1,405 research outputs found
HardIDX: Practical and Secure Index with SGX
Software-based approaches for search over encrypted data are still either
challenged by lack of proper, low-leakage encryption or slow performance.
Existing hardware-based approaches do not scale well due to hardware
limitations and software designs that are not specifically tailored to the
hardware architecture, and are rarely well analyzed for their security (e.g.,
the impact of side channels). Additionally, existing hardware-based solutions
often have a large code footprint in the trusted environment susceptible to
software compromises. In this paper we present HardIDX: a hardware-based
approach, leveraging Intel's SGX, for search over encrypted data. It implements
only the security critical core, i.e., the search functionality, in the trusted
environment and resorts to untrusted software for the remainder. HardIDX is
deployable as a highly performant encrypted database index: it is logarithmic
in the size of the index and searches are performed within a few milliseconds
rather than seconds. We formally model and prove the security of our scheme
showing that its leakage is equivalent to the best known searchable encryption
schemes. Our implementation has a very small code and memory footprint yet
still scales to virtually unlimited search index sizes, i.e., size is limited
only by the general - non-secure - hardware resources
C-FLAT: Control-FLow ATtestation for Embedded Systems Software
Remote attestation is a crucial security service particularly relevant to
increasingly popular IoT (and other embedded) devices. It allows a trusted
party (verifier) to learn the state of a remote, and potentially
malware-infected, device (prover). Most existing approaches are static in
nature and only check whether benign software is initially loaded on the
prover. However, they are vulnerable to run-time attacks that hijack the
application's control or data flow, e.g., via return-oriented programming or
data-oriented exploits. As a concrete step towards more comprehensive run-time
remote attestation, we present the design and implementation of Control- FLow
ATtestation (C-FLAT) that enables remote attestation of an application's
control-flow path, without requiring the source code. We describe a full
prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone
hardware security extensions. We evaluate C-FLAT's performance using a
real-world embedded (cyber-physical) application, and demonstrate its efficacy
against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the
23rd ACM Conference on Computer and Communications Securit
Behavior Compliance Control for More Trustworthy Computation Outsourcing
Computation outsourcing has become a hot topic in both academic research and industry.
This is because of the benefits accompanied with outsourcing, such as cost reduction,
focusing on core businesses and possibility for benefiting from modern payment
models like the pay-per-use model.
Unfortunately, outsourcing to potentially untrusted third parties' hosting
platforms requires a lot of trust. Clients need assurance that the intended
code was loaded and executed, and that the application behaves correctly and
trustworthy at runtime. That is, techniques from Trusted Computing which
are used to allow issuing evidence about the execution of binaries and reporting it
to a challenger are not sufficient. Challengers are more interested
in evidence which allows detecting misbehavior while the outsourced
computation is running on the hosting platform.
Another challenging issue is providing a secure data storage for collected
evidence information. Such a secure data storage is provided by
the Trusted Platform Module (TPM). In outsourcing scenarios where
virtualizations technologies are applied, the use of virtual TPMs (vTPMs)
comes into consideration. However, researcher identified some drawbacks
and limitations of the use of TPMs. These problems include privacy and maintainability
issues, problems with the sealing functionality and the high communication
and management efforts. On the other hand, virtualizing TPMs, especially virutalizing the Platform
Configuration Registers (PCRs), strikes against one of the core principles of
Trusted Computing, namely the need for a hardware-based secure storage.
In this thesis, we propose different approaches and architectures which
can be used to mitigate the problems above. In particular, in the first
part of our thesis we propose an approach called Behavior Compliance
Control (BCC) to defines architectures to describe how the behavior of
such outsourced computations is captured and controlled as well as how to
judge the compliance of it compared to a trusted behavior model. We present
approaches for two abstraction levels; one on a program code level and the
other is on the level of abstract executable business processes.
In the second part of this thesis, we propose approaches to solve
the aforementioned problems related to TPMs and vTPMs, which are used
as storage for evidence data collected as assurance for behavior compliance. In particular,
we recognized that the use of the SHA-1 hash to measure system components requires
maintenance of a large set of hashes of presumably trustworthy
software; furthermore, during attestation, the full configuration of the
platform is revealed. Thus, our approach shows how the use of chameleon hashes allows
to mitigate the impact of these two problems. To increase the security of vTPM,
we show in another approach how strength of hardware-based security can be gained in
virtual PCRs by binding them to their corresponding hardware PCRs. We propose two approaches
for such a binding. For this purpose, the first variant uses binary hash trees, whereas the other
variant uses incremental hashing.
We further provide implementations of the proposed approach and evaluate
their impact in practice. Furthermore, we empirically evaluate the
relative efficacy of the different behavioral abstractions of BCC that we define
based on different real world applications. In particular, we examined
the feasibility, the effectiveness, the scalability and efficiency of the
approach. To this end, we chose two kinds of applications, a web-based
and a desktop application, performing different attacks on them, such
as malicious input attach and SQL injection attack. The results show
that such attacks can be detected so that the application of our approach
can increase the protection against them
Digital provenance - models, systems, and applications
Data provenance refers to the history of creation and manipulation of a data object and is being widely used in various application domains including scientific experiments, grid computing, file and storage system, streaming data etc. However, existing provenance systems operate at a single layer of abstraction (workflow/process/OS) at which they record and store provenance whereas the provenance captured from different layers provide the highest benefit when integrated through a unified provenance framework. To build such a framework, a comprehensive provenance model able to represent the provenance of data objects with various semantics and granularity is the first step. In this thesis, we propose a such a comprehensive provenance model and present an abstract schema of the model. ^ We further explore the secure provenance solutions for distributed systems, namely streaming data, wireless sensor networks (WSNs) and virtualized environments. We design a customizable file provenance system with an application to the provenance infrastructure for virtualized environments. The system supports automatic collection and management of file provenance metadata, characterized by our provenance model. Based on the proposed provenance framework, we devise a mechanism for detecting data exfiltration attack in a file system. We then move to the direction of secure provenance communication in streaming environment and propose two secure provenance schemes focusing on WSNs. The basic provenance scheme is extended in order to detect packet dropping adversaries on the data flow path over a period of time. We also consider the issue of attack recovery and present an extensive incident response and prevention system specifically designed for WSNs
Digital provenance - models, systems, and applications
Data provenance refers to the history of creation and manipulation of a data object and is being widely used in various application domains including scientific experiments, grid computing, file and storage system, streaming data etc. However, existing provenance systems operate at a single layer of abstraction (workflow/process/OS) at which they record and store provenance whereas the provenance captured from different layers provide the highest benefit when integrated through a unified provenance framework. To build such a framework, a comprehensive provenance model able to represent the provenance of data objects with various semantics and granularity is the first step. In this thesis, we propose a such a comprehensive provenance model and present an abstract schema of the model. ^ We further explore the secure provenance solutions for distributed systems, namely streaming data, wireless sensor networks (WSNs) and virtualized environments. We design a customizable file provenance system with an application to the provenance infrastructure for virtualized environments. The system supports automatic collection and management of file provenance metadata, characterized by our provenance model. Based on the proposed provenance framework, we devise a mechanism for detecting data exfiltration attack in a file system. We then move to the direction of secure provenance communication in streaming environment and propose two secure provenance schemes focusing on WSNs. The basic provenance scheme is extended in order to detect packet dropping adversaries on the data flow path over a period of time. We also consider the issue of attack recovery and present an extensive incident response and prevention system specifically designed for WSNs
Arm TrustZone: evaluating the diversity of the memory subsystem
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresThe diversification of the embedded market has led the once single-purpose built embedded
device to become a broader concept that can accommodate more general-purpose solutions,
by widening its hardware and software resources. A huge diversity in system resources and
requirements has boosted the investigation around virtualization technology, which is becoming
prevalent in the embedded systems domain, allowing timing and spatial sharing of hardware and
software resources between specialized subsystems. As strict timing demands imposed in realtime
virtualized systems must be met, coupled with a small margin for the penalties incurred
by conventional software-based virtualization, resort to hardware-assisted solutions has become
indispensable.
Although not a virtualization but security-oriented technology, Arm TrustZone is seen by many
as a reliable hardware-based virtualization alternative, with the low cost and high spread of
TrustZone-enabled processors standing as strong arguments for its acceptance. But, since Trust-
Zone only dictates the hardware infrastructure foundations, providing SoC designers with a range
of components that can fulfil specific functions, several key-components and subsystems of this
technology are implementation defined. This approach may hinder a system designer’s work, as
it may impair and make the portability of system software a lot more complicated.
As such, this thesis proposes to examine how different manufacturers choose to work with
the TrustZone architecture, and how the changes introduced by this technology may affect the
security and performance of TrustZone-assisted virtualization solutions, in order to scale back
those major constraints. It identifies the main properties that impact the creation and execution
of system software and points into what may be the most beneficial approaches for developing
and using TrustZone-assisted hardware and software.A recente metamorfose na área dos sistemas embebidos transformou estes dispositivos,
outrora concebidos com um único e simples propósito, num aglomerado de subsistemas prontos
para integrar soluções mais flexíveis. Este aumento de recursos e de requisitos dos sistemas
potenciou a investigação em soluções de virtualização dos mesmos, permitindo uma partilha
simultânea de recursos de hardware e software entre os vários subsistemas. A proliferação destas
soluções neste domínio, onde os tempos de execução têm de ser respeitados e a segurança é
um ponto-chave, tem levado à adoção de técnicas de virtualização assistidas por hardware.
Uma tecnologia que tem vindo a ser utilizada para este fim é a Arm TrustZone, apesar de
inicialmente ter sido desenvolvida como uma tecnologia de proteção, dado a sua maior presença
em placas de médio e baixo custo quando comparada a outras tecnologias. Infelizmente, dado
que a TrustZone apenas fornece diretrizes base sobre as quais os fabricantes podem contruir
os seus sistemas, as especificações da tecnologia divergem de fabricante para fabricante, ou
até entre produtos com a mesma origem. Aliada à geral escassez de informação sobre esta
tecnologia, esta característica pode trazer problemas para a criação e portabilidade de software
de sistema dependente desta tecnologia.
Como tal, a presente tese propõe examinar, de uma forma sistematizada, de que forma diferentes
fabricantes escolhem implementar sistemas baseados na arquitetura TrustZone e em que
medida as mudanças introduzidas por esta tecnologia podem afetar a segurança e desempenho
de soluções de virtualização baseadas na mesma. São identificadas as principais características
que podem influenciar a criação e execução de software de sistema e potenciais medidas para
diminuir o seu impacto, assim como boas práticas a seguir no desenvolvimento na utilização de
software e hardware baseados na TrustZone
- …