1 / 13

OS Support for Detecting Trojan Circuit Attacks

OS Support for Detecting Trojan Circuit Attacks. Target Attacks. Privilege Escalation Attack : Trojan leverages the memory access mechanism to create a malicious software that escalates its privilege to that of the superuser DoS Attack :

molly
Download Presentation

OS Support for Detecting Trojan Circuit Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OS Support for Detecting Trojan Circuit Attacks

  2. Target Attacks • Privilege Escalation Attack : Trojan leverages the memory access mechanism to create a malicious software that escalates its privilege to that of the superuser • DoS Attack : Trojan does not authenticate the malicious software Solution : Liveness checks! Solution : MP checks!

  3. Suggested Solutions • Hardware Guard • Verifiable hardware module • Placed off-chip • Provides a verifier for the OS to test CPU • Timer • Managed by the processing logic • Synchronized with the CPU’s timer interrupts • Watchdog timer • Is set to a pseudorandom value when receiving a check • Times-out : guard detects an attack

  4. Assumptions and Scope • OS and guard are trusted and verified • Guard has a precise notion of timing • Non-cacheable accesses to memory can be made by OS • Solutions are only for two particular attacks, (DoS and privilege escalation) • DoS detection is restricted to verifying that the OS is receiving timer interrupts • Focus only on the CPU as being possibly malicious – peripherals are trusted

  5. Detection of DoS Attacks • Trojan does not authenticate the malicious software • Makes it hard to detect DoS attack • Results in a halted IC

  6. Liveness Checks • Liveness: CPU is providing the OS with correct timing interrupts • Heart beats • Implemented in the OS • UseOS timer interrupts - added todo_timer function in Linux

  7. Liveness Checks • Problems • A variable is exposed to Trojan circuit • Possible Solutions • Randomizing the location – the variable can be hidden from simple Trojan circuits, but loading the variable to a register may expose the value • Guard instruments binary re-writing of the OS code that implements the liveness check – allowing the values to be inserted indirectly in the control flow

  8. King et al.’ Privilege Escalation • Privilege escalation attack • HW/SW Trojan Attack • Process • Malicious SW gets access to memory space of OS • Access OS’s process list • Search for its own PCB • Change EUID field to be the superuser

  9. Memory Protection Checks task : the head of the process list pid_offset : offsets in the PCB of pid euid_offset : offsets of euid Disable MP to access the memory space of the OS Search process list to find the PCB with my_pid SW Trojan elevates its privilege (sets the EUID to the superuser, which is 0 for Linux) Turn MP back on, making it harder to detect SW Trojan 1 2 3 4

  10. Memory Protection Checks • Searching the list takes about 15-20 : checking MP should occur at least every 15㎲ • Linux provides at most 1000Hz frequency for scheduling : a full millisecond elapses between scheduling

  11. Xenomai • RT scheduler (Xenomai Real-Time framework for Linux) • RT task • Period : set to 15㎲(rt_task_set_periodic) • MP check • Sleep : call rt_task_wait_period

  12. Evaluation • Environment • Intel Core-2 2.0 GHz with 2 GB RAM • Linux version 2.6.25.11 in Fedora Core 7 • Removed all non-essential modules, disabled power management functions • Xenomai version 2.4.4 (MP Checks) • SPECint benchmark compiled with -O2 • 3 full runs and took the median

  13. Evaluation

More Related