1,365 research outputs found
Glider: A GPU Library Driver for Improved System Security
Legacy device drivers implement both device resource management and
isolation. This results in a large code base with a wide high-level interface
making the driver vulnerable to security attacks. This is particularly
problematic for increasingly popular accelerators like GPUs that have large,
complex drivers. We solve this problem with library drivers, a new driver
architecture. A library driver implements resource management as an untrusted
library in the application process address space, and implements isolation as a
kernel module that is smaller and has a narrower lower-level interface (i.e.,
closer to hardware) than a legacy driver. We articulate a set of device and
platform hardware properties that are required to retrofit a legacy driver into
a library driver. To demonstrate the feasibility and superiority of library
drivers, we present Glider, a library driver implementation for two GPUs of
popular brands, Radeon and Intel. Glider reduces the TCB size and attack
surface by about 35% and 84% respectively for a Radeon HD 6450 GPU and by about
38% and 90% respectively for an Intel Ivy Bridge GPU. Moreover, it incurs no
performance cost. Indeed, Glider outperforms a legacy driver for applications
requiring intensive interactions with the device driver, such as applications
using the OpenGL immediate mode API
Maruchi OS kankyo o shiensuru sofutowea oyobi hadowea kino no teian
制度:新 ; 報告番号:甲3534号 ; 学位の種類:博士(工学) ; 授与年月日:2012/2/25 ; 早大学位記番号:新587
Defense in Depth of Resource-Constrained Devices
The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime
Will SDN be part of 5G?
For many, this is no longer a valid question and the case is considered
settled with SDN/NFV (Software Defined Networking/Network Function
Virtualization) providing the inevitable innovation enablers solving many
outstanding management issues regarding 5G. However, given the monumental task
of softwarization of radio access network (RAN) while 5G is just around the
corner and some companies have started unveiling their 5G equipment already,
the concern is very realistic that we may only see some point solutions
involving SDN technology instead of a fully SDN-enabled RAN. This survey paper
identifies all important obstacles in the way and looks at the state of the art
of the relevant solutions. This survey is different from the previous surveys
on SDN-based RAN as it focuses on the salient problems and discusses solutions
proposed within and outside SDN literature. Our main focus is on fronthaul,
backward compatibility, supposedly disruptive nature of SDN deployment,
business cases and monetization of SDN related upgrades, latency of general
purpose processors (GPP), and additional security vulnerabilities,
softwarization brings along to the RAN. We have also provided a summary of the
architectural developments in SDN-based RAN landscape as not all work can be
covered under the focused issues. This paper provides a comprehensive survey on
the state of the art of SDN-based RAN and clearly points out the gaps in the
technology.Comment: 33 pages, 10 figure
Extraction of Host Internal Information for External Hardware Security Monitors
학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2016. 2. 백윤흥.Defending electrical devices against a variety of attacks is a daunting
task. A lot of researchers have endeavored to address this issue by
proposing security solutions that can attain high level of security
while minimizing performance overhead introduced to the system. Among
them, hardware-based security solutions have been noted for high
performance compared to their software-based counterparts. However, we
have witnessed that these mechanisms have rarely been accepted to the
market. This phenomenon may be attributed to the fact that most
solutions incur non-negligible modifications to the host architecture
internals and thus would substantially increase the design time and
manufacturing cost. In order to answer this problem, a hardware-based
external monitoring has recently been proposed. The crux of this
solution is that, being located outside the host core and connected to
the host via a standard bus interface, the external monitor can
efficiently conduct time-consuming monitoring tasks on behalf of the
host while requiring no alteration to the host internals. However, these
approaches either suffer from the incapability of handling various
security problems or experience unsubtle performance overhead because,
being externally placed and having no dedicated communication channels,
the hardware monitor has a limited access to the information produced by
the host core, and consequently, the system may be forced to use memory
regions or other shared hardware resources to explicitly transfer the
information from the host to the monitor hardware. In this thesis, we
propose a security solution that can carry out more complicated security
tasks with low performance overhead while keeping the host internal
architecture intact. This can be archived by using an existing standard
debug interface, readily available in numerous modern processors, to
connect our security monitor to the host processor. In order to show the
validity of our approach and explore the implication of using the debug
interface for security monitoring, we present three security monitoring
systems each of which addresses one of three well-known security issues:
defending against kernel rootkits, tracking information-flow, and
defense of code-reuse attacks. The experiment results show that, when
implemented on a FPGA prototyping board, our monitoring solutions
successfully detect the attack samples (i.e., data leakage attacks and
CRAs). More importantly, our systems can attain significantly low
performance overhead compared to previously proposed security monitoring
solutions. The experiments also reveal that the area overhead of the
hardware is acceptably small when compared to the normal sizes of
today's mobile processors.Chapter 1. Introduction 1
Chapter 2. Background and RelatedWork 8
2.1 Background 8
2.1.1 Core Debug Interface 8
2.2 Related Work 9
2.2.1 Software-based Monitoring solutions 10
2.2.2 Hardware-based Monitoring with Invasive Modification 10
2.2.3 Hardware-based Monitoring with Minimal Modification 11
2.2.4 Hardware-based Kernel Integrity Monitors 12
2.2.5 Utilizing debug interface 13
Chapter 3. Monitoring the Integrity of OS Kernels with Data-Flow Information 15
3.1 Introduction 15
3.2 Motivational Example 19
3.3 Assumptions and Threat Models 20
3.4 The Baseline System 21
3.4.1 The Overall System Design 21
3.4.2 Periodic Cache Flush for Cache Resident Attacks 23
3.5 Extrax design 25
3.5.1 Address Translation Unit 26
3.5.2 Early Stage Filter 28
3.6 Experimental Results 30
3.6.1 Prototype System 30
3.6.2 Security Evaluation 32
3.6.3 Performance Analysis 34
3.6.4 Power Consumption 36
3.7 Limitation and Future Work 36
3.8 Conclusion 39
Chapter 4. Monitoring Dynamic Information Flow using Control-Flow/Data-Flow Information 41
4.1 Introduction 41
4.2 DIFT Process with an External Hardware Engine 44
4.3 Building a DIFT Engine for CDI 48
4.3.1 Components of the DIFT Engine 48
4.3.2 Tag Propagation Unit 51
4.4 Experiment 53
4.4.1 Security Evaluation 56
4.4.2 Performance Evaluation 56
4.5 Conclusion 59
Chapter 5. Monitoring ROP/JOP Attacks using Control-Flow Information 60
5.1 Introduction 60
5.2 Background and Assumptions 65
5.2.1 Background 65
5.2.2 Assumptions and Threat Model 70
5.3 Overall System Architecture 71
5.3.1 SoC Prototype Overview 71
5.3.2 CRA Detection Process 72
5.4 IMPLEMENTATION DETAILS 75
5.4.1 Binary Instrumentation 75
5.4.2 Hardware Architectures 77
5.5 EXPERIMENTAL RESULTS 82
5.6 Conclusion 86
Chapter 6. Conclusion 88
Bibliography 90
초 록 99Docto
Trustworthy Knowledge Planes For Federated Distributed Systems
In federated distributed systems, such as the Internet and the public cloud, the constituent systems can differ in their configuration and provisioning, resulting in significant impacts on the performance, robustness, and security of applications. Yet these systems lack support for distinguishing such characteristics, resulting in uninformed service selection and poor inter-operator coordination. This thesis presents the design and implementation of a trustworthy knowledge plane that can determine such characteristics about autonomous networks on the Internet. A knowledge plane collects the state of network devices and participants. Using this state, applications infer whether a network possesses some characteristic of interest. The knowledge plane uses attestation to attribute state descriptions to the principals that generated them, thereby making the results of inference more trustworthy. Trustworthy knowledge planes enable applications to establish stronger assumptions about their network operating environment, resulting in improved robustness and reduced deployment barriers. We have prototyped the knowledge plane and associated devices. Experience with deploying analyses over production networks demonstrate that knowledge planes impose low cost and can scale to support Internet-scale networks
Integrity-Based Kernel Malware Detection
Kernel-level malware is one of the most dangerous threats to the security of users on the Internet, so there is an urgent need for its detection. The most popular detection approach is misuse-based detection. However, it cannot catch up with today\u27s advanced malware that increasingly apply polymorphism and obfuscation. In this thesis, we present our integrity-based detection for kernel-level malware, which does not rely on the specific features of malware.
We have developed an integrity analysis system that can derive and monitor integrity properties for commodity operating systems kernels. In our system, we focus on two classes of integrity properties: data invariants and integrity of Kernel Queue (KQ) requests.
We adopt static analysis for data invariant detection and overcome several technical challenges: field-sensitivity, array-sensitivity, and pointer analysis. We identify data invariants that are critical to system runtime integrity from Linux kernel 2.4.32 and Windows Research Kernel (WRK) with very low false positive rate and very low false negative rate. We then develop an Invariant Monitor to guard these data invariants against real-world malware. In our experiment, we are able to use Invariant Monitor to detect ten real-world Linux rootkits and nine real-world Windows malware and one synthetic Windows malware.
We leverage static and dynamic analysis of kernel and device drivers to learn the legitimate KQ requests. Based on the learned KQ requests, we build KQguard to protect KQs. At runtime, KQguard rejects all the unknown KQ requests that cannot be validated. We apply KQguard on WRK and Linux kernel, and extensive experimental evaluation shows that KQguard is efficient (up to 5.6% overhead) and effective (capable of achieving zero false positives against representative benign workloads after appropriate training and very low false negatives against 125 real-world malware and nine synthetic attacks).
In our system, Invariant Monitor and KQguard cooperate together to protect data invariants and KQs in the target kernel. By monitoring these integrity properties, we can detect malware by its violation of these integrity properties during execution
Trustworthy Wireless Personal Area Networks
In the Internet of Things (IoT), everyday objects are equipped with the ability to compute and communicate. These smart things have invaded the lives of everyday people, being constantly carried or worn on our bodies, and entering into our homes, our healthcare, and beyond. This has given rise to wireless networks of smart, connected, always-on, personal things that are constantly around us, and have unfettered access to our most personal data as well as all of the other devices that we own and encounter throughout our day. It should, therefore, come as no surprise that our personal devices and data are frequent targets of ever-present threats. Securing these devices and networks, however, is challenging. In this dissertation, we outline three critical problems in the context of Wireless Personal Area Networks (WPANs) and present our solutions to these problems.
First, I present our Trusted I/O solution (BASTION-SGX) for protecting sensitive user data transferred between wirelessly connected (Bluetooth) devices. This work shows how in-transit data can be protected from privileged threats, such as a compromised OS, on commodity systems. I present insights into the Bluetooth architecture, Intel’s Software Guard Extensions (SGX), and how a Trusted I/O solution can be engineered on commodity devices equipped with SGX.
Second, I present our work on AMULET and how we successfully built a wearable health hub that can run multiple health applications, provide strong security properties, and operate on a single charge for weeks or even months at a time. I present the design and evaluation of our highly efficient event-driven programming model, the design of our low-power operating system, and developer tools for profiling ultra-low-power applications at compile time.
Third, I present a new approach (VIA) that helps devices at the center of WPANs (e.g., smartphones) to verify the authenticity of interactions with other devices. This work builds on past work in anomaly detection techniques and shows how these techniques can be applied to Bluetooth network traffic. Specifically, we show how to create normality models based on fine- and course-grained insights from network traffic, which can be used to verify the authenticity of future interactions
- …