A framework for trusted instruction execution via basic block signature verification
Download
1 / 14

a framework for trusted instruction execution via basic block signature verification - PowerPoint PPT Presentation


  • 290 Views
  • Uploaded on

A Framework For Trusted Instruction Execution Via Basic Block Signature Verification. Milena Milenković, Aleksandar Milenković, and Emil Jovanov. Electrical and Computer Engineering Dept. The University of Alabama in Huntsville [email protected] Outline. Introduction

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'a framework for trusted instruction execution via basic block signature verification' - salena


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
A framework for trusted instruction execution via basic block signature verification l.jpg

A Framework For Trusted Instruction ExecutionVia Basic Block Signature Verification

Milena Milenković, Aleksandar Milenković, and Emil Jovanov

Electrical and Computer Engineering Dept.

The University of Alabama in Huntsville

[email protected]


Outline l.jpg
Outline

  • Introduction

  • Related Work

  • Trusted Instruction Execution Framework

  • The Framework Potential

  • Conclusion


Introduction l.jpg
Introduction

  • Most of today’s computers connected to Internet security is a critical issue

  • Even more so in the future

  • One of the major security problems: the execution of the unauthorized code

  • A lot of applications may be vulnerable

  • Attack examples:

    • buffer overflow (heap, stack)

    • format string attack


Introduction4 l.jpg
Introduction

  • We propose a processor architecture that

    • will allow execution of the trusted instructions only

    • will not significantly increase the program execution time


Related work l.jpg
Related Work

  • Two categories:

    • Static source code analysis

    • Dynamic detection/prevention

  • Static code analysis: false alarms

  • Dynamic

    • Monitoring program behavior (system calls, performance monitoring registers)

    • Compilers, safe language dialects

    • Secure Program Execution Framework (SPEF)

    • Tag data from “spurious” channels

    • Split stack for data/addresses, or secure stack


Trusted instruction execution l.jpg
Trusted Instruction Execution

  • Atomic code unit protected by its signature: a basic block

  • Verify all basic blocks?

  • Cache memory is safe:verify the signature of basic blocks that generated a cache miss

  • Text memory write protected:check only last basic block in a stream


Architecture for trusted computing l.jpg

Code

BBST_M

Heap

Stack

Architecture For Trusted Computing

BBST – Basic Block Signature Table

BBST_M – Basic Block Signature Table (Memory)

BBSVU – Basic Block Signature Verification Unit

MMU

L1D

Datapath

L1I

FPUs

IF

BBST

Control

BBSVU


Phases of the security mechanism l.jpg
Phases of the Security Mechanism

  • Compilation

    • Compiler generates a list of basic blocks

  • Secure program installation

    • Signature table (BBST_M) is generated, encrypted and appended to the program binary

  • Program loading in the memory

    • BBST_M is decrypted, loaded in the memory

  • Program execution

    • Signature of each last basic block in a streamthat generated a cache miss is verified

    • If no match, a trap to OS – kill process & audit


Signature generation l.jpg
Signature generation

  • MISR (Multiple input signature register)

  • Linear feedback coefficients – based on the processor secret key



The framework potential l.jpg
The Framework Potential

  • 32-bit MISR

  • I-cache: 4 ways, 128 sets, 64B line

  • BBST: 4 ways, 4B line, 128/256 sets

  • LRU replacement

  • Traces of SPEC CPU2000 benchmarks for Alpha architecture

    • F2B, M2B segments

  • Measure: BBST misses per 1 M instructions




Conclusion l.jpg
Conclusion

  • Proposed a framework for trusted instruction execution,evaluated potential

  • Promises to be faster than SPEF, with additional hardware resources and BBST appended to program binary

  • Future work:

    • different BBST organizations and sizes

    • detailed performance evaluation

    • an alternative implementation:signature embedded in the code


ad