant, Hardware & SoDware pentester -

803 views • 40 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Why W3C needs to Remain Neutral and Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just: Image source: halfelf.org It is about decentralizing ID validation and key storage (my religion)

522 views • 16 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. These

977 views • 34 slides
Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB https://github.com/secworks IT security Embedded systems ASIC, FPGA Biometrics Open Crypto Hardware CPU design Assembly hacking Hardware Security

896 views • 50 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER / engineers Hardware security for embedded systems: memory and communication protection Arithmetic Tradeoffs on Performance/Cost/Security secure

310 views • 14 slides
for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1

for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1

Attacker Models for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1 Security-sensitive hardware: examples 2 Naive attacker model Attacks on communication channels exploiting lousy crypto or insecure

904 views • 45 slides
Bermuda Protected Species, Protected Areas & Climate Change Lagoon is approximately 750 km

Bermuda Protected Species, Protected Areas & Climate Change Lagoon is approximately 750 km

Bermuda Protected Species, Protected Areas & Climate Change Lagoon is approximately 750 km 2 Islands are 54 km 2 Population 64,237 (2010 census) Giving a population density of 1,190 people per km 2 Biodiversity Framework in Bermuda

1.38k views • 20 slides
CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec

CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec

CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec @CHIPSEC Wha What is is Pl Platform rm Se Secu curi rity? ty? Hardware Implementation and Configuration Available Security Features

695 views • 20 slides
Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

703 views • 46 slides
Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) & Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides
P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d

P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d

P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d bi t d bi t i t i f f Id Id tit T tit T t t RISE - Awareness of Biometrics and Security Ethics y By Nicolas DELVAUX

625 views • 20 slides
Who we are Eshard - Embedded Security Company Software & Hardware Security What do we

Who we are Eshard - Embedded Security Company Software & Hardware Security What do we

Who we are Eshard - Embedded Security Company Software & Hardware Security What do we do: @eshardNews Tools: Side Channel / Code Analysis Consultancy https://www.eshard.com Audit contact@eshard.com Training

752 views • 54 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
FROM HARDWARE TO 0-DAY Or how to buy a security camera and never use it for its intended purpose

FROM HARDWARE TO 0-DAY Or how to buy a security camera and never use it for its intended purpose

FROM HARDWARE TO 0-DAY Or how to buy a security camera and never use it for its intended purpose PIETRO OLIVA WHOAMI Name: Pietro Oliva Twitter: @0xsysenter Current role: Security researcher (R3) Previous roles: Security

795 views • 30 slides
A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of

A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of

1 A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of Engineering: Computer Science Promotor: Prof. Frank Piessens Advisors: Jan Tobias Mhlberg Jo Van Bulck 2 Introduction Growing trend towards

513 views • 27 slides
Security in modern CPU Guillaume Bouffard ( guillaume.bouffard@ssi.gouv.fr ) Hardware Security

Security in modern CPU Guillaume Bouffard ( guillaume.bouffard@ssi.gouv.fr ) Hardware Security

Security in modern CPU Guillaume Bouffard ( guillaume.bouffard@ssi.gouv.fr ) Hardware Security Labs National Cybersecurity Agency of France (ANSSI) DIENS, ENS, CNRS, PSL University Workshop SILM 21 November 2019 Who am I? Me Expert in

1.18k views • 80 slides
HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim Plusquellic Text: The Hardware Trojan War: Attacks, Myths, and Defenses, Chapter 10, J. Plusquellic and F. Saqib, "Detecting Hardware

293 views • 6 slides
Lecture 2: Introduction to Computer Security RK Shyamasundar Dangers Being Protected Against

Lecture 2: Introduction to Computer Security RK Shyamasundar Dangers Being Protected Against

Lecture 2: Introduction to Computer Security RK Shyamasundar Dangers Being Protected Against Damage to information Integrity Disruption of service Availability Theft of physical Integrity resources like money Theft of

588 views • 41 slides
History of the OpenBSD Hardware Sensors Framework Constantine A. Murenin University of W

History of the OpenBSD Hardware Sensors Framework Constantine A. Murenin University of W

History of the OpenBSD Hardware Sensors Framework Constantine A. Murenin University of W aterloo AsiaBSDCon 2009 12/15 March 2009 Tokyo, Japan Outline Introduction Framework API and utilities Drivers I C Bus Scan

693 views • 31 slides

More recommend