5,154 research outputs found
SOFIA : software and control flow integrity architecture
Microprocessors used in safety-critical systems are extremely sensitive to software vulnerabilities, as their failure can lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture for microprocessors used in safety-critical systems. The proposed architecture provides protection against code injection and code reuse attacks. It has mechanisms to protect software integrity, perform control flow integrity, prevent execution of tampered code, and enforce copyright protection. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity. The proposed architectural features were added to the LEON3 open source soft microprocessor, and were evaluated on an FPGA running a software benchmark. The results show that the hardware area is 28.2% larger and the clock is 84.6% slower, while the software benchmark has a cycle overhead of 13.7% and a total execution time overhead of 110% when compared to an unmodified processor
Securing Real-Time Internet-of-Things
Modern embedded and cyber-physical systems are ubiquitous. A large number of
critical cyber-physical systems have real-time requirements (e.g., avionics,
automobiles, power grids, manufacturing systems, industrial control systems,
etc.). Recent developments and new functionality requires real-time embedded
devices to be connected to the Internet. This gives rise to the real-time
Internet-of-things (RT-IoT) that promises a better user experience through
stronger connectivity and efficient use of next-generation embedded devices.
However RT- IoT are also increasingly becoming targets for cyber-attacks which
is exacerbated by this increased connectivity. This paper gives an introduction
to RT-IoT systems, an outlook of current approaches and possible research
challenges towards secure RT- IoT frameworks
DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization
Recent research has demonstrated that Intel's SGX is vulnerable to various
software-based side-channel attacks. In particular, attacks that monitor CPU
caches shared between the victim enclave and untrusted software enable accurate
leakage of secret enclave data. Known defenses assume developer assistance,
require hardware changes, impose high overhead, or prevent only some of the
known attacks. In this paper we propose data location randomization as a novel
defensive approach to address the threat of side-channel attacks. Our main goal
is to break the link between the cache observations by the privileged adversary
and the actual data accesses by the victim. We design and implement a
compiler-based tool called DR.SGX that instruments enclave code such that data
locations are permuted at the granularity of cache lines. We realize the
permutation with the CPU's cryptographic hardware-acceleration units providing
secure randomization. To prevent correlation of repeated memory accesses we
continuously re-randomize all enclave data during execution. Our solution
effectively protects many (but not all) enclaves from cache attacks and
provides a complementary enclave hardening technique that is especially useful
against unpredictable information leakage
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone
The rapid evolution of Internet-of-Things (IoT) technologies has led to an
emerging need to make it smarter. A variety of applications now run
simultaneously on an ARM-based processor. For example, devices on the edge of
the Internet are provided with higher horsepower to be entrusted with storing,
processing and analyzing data collected from IoT devices. This significantly
improves efficiency and reduces the amount of data that needs to be transported
to the cloud for data processing, analysis and storage. However, commodity OSes
are prone to compromise. Once they are exploited, attackers can access the data
on these devices. Since the data stored and processed on the devices can be
sensitive, left untackled, this is particularly disconcerting.
In this paper, we propose a new system, TrustShadow that shields legacy
applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone
technology and partitions resources into the secure and normal worlds. In the
secure world, TrustShadow constructs a trusted execution environment for
security-critical applications. This trusted environment is maintained by a
lightweight runtime system that coordinates the communication between
applications and the ordinary OS running in the normal world. The runtime
system does not provide system services itself. Rather, it forwards requests
for system services to the ordinary OS, and verifies the correctness of the
responses. To demonstrate the efficiency of this design, we prototyped
TrustShadow on a real chip board with ARM TrustZone support, and evaluated its
performance using both microbenchmarks and real-world applications. We showed
TrustShadow introduces only negligible overhead to real-world applications.Comment: MobiSys 201
Software Grand Exposure: SGX Cache Attacks Are Practical
Side-channel information leakage is a known limitation of SGX. Researchers
have demonstrated that secret-dependent information can be extracted from
enclave execution through page-fault access patterns. Consequently, various
recent research efforts are actively seeking countermeasures to SGX
side-channel attacks. It is widely assumed that SGX may be vulnerable to other
side channels, such as cache access pattern monitoring, as well. However, prior
to our work, the practicality and the extent of such information leakage was
not studied.
In this paper we demonstrate that cache-based attacks are indeed a serious
threat to the confidentiality of SGX-protected programs. Our goal was to design
an attack that is hard to mitigate using known defenses, and therefore we mount
our attack without interrupting enclave execution. This approach has major
technical challenges, since the existing cache monitoring techniques experience
significant noise if the victim process is not interrupted. We designed and
implemented novel attack techniques to reduce this noise by leveraging the
capabilities of the privileged adversary. Our attacks are able to recover
confidential information from SGX enclaves, which we illustrate in two example
cases: extraction of an entire RSA-2048 key during RSA decryption, and
detection of specific human genome sequences during genomic indexing. We show
that our attacks are more effective than previous cache attacks and harder to
mitigate than previous SGX side-channel attacks
Arm TrustZone: evaluating the diversity of the memory subsystem
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresThe diversification of the embedded market has led the once single-purpose built embedded
device to become a broader concept that can accommodate more general-purpose solutions,
by widening its hardware and software resources. A huge diversity in system resources and
requirements has boosted the investigation around virtualization technology, which is becoming
prevalent in the embedded systems domain, allowing timing and spatial sharing of hardware and
software resources between specialized subsystems. As strict timing demands imposed in realtime
virtualized systems must be met, coupled with a small margin for the penalties incurred
by conventional software-based virtualization, resort to hardware-assisted solutions has become
indispensable.
Although not a virtualization but security-oriented technology, Arm TrustZone is seen by many
as a reliable hardware-based virtualization alternative, with the low cost and high spread of
TrustZone-enabled processors standing as strong arguments for its acceptance. But, since Trust-
Zone only dictates the hardware infrastructure foundations, providing SoC designers with a range
of components that can fulfil specific functions, several key-components and subsystems of this
technology are implementation defined. This approach may hinder a system designer’s work, as
it may impair and make the portability of system software a lot more complicated.
As such, this thesis proposes to examine how different manufacturers choose to work with
the TrustZone architecture, and how the changes introduced by this technology may affect the
security and performance of TrustZone-assisted virtualization solutions, in order to scale back
those major constraints. It identifies the main properties that impact the creation and execution
of system software and points into what may be the most beneficial approaches for developing
and using TrustZone-assisted hardware and software.A recente metamorfose na área dos sistemas embebidos transformou estes dispositivos,
outrora concebidos com um único e simples propósito, num aglomerado de subsistemas prontos
para integrar soluções mais flexíveis. Este aumento de recursos e de requisitos dos sistemas
potenciou a investigação em soluções de virtualização dos mesmos, permitindo uma partilha
simultânea de recursos de hardware e software entre os vários subsistemas. A proliferação destas
soluções neste domínio, onde os tempos de execução têm de ser respeitados e a segurança é
um ponto-chave, tem levado à adoção de técnicas de virtualização assistidas por hardware.
Uma tecnologia que tem vindo a ser utilizada para este fim é a Arm TrustZone, apesar de
inicialmente ter sido desenvolvida como uma tecnologia de proteção, dado a sua maior presença
em placas de médio e baixo custo quando comparada a outras tecnologias. Infelizmente, dado
que a TrustZone apenas fornece diretrizes base sobre as quais os fabricantes podem contruir
os seus sistemas, as especificações da tecnologia divergem de fabricante para fabricante, ou
até entre produtos com a mesma origem. Aliada à geral escassez de informação sobre esta
tecnologia, esta característica pode trazer problemas para a criação e portabilidade de software
de sistema dependente desta tecnologia.
Como tal, a presente tese propõe examinar, de uma forma sistematizada, de que forma diferentes
fabricantes escolhem implementar sistemas baseados na arquitetura TrustZone e em que
medida as mudanças introduzidas por esta tecnologia podem afetar a segurança e desempenho
de soluções de virtualização baseadas na mesma. São identificadas as principais características
que podem influenciar a criação e execução de software de sistema e potenciais medidas para
diminuir o seu impacto, assim como boas práticas a seguir no desenvolvimento na utilização de
software e hardware baseados na TrustZone
- …