Transcript Secure Hardware-Software Architectures for

SHARCS: Secure Hardware-Software
Architectures for Robust Computing
Systems
Sotiris Ioannidis
FORTH
[email protected]
www.sharcs-project.eu
1
Project Details

Start date: 2015-01-01
 Duration: 36 months
 Budget: 3,105,762
 Coordinator: FORTH

Academia





Industry




[email protected]
FORTH
Vrije Universiteit
Chalmers
TU Braunschweig
Neurasmus BV
OnApp Limited
IBM Ltd
Elektrobit GMBH
www.sharcs-project.eu
2
Overview

Design, build and demonstrate secure-by-design
system architectures that achieve end-to-end
security

Analyze and extend each H/W and S/W layer

Technologies developed directly utilizable by
applications and services that require end-to-end
security
[email protected]
www.sharcs-project.eu
3
Motivation

Systems are as secure as their weakest link


Security is typically applied in layers


Billions of transistors on-chip; Exploit parallelism and H/W
Pushing security to the H/W


Immutability; Clean and simple API; Secure foundation; Efficiency
H/W on-chip resources are no longer a problem


Tighten up one layer and attackers move to another
Ultimately security mechanisms must be pushed down to the H/W


Must think in terms of end-to-end security
Benefit: performance, energy/power-efficiency; Challenge: flexibility
Global adoption of embedded systems

No widely deployed security software
[email protected]
www.sharcs-project.eu
4
Objectives
1.
Extend existing H/W and S/W platforms towards developing secureby-design enabling technologies
2.
Leverage H/W technology features present in today’s processors
and embedded devices to facilitate S/W-layer security
3.
Build methods and tools for providing maximum possible securityby-design guarantees for legacy systems
4.
Evaluate acceptance, effectiveness and platform independence of
SHARCS technologies and processes
5.
Create high impact in the security and trustworthiness of ICT
systems
[email protected]
www.sharcs-project.eu
5
SHARCS Framework
[email protected]
www.sharcs-project.eu
6
Hardware Architecture

Instruction Set Randomization




Control Flow Integrity




Defense against code injection
Minimal performance/area overhead (~1%)
Additional hardware inside MMU
Defense against code reuse attacks
Minimal performance/area overhead (~1%)
ISA extension & additional registers/memory
Main memory encryption



Defense against main memory disclosure attacks
Effective even against cold boot attacks
Affordable runtime overhead if customized hardware is deployed
[email protected]
www.sharcs-project.eu
7
Runtime and Software Tools

GPU encryption keys protection




Keys are stored in GPU registers/memory
Secure against whole main memory disclosure
Accelerated cryptographic operations
GPU Network Intrusion Detection




Based on signature matching
Computational intensive
High throughput, highly parallel
Inexpensive, commodity, programmable
[email protected]
www.sharcs-project.eu
8
Applications - Pilots

Medical

Automotive

Cloud
[email protected]
www.sharcs-project.eu
9
Implantable Medical Device (attacks)



Operation modification
Data-log manipulation
Data theft
[email protected]
www.sharcs-project.eu
10
Implantable Medical Device (defenses)



Control Flow Integrity
Instruction Set Randomization
Memory Encryption
[email protected]
www.sharcs-project.eu
11
Automotive Application (attacks)




Data/code modification
Program flow modification
Large-scale exploit
DoS
[email protected]
www.sharcs-project.eu
12
Automotive Application (defenses)



Control Flow Integrity
Instruction Set Randomization
Memory Encryption
[email protected]
www.sharcs-project.eu
13
Cloud Application (attacks)




Unauthorized access
Date modification
Breach or loss of data
…
[email protected]
www.sharcs-project.eu
14
Cloud Application (defenses)


GPU keys protection
GPU NIDS
[email protected]
www.sharcs-project.eu
15
SHARCS Applications
[email protected]
www.sharcs-project.eu
16
More Information

Visit us on the web: sharcs-project.eu

Follow us on Twitter: @sharcs_project

Like us on Facebook:
facebook.com/sharcsproject

Email us at: [email protected]
[email protected]
www.sharcs-project.eu
17
SHARCS: Secure Hardware-Software
Architectures for Robust Computing
Systems
Sotiris Ioannidis
FORTH
[email protected]
www.sharcs-project.eu
18