Transcript seclab.illinois.edu

Enforcing Executing-Implies-Verified
with the Integrity-Aware Processor
Michael LeMay
Carl A. Gunter
University of Illinois at Urbana-Champaign
Modified version of presentation for TRUST 2011
Outline
•
•
•
•
Motivation
Contributions
Design
Conclusions and future work
2
Stuxnet
• Injected malicious code into Programmable Logic
Controller.
Clean OB1
Infected OB1
– Can be blocked using code whitelisting.
[Symantec Stuxnet Dossier 2011]
3
Other Potential Applications
•
•
•
•
•
Corporate desktop PCs
Chrome OS devices
Advanced electric meters
Power substation Intelligent Electronic Devices
…
4
Motivation for Integrity-Aware
Hardware
• Existing approaches to malware detection and
prevention exhibit limitations in the areas of:
– Isolation
– Visibility
– Performance
– Compatibility
5
Outline
•
•
•
•
Motivation
Contributions
Design
Conclusions and future work
6
Contributions
• Integrity-Aware Processor: Only processor
architecture with hardware support for directly
detecting the execution of unverified code.
• XIVE kernel for IAP: Most compact integrity
kernel that is capable of enforcing executingimplies-verified.
7
Outline
•
•
•
•
Motivation
Contributions
Design
Conclusions and future work
8
Hypervisors
Operating System
Hypervisor
Integrity
Kernel
Hardware
[SeshadriLQP2007-SOSP]
9
Large Hypervisors
Big attack surface!
Xen
~230 thousand
lines of code
[LittyLL2008-Oakland]
Integrity
Kernel
10
Hypervisor Vulnerabilities
(See chart on page 50 of the report cited below)
[IBM X-Force 2010]
11
Example: Xen security advisory
CVE-2011-1583 (May 9, 2011)
• Integer overflow in the decompression loop memory
allocator might result in overrunning the buffer used for
the decompressed image.
• Integer overflows and lack of checking of certain length
fields can result in the loader reading its own address
space beyond the size of the supplied kernel image file.
• An attacker who can supply a kernel image to be booted
as a paravirtualised guest might be able to:
– Escalate privilege, taking control of the management domain
and hence the entire machine.
– Gain knowledge the contents of memory in the management
tools. Depending on the toolstack in use this might contain
sensitive information such as domain management or VNC
passwords.
12
System Management Mode
System Management Mode
APM
Control
Register
Hardware
Electrical
Connection
Two orders of magnitude
slowdown observed compared
to protected mode.
Integrity
Kernel
(sleeping dog picture by Eduardo Habkost via Flickr, CC BY 2.0)
[AzabNWJZS2010-CCS] [WangSG2010-RAID]
13
Outline
•
•
•
•
•
Motivation
Contributions
Related work
Design
Conclusions and future work
14
Integrity-Aware Processor
Based on
LEON3 SPARCv8
(figure from paper)
15
IAP Complexities
(figure from paper)
16
IAP vs. MMU Hardware TCB
• Isolation:
– IAP includes specific hardware support for isolating
the integrity kernel, which is less complex than the
MMU’s general protection mechanisms.
• Visibility:
– IAP verification tracking mechanisms operate at TLB
and cache level, removing page table walk
mechanisms from TCB.
17
TCB Comparison
XIVE contains 859 instructions
18
Hardware Prototype
19
Performance
(figure from paper)
20
Plentiful Dark Silicon
Same area + same total heat dissipation + more transistors =
lower % of simultaneously active transistors
37% slice overhead
21% BlockRAM overhead
[SwansonT2011-IEEEComm]
21
Outline
•
•
•
•
Motivation
Contributions
Design
Conclusions and future work
22
Contributions
• Integrity-Aware Processor: Only processor
architecture with hardware support for directly
detecting the execution of unverified code.
• XIVE kernel for IAP: Most compact integrity
kernel that is capable of enforcing executingimplies-verified.
23
Future Work
• Adapt IAP to other architectures.
• Explore integrity kernels for health information
technology.
• Implement different types of policies within XIVE.
24
Hash vs. Network Overhead
(figure from paper)
25