Achieving trusted systems by providing security and reliability research project 22
1 / 12

Achieving Trusted Systems by Providing Security and Reliability ( Research Project #22 ) - PowerPoint PPT Presentation

  • Uploaded on

Achieving Trusted Systems by Providing Security and Reliability ( Research Project #22 ). Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman. Objective and Approach. Objective

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Achieving Trusted Systems by Providing Security and Reliability ( Research Project #22 )' - paiva

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Achieving trusted systems by providing security and reliability research project 22

Achieving Trusted Systems by Providing Security and Reliability(Research Project #22)

Project Members:

Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman

Objective and approach
Objective and Approach Reliability

  • Objective

    • design and validate secure and reliable computing systems to support critical infrastructures.

  • Approach

    • analyze raw data on security vulnerabilities and attacks

    • generate stochastic and state machine models depicting security threats

    • apply formal method to uncover security vulnerabilities due to inconsistencies between system specifications and implementations

    • implement defensive techniques at compiler, operating system and hardware levels

Accomplishments Reliability

  • Study impact of hardware errors on system security

    • IEEE Dependable Systems and Networks (DSN’01 and DSN’02)

  • State machine modeling of real-world security vulnerabilities

    • DSN’03

  • Non-control-data attack: a new security threat

    • USENIX Security (Security’05)

  • Memory layout randomization-based defensive technique

    • IEEE Reliable Distributed Systems (SRDS’03)

  • Architecture level support for reliability and security

    • EASY’02, DSN’04 and DSN’05

  • Formal reasoning on security vulnerabilities

    • IFIP Information Security (SEC’04)

Modeling and analyzing security vulnerabilities
Modeling and Analyzing Security Vulnerabilities Reliability


  • An extensive study on security vulnerabilities in Bugtraq and CERT

  • Each vulnerability is decomposed to multiple simple predicates.

  • State machine modeling for buffer overflow, format string bug, heap corruption, integer overflow, …

  • A more formal way for reasoning about security vulnerabilities.

WU-FTP Server Format String Attack

NULL-HTTP Server Heap Corruption Attack

New security threat non control data attack
New Security Threat: Non-Control-Data Attack Reliability

(USENIX Security’05)

  • Most current attacks are control-data attacks

    • Corrupting function pointers or return addresses to run malicious code.

    • Many defensive techniques are proposed to defeat control-data attacks.

  • New threat: non-control-data attacks are generally applicable to attack real-world systems

    • User identity data, configuration data, user input data and decision-making Booleans are security critical.

    • Non-control-data attacks can obtain the root privilege on FTP, SSH, HTTP and Telnet servers.

    • A comprehensive defensive technique is needed to defeat both types of attacks.

Pointer taintedness detection for security
Pointer Taintedness Detection for Security Reliability

  • The root cause of many attacks (control-data attacks and non-control-data attacks): pointer taintedness

  • Pointer taintedness: a pointer value is derived directly or indirectly from user input.

  • Prevent pointer taintedness  defeat many real-world attacks,

    • e.g., stack smashing, format string, heap corruption, integer overflow, and globbing attacks.

  • Pursued directions

    • Pointer taintedness avoidance – uncover vulnerabilities by source code analysis

    • Pointer taintedness detection – check pointers at runtime.

Source code analysis to uncover pointer taintedness
Source Code Analysis to Uncover Pointer Taintedness Reliability


  • Formal semantic definition of pointer taintedness using equational logic

  • Develop a theorem proving technique to analyze C source code at machine code level

  • Extract a set of preconditions for each analyzed function

    • Satisfaction of preconditions  no possibility of pointer taintedness inside this function

  • Evaluation

    • Analyze strcpy(), printf(), free() and socket read functions of HTTP servers

    • Negations of extracted preconditions suggest scenarios of potential vulnerabilities.

Runtime pointer taintedness detection
Runtime Pointer Taintedness Detection Reliability


  • A processor architectural level mechanism to detect pointer taintedness

    • On SimpleScalar simulator

      • Implemented a taintedness-aware memory system

      • Extended ALU instructions to propagate taintedness in memory

  • Evaluation using several network applications and SPEC benchmarks

    • Effective in detecting both control-data attacks and non-control-data attacks

    • Transparent to applications, precompiled binary can run.

    • No known false alarm.

Future directions
Future Directions Reliability

  • Combination of static code analysis and architecture support

    • To automatically derive predicates to be checked by processor at runtime

  • Reliability and security support for embedded systems

    • Migrate our current techniques to embedded systems

    • New topics: cell phone virus, reduced power consumption, tamper-resistant hardware, crypto and authentication hardware/software


Backup Reliability

Internals of format string attack

fmt: format string pointer Reliability

ap: argument pointer

fmt: format string pointer

ap: argument pointer

Internals of Format String Attack

Vulnerable code:


printf(buf); /* should be printf(“%s”,buf) */

\xdd \xcc \xbb \xaa %d %d %d %n







Stack growth


In vfprintf(),

if (fmt points to “%n”)

then **ap = (character count)

*ap is a tainted value.


Extracting security specifications by theorem prover
Extracting Security Specifications by Theorem Prover Reliability

Automatically translated to formal semantic representation

C source code of a library function

formal semantic representation

Theorem generation

For each pointer dereference in an assignment, generate a theorem stating that the pointer is not tainted

Theorem proving

A set of sufficient conditions that imply the validity of the theorems.

They are the security specifications of the analyzed function.