2 research outputs found
λ©λͺ¨λ¦¬ 보νΈλ₯Ό μν 보μ μ μ± μ μννκΈ° μν μ½λ λ³ν κΈ°μ
νμλ
Όλ¬Έ(λ°μ¬)--μμΈλνκ΅ λνμ :곡과λν μ κΈ°Β·μ»΄ν¨ν°κ³΅νλΆ,2020. 2. λ°±μ€ν₯.Computer memory is a critical component in computer systems that needs to be protected to ensure the security of computer systems. It contains security sensitive data that should not be disclosed to adversaries. Also, it contains the important data for operating the system that should not be manipulated by the attackers. Thus, many security solutions focus on protecting memory so that sensitive data cannot be leaked out of the computer system or on preventing illegal access to computer data. In this thesis, I will present various code transformation techniques for enforcing security policies for memory protection. First, I will present a code transformation technique to track implicit data flows so that security sensitive data cannot leak through implicit data flow channels (i.e., conditional branches). Then I will present a compiler technique to instrument C/C++ program to mitigate use-after-free errors, which is a type of vulnerability that allow illegal access to stale memory location. Finally, I will present a code transformation technique for low-end embedded devices to enable execute-only memory, which is a strong security policy to protect secrets and harden the computing device against code reuse attacks.μ»΄ν¨ν° λ©λͺ¨λ¦¬λ μ»΄ν¨ν° μμ€ν
μ 보μμ μν΄ λ³΄νΈλμ΄μΌ νλ μ€μν μ»΄ν¬λνΈμ΄λ€. μ»΄ν¨ν° λ©λͺ¨λ¦¬λ 보μμ μ€μν λ°μ΄ν°λ₯Ό λ΄κ³ μμ λΏλ§ μλλΌ, μμ€ν
μ μ¬λ°λ₯Έ λμμ μν΄ κ³΅κ²©μμ μν΄ μ‘°μλμ΄μλ μλλ μ€μν λ°μ΄ν° κ°λ€μ μ μ₯νλ€. λ°λΌμ λ§μ 보μ μ루μ
μ λ©λͺ¨λ¦¬λ₯Ό 보νΈνμ¬ μ»΄ν¨ν° μμ€ν
μμ μ€μν λ°μ΄ν°κ° μ μΆλκ±°λ μ»΄ν¨ν° λ°μ΄ν°μ λν λΆλ²μ μΈ μ κ·Όμ λ°©μ§νλ λ° μ€μ μ λλ€. λ³Έ λ
Όλ¬Έμμλ λ©λͺ¨λ¦¬ 보νΈλ₯Ό μν 보μ μ μ±
μ μννκΈ° μν λ€μν μ½λ λ³ν κΈ°μ μ μ μνλ€. λ¨Όμ , νλ‘κ·Έλ¨μμ λΆκΈ°λ¬Έμ ν΅ν΄ 보μμ λ―Όκ°ν λ°μ΄ν°κ° μ μΆλμ§ μλλ‘ μμμ λ°μ΄ν° νλ¦μ μΆμ νλ μ½λ λ³ν κΈ°μ μ μ μνλ€. κ·Έ λ€μμΌλ‘ C / C ++ νλ‘κ·Έλ¨μ λ³ννμ¬ use-after-free μ€λ₯λ₯Ό μννλ μ»΄νμΌλ¬ κΈ°μ μ μ μνλ€. λ§μ§λ§μΌλ‘, μ€μ λ°μ΄ν°λ₯Ό 보νΈνκ³ μ½λ μ¬μ¬μ© 곡격μΌλ‘λΆν° λλ°μ΄μ€λ₯Ό κ°νν μ μλ κ°λ ₯ν 보μ μ μ±
μΈ μ€ν μ μ© λ©λͺ¨λ¦¬(execute-only memory)λ₯Ό μ μ¬μ μλ² λλ λλ°μ΄μ€μ ꡬννκΈ° μν μ½λ λ³ν κΈ°μ μ μ μνλ€.1 Introduction 1
2 Background 4
3 A Hardware-based Technique for Efficient Implicit Information Flow Tracking 8
3.1 Introduction 8
3.2 Related Work 10
3.3 Our Approach for Implicit Flow Tracking 12
3.3.1 Implicit Flow Tracking Scheme with Program Counter Tag 12
3.3.2 tP C Management Technique 15
3.3.3 Compensation for the Untaken Path 20
3.4 Architecture Design of IFTU 22
3.4.1 Overall System 22
3.4.2 Tag Computing Core 24
3.5 Performance and Area Analysis 26
3.6 Security Analysis 28
3.7 Summary 30
4 CRCount: Pointer Invalidation with Reference Counting to Mitigate Useafter-free in Legacy C/C++ 31
4.1 Introduction 31
4.2 Related Work 36
4.3 Threat Model 40
4.4 Implicit Pointer Invalidation 40
4.4.1 Invalidation with Reference Counting 40
4.4.2 Reference Counting in C/C++ 42
4.5 Design 44
4.5.1 Overview 45
4.5.2 Pointer Footprinting 46
4.5.3 Delayed Object Free 50
4.6 Implementation 53
4.7 Evaluation 56
4.7.1 Statistics 56
4.7.2 Performance Overhead 58
4.7.3 Memory Overhead 62
4.8 Security Analysis 67
4.8.1 Attack Prevention 68
4.8.2 Security considerations 69
4.9 Limitations 69
4.10 Summary 71
5 uXOM: Efficient eXecute-Only Memory on ARM Cortex-M 73
5.1 Introduction 73
5.2 Background 78
5.2.1 ARMv7-M Address Map and the Private Peripheral Bus (PPB) 78
5.2.2 Memory Protection Unit (MPU) 79
5.2.3 Unprivileged Loads/Stores 80
5.2.4 Exception Entry and Return 80
5.3 Threat Model and Assumptions 81
5.4 Approach and Challenges 82
5.5 uXOM 85
5.5.1 Basic Design 85
5.5.2 Solving the Challenges 89
5.5.3 Optimizations 98
5.5.4 Security Analysis 99
5.6 Evaluation 100
5.6.1 Runtime Overhead 103
5.6.2 Code Size Overhead 106
5.6.3 Energy Overhead 107
5.6.4 Security and Usability 107
5.6.5 Use Cases 108
5.7 Discussion 110
5.8 Related Work 111
5.9 Summary 113
6 Conclusion and Future Work 114
6.1 Future Work 115
Abstract (In Korean) 132
Acknowlegement 133Docto
Cautiously Optimistic Program Analyses for Secure and Reliable Software
Modern computer systems still have various security and reliability vulnerabilities. Well-known dynamic analyses solutions can mitigate them using runtime monitors that serve as lifeguards. But the additional work in enforcing these security and safety properties incurs exorbitant performance costs, and such tools are rarely used in practice. Our work addresses this problem by constructing a novel technique- Cautiously Optimistic Program Analysis (COPA).
COPA is optimistic- it infers likely program invariants from dynamic observations, and assumes them in its static reasoning to precisely identify and elide wasteful runtime monitors. The resulting system is fast, but also ensures soundness by recovering to a conservatively optimized analysis when a likely invariant rarely fails at runtime. COPA is also cautious- by carefully restricting optimizations to only safe elisions, the recovery is greatly simplified. It avoids unbounded rollbacks upon recovery, thereby enabling analysis for live production software.
We demonstrate the effectiveness of Cautiously Optimistic Program Analyses in three areas:
Information-Flow Tracking (IFT) can help prevent security breaches and information leaks. But they are rarely used in practice due to their high performance overhead (>500% for web/email servers). COPA dramatically reduces this cost by eliding wasteful IFT monitors to make it practical (9% overhead, 4x speedup).
Automatic Garbage Collection (GC) in managed languages (e.g. Java) simplifies programming tasks while ensuring memory safety. However, there is no correct GC for weakly-typed languages (e.g. C/C++), and manual memory management is prone to errors that have been exploited in high profile attacks. We develop the first sound GC for C/C++, and use COPA to optimize its performance (16% overhead).
Sequential Consistency (SC) provides intuitive semantics to concurrent programs that simplifies reasoning for their correctness. However, ensuring SC behavior on commodity hardware remains expensive. We use COPA to ensure SC for Java at the language-level efficiently, and significantly reduce its cost (from 24% down to 5% on x86).
COPA provides a way to realize strong software security, reliability and semantic guarantees at practical costs.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/170027/1/subarno_1.pd