a framework for trusted instruction execution via basic block signature verification l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
A Framework For Trusted Instruction Execution Via Basic Block Signature Verification PowerPoint Presentation
Download Presentation
A Framework For Trusted Instruction Execution Via Basic Block Signature Verification

Loading in 2 Seconds...

play fullscreen
1 / 14

A Framework For Trusted Instruction Execution Via Basic Block Signature Verification - PowerPoint PPT Presentation


  • 299 Views
  • Uploaded on

A Framework For Trusted Instruction Execution Via Basic Block Signature Verification. Milena Milenković, Aleksandar Milenković, and Emil Jovanov. Electrical and Computer Engineering Dept. The University of Alabama in Huntsville {milenkm|milenka|jovanov}@ece.uah.edu. Outline. Introduction

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'A Framework For Trusted Instruction Execution Via Basic Block Signature Verification' - salena


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a framework for trusted instruction execution via basic block signature verification

A Framework For Trusted Instruction ExecutionVia Basic Block Signature Verification

Milena Milenković, Aleksandar Milenković, and Emil Jovanov

Electrical and Computer Engineering Dept.

The University of Alabama in Huntsville

{milenkm|milenka|jovanov}@ece.uah.edu

outline
Outline
  • Introduction
  • Related Work
  • Trusted Instruction Execution Framework
  • The Framework Potential
  • Conclusion
introduction
Introduction
  • Most of today’s computers connected to Internet security is a critical issue
  • Even more so in the future
  • One of the major security problems: the execution of the unauthorized code
  • A lot of applications may be vulnerable
  • Attack examples:
    • buffer overflow (heap, stack)
    • format string attack
introduction4
Introduction
  • We propose a processor architecture that
    • will allow execution of the trusted instructions only
    • will not significantly increase the program execution time
related work
Related Work
  • Two categories:
    • Static source code analysis
    • Dynamic detection/prevention
  • Static code analysis: false alarms
  • Dynamic
    • Monitoring program behavior (system calls, performance monitoring registers)
    • Compilers, safe language dialects
    • Secure Program Execution Framework (SPEF)
    • Tag data from “spurious” channels
    • Split stack for data/addresses, or secure stack
trusted instruction execution
Trusted Instruction Execution
  • Atomic code unit protected by its signature: a basic block
  • Verify all basic blocks?
  • Cache memory is safe:verify the signature of basic blocks that generated a cache miss
  • Text memory write protected:check only last basic block in a stream
architecture for trusted computing

Code

BBST_M

Heap

Stack

Architecture For Trusted Computing

BBST – Basic Block Signature Table

BBST_M – Basic Block Signature Table (Memory)

BBSVU – Basic Block Signature Verification Unit

MMU

L1D

Datapath

L1I

FPUs

IF

BBST

Control

BBSVU

phases of the security mechanism
Phases of the Security Mechanism
  • Compilation
    • Compiler generates a list of basic blocks
  • Secure program installation
    • Signature table (BBST_M) is generated, encrypted and appended to the program binary
  • Program loading in the memory
    • BBST_M is decrypted, loaded in the memory
  • Program execution
    • Signature of each last basic block in a streamthat generated a cache miss is verified
    • If no match, a trap to OS – kill process & audit
signature generation
Signature generation
  • MISR (Multiple input signature register)
  • Linear feedback coefficients – based on the processor secret key
the framework potential
The Framework Potential
  • 32-bit MISR
  • I-cache: 4 ways, 128 sets, 64B line
  • BBST: 4 ways, 4B line, 128/256 sets
  • LRU replacement
  • Traces of SPEC CPU2000 benchmarks for Alpha architecture
    • F2B, M2B segments
  • Measure: BBST misses per 1 M instructions
conclusion
Conclusion
  • Proposed a framework for trusted instruction execution,evaluated potential
  • Promises to be faster than SPEF, with additional hardware resources and BBST appended to program binary
  • Future work:
    • different BBST organizations and sizes
    • detailed performance evaluation
    • an alternative implementation:signature embedded in the code