5,553 research outputs found
CapablePtrs: Securely Compiling Partial Programs using the Pointers-as-Capabilities Principle
Capability machines such as CHERI provide memory capabilities that can be
used by compilers to provide security benefits for compiled code (e.g., memory
safety). The C to CHERI compiler, for example, achieves memory safety by
following a principle called "pointers as capabilities" (PAC). Informally, PAC
says that a compiler should represent a source language pointer as a machine
code capability. But the security properties of PAC compilers are not yet well
understood. We show that memory safety is only one aspect, and that PAC
compilers can provide significant additional security guarantees for partial
programs: the compiler can provide guarantees for a compilation unit, even if
that compilation unit is later linked to attacker-controlled machine code. This
paper is the first to study the security of PAC compilers for partial programs
formally. We prove for a model of such a compiler that it is fully abstract.
The proof uses a novel proof technique (dubbed TrICL, read trickle), which is
of broad interest because it reuses and extends the compiler correctness
relation in a natural way, as we demonstrate. We implement our compiler on top
of the CHERI platform and show that it can compile legacy C code with minimal
code changes. We provide performance benchmarks that show how performance
overhead is proportional to the number of cross-compilation-unit function
calls
Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization
Intel Software Guard Extensions (SGX) is a promising hardware-based
technology for protecting sensitive computations from potentially compromised
system software. However, recent research has shown that SGX is vulnerable to
branch-shadowing -- a side channel attack that leaks the fine-grained (branch
granularity) control flow of an enclave (SGX protected code), potentially
revealing sensitive data to the attacker. The previously-proposed defense
mechanism, called Zigzagger, attempted to hide the control flow, but has been
shown to be ineffective if the attacker can single-step through the enclave
using the recent SGX-Step framework.
Taking into account these stronger attacker capabilities, we propose a new
defense against branch-shadowing, based on control flow randomization. Our
scheme is inspired by Zigzagger, but provides quantifiable security guarantees
with respect to a tunable security parameter. Specifically, we eliminate
conditional branches and hide the targets of unconditional branches using a
combination of compile-time modifications and run-time code randomization.
We evaluated the performance of our approach by measuring the run-time
overhead of ten benchmark programs of SGX-Nbench in SGX environment
ret2spec: Speculative Execution Using Return Stack Buffers
Speculative execution is an optimization technique that has been part of CPUs
for over a decade. It predicts the outcome and target of branch instructions to
avoid stalling the execution pipeline. However, until recently, the security
implications of speculative code execution have not been studied.
In this paper, we investigate a special type of branch predictor that is
responsible for predicting return addresses. To the best of our knowledge, we
are the first to study return address predictors and their consequences for the
security of modern software. In our work, we show how return stack buffers
(RSBs), the core unit of return address predictors, can be used to trigger
misspeculations. Based on this knowledge, we propose two new attack variants
using RSBs that give attackers similar capabilities as the documented Spectre
attacks. We show how local attackers can gain arbitrary speculative code
execution across processes, e.g., to leak passwords another user enters on a
shared system. Our evaluation showed that the recent Spectre countermeasures
deployed in operating systems can also cover such RSB-based cross-process
attacks. Yet we then demonstrate that attackers can trigger misspeculation in
JIT environments in order to leak arbitrary memory content of browser
processes. Reading outside the sandboxed memory region with JIT-compiled code
is still possible with 80\% accuracy on average.Comment: Updating to the cam-ready version and adding reference to the
original pape
Autoscopy Jr.: Intrusion Detection for Embedded Control Systems
Securing embedded control systems within the power grid presents a unique challenge: on top of the resource restrictions inherent to these devices, SCADA systems must also accommodate strict timing requirements that are non-negotiable, and their massive scale greatly amplifies costs such as power consumption. These constraints make the conventional approach to host intrusion detection--namely, employing virtualization in some manner--too costly or impractical for embedded control systems within critical infrastructure. Instead, we take an in-kernel approach to system protection, building upon the Autoscopy system developed by Ashwin Ramaswamy that places probes on indirectly-called functions and uses them to monitor its host system for behavior characteristic of control-flow-altering malware, such as rootkits. In this thesis, we attempt to show that such a method would indeed be a viable method of protecting embedded control systems. We first identify several issues with the original prototype, and present a new version of the program (dubbed Autoscopy Jr.) that uses trusted location lists to verify that control is coming from a known, trusted location inside our kernel. Although we encountered additional performance overhead when testing our new design, we developed a kernel profiler that allowed us to identify the probes responsible for this overhead and discard them, leaving us with a final probe list that generated less than 5% overhead on every one of our benchmark tests. Finally, we attempted to run Autoscopy Jr. on two specialized kernels (one with an optimized probing framework, and another with a hardening patch installed), finding that the former did not produce enough performance benefits to preclude using our profiler, and that the latter required a different method of scanning for indirect functions for Autoscopy Jr. to operate. We argue that Autoscopy Jr. is indeed a feasible intrusion detection system for embedded control systems, as it can adapt easily to a variety of system architectures and allows us to intelligently balance security and performance on these critical devices
MLCapsule: Guarded Offline Deployment of Machine Learning as a Service
With the widespread use of machine learning (ML) techniques, ML as a service
has become increasingly popular. In this setting, an ML model resides on a
server and users can query it with their data via an API. However, if the
user's input is sensitive, sending it to the server is undesirable and
sometimes even legally not possible. Equally, the service provider does not
want to share the model by sending it to the client for protecting its
intellectual property and pay-per-query business model.
In this paper, we propose MLCapsule, a guarded offline deployment of machine
learning as a service. MLCapsule executes the model locally on the user's side
and therefore the data never leaves the client. Meanwhile, MLCapsule offers the
service provider the same level of control and security of its model as the
commonly used server-side execution. In addition, MLCapsule is applicable to
offline applications that require local execution. Beyond protecting against
direct model access, we couple the secure offline deployment with defenses
against advanced attacks on machine learning models such as model stealing,
reverse engineering, and membership inference
Journey Beyond Full Abstraction: Exploring Robust Property Preservation for Secure Compilation
—Good programming languages provide helpful abstractions for writing secure code, but the security properties of
the source language are generally not preserved when compiling a
program and linking it with adversarial code in a low-level target
language (e.g., a library or a legacy application). Linked target
code that is compromised or malicious may, for instance, read and
write the compiled program’s data and code, jump to arbitrary
memory locations, or smash the stack, blatantly violating any
source-level abstraction. By contrast, a fully abstract compilation
chain protects source-level abstractions all the way down, ensuring that linked adversarial target code cannot observe more about
the compiled program than what some linked source code could
about the source program. However, while research in this area
has so far focused on preserving observational equivalence, as
needed for achieving full abstraction, there is a much larger space
of security properties one can choose to preserve against linked
adversarial code. And the precise class of security properties one
chooses crucially impacts not only the supported security goals
and the strength of the attacker model, but also the kind of
protections a secure compilation chain has to introduce.
We are the first to thoroughly explore a large space of formal
secure compilation criteria based on robust property preservation, i.e., the preservation of properties satisfied against arbitrary
adversarial contexts. We study robustly preserving various classes
of trace properties such as safety, of hyperproperties such as
noninterference, and of relational hyperproperties such as trace
equivalence. This leads to many new secure compilation criteria,
some of which are easier to practically achieve and prove than
full abstraction, and some of which provide strictly stronger
security guarantees. For each of the studied criteria we propose an equivalent “property-free” characterization that clarifies
which proof techniques apply. For relational properties and
hyperproperties, which relate the behaviors of multiple programs,
our formal definitions of the property classes themselves are
novel. We order our criteria by their relative strength and show
several collapses and separation results. Finally, we adapt existing
proof techniques to show that even the strongest of our secure
compilation criteria, the robust preservation of all relational
hyperproperties, is achievable for a simple translation from a
statically typed to a dynamically typed language
- …