Enabling trusted software integrity

Preventing execution of unauthorized software on a given computer plays a pivotal role in system security. The key problem is that although a program at the beginning of its execution can be verified as authentic, while running, its execution flow can be redirected to externally injected malicious code using, for example, a buffer overflow exploit. Existing techniques address this problem by trying to detect the intrusion at run-time or by formally verifying that the software is not prone to a particular attack.We take a radically different approach to this problem. We aim at intrusion prevention as the core technology for enabling secure computing systems. Intrusion prevention systems force an adversary to solve a computationally hard task in order to create a binary that can be executed on a given machine. In this paper, we present an exemplary system--SPEF--a combination of architectural and compilation techniques that ensure software integrity at run-time. SPEF embeds encrypted, processor-specific constraints into each block of instructions at software installation time and then verifies their existence at run-time. Thus, the processor can execute only properly installed programs, which makes installation the only system gate that needs to be protected. We have designed a SPEF prototype based on the ARM instruction set and validated its impact on security and performance using the MediaBench suite of applications.

[1]  Aviel D. Rubin,et al.  Blocking Java applets at the firewall , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[2]  R. M. Tomasulo,et al.  An efficient algorithm for exploiting multiple arithmetic units , 1995 .

[3]  Miodrag Potkonjak,et al.  MediaBench: a tool for evaluating and synthesizing multimedia and communications systems , 1997, Proceedings of 30th Annual International Symposium on Microarchitecture.

[4]  Leon J. Osterweil,et al.  Omega—A Data Flow Analysis Tool for the C Programming Language , 1985, IEEE Transactions on Software Engineering.

[5]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[6]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[7]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[8]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[9]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[10]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[11]  Pau-Chen Cheng,et al.  BlueBoX: A policy-driven, host-based intrusion detection system , 2003, TSEC.

[12]  David Evans,et al.  Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.

[13]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[14]  Marianne Adams,et al.  System BIOS for IBM PCs, Compatibles and EISA Computers: The Complete Guide to Rom-Based System Software , 1991 .

[15]  David A. Wagner,et al.  Setuid Demystified , 2002, USENIX Security Symposium.

[16]  David A. Wagner,et al.  A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.

[17]  Leon J. Osterweil,et al.  Omega -- A Data Flow Analysis Tool for the C Programming Language ; CU-CS-217-82 , 1982 .

[18]  David E. Evans,et al.  Static detection of dynamic memory errors , 1996, PLDI '96.

[19]  R. Sekar,et al.  Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications , 1999, USENIX Security Symposium.

[20]  Michael D. Smith,et al.  Support for Speculative Execution in High-Performance Processors , 1992 .

[21]  Murray Hill,et al.  Lint, a C Program Checker , 1978 .

[22]  Sergio Loureiro,et al.  Mobile code security , 2000 .

[23]  Yang Meng Tan,et al.  LCLint: a tool for using specifications to check code , 1994, SIGSOFT '94.

[24]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[25]  Donn Seeley Password cracking: a game of wits , 1989, CACM.