학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2016. 2. 백윤흥.Defending electrical devices against a variety of attacks is a daunting
task. A lot of researchers have endeavored to address this issue by
proposing security solutions that can attain high level of security
while minimizing performance overhead introduced to the system. Among
them, hardware-based security solutions have been noted for high
performance compared to their software-based counterparts. However, we
have witnessed that these mechanisms have rarely been accepted to the
market. This phenomenon may be attributed to the fact that most
solutions incur non-negligible modifications to the host architecture
internals and thus would substantially increase the design time and
manufacturing cost. In order to answer this problem, a hardware-based
external monitoring has recently been proposed. The crux of this
solution is that, being located outside the host core and connected to
the host via a standard bus interface, the external monitor can
efficiently conduct time-consuming monitoring tasks on behalf of the
host while requiring no alteration to the host internals. However, these
approaches either suffer from the incapability of handling various
security problems or experience unsubtle performance overhead because,
being externally placed and having no dedicated communication channels,
the hardware monitor has a limited access to the information produced by
the host core, and consequently, the system may be forced to use memory
regions or other shared hardware resources to explicitly transfer the
information from the host to the monitor hardware. In this thesis, we
propose a security solution that can carry out more complicated security
tasks with low performance overhead while keeping the host internal
architecture intact. This can be archived by using an existing standard
debug interface, readily available in numerous modern processors, to
connect our security monitor to the host processor. In order to show the
validity of our approach and explore the implication of using the debug
interface for security monitoring, we present three security monitoring
systems each of which addresses one of three well-known security issues:
defending against kernel rootkits, tracking information-flow, and
defense of code-reuse attacks. The experiment results show that, when
implemented on a FPGA prototyping board, our monitoring solutions
successfully detect the attack samples (i.e., data leakage attacks and
CRAs). More importantly, our systems can attain significantly low
performance overhead compared to previously proposed security monitoring
solutions. The experiments also reveal that the area overhead of the
hardware is acceptably small when compared to the normal sizes of
today's mobile processors.Chapter 1. Introduction 1
Chapter 2. Background and RelatedWork 8
2.1 Background 8
2.1.1 Core Debug Interface 8
2.2 Related Work 9
2.2.1 Software-based Monitoring solutions 10
2.2.2 Hardware-based Monitoring with Invasive Modification 10
2.2.3 Hardware-based Monitoring with Minimal Modification 11
2.2.4 Hardware-based Kernel Integrity Monitors 12
2.2.5 Utilizing debug interface 13
Chapter 3. Monitoring the Integrity of OS Kernels with Data-Flow Information 15
3.1 Introduction 15
3.2 Motivational Example 19
3.3 Assumptions and Threat Models 20
3.4 The Baseline System 21
3.4.1 The Overall System Design 21
3.4.2 Periodic Cache Flush for Cache Resident Attacks 23
3.5 Extrax design 25
3.5.1 Address Translation Unit 26
3.5.2 Early Stage Filter 28
3.6 Experimental Results 30
3.6.1 Prototype System 30
3.6.2 Security Evaluation 32
3.6.3 Performance Analysis 34
3.6.4 Power Consumption 36
3.7 Limitation and Future Work 36
3.8 Conclusion 39
Chapter 4. Monitoring Dynamic Information Flow using Control-Flow/Data-Flow Information 41
4.1 Introduction 41
4.2 DIFT Process with an External Hardware Engine 44
4.3 Building a DIFT Engine for CDI 48
4.3.1 Components of the DIFT Engine 48
4.3.2 Tag Propagation Unit 51
4.4 Experiment 53
4.4.1 Security Evaluation 56
4.4.2 Performance Evaluation 56
4.5 Conclusion 59
Chapter 5. Monitoring ROP/JOP Attacks using Control-Flow Information 60
5.1 Introduction 60
5.2 Background and Assumptions 65
5.2.1 Background 65
5.2.2 Assumptions and Threat Model 70
5.3 Overall System Architecture 71
5.3.1 SoC Prototype Overview 71
5.3.2 CRA Detection Process 72
5.4 IMPLEMENTATION DETAILS 75
5.4.1 Binary Instrumentation 75
5.4.2 Hardware Architectures 77
5.5 EXPERIMENTAL RESULTS 82
5.6 Conclusion 86
Chapter 6. Conclusion 88
Bibliography 90
초 록 99Docto
