1 / 25

Lock and Unlock: A Data Management Algorithm for A Security-Aware Cache

Lock and Unlock: A Data Management Algorithm for A Security-Aware Cache. Koji Inoue Department of Informatics, Kyushu University Japan Science and Technology Agency. Trusted Program. Malicious Program. Branch Prediction. Selective Activation. Pipelining. SuperScalar. Signal Gating.

ling
Download Presentation

Lock and Unlock: A Data Management Algorithm for A Security-Aware Cache

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lock and Unlock: A Data Management Algorithm for A Security-Aware Cache Koji Inoue Department of Informatics, Kyushu University Japan Science and Technology Agency ICECS'06

  2. Trusted Program Malicious Program Branch Prediction Selective Activation Pipelining SuperScalar Signal Gating Clock Gating ILP TLP DVS OOO Exe. Value Prediction Resizing Drowsy Operation On-chip Cache MLP Background (1/2) High Performance Low Power/Energy ICECS'06

  3. Architectural Support for Branch Prediction Selective Activation Pipelining SuperScalar Signal Gating Clock Gating ILP TLP DVS OOO Exe. Value Prediction Resizing Drowsy Operation On-chip Cache MLP The Goal of This Research Security SCache (improved data management) High Performance Low Power/Energy ICECS'06

  4. Outline • Introduction • Buffer-Overflow Attack • Secure Cache Architecture • Overview • Security Issue • Lock&Unlock Algorithm • Evaluation • Security Strength • Performance Overhead • Conclusions ICECS'06

  5. R.B.Lee, D.K.Karig, J.P.McGregor, and Z.Shi, “Enlisting Hardware Architecture to Thwart Malicious Code Injection,” Proc. of the Int. Conf. on Security in Pervasive Computing, Mar. 2003. Buffer-Overflow Attack Buffer Overflow • Well-Known vulnerability • Exploited by Blaster@2003 • Caused by unexpected operations • writing an inordinately large amount of data into a buffer • This vulnerability exists in the C standard library (e.g. strcpy) • Lead to a stack smashing • An attack code is inserted • The return address is corrupted • Highjack the program execution control ICECS'06

  6. Function Call/Return int f ( ) { … g (s1); … } int g ( char *s1) { char buf [10]; … strcpy(buf, s1); … } Program code • Start f( ) • Call g( ) • Execute strcpy( ) • Return to f( ) ICECS'06

  7. Higher Addr. FP s1 Return Address The Next PC of Call g( ) Stack Growth Saved FP Local Variable buf SP Lower Addr. Function Call/Return int f ( ) { … g (s1); … } int g ( char *s1) { char buf [10]; … strcpy(buf, s1); … } Program code Program code • Start f( ) • Call g( ) • Execute strcpy( ) • Return to f( ) ICECS'06

  8. String Function Call/Return Higher Addr. int f ( ) { … g (s1); … } int g ( char *s1) { char buf [10]; … strcpy(buf, s1); … } FP s1 Return Address The Next PC of Call g( ) Program code Stack Growth Saved FP Local Variable buf SP Lower Addr. • Start f( ) • Call g( ) • Execute strcpy( ) • Return to f( ) ICECS'06

  9. Higher Addr. FP s1 Return Address The Next PC of Call g( ) Stack Growth Saved FP Local Variable buf String SP Lower Addr. Function Call/Return int f ( ) { … g (s1); … } int g ( char *s1) { char buf [10]; … strcpy(buf, s1); … } Program code • Start f( ) • Call g( ) • Execute strcpy( ) • Return to f( ) ICECS'06

  10. Higher Addr. FP s1 Return Address The Next PC of Call g( ) Stack Growth Saved FP Local Variable buf String SP Lower Addr. Function Call/Return int f ( ) { … g (s1); … } int g ( char *s1) { char buf [10]; … strcpy(buf, s1); … } Program code • Start f( ) • Call g( ) • Execute strcpy( ) • Return to f( ) ICECS'06

  11. Higher Addr. Higher Addr. FP FP s1 s1 Return Address The Next PC of Call g( ) The Next PC of Call g( ) Return Address Stack Growth Stack Growth Saved FP Saved FP Local Variable buf Local Variable buf String SP SP Lower Addr. Lower Addr. Stack Smashing int f ( ) { … g (s1); … } int g ( char *s1) { char buf [10]; … strcpy(buf, s1); … } Program code • Start f( ) • Call g( ) • Execute strcpy( ) • Return to f( ) ICECS'06

  12. Higher Addr. FP s1 To the Attack Code The Next PC of Call g( ) Return Address Stack Growth Saved FP Attack Code Local Variable buf String SP Lower Addr. Insert the attack code! Corrupt the return address! Stack Smashing Higher Addr. int f ( ) { … g (s1); … } int g ( char *s1) { char buf [10]; … strcpy(buf, s1); … } FP s1 The Next PC of Call g( ) Return Address Program code Stack Growth Saved FP Local Variable buf SP Lower Addr. • Start f( ) • Call g( ) • Execute strcpy( ) • Return to f( ) ICECS'06

  13. Higher Addr. FP s1 To the Attack Code Return Address The Next PC of Call g( ) Stack Growth Saved FP Attack Code Local Variable buf String SP Lower Addr. Insert the attack code! Corrupt the return address! Hijack the program execution! Stack Smashing Higher Addr. int f ( ) { … g (s1); … } int g ( char *s1) { char buf [10]; … strcpy(buf, s1); … } FP s1 The Next PC of Call g( ) Return Address Program code Stack Growth Saved FP Local Variable buf SP Lower Addr. • Start f( ) • Call g( ) • Execute strcpy( ) • Return to f( ) ICECS'06

  14. Outline • Introduction • Buffer-Overflow Attack • Secure Cache Architecture • Overview • Security Issue • Lock&Unlock Algorithm • Evaluation • Experimental Set-Up • Security Strength • Performance Overhead • Conclusions ICECS'06

  15. Secure Cache Architecture • Protect return-address (RA) values in the cache! • Generate one or more “Replicas” on each RA store • Compare the original RA with a replica on the RA load • If they are not the same, we know that the popped RA has been corrupted! ICECS'06

  16. Security Issue • The replica lines are also evicted from the cache • Miss the opportunity to check the RA value if no replica lines reside in the cache • So… • Good for many applications (w/ high cache-hit rates) • Bad for memory intensive applications (w/ high cache-miss rates) ICECS'06

  17. Outline • Introduction • Buffer-Overflow Attack • Secure Cache Architecture • Overview • Security Issue • Lock&Unlock Algorithm • Evaluation • Security Strength • Performance Overhead • Conclusions ICECS'06

  18. Lock and Invalidate Approach • Prohibit the eviction of replica lines until they are loaded later! (Lock) • Invalidate the loaded replicas to release the cache resource (Invalidate) • Pros. • Effective use of cache resource • Cons. • Squashed return-address loads prematurely invalidate the replica lines ICECS'06

  19. Lock & Unlock Approach • Prohibit the eviction of replica lines until they are loaded later! (Lock) • Keep the replicas in the cache until they are evicted due to the replacement policy! (Unlock) • Pros. • Avoid premature replica-line invalidation • Cons. • Waste cache resource ICECS'06

  20. Outline • Introduction • Buffer-Overflow Attack • Secure Cache Architecture • Overview • Security Issue • Lock&Unlock Algorithm • Evaluation • Security Strength • Performance Overhead • Conclusions ICECS'06

  21. Experimental Set-Up • Processor Simulator • SimpleScalar3.0 • 4-way OOO Superscalar • 4-way 16KB L1 D-Cache • SCache Model • LRU1-L&I: Lock & Invalidate (w/ LRU replica placement) • LRU1-L&U: Lock & Unlock (w/ LRU replica placement) • MRU1-L&U: Lock & Unlock (w/ MRU replica placement) • Benchmark Programs • SPEC2000 • 7 integer programs, 4 fp programs • Small input ICECS'06

  22. LRU1-L&I LRU1-L&U MRU1-L&U (Nv-rald / Nrald) * 100 Insecure issued RA load Total #of issued RA load Vulnerability Vulnerability Benchmark Programs ICECS'06

  23. LRU1-L&I LRU1-L&U MRU1-L&U Performance Overhead Performance Overhead Benchmark Programs ICECS'06

  24. Outline • Introduction • Buffer-Overflow Attack • Secure Cache Architecture • Overview • Security Issue • Lock&Unlock Algorithm • Evaluation • Security Strength • Performance Overhead • Conclusions ICECS'06

  25. Conclusions • Summary • Architectural support for run-time buffer-overflow detection • New data management algorithms • Lock and Invalidation • Inefficient for some benchmark programs • Max. :23% vulnerability • Performance overhead is less than 0.9% • Lock and Unlock • Very efficient for all benchmark programs • Max. :2.5% vulnerability (average<0.8%) • Performance overhead is less than 0.3% • Future Work • Integrate to a secure micorprocessor platform ICECS'06

More Related