Reconfigurable Dynamic Trusted Platform Module for Control Flow Checking

Trusted Platform Module (TPM) has gained its popularity in computing systems as a hardware security approach. TPM provides the boot time security by verifying the platform integrity including hardware and software. However, once the software is loaded, TPM can no longer protect the software execution. In this work, we propose a dynamic TPM design, which performs control flow checking to protect the program from runtime attacks. The control flow checker is integrated at the commit stage of the processor pipeline. The control flow of program is verified to defend the attacks such as stack smashing using buffer overflow and code reuse. We implement the proposed dynamic TPM design in FPGA to achieve high performance, low cost and flexibility for easy functionality upgrade based on FPGA. In our design, neither the source code nor the Instruction Set Architecture (ISA) needs to be changed. The benchmark simulations demonstrate less than 1% of performance penalty on the processor, and an effective software protection from the attacks.

[1]  Tzi-cker Chiueh,et al.  RAD: a compile-time solution to buffer overflow attacks , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[2]  Mehmet Kayaalp,et al.  Branch regulation: Low-overhead protection from code reuse attacks , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).

[3]  Hovav Shacham,et al.  Return-oriented programming without returns , 2010, CCS '10.

[4]  Trevor Mudge,et al.  MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[5]  Alexander Tereshkin Evil maid goes after PGP whole disk encryption , 2010, SIN.

[6]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[7]  Ramesh Karri,et al.  Architecture Support for Dynamic Integrity Checking , 2012, IEEE Transactions on Information Forensics and Security.

[8]  Zhi Wang,et al.  Defeating return-oriented rootkits with "Return-Less" kernels , 2010, EuroSys '10.

[9]  Mathias Payer,et al.  Control-Flow Integrity , 2017, ACM Comput. Surv..

[10]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[11]  Ahmad-Reza Sadeghi,et al.  Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks , 2009, STC '09.

[12]  Ruby B. Lee,et al.  Runtime execution monitoring (REM) to detect and prevent malicious code execution , 2004, IEEE International Conference on Computer Design: VLSI in Computers and Processors, 2004. ICCD 2004. Proceedings..

[13]  John Paul Shen,et al.  Processor Control Flow Monitoring Using Signatured Instruction Streams , 1987, IEEE Transactions on Computers.

[14]  Ramesh Karri,et al.  Feasibility study of dynamic Trusted Platform Module , 2010, 2010 IEEE International Conference on Computer Design.

[15]  Mehmet Kayaalp,et al.  SCRAP: Architecture for signature-based protection from Code Reuse Attacks , 2013, 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA).

[16]  Donald Yeung,et al.  BioBench: A Benchmark Suite of Bioinformatics Applications , 2005, IEEE International Symposium on Performance Analysis of Systems and Software, 2005. ISPASS 2005..

[17]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[18]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[19]  Alok N. Choudhary,et al.  CODESSEAL: Compiler/FPGA Approach to Secure Applications , 2005, ISI.

[20]  David R. Kaeli,et al.  Multi2Sim: A simulation framework for CPU-GPU computing , 2012, 2012 21st International Conference on Parallel Architectures and Compilation Techniques (PACT).

[21]  Divya ARORAa,et al.  Architectural Enhancements for Secure Embedded Processing , 2006 .

[22]  John L. Henning SPEC CPU2006 benchmark descriptions , 2006, CARN.