Upload
others
View
10
Download
1
Embed Size (px)
Citation preview
Department of Electrical & Computer Engineering
EC 700Hardware and Systems Security
Prof. Michel A. Kinsy
Introduction to cybersecurityCyber attacks examples
Department of Electrical & Computer Engineering
Large-Scale System Security Breaches
§ The Emerging Mobile App “Wild West”• https://securityintelligence.com/how-to-protect-mobile-apps-
essentials/§ Apple has now removed over 300 pieces of software
from the App Store• http://www.wired.com/2015/09/apple-removes-300-infected-
apps-app-store/§ Security researcher obtained physical access to the
plane control system through the Seat Electronic Box• http://www.wired.com/2015/05/feds-say-banned-researcher-
commandeered-plane/§ Stuxnet computer worm is shown to work on Siemens
SIMATIC WinCC SCADA system• http://www.theguardian.com/world/2011/apr/17/iran-siemens-
stuxnet-cyberattack
Department of Electrical & Computer Engineering
Large-Scale System Security Breaches§ Home routers
§ Stealthy, destructive malware infects half a million routers https://www.wired.com/story/vpnfilter-router-malware-outbreak/
§ Services sector: databases and data centers§ Equifax breach of 145.5 million people's data§ Yahoo hack that affected 3 billion accounts§ Hospitals
§ https://www.zdnet.com/article/us-hospital-pays-55000-to-ransomware-operators/§ https://www.healthcareitnews.com/news/when-medical-devices-get-hacked-hospitals-
often-dont-know-it
§ Fitness and wellness § Under Armour
§ https://www.wired.com/story/under-armour-myfitnesspal-hack-password-hashing/
§ Internet of Things § World's largest DDoS attack launched from 152,000 hacked Smart
Deviceshttps://thehackernews.com/2016/09/ddos-attack-iot.html§ 230 crypto keys are actively being used by more than 4 Million IoT
devices§ https://thehackernews.com/2015/11/iot-device-crypto-keys.html
Department of Electrical & Computer Engineering
Large-Scale System Security Breaches§ Power grid systems: their control systems§ U.S. investigators find proof of cyberattack on
Ukraine power grid§ https://www.cnn.com/2016/02/03/politics/cyberattack-
ukraine-power-grid/index.html
Source: U.S. Department of Energy
Department of Electrical & Computer Engineering
Example: MicrogridsAn information-centric energy infrastructure: The Berkeley view
Source:http://www.energy-daily.com/images/smart-grid-electricity-schematic-bg.jpg.
Department of Electrical & Computer Engineering
Example: Cybersecurity of Microgrids
§ Computation requirements§ The control systems deal with continuous,
computational intensive dynamics, discrete events, and generic commands§ Low and high-performance processing units required
§ The correctness, stability, and efficiency in controlling these system are closely related to the data propagation delay in the control (low-latency, and hard real-time)§ Fast and predictable execution units are imperative
§ Security requirements
Department of Electrical & Computer Engineering
Example: Cybersecurity of Microgrids
§ Computation requirements§ Security requirements
§ Local control algorithms change over time, due to changes in the physical plant functions or capacity§ Programmable architectures are required
§ The system wide control is a network of independent or loosely coupled local controls§ Robust network security is needed
§ Firewalls, intrusion detection, deep packet sniffing, logging, unauthorized access monitoring, etc.
Department of Electrical & Computer Engineering
Social media and networks Mobile devices
Scientific instruments
Sensor technologyData storage has grown significantly, shifting markedly from analog to digital after 2000
SOURCE: Hilbert and López, “The world’s technological capacity to store, communicate, and compute information,” Science, 2011
Global installed, optimally compressed, storage
OverallExabytes
Detail%; exabytes
NOTE: Numbers may not sum due to rounding.
50
300
250
200
150
100
02007200019931986
6
75
979994
100% =
Analog
Digital
20072000
54 295
25
1993
163
1986
31
Evolving Nature of Applications
Department of Electrical & Computer Engineering
Computer System Components View
DigitalDesign
CircuitDesign
Compiler
OperatingSystem
Applications
Firmware
Datapath&Control
Layout
I/OsystemProcessor MemoryorganizationISA
Department of Electrical & Computer Engineering
Computer Architecture Domains§ The art of abstraction
Algorithm
Register-Transfer Level (RTL)
Application
Instruction Set Architecture (ISA)Operating System/Virtual Machine
Microarchitecture
Devices
Programming Language
Circuits
Physics
Original domain of
the computer architect
(‘50s-‘80s)
Domain of computer architecture (‘90s)
Reliability, power
Parallel computing security, …
Department of Electrical & Computer Engineering
Computer Architecture Components
§ The processing elements or cores do the actual computations, i.e., data manipulations, operations
On-chipInterconnect
MemorySubsystem
ProcessingCores
Department of Electrical & Computer Engineering
Computer Architecture Components
§ The memory hierarchy is responsible for the on-chip data storage, organization and access scheme
On-chipInterconnect
MemorySubsystem
ProcessingCores
Department of Electrical & Computer Engineering
Computer Architecture Components
§ On-chip network handles data movements, e.g., cache lines and cache coherence messages, between processor cores and memory modules
On-chipInterconnect
MemorySubsystem
ProcessingCores
Department of Electrical & Computer Engineering
Widening Gap: Needs and Capabilities
Figure:KathyYelick,“TenWaystoWasteaParallelComputer”,ISCA‘09
Department of Electrical & Computer Engineering
Figure:KathyYelick,“TenWaystoWasteaParallelComputer”,ISCA‘09
Increase in # of processing
elements/cores
Widening Gap: Needs and Capabilities
Department of Electrical & Computer Engineering
SoC/SiP/Large-Scale System Security
SoCdesigncomplexitytrends [International TechnologyRoadmapforSemiconductors2011Report]
Department of Electrical & Computer Engineering
SoC/SiP/Large-Scale System Security§ Integration of heterogeneous technologies
• Large number of processing units programmable RISC/CISC cores, memory, DSPs, and accelerator function units/ASIC
Systemdiagramofprocessingunitsinatypicalsmartphone3~4yearsago(OMAP™2Processors:OMAP2420–TI)
Department of Electrical & Computer Engineering
Why Hardware Level Security? Defense becomes more and more complex, yet still outmatched by offense
Unified threatmanagement
Network flightrecorder
SnortMilky WayStalkerDEC seal
10,000,000
8,000,000
6,000,000
4,000,000
2,000,000
01985 1990 1995 2000 2005 2010
Line
s of
cod
e
Security software
Malware:125 lines of code*
Source: Defense Advanced Research Projects Agency (DARPA)
Brief to Defense Science Board (DSB) Task Force (May 2011).
Data through 2010.
Department of Electrical & Computer Engineering
Computing Systems Security§ Hardware Security
• Circuit Level§ Hardware obfuscation
• Digital Design§ IC watermarking
• Datapath & Control§ Self-repair and regeneration of
datapaths• Component Level
§ Hardware security primitives (PUF, ORAM, RNG,…)
• Architecture Level§ Secure computing architectures
• Secure heterogeneous system-on-chip (SoC) architectures
Hardware
OS
Applications
Network
Department of Electrical & Computer Engineering
Current State of MixTrust Systems§ Current state of affairs: Trusted/untrusted
applications running on trusted/untrusted coresApplica,ons%
Core0%
Many2core%Architecture%
Core5%
Core8% Core9%
Core12%
Core3%
Core4%
Core10%
Core1% Core2%
Core7%Core6%
Core15%Core14%
Core11%
Core13%Task%
Task%
Department of Electrical & Computer Engineering
Architecture Design Challenge§ Relatively easy to get two of three, harder to get
all three!
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Uniprocessor ASIC Superscalar
Department of Electrical & Computer Engineering
Architecture Design Challenge§ Relatively easy to get two of three, harder to get
all three!
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Uniprocessor ASIC Superscalar
Performance
Energy Efficiency
Programmability The general design objectives of the community have been:§ If only I could get all three! § Image the future of
computing!
Department of Electrical & Computer Engineering
Architecture Design Challenge§ Relatively easy to get two of three, harder to get
all three!
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Uniprocessor ASIC Superscalar
Performance
Energy Efficiency
ProgrammabilityWhat about security? § What about privacy-preserving computing? § What about the integrity of the execution? § On-chip data confidentiality?
§ Albert! You really know how to kill a party!!!
Department of Electrical & Computer Engineering
Computer Architecture Security§ The mainstream wake-up call § Meltdown and Spectre
§ Meltdown security vulnerability allows a local, unprivileged, userspace process to read data from any memory location mapped to the process, including kernel memory§ The key reason why this vulnerability is so terrifying
§ Spectre security vulnerability allows a local, unprivileged, userspace process to read data from memory locations assigned to other processes
Department of Electrical & Computer Engineering
Control Flow and Performance§ A basic block is a piece of code with no control flow
instruction, i.e., no branches or jumps§ Profiling results on a small set of common applications
using the Intel Pintool44
38
4230
5425 20
824
8081
4.65
4.69
4.62
4.66
4.59
C LEAR MKDIR LS UNTAR FIND
BASICBLOCKDISTRIBUTIONNumberofBBLs AverageInst/BBLs
Department of Electrical & Computer Engineering
Reducing Control Flow Penalty § Modern processors may have > 10 pipeline
stages between next pc calculation and branch resolution!
FetchI-cache
Fetch Buffer
IssueBuffer
Func.Units
Arch.State
Execute
Decode
ResultBuffer
Commit
PC
Department of Electrical & Computer Engineering
Pentium 4: A Superscalar CISC Architecture34TCFetch
5Drive
6Alloc
9Que
10Sch
12Sch
13Disp
14Disp
15RF
16RF
17Ex
18Flgs
19BrCk
20Drive
12TCNxtIP
78Rename
11Sch
3.2GB/sSystemInterface
L2CacheandControl
BTB
BTB&I-TLB
Decoder
TraceCache
Rename/Alloc
µopQueues
Schedulers
IntegerRFFPRFµCode
ROM
StoreAGULoadAGUALUALUALUALU
FPmoveFPstoreFmulFaddMMXSSE
L1D-CacheandD-TLB
Department of Electrical & Computer Engineering
Reducing Control Flow Penalty § Modern processors may have > 10
pipeline stages between next pc calculation and branch resolution!
§ Hardware solutions§ Find something else to do - delay
slots replaces pipeline bubbles with useful work (requires software cooperation)
§ Speculate - branch prediction speculative execution of instructions beyond the branch
FetchI-cache
Fetch Buffer
IssueBuffer
Func.Units
Arch.State
Execute
Decode
ResultBuffer
Commit
PC
Department of Electrical & Computer Engineering
Reducing Control Flow Penalty § Sequential execution of
instructions § Speculative non-sequential
execution of instructions i: instruction
i+1: instruction
i+2: instruction
i+3: instruction
i+4: instruction
j: instruction
j+k: instruction…
…
i: instruction
i+1: instruction
i+2: instruction
i+3: instruction
j: instruction
j+1: instruction
j+k: instruction
i+4: instruction
unprivileged Non-control flow instruction
unprivileged control flow instruction
unprivileged control flow resolution instruction
privileged instruction
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Initiate attack
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Initiate attack
ATP
ATP: Attack Transmission Process
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Initiate attack
ATP
ATP: Attack Transmission Process
ATP requests and sends out the secret
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Initiate attack
ATP
ATP: Attack Transmission Process
ATP requests and sends out the secret
SRP
SRP: Secret Receiving Process
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Initiate attack
ATP
ATP: Attack Transmission Process
ATP requests and sends out the secret
SRP
SRP: Secret Receiving Process
A new attack channel may be created (e.g., side-channel)
Department of Electrical & Computer Engineering
Perhaps a new technology: in the CMOS domain or post-CMOS (e.g., Spintronics,
memristor, carbon nanotube)
New Computer Architecture
The evolving nature of applications has created the need for new architecture
features
Examples:• Privacy-preserving computing • Secure mobile high-performance
computing• Secure situation-aware
computing• Trustworthy neural Network
based computing
The Need For A New Architecture
Department of Electrical & Computer Engineering
Perhaps a new technology: in the CMOS domain or post-CMOS (e.g., Spintronics,
memristor, carbon nanotube)
New Computer Architecture
The evolving nature of applications has created the need for new architecture
features
Examples:• Privacy-preserving computing • Secure mobile high-performance
computing• Secure situation-aware
computing• Trustworthy neural Network
based computing
The Need For A New Architecture
We need more secure architectures:
• Process isolation • Authentication of
software and hardware interactions
Department of Electrical & Computer Engineering
Next Class§ Application level attacks: Code injection, Buffer
Overflow, Control-Flow Hijacking
Department of Electrical & Computer Engineering
Class Logistics§ As a 700 Level course, it is primarily a reading,
presentation and project driven course § The class project is built around the RISC-V ISAA
secure architecture targeting a specific attack class§ Specifically
§ Describe a relevant and pressing attack model§ Propose some architecture feature(s) to protect against
the described attack§ Implement, test and validation of the security
safeguard provided