42,117 research outputs found
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
Intel Software Guard Extension (SGX) offers software applications enclave to
protect their confidentiality and integrity from malicious operating systems.
The SSL/TLS protocol, which is the de facto standard for protecting
transport-layer network communications, has been broadly deployed for a secure
communication channel. However, in this paper, we show that the marriage
between SGX and SSL may not be smooth sailing.
Particularly, we consider a category of side-channel attacks against SSL/TLS
implementations in secure enclaves, which we call the control-flow inference
attacks. In these attacks, the malicious operating system kernel may perform a
powerful man-in-the-kernel attack to collect execution traces of the enclave
programs at page, cacheline, or branch level, while positioning itself in the
middle of the two communicating parties. At the center of our work is a
differential analysis framework, dubbed Stacco, to dynamically analyze the
SSL/TLS implementations and detect vulnerabilities that can be exploited as
decryption oracles. Surprisingly, we found exploitable vulnerabilities in the
latest versions of all the SSL/TLS libraries we have examined.
To validate the detected vulnerabilities, we developed a man-in-the-kernel
adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL
library running in the SGX enclave (with the help of Graphene) and completely
broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only
57286 queries. We also conducted CBC padding oracle attacks against the latest
GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS
(i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it
only needs 48388 and 25717 queries, respectively, to break one block of AES
ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can
be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US
Study of fault-tolerant software technology
Presented is an overview of the current state of the art of fault-tolerant software and an analysis of quantitative techniques and models developed to assess its impact. It examines research efforts as well as experience gained from commercial application of these techniques. The paper also addresses the computer architecture and design implications on hardware, operating systems and programming languages (including Ada) of using fault-tolerant software in real-time aerospace applications. It concludes that fault-tolerant software has progressed beyond the pure research state. The paper also finds that, although not perfectly matched, newer architectural and language capabilities provide many of the notations and functions needed to effectively and efficiently implement software fault-tolerance
Interacting Components
SystemCSP is a graphical modeling language based on both CSP and concepts of component-based software development. The component framework of SystemCSP enables specification of both interaction scenarios and relative execution ordering among components. Specification and implementation of interaction among participating components is formalized via the notion of interaction contract. The used approach enables incremental design of execution diagrams by adding restrictions in different interaction diagrams throughout the process of system design. In this way all different diagrams are related into a single formally verifiable system. The concept of reusable formally verifiable interaction contracts is illustrated by designing set of design patterns for typical fault tolerance interaction scenarios
A Model-Derivation Framework for Software Analysis
Model-based verification allows to express behavioral correctness conditions
like the validity of execution states, boundaries of variables or timing at a
high level of abstraction and affirm that they are satisfied by a software
system. However, this requires expressive models which are difficult and
cumbersome to create and maintain by hand. This paper presents a framework that
automatically derives behavioral models from real-sized Java programs. Our
framework builds on the EMF/ECore technology and provides a tool that creates
an initial model from Java bytecode, as well as a series of transformations
that simplify the model and eventually output a timed-automata model that can
be processed by a model checker such as UPPAAL. The framework has the following
properties: (1) consistency of models with software, (2) extensibility of the
model derivation process, (3) scalability and (4) expressiveness of models. We
report several case studies to validate how our framework satisfies these
properties.Comment: In Proceedings MARS 2017, arXiv:1703.0581
A Model-Derivation Framework for Software Analysis
Model-based verification allows to express behavioral correctness conditions
like the validity of execution states, boundaries of variables or timing at a
high level of abstraction and affirm that they are satisfied by a software
system. However, this requires expressive models which are difficult and
cumbersome to create and maintain by hand. This paper presents a framework that
automatically derives behavioral models from real-sized Java programs. Our
framework builds on the EMF/ECore technology and provides a tool that creates
an initial model from Java bytecode, as well as a series of transformations
that simplify the model and eventually output a timed-automata model that can
be processed by a model checker such as UPPAAL. The framework has the following
properties: (1) consistency of models with software, (2) extensibility of the
model derivation process, (3) scalability and (4) expressiveness of models. We
report several case studies to validate how our framework satisfies these
properties.Comment: In Proceedings MARS 2017, arXiv:1703.0581
- …