IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT

With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IOT SENTINEL is effective in identifying device types and has minimal performance overhead

Selfrando: Securing the Tor Browser against De-anonymization Exploits

Abstract Tor is a well-known anonymous communication system used by millions of users, including journalists and civil rights activists all over the world. The Tor Browser gives non-technical users an easy way to access the Tor Network. However, many government organizations are actively trying to compromise Tor not only in regions with repressive regimes but also in the free world, as the recent FBI incidents clearly demonstrate. Exploiting software vulnerabilities in general, and browser vulnerabilities in particular, constitutes a clear and present threat to the Tor software. The Tor Browser shares a large part of its attack surface with the Firefox browser. Therefore, Firefox vulnerabilities (even patched ones) are highly valuable to attackers trying to monitor users of the Tor Browser. In this paper, we present selfrando-an enhanced and practical load-time randomization technique for the Tor Browser that defends against exploits, such as the one FBI allegedly used against Tor users. Our solution significantly improves security over standard address space layout randomization (ASLR) techniques currently used by Firefox and other mainstream browsers. Moreover, we collaborated closely with the Tor Project to ensure that selfrando is fully compatible with AddressSanitizer (ASan), a compiler feature to detect memory corruption. ASan is used in a hardened version of Tor Browser for test purposes. The Tor Project decided to include our solution in the hardened releases of the Tor Browser, which is currently undergoing field testing

D1.3 - SUPERCLOUD Architecture Implementation

In this document we describe the implementation of the SUPERCLOUD architecture. The architecture provides an abstraction layer on top of which SUPERCLOUD users can realize SUPERCLOUD services encompassing secure computation workloads, secure and privacy-preserving resilient data storage and secure networking resources spanning across different cloud service providers' computation, data storage and network resources. The components of the SUPERCLOUD architecture implementation are described. Integration between the different layers of the architecture (computing security, data protection, network security) and with the facilities for security self-management is also highlighted. Finally, we provide download and installation instructions for the released software components that can be downloaded from our common SUPERCLOUD code repository

Raising The Bar: Advancing Mitigations Against Memory-Corruption and Side-Channel Attacks

The complexity of computer programs has been increasing for multiple decades. As a result, the number and impact of security vulnerabilities have been rising as well. Memory-corruption attacks have been one of the most severe security threats for decades, despite the tremendous efforts of the security community: according to data published by Microsoft in 2019, 70% of vulnerabilities addressed in security updates during the previous decade are memory safety issues. Similarly, according to the 2021 CWE Top 25, two out of the three most dangerous vulnerability categories are related to memory corruption. A variety of approaches have been proposed that aim to either discover vulnerabilities before they are deployed to a production environment, or to mitigate vulnerabilities by making them harder to exploit. The former case includes strategies like static analysis, test suites, and fuzzing. While these methods are important and beneficial, it is not feasible to find all software bugs: most deployed software projects suffer from memory-corruption vulnerabilities, in particular if they contain legacy code. Hence, it is crucial to investigate, develop, and deploy mitigations, in order to make exploitation of these vulnerabilities substantially harder or even infeasible. Three prominent approaches are software diversity (e.g., randomization), integrity checks (e.g., CFI), and memory isolation (e.g., TEEs). The scope of this cumulative dissertation includes contributions to these three mitigation approaches, as well as applications to more practical problems. The idea of software diversity is to change the protected program so that one or more of its properties, e.g., the address of code or data, is unknown to the attacker. Since memory-corruption exploits depend on the address of code and data, the adversary needs to correctly guess or otherwise acquire the address of all the memory structures required for the exploit, which substantially increases the attack's difficulty. We present Selfrando, a scheme which randomizes the executable code of a program with a fine granularity. In contrast to previous works, our scheme performs the randomization every time the application is launched. This way, the same application package can be distributed through traditional channels to all users, but each run has a different memory layout. Selfrando was successfully integrated in the privacy-preserving Tor Browser and deployed in the hardened version of Tor Browser for Linux. The principle of Control-Flow Integrity (CFI) is to instrument indirect control flow transfers to inspect the computed target before the control transfer is performed. As an example of a coarse-grained CFI scheme, indirect call instructions can be instrumented to only allow calls to the start addresses of known functions. A variety of CFI approaches with different granularity have been proposed. Given this variety, it is important to be able to quantify the security guarantees of each scheme. We present CFInsight, a benchmark for CFI security. Unlike previous works, our analysis is based on properties of the paths between indirect call sites and system call instructions, which attackers need to reach in order to interact with the operating system or the file system. Our metric is based on quantitative measurements of these paths and indicates how hard it is to construct an attack. Memory isolation involves introducing barriers between various software components, so that a vulnerability in one of them cannot be used to exploit a different one. Memory isolation can be implemented purely in software or with the help of hardware extensions, e.g., Trusted Execution Environments (TEEs). Memory isolation is particularly beneficial for software that is composed by a significant number of diverse components, especially if some of them handle untrusted data. This is the case of web browsers, where an attacker can target the Just-In-Time (JIT) compiler and force it to generate malicious code. We present JITGuard, which leverages memory isolation and a TEE in order to protect the internal data of a browser's JIT compiler from attackers. Unlike alternative approaches, our construction maintains the existing synchronous calling semantics and does not require complex redesigns in the original code. Memory isolation, and TEEs in particular, can be used for a number of purposes, including to ensure the confidentiality of a component. However, there is a category of attacks that is particularly effective in breaking the confidentiality property of memory isolation. These attacks leverage side channels in order to extract information from a component without directly interacting with it. Below, we introduce our proposals of a software-only and a hardware-based countermeasure against these attacks. A traditional approach to limit side-channel leakage is to manually design alternative algorithms, which requires significant expertise and is highly error-prone. Instead, we present DR.SGX, a software-only solution that automatically protects all data used in a TEE by applying a fine-grained location randomization. The data location is periodically re-randomized to further limit the leakage during extended execution. Another common approach to limit cache-based side-channel leakage is to partition the caches, which leads to high performance overheads. Our proposal HybCache is a new cache architecture that limits side-channel leakage by design. Security-sensitive code accesses a subset of the cache fully-associatively, using a random replacement policy, which prevents any address-specific information leakage. At the same time, security-insensitive code accesses the cache in the traditional set-associative way, which, unlike cache partitioning, results in no performance degradation. Lastly, we describe two practical use cases that show how TEEs can be used to improve protocols. First, we show VoiceGuard, a TEE-based design for a voice recognition system that protects from disclosure both the user's voice data and the vendor's machine learning model. Second, we present FastKitten, a TEE-based protocol that allows for fast and efficient smart contract execution on cryptocurrencies that do not support smart contracts

HybCache: Hybrid Side-Channel-Resilient Caches for Trusted Execution Environments

Modern multi-core processors share cache resources for maximum cache utilization and performance gains. However, this leaves the cache vulnerable to side-channel attacks, where timing differences in shared cache behavior are exploited to infer information on the victim's execution patterns, ultimately leaking private information. The root cause for these attacks is mutually distrusting processes sharing cache entries and accessing them in a deterministic manner. Various defenses against cache side-channel attacks have been proposed. However, they either degrade performance significantly, impose impractical restrictions, or can only defeat certain classes of these attacks. More importantly, they assume that side-channel-resilient caches are required for the entire execution workload and do not allow to selectively enable the mitigation only for the security-critical portion of the workload. We present a generic mechanism for a flexible and soft partitioning of set-associative caches and propose a hybrid cache architecture, called HybCache. HybCache can be configured to selectively apply side-channel-resilient cache behavior only for isolated execution domains, while providing the non-isolated execution with conventional cache behavior, capacity and performance. An isolation domain can include one or more processes, specific portions of code, or a Trusted Execution Environment. We show that, with minimal hardware modifications and kernel support, HybCache can provide side-channel-resilient cache only for isolated execution with a performance overhead of 3.5-5%, while incurring no performance overhead for the remaining execution workload. We provide a simulator-based and hardware implementation of HybCache to evaluate the performance and area overheads, and show how it mitigates typical access-based and contention-based cache attacks.Comment: Accepted on 18 June 2019 to appear in USENIX Security 202

V0LTpwn: Attacking x86 Processor Integrity from Software

Fault-injection attacks have been proven in the past to be a reliable way of bypassing hardware-based security measures, such as cryptographic hashes, privilege and access permission enforcement, and trusted execution environments. However, traditional fault-injection attacks require physical presence, and hence, were often considered out of scope in many real-world adversary settings. In this paper we show this assumption may no longer be justified. We present V0LTpwn, a novel hardware-oriented but software-controlled attack that affects the integrity of computation in virtually any execution mode on modern x86 processors. To the best of our knowledge, this represents the first attack on x86 integrity from software. The key idea behind our attack is to undervolt a physical core to force non-recoverable hardware faults. Under a V0LTpwn attack, CPU instructions will continue to execute with erroneous results and without crashes, allowing for exploitation. In contrast to recently presented side-channel attacks that leverage vulnerable speculative execution, V0LTpwn is not limited to information disclosure, but allows adversaries to affect execution, and hence, effectively breaks the integrity goals of modern x86 platforms. In our detailed evaluation we successfully launch software-based attacks against Intel SGX enclaves from a privileged process to demonstrate that a V0LTpwn attack can successfully change the results of computations within enclave execution across multiple CPU revisions