ControlFreak: Signature Chaining to Counter Control Flow Attacks

Abstract: Many modern embedded systems use networks to communicate. This increases the attack surface: the adversary does not need to have physical access to the system and can launch remote attacks. By exploiting software bugs, the attacker might be able to change the behavior of a program. Security violations in safety-critical systems are particularly dangerous since they might lead to catastrophic results. Hence, safety-critical software requires additional protection. We present an approach to detect and prevent control flow attacks. Such attacks maliciously modify program's control flow to achieve the desired behavior. We develop ControlFreak, a hardware watchdog to monitor program execution and to prevent illegal control flow transitions. The watchdog employs chained signatures to detect any modification of the instruction stream and any illegal jump in the program even if signatures are maliciously modified

An Investigation into Soft Error Detection Efficiency at Operating System Level

Electronic equipment operating in harsh environments such as space is subjected to a range of threats. The most important of these is radiation that gives rise to permanent and transient errors on microelectronic components. The occurrence rate of transient errors is significantly more than permanent errors. The transient errors, or soft errors, emerge in two formats: control flow errors (CFEs) and data errors. Valuable research results have already appeared in literature at hardware and software levels for their alleviation. However, there is the basic assumption behind these works that the operating system is reliable and the focus is on other system levels. In this paper, we investigate the effects of soft errors on the operating system components and compare their vulnerability with that of application level components. Results show that soft errors in operating system components affect both operating system and application level components. Therefore, by providing endurance to operating system level components against soft errors, both operating system and application level components gain tolerance

Detecting Fault Injection Attacks with Runtime Verification

International audienceFault injections are increasingly used to attack/test secure applications. In this paper, we define formal models of runtime monitors that can detect fault injections that result in test inversion attacks and arbitrary jumps in the control flow. Runtime verification monitors offer several advantages. The code implementing a monitor is small compared to the entire application code. Monitors have a formal semantics; and we prove that they effectively detect attacks. Each monitor is a module dedicated to detecting an attack and can be deployed as needed to secure the application. A monitor can run separately from the application or it can be weaved inside the application. Our monitors have been validated by detecting simulated attacks on a program that verifies a user PIN

Software implemented fault tolerance for microprocessor controllers: fault tolerance for microprocessor controllers

It is generally accepted that transient faults are a major cause of failure in micro processor systems. Industrial controllers with embedded microprocessors are particularly at risk from this type of failure because their working environments are prone to transient disturbances which can generate transient faults. In order to improve the reliability of processor systems for industrial applications within a limited budget, fault tolerant techniques for uniprocessors are implemented. These techniques aim to identify characteristics of processor operation which are attributed to erroneous behaviour. Once detection is achieved, a programme of restoration activity can be initiated. This thesis initially develops a previous model of erroneous microprocessor behaviour from which characteristics particular to mal-operation are identified. A new technique is proposed, based on software implemented fault tolerance which, by recognizing a particular behavioural characteristic, facilitates the self-detection of erroneous execution. The technique involves inserting detection mechanisms into the target software. This can be quite a complex process and so a prototype software tool called Post-programming Automated Recovery UTility (PARUT) is developed to automate the technique's application. The utility can be used to apply the proposed behavioural fault tolerant technique for a selection of target processors. Fault injection and emulation experiments assess the effectiveness of the proposed fault tolerant technique for three application programs implemented on an 8, 16, and 32- bit processors respectively. The modified application programs are shown to have an improved detection capability and hence reliability when the proposed fault tolerant technique is applied. General assessment of the technique cannot be made, however, because its effectiveness is application specific. The thesis concludes by considering methods of generating non-hazardous application programs at the compilation stage, and design features for incorporation into the architecture of a microprocessor which inherently reduce the hazard, and increase the detection capability of the target software. Particular suggestions are made to add a 'PARUT' phase to the translation process, and to orientate microprocessor design towards the instruction opcode map

Fault-tolerant satellite computing with modern semiconductors

Miniaturized satellites enable a variety space missions which were in the past infeasible, impractical or uneconomical with traditionally-designed heavier spacecraft. Especially CubeSats can be launched and manufactured rapidly at low cost from commercial components, even in academic environments. However, due to their low reliability and brief lifetime, they are usually not considered suitable for life- and safety-critical services, complex multi-phased solar-system-exploration missions, and missions with a longer duration. Commercial electronics are key to satellite miniaturization, but also responsible for their low reliability: Until 2019, there existed no reliable or fault-tolerant computer architectures suitable for very small satellites. To overcome this deficit, a novel on-board-computer architecture is described in this thesis.Robustness is assured without resorting to radiation hardening, but through software measures implemented within a robust-by-design multiprocessor-system-on-chip. This fault-tolerant architecture is component-wise simple and can dynamically adapt to changing performance requirements throughout a mission. It can support graceful aging by exploiting FPGA-reconfiguration and mixed-criticality.  Experimentally, we achieve 1.94W power consumption at 300Mhz with a Xilinx Kintex Ultrascale+ proof-of-concept, which is well within the powerbudget range of current 2U CubeSats. To our knowledge, this is the first COTS-based, reproducible on-board-computer architecture that can offer strong fault coverage even for small CubeSats.European Space AgencyComputer Systems, Imagery and Medi

Software-based Transparent And Comprehensive Control-flow Error Detection

Shrinking microprocessor feature size and growing transistor density may increase the soft-error rates to unacceptable levels in the near future. While reliable systems typically employ hardware techniques to address soft-errors, software-based techniques can provide a less expensive and more flexible alternative. This paper presents a control-flow error classification and proposes two new software-based comprehensive control-flow error detection techniques. The new techniques are better than the previous ones in the sense that they detect errors in all the branch-error categories. We implemented the techniques in our dynamic binary translator so that the techniques can be applied to existing x86 binaries transparently. We compared our new techniques with the previous ones and we show that our methods cover more errors while has similar performance overhead. © 2006 IEEE.333345Alkhalifa, Z., Nair, V.S.S., Krishnamurthy, N., Abraham, J.A., Design and evaluation of system-level checks for on-line control-flow error detection (1999) IEEE Trans. Parallel Distrib. Syst, 10, pp. 627-641. , JuneAndo, H., A 1.3ghz fifth generation sparc64 microprocessors (2003) Proc. IEEE International Solid-State Circuits Conference. (ISSCC 03), pp. 246-247. , IEEE PressBaumann, R., Soft errors in commercial semiconductor technology: Overview and scaling trends (2002) IEEE 2002 Reliability Physics Symp. Tutorial Notes, Reliability Fundamentals, pp. 1210101-1210114. , IEEE PressChandra, S., Chen, P.M., How fail-stop are faulty programs? (1998) Proceedings of the 1998 Symposium on Fault-Tolerant Computing (FTCS), , JuneConstantinescu, C., Trends and challenges in vlsi circuit reliability (2003) IEEE Micro, 23, pp. 14-19. , Jul.-AugIntel@ Extended Memory 64 Technology Software Developer's GuideIA-32 Intel@ Architecture Software Developer's ManualMukherjee, S.S., Emer, J., Reinhardt, S.K., The soft error problem: An architectural perspective (2005) Proceeding of the 11th Int'l Symposium on High- Performance Computer Architecture (HPCA-11), pp. 243-247. , 12-16 FebMichel, T., Leveugle, R., Saucier, G., A new approach to control-flow checking without program modification (1991) Proc. FTCS-21, pp. 334-341Namjoo, M., CERBERUS-16: An architecture for a general purpose watchdog processor (1983) Proc. Symposium on Fault-Tolerant Computing, pp. 216-219O'Gorman, T.J., Ross, J.M., Taber, A.H., Ziegler, J.F., Muhlfeld, H.P., Montrose, I.C.J., Curtis, H.W., Walsh, J.L., Field testing for cosmic ray soft errors in semiconductor memories (1996) IBM Journal of Research and Development, pp. 41-49. , JanuaryOh, N., Shirvani, P.P., McCluskey, E.J., Controlflow checking by software signatures (2002) IEEE Transactions on Reliability, 51 (2), pp. 111-122. , MarchReis, G.A., Chang, J., Vachharajani, N., Rangan, R., August, D.I., SWIFT: Software implemented fault tolerance (2005) Proceedings of the Third International Symposium on Code Generation and Optimization (CGO), , MarchShivakumar, P., Kistler, M., Keckler, S.W., Burger, D., Alvisi, L., Modeling the effect of technology trends on the soft error rate of combinational logic (2002) Proceedings of the 2002 International Conference on Dependable Systems and Networks, pp. 389-399. , JuneSaxena, N.R., McCluskey, E.J., Control-flow checking using watchdog assists and extended-precision checksums (1990) IEEE Transactions on Computers, 39 (4), pp. 554-559. , Ap