RollSec: Automatically Secure Software States Against General Rollback

The rollback mechanism is critical in crash recovery and debugging, but its security problems have not been adequately addressed. This is justified by the fact that existing solutions always require modifications on target software or only work for specific scenarios. As a consequence, rollback is either neglected or restricted or prohibited in existing systems. In this paper, we systematically characterize security threats of rollback as abnormal states of non-deterministic variables and resumed program points caused by rollback. Based on this, we propose RollSec (for Rollback Security), which provides general measurements including state extracting, recording, and compensating, to maintain correctness of these abnormal states for eliminating rollback threats. RollSec can automatically extract these states based on language-independent information of software as protection targets, which will be monitored during run-time, and compensated to correct states on each rollback without requiring extra modifications or supports of specific architectures. At last, we implement a prototype of RollSec to verify its effectiveness, and conduct performance evaluations which demonstrate that only acceptable overhead is introduced.

[1]  Josep Torrellas,et al.  Replay debugging: Leveraging record and replay for program debugging , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[2]  Intel ® Trusted Execution Technology ( Intel ® TXT ) , .

[3]  Srikanth Kandula,et al.  Flashback: A Lightweight Extension for Rollback and Deterministic Replay for Software Debugging , 2004, USENIX Annual Technical Conference, General Track.

[4]  L. Alvisi,et al.  A Survey of Rollback-Recovery Protocols , 2002 .

[5]  Ruby B. Lee,et al.  Architectural support for hypervisor-secure virtualization , 2012, ASPLOS XVII.

[6]  Sun Wei-feng Implementation of IBM vTPM with Xen , 2010 .

[7]  Bran Selic,et al.  A survey of fault tolerance mechanisms and checkpoint/restart implementations for high performance computing systems , 2013, The Journal of Supercomputing.

[8]  Leonard J. Bass,et al.  Towards a Taxonomy of Cloud Recovery Strategies , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[9]  Tal Garfinkel,et al.  When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , 2005, HotOS.

[10]  John L. Henning SPEC CPU2006 benchmark descriptions , 2006, CARN.

[11]  Frank Piessens,et al.  ICE: a passive, high-speed, state-continuity scheme , 2014, ACSAC.

[12]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[13]  Hai Jin,et al.  Theory and methodology of research on cloud security , 2016, Science China Information Sciences.

[14]  Liming Zhu,et al.  Recovery for Failures in Rolling Upgrade on Clouds , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[15]  Jonathan M. McCune,et al.  Memoir: Practical State Continuity for Protected Modules , 2011, 2011 IEEE Symposium on Security and Privacy.

[16]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[17]  Hiroshi Nakashima,et al.  Parallel Program Debugging based on Data-Replay , 2005, IASTED PDCS.

[18]  Nickolai Zeldovich,et al.  Asynchronous intrusion recovery for interconnected web services , 2013, SOSP.

[19]  Konrad Rieck,et al.  Modeling and Discovering Vulnerabilities with Code Property Graphs , 2014, 2014 IEEE Symposium on Security and Privacy.

[20]  Yubin Xia,et al.  Defending against VM rollback attack , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012).

[21]  Jaehyuk Huh,et al.  Architectural support for secure virtualization under a vulnerable hypervisor , 2011, 2011 44th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[22]  Xi Wang,et al.  Identifying Information Disclosure in Web Applications with Retroactive Auditing , 2014, OSDI.

[23]  Xiangyu Li,et al.  Transmission frequency-band hidden technology in physical layer security , 2015, Science China Information Sciences.

[24]  Satish Narayanasamy,et al.  BugNet: continuously recording program execution for deterministic replay debugging , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[25]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[26]  Yungang Liu,et al.  Global practical tracking via adaptive output-feedback for uncertain nonlinear systems with generalized control coefficients , 2015, Science China Information Sciences.

[27]  Josep Torrellas,et al.  QuickRec: prototyping an intel architecture extension for record and replay of multithreaded programs , 2013, ISCA.

[28]  Frank Piessens,et al.  Ariadne: A Minimal Approach to State Continuity , 2016, USENIX Security Symposium.

[29]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[30]  Haibo Chen,et al.  CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization , 2011, SOSP.

[31]  Scott Shenker,et al.  Rollback-Recovery for Middleboxes , 2015, Comput. Commun. Rev..