Implementing an ISR defense on a MIPS architecture

Code injection attacks are an undeniable threat in today’s cyberworld. Instruction Set Randomization (ISR) was initially proposed in 2003. This technique was designed to protect systems against code injection attacks by creating an unique instruction set for each machine, thanks to randomization. It is a promising technique in the growing embedded system and Internet of Things (IoT) devices ecosystem, where the lack of complex memory management make these devices more vulnerable. However, most of ISR implementations up to day are entirely software based. In this work, we implement hardware support for an ISR defense on an 32 bits, 5 pipeline stages MIPS processor (which is an embedded system compatible architecture). Two obfuscation schemes were implemented, one based on XOR encryption and the other on transposition. The hardware implementation was tested under synthetic code injection attacks and results shows the effectiveness of the defense using both encryption circuits.Sociedad Argentina de Informática e Investigación Operativa (SADIO

Implementing an ISR defense on a MIPS architecture

Code injection attacks are an undeniable threat in today’s cyberworld. Instruction Set Randomization (ISR) was initially proposed in 2003. This technique was designed to protect systems against code injection attacks by creating an unique instruction set for each machine, thanks to randomization. It is a promising technique in the growing embedded system and Internet of Things (IoT) devices ecosystem, where the lack of complex memory management make these devices more vulnerable. However, most of ISR implementations up to day are entirely software based. In this work, we implement hardware support for an ISR defense on an 32 bits, 5 pipeline stages MIPS processor (which is an embedded system compatible architecture). Two obfuscation schemes were implemented, one based on XOR encryption and the other on transposition. The hardware implementation was tested under synthetic code injection attacks and results shows the effectiveness of the defense using both encryption circuits.Sociedad Argentina de Informática e Investigación Operativa (SADIO

Implementing an ISR defense on a MIPS architecture

Code injection attacks are an undeniable threat in today’s cyberworld. Instruction Set Randomization (ISR) was initially proposed in 2003. This technique was designed to protect systems against code injection attacks by creating an unique instruction set for each machine, thanks to randomization. It is a promising technique in the growing embedded system and Internet of Things (IoT) devices ecosystem, where the lack of complex memory management make these devices more vulnerable. However, most of ISR implementations up to day are entirely software based. In this work, we implement hardware support for an ISR defense on an 32 bits, 5 pipeline stages MIPS processor (which is an embedded system compatible architecture). Two obfuscation schemes were implemented, one based on XOR encryption and the other on transposition. The hardware implementation was tested under synthetic code injection attacks and results shows the effectiveness of the defense using both encryption circuits.Sociedad Argentina de Informática e Investigación Operativa (SADIO

Killing the Myth of Cisco IOS Diversity: Recent Advances in Reliable Shellcode Design

IOS firmware diversity, the unintended consequence of a complex firmware compilation process, has historically made reliable exploitation of Cisco routers difficult. With approximately 300,000 unique IOS images in existence, a new class of version-agnostic shellcode is needed in order to make the large-scale exploitation of Cisco IOS possible. We show that such attacks are now feasible by demonstrating two different reliable shellcodes which will operate correctly over many Cisco hardware platforms and all known IOS versions. We propose a novel two-phase attack strategy against Cisco routers and the use of offline analysis of existing IOS images to defeat IOS firmware diversity. Furthermore, we discuss a new IOS rootkit which hijacks all interrupt service routines within the router and its ability to use intercept and modify process-switched packets just before they are scheduled for transmission. This ability allows the attacker to use the payload of innocuous packets, like ICMP, as a covert command and control channel. The same mechanism can be used to stealthily exfiltrate data out of the router, using response packets generated by the router itself as the vehicle. We present the implementation and quantitative reliability measurements by testing both shellcode algorithms against a large collection of IOS images. As our experimental results show, the techniques proposed in this paper can reliably inject command and control capabilities into arbitrary IOS images in a version-agnostic manner. We believe that the technique presented in this paper overcomes an important hurdle in the large-scale, reliable rootkit execution within Cisco IOS. Thus, effective host-based defense for such routers is imperative for maintaining the integrity of our global communication infrastructures

Beehive: an FPGA-based multiprocessor architecture

In recent years, to accomplish with the Moore's law hardware and software designers are tending progressively to focus their efforts on exploiting instruction-level parallelism. Software simulation has been essential for studying computer architecture because of its flexibility and low cost. However, users of software simulators must choose between high performance and high fidelity emulation. This project presents an FPGA-based multiprocessor architecture to speed up multiprocessor architecture research and ease parallel software simulation

2009 Exhibitors

Listings and Descriptions of 2009 Small Satellite Conference Exhibitor

A CONTROLLER AREA NETWORK LAYER FOR RECONFIGURABLE EMBEDDED SYSTEMS

Dependable and Fault-tolerant computing is actively being pursued as a research area since the 1980s in various fields involving development of safety-critical applications. The ability of the system to provide reliable functional service as per its design is a key paradigm in dependable computing. For providing reliable service in fault-tolerant systems, dynamic reconfiguration has to be supported to enable recovery from errors (induced by faults) or graceful degradation in case of service failures. Reconfigurable Distributed applications provided a platform to develop fault-tolerant systems and these reconfigurable architectures requires an embedded network that is inherently fault-tolerant and capable of handling movement of tasks between nodes/processors within the system during dynamic reconfiguration. The embedded network should provide mechanisms for deterministic message transfer under faulty environments and support fault detection/isolation mechanisms within the network framework. This thesis describes the design, implementation and validation of an embedded networking layer using Controller Area Network (CAN) to support reconfigurable embedded systems

Symbiotes and defensive Mutualism: Moving Target Defense

If we wish to break the continual cycle of patching and replacing our core monoculture systems to defend against attacker evasion tactics, we must redesign the way systems are deployed so that the attacker can no longer glean the information about one system that allows attacking any other like system. Hence, a new poly-culture architecture that provides complete uniqueness for each distinct device would thwart many remote attacks (except perhaps for insider attacks). We believe a new security paradigm based on perpetual mutation and diversity, driven by symbiotic defensive mutualism can fundamentally change the ‘cat and mouse’ dynamic which has impeded the development of truly effective security mechanism to date. We propose this new ‘clean slate design’ principle and conjecture that this defensive strategy can also be applied to legacy systems widely deployed today. Fundamentally, the technique diversifies the defensive system of the protected host system thwarting attacks against defenses commonly executed by modern malware

U.S. Unmanned Aerial Vehicles (UAVS) and Network Centric Warfare (NCW) impacts on combat aviation tactics from Gulf War I through 2007 Iraq

Unmanned, aerial vehicles (UAVs) are an increasingly important element of many modern militaries. Their success on battlefields in Afghanistan, Iraq, and around the globe has driven demand for a variety of types of unmanned vehicles. Their proven value consists in low risk and low cost, and their capabilities include persistent surveillance, tactical and combat reconnaissance, resilience, and dynamic re-tasking. This research evaluates past, current, and possible future operating environments for several UAV platforms to survey the changing dynamics of combat-aviation tactics and make recommendations regarding UAV employment scenarios to the Turkish military. While UAVs have already established their importance in military operations, ongoing evaluations of UAV operating environments, capabilities, technologies, concepts, and organizational issues inform the development of future systems. To what extent will UAV capabilities increasingly define tomorrow's missions, requirements, and results in surveillance and combat tactics? Integrating UAVs and concepts of operations (CONOPS) on future battlefields is an emergent science. Managing a transition from manned- to unmanned and remotely piloted aviation platforms involves new technological complexity and new aviation personnel roles, especially for combat pilots. Managing a UAV military transformation involves cultural change, which can be measured in decades.http://archive.org/details/usunmannedaerial109454211Turkish Air Force authors.Approved for public release; distribution is unlimited