8,526 research outputs found
C-FLAT: Control-FLow ATtestation for Embedded Systems Software
Remote attestation is a crucial security service particularly relevant to
increasingly popular IoT (and other embedded) devices. It allows a trusted
party (verifier) to learn the state of a remote, and potentially
malware-infected, device (prover). Most existing approaches are static in
nature and only check whether benign software is initially loaded on the
prover. However, they are vulnerable to run-time attacks that hijack the
application's control or data flow, e.g., via return-oriented programming or
data-oriented exploits. As a concrete step towards more comprehensive run-time
remote attestation, we present the design and implementation of Control- FLow
ATtestation (C-FLAT) that enables remote attestation of an application's
control-flow path, without requiring the source code. We describe a full
prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone
hardware security extensions. We evaluate C-FLAT's performance using a
real-world embedded (cyber-physical) application, and demonstrate its efficacy
against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the
23rd ACM Conference on Computer and Communications Securit
An LLVM Instrumentation Plug-in for Score-P
Reducing application runtime, scaling parallel applications to higher numbers
of processes/threads, and porting applications to new hardware architectures
are tasks necessary in the software development process. Therefore, developers
have to investigate and understand application runtime behavior. Tools such as
monitoring infrastructures that capture performance relevant data during
application execution assist in this task. The measured data forms the basis
for identifying bottlenecks and optimizing the code. Monitoring infrastructures
need mechanisms to record application activities in order to conduct
measurements. Automatic instrumentation of the source code is the preferred
method in most application scenarios. We introduce a plug-in for the LLVM
infrastructure that enables automatic source code instrumentation at
compile-time. In contrast to available instrumentation mechanisms in
LLVM/Clang, our plug-in can selectively include/exclude individual application
functions. This enables developers to fine-tune the measurement to the required
level of detail while avoiding large runtime overheads due to excessive
instrumentation.Comment: 8 page
Hijacker: Efficient static software instrumentation with applications in high performance computing: Poster paper
Static Binary Instrumentation is a technique that allows compile-time program manipulation. In particular, by relying on ad-hoc tools, the end user is able to alter the program's execution flow without affecting its overall semantic. This technique has been effectively used, e.g., to support code profiling, performance analysis, error detection, attack detection, or behavior monitoring. Nevertheless, efficiently relying on static instrumentation for producing executables which can be deployed without affecting the overall performance of the application still presents technical and methodological issues. In this paper, we present Hijacker, an open-source customizable static binary instrumentation tool which is able to alter a program's execution flow according to some user-specified rules, limiting the execution overhead due to the code snippets inserted in the original program, thus enabling for the exploitation in high performance computing. The tool is highly modular and works on an internal representation of the program which allows to perform complex instrumentation tasks efficiently, and can be additionally extended to support different instruction sets and executable formats without any need to modify the instrumentation engine. We additionally present an experimental assessment of the overhead induced by the injected code in real HPC applications. © 2013 IEEE
LO-FAT: Low-Overhead Control Flow ATtestation in Hardware
Attacks targeting software on embedded systems are becoming increasingly
prevalent. Remote attestation is a mechanism that allows establishing trust in
embedded devices. However, existing attestation schemes are either static and
cannot detect control-flow attacks, or require instrumentation of software
incurring high performance overheads. To overcome these limitations, we present
LO-FAT, the first practical hardware-based approach to control-flow
attestation. By leveraging existing processor hardware features and
commonly-used IP blocks, our approach enables efficient control-flow
attestation without requiring software instrumentation. We show that our
proof-of-concept implementation based on a RISC-V SoC incurs no processor
stalls and requires reasonable area overhead.Comment: Authors' pre-print version to appear in DAC 2017 proceeding
Control-flow Integrity for Real-time Embedded Systems
As embedded systems become more connected and more ubiquitous in mission- and safety-critical systems, embedded devices have become a high- value target for hackers and security researchers. Attacks on real-time embedded systems software can put lives in danger and put our critical infrastructure at risk. Despite this, security techniques for embedded systems have not been widely studied. Many existing software security techniques for general purpose computers rely on assumptions that do not hold in the embedded case. This thesis focuses on one such technique, control-flow integrity (CFI), that has been vetted as an effective countermeasure against control-flow hijacking attacks on general purpose computing systems. Without the process isolation and fine-grained memory protections provided by a general purpose computer with a rich operating system, CFI cannot provide any security guarantees. This thesis explores a way to use CFI on ARM Cortex-R devices running minimal real-time operating systems. We provide techniques for protecting runtime structures, isolating processes, and instrumenting compiled ARM binaries with CFI protection
Racing to hardware-validated simulation
Processor simulators rely on detailed timing models of the processor pipeline to evaluate performance. The diversity in real-world processor designs mandates building flexible simulators that expose parts of the underlying model to the user in the form of configurable parameters. Consequently, the accuracy of modeling a real processor relies on both the accuracy of the pipeline model itself, and the accuracy of adjusting the configuration parameters according to the modeled processor. Unfortunately, processor vendors publicly disclose only a subset of their design decisions, raising the probability of introducing specification inaccuracies when modeling these processors. Inaccurately tuning model parameters deviates the simulated processor from the actual one. In the worst case, using improper parameters may lead to imbalanced pipeline models compromising the simulation output. Therefore, simulation models should be hardware-validated before using them for performance evaluation. As processors increase in complexity and diversity, validating a simulator model against real hardware becomes increasingly more challenging and time-consuming. In this work, we propose a methodology for validating simulation models against real hardware. We create a framework that relies on micro-benchmarks to collect performance statistics on real hardware, and machine learning-based algorithms to fine-tune the unknown parameters based on the accumulated statistics. We overhaul the Sniper simulator to support the ARM AArch64 instruction-set architecture (ISA), and introduce two new timing models for ARM-based in-order and out-of-order cores. Using our proposed simulator validation framework, we tune the in-order and out-of-order models to match the performance of a real-world implementation of the Cortex-A53 and Cortex-A72 cores with an average error of 7% and 15%, respectively, across a set of SPEC CPU2017 benchmarks
- …