Secure Hardware-Software Architectures for
Download
Report
Transcript Secure Hardware-Software Architectures for
SHARCS: Secure Hardware-Software
Architectures for Robust Computing
Systems
Sotiris Ioannidis
FORTH
[email protected]
www.sharcs-project.eu
1
Project Details
Start date: 2015-01-01
Duration: 36 months
Budget: 3,105,762
Coordinator: FORTH
Academia
Industry
[email protected]
FORTH
Vrije Universiteit
Chalmers
TU Braunschweig
Neurasmus BV
OnApp Limited
IBM Ltd
Elektrobit GMBH
www.sharcs-project.eu
2
Overview
Design, build and demonstrate secure-by-design
system architectures that achieve end-to-end
security
Analyze and extend each H/W and S/W layer
Technologies developed directly utilizable by
applications and services that require end-to-end
security
[email protected]
www.sharcs-project.eu
3
Motivation
Systems are as secure as their weakest link
Security is typically applied in layers
Billions of transistors on-chip; Exploit parallelism and H/W
Pushing security to the H/W
Immutability; Clean and simple API; Secure foundation; Efficiency
H/W on-chip resources are no longer a problem
Tighten up one layer and attackers move to another
Ultimately security mechanisms must be pushed down to the H/W
Must think in terms of end-to-end security
Benefit: performance, energy/power-efficiency; Challenge: flexibility
Global adoption of embedded systems
No widely deployed security software
[email protected]
www.sharcs-project.eu
4
Objectives
1.
Extend existing H/W and S/W platforms towards developing secureby-design enabling technologies
2.
Leverage H/W technology features present in today’s processors
and embedded devices to facilitate S/W-layer security
3.
Build methods and tools for providing maximum possible securityby-design guarantees for legacy systems
4.
Evaluate acceptance, effectiveness and platform independence of
SHARCS technologies and processes
5.
Create high impact in the security and trustworthiness of ICT
systems
[email protected]
www.sharcs-project.eu
5
SHARCS Framework
[email protected]
www.sharcs-project.eu
6
Hardware Architecture
Instruction Set Randomization
Control Flow Integrity
Defense against code injection
Minimal performance/area overhead (~1%)
Additional hardware inside MMU
Defense against code reuse attacks
Minimal performance/area overhead (~1%)
ISA extension & additional registers/memory
Main memory encryption
Defense against main memory disclosure attacks
Effective even against cold boot attacks
Affordable runtime overhead if customized hardware is deployed
[email protected]
www.sharcs-project.eu
7
Runtime and Software Tools
GPU encryption keys protection
Keys are stored in GPU registers/memory
Secure against whole main memory disclosure
Accelerated cryptographic operations
GPU Network Intrusion Detection
Based on signature matching
Computational intensive
High throughput, highly parallel
Inexpensive, commodity, programmable
[email protected]
www.sharcs-project.eu
8
Applications - Pilots
Medical
Automotive
Cloud
[email protected]
www.sharcs-project.eu
9
Implantable Medical Device (attacks)
Operation modification
Data-log manipulation
Data theft
[email protected]
www.sharcs-project.eu
10
Implantable Medical Device (defenses)
Control Flow Integrity
Instruction Set Randomization
Memory Encryption
[email protected]
www.sharcs-project.eu
11
Automotive Application (attacks)
Data/code modification
Program flow modification
Large-scale exploit
DoS
[email protected]
www.sharcs-project.eu
12
Automotive Application (defenses)
Control Flow Integrity
Instruction Set Randomization
Memory Encryption
[email protected]
www.sharcs-project.eu
13
Cloud Application (attacks)
Unauthorized access
Date modification
Breach or loss of data
…
[email protected]
www.sharcs-project.eu
14
Cloud Application (defenses)
GPU keys protection
GPU NIDS
[email protected]
www.sharcs-project.eu
15
SHARCS Applications
[email protected]
www.sharcs-project.eu
16
More Information
Visit us on the web: sharcs-project.eu
Follow us on Twitter: @sharcs_project
Like us on Facebook:
facebook.com/sharcsproject
Email us at: [email protected]
[email protected]
www.sharcs-project.eu
17
SHARCS: Secure Hardware-Software
Architectures for Robust Computing
Systems
Sotiris Ioannidis
FORTH
[email protected]
www.sharcs-project.eu
18