RV-TEE: secure cryptographic protocol execution based on runtime verification

Analytical security of cryptographic protocols does not immediately translate to operational security due to incorrect implementation and attacks targeting the execution environment. Code verification and hardware-based trusted execution solutions exist, however these leave it up to the implementer to assemble the complete solution, imposing a complete re-think of the hardware platforms and software development process. We rather aim for a comprehensive solution for secure cryptographic protocol execution, which takes the form of a trusted execution environment based on runtime verification and stock hardware security modules. RV-TEE can be deployed on existing platforms and protocol implementations. Runtime verification lends itself well at several conceptual levels of the execution environment, ranging from high level protocol properties, to lower level checks such as taint inference. The proposed architectural setup involving two runtime verification modules is instantiated through a case study using a popular web browser. We successfully monitor high and low level properties with promising results with respect to practicality.

[1]  Mark Manulis Provably secure group key exchange , 2007 .

[2]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[3]  Ricardo J. Rodríguez Evolution and characterization of point-of-sale RAM scraping malware , 2016, Journal of Computer Virology and Hacking Techniques.

[4]  Christian Doerr,et al.  SoK: ATT&CK Techniques and Trends in Windows Malware , 2019, SecureComm.

[5]  Miguel Angel Ferrer-Ballester,et al.  A Perspective Analysis of Handwritten Signature Technology , 2019, ACM Comput. Surv..

[6]  Leonardo Mariani,et al.  Run-Time Verification , 2004, Model-Based Testing of Reactive Systems.

[7]  Christoforos Ntantogian,et al.  Protecting Sensitive Information in the Volatile Memory from Disclosure Attacks , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[8]  Dejan Nickovic,et al.  Runtime Monitoring with Recovery of the SENT Communication Protocol , 2017, CAV.

[9]  Jacques Traoré,et al.  Breaking into the KeyStore: A Practical Forgery Attack Against Android KeyStore , 2016, ESORICS.

[10]  T. Kanade Model-Based Testing of Reactive Systems , 2005 .

[11]  Paolo Prinetto,et al.  Side-channel analysis of SEcube™ platform , 2017, 2017 IEEE East-West Design & Test Symposium (EWDTS).

[12]  Adriana Suárez Corona,et al.  Attribute-based group key establishment , 2010, Adv. Math. Commun..

[13]  Heng Yin,et al.  Attacks on WebView in the Android system , 2011, ACSAC '11.

[14]  Angelos D. Keromytis,et al.  libdft: practical dynamic data flow tracking for commodity systems , 2012, VEE '12.

[15]  Juan Caballero,et al.  Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities , 2012, ISSTA 2012.

[16]  Angelos D. Keromytis,et al.  CloudFence: Data Flow Tracking as a Cloud Service , 2013, RAID.

[17]  Xiapu Luo,et al.  On Tracking Information Flows through JNI in Android Applications , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[18]  Gordon J. Pace,et al.  Runtime Verification for Stream Processing Applications , 2016, ISoLA.

[19]  Sandro Pinto,et al.  Demystifying Arm TrustZone , 2019, ACM Comput. Surv..

[20]  Xiang Zhang,et al.  Defensing the malicious attacks of vehicular network in runtime verification perspective , 2016, 2016 IEEE International Conference on Electronic Information and Communication Technology (ICEICT).

[21]  Wenke Lee,et al.  Lares: An Architecture for Secure Active Monitoring Using Virtualization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[22]  Yanick Fratantonio,et al.  Understanding Linux Malware , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[23]  Julien Signoles,et al.  Hybrid Information Flow Analysis for Real-World C Code , 2017, TAP@STAF.

[24]  Angelos D. Keromytis,et al.  A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware , 2012, NDSS.

[25]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[26]  Martin Leucker,et al.  A brief account of runtime verification , 2009, J. Log. Algebraic Methods Program..

[27]  Biplab Sikdar,et al.  HAtt: Hybrid Remote Attestation for the Internet of Things With High Availability , 2020, IEEE Internet of Things Journal.

[28]  Gordon J. Pace,et al.  LARVA --- Safer Monitoring of Real-Time Java Programs (Tool Paper) , 2009, 2009 Seventh IEEE International Conference on Software Engineering and Formal Methods.

[29]  Jan Jürjens,et al.  Runtime verification of cryptographic protocols , 2010, Comput. Secur..

[30]  Jyuo-Min Shyu,et al.  Accelerating String Matching Using Multi-Threaded Algorithm on GPU , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[31]  Adriana Suárez Corona,et al.  Group key exchange protocols withstanding ephemeral-key reveals , 2018, IET Inf. Secur..

[32]  George R. S. Weir,et al.  From ZeuS to Zitmo: Trends in Banking Malware , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[33]  Haibo Chen,et al.  CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization , 2011, SOSP.

[34]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[35]  Iqbal Gondal,et al.  A survey of similarities in banking malware behaviours , 2018, Comput. Secur..

[36]  Mohamed Almorsy,et al.  CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model , 2011, 2011 5th International Conference on Network and System Security.

[37]  R. Sekar An Efficient Black-box Technique for Defeating Web Application Attacks , 2009, NDSS.

[38]  Nikolai Kosmatov,et al.  E-ACSL, a Runtime Verification Tool for Safety and Security of C Programs (tool paper) , 2017, RV-CuBES.

[39]  Barton P. Miller,et al.  Anywhere, any-time binary instrumentation , 2011, PASTE '11.

[40]  Rainer Steinwandt,et al.  Secure group key establishment revisited , 2007, International Journal of Information Security.

[41]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave , 2016, HASP 2016.

[42]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[43]  Juan Manuel González Nieto,et al.  Modeling key compromise impersonation attacks on group key exchange protocols , 2008, TSEC.

[44]  Xiangyu Zhang,et al.  ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting , 2016, NDSS.

[45]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[46]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[47]  Stephen Fewer Reflective Dll Injection , 2008 .

[48]  Herbert Bos,et al.  Minemu: The World's Fastest Taint Tracker , 2011, RAID.

[49]  L. Jean Camp,et al.  A qualitative study on usability and acceptability of Yubico security key , 2018, STAST '17.

[50]  Joeri de Ruiter,et al.  Analysis of Secure Key Storage Solutions on Android , 2014, SPSM@CCS.

[51]  Christian Colombo,et al.  Towards a Comprehensive Solution for Secure Cryptographic Protocol Execution based on Runtime Verification , 2020, ICISSP.

[52]  Ranveer Chandra,et al.  VeriFi: Model-Driven Runtime Verification Framework for Wireless Protocol Implementations , 2018, ArXiv.

[53]  Jennia Hizver,et al.  An Introspection-Based Memory Scraper Attack against Virtualized Point of Sale Systems , 2011, Financial Cryptography Workshops.

[54]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[55]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[56]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[57]  Simon Bennetts,et al.  OWASP Zed Attack Proxy , 2013 .

[58]  Abdelmadjid Bouabdallah,et al.  Trusted Execution Environment: What It is, and What It is Not , 2015, TrustCom 2015.