Provably-Secure Remote Memory Attestation for Heap Overflow Protection

Memory corruption attacks may lead to complete takeover of systems. There are numerous works offering protection mechanisms for this important problem. But the security guarantees that are offered by most works are only heuristic and, furthermore, most solutions are designed for protecting the local memory. In this paper we initiate the study of provably secure remote memory attestation; we concentrate on provably detecting heap-based overflow attacks and consider the setting where we aim to protect the memory in a remote system. We present two protocols offering various efficiency and security trade-offs but all solutions are efficient enough for practical use as our implementation shows that detect the presence of injected malicious code or data in remotely-stored heap memory. While our solutions offer protection only against a specific class of attacks, our novel formalization of threat models is general enough to cover a wide range of attacks and settings.

[1]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[2]  Kenneth G. Paterson,et al.  RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures , 2012, IACR Cryptol. ePrint Arch..

[3]  Hoeteck Wee Public Key Encryption against Related Key Attacks , 2012, Public Key Cryptography.

[4]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[5]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[6]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[7]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[8]  Wenke Lee,et al.  ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks , 2015, CCS.

[9]  Christopher Krügel,et al.  Run-time Detection of Heap-based Overflows , 2003, LISA.

[10]  Marc Fischlin,et al.  Public Key Cryptography – PKC 2012 , 2012, Lecture Notes in Computer Science.

[11]  Wouter Joosen,et al.  HeapSentry: Kernel-Assisted Protection against Heap Overflows , 2013, DIMVA.

[12]  Michael Shuey,et al.  StackGhost: Hardware Facilitated Stack Protection , 2001, USENIX Security Symposium.

[13]  Navjot Singh,et al.  Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.

[14]  Rishiraj Bhattacharyya,et al.  Secure Message Authentication Against Related-Key Attack , 2013, FSE.

[15]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[16]  Wolfgang Küchlin Public key encryption , 1987, SIGS.

[17]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[18]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[19]  Xeno Kovah,et al.  New Results for Timing-Based Attestation , 2012, 2012 IEEE Symposium on Security and Privacy.

[20]  Benjamin Morin,et al.  What If You Can't Trust Your Network Card? , 2011, RAID.

[21]  Rafail Ostrovsky,et al.  Provable Virus Detection: Using the Uncertainty Principle to Protect Against Malware , 2015, IACR Cryptol. ePrint Arch..

[22]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[23]  Claudio Soriente,et al.  On the difficulty of software-based attestation of embedded devices , 2009, CCS.

[24]  Adrian Perrig,et al.  SBAP: Software-Based Attestation for Peripherals , 2010, TRUST.

[25]  Adrian Perrig,et al.  VIPER: verifying the integrity of PERipherals' firmware , 2011, CCS '11.

[26]  David Cash,et al.  Cryptography Secure Against Related-Key Attacks and Tampering , 2011, IACR Cryptol. ePrint Arch..

[27]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[28]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[29]  Markus Jakobsson,et al.  Practical and Secure Software-Based Attestation , 2011, 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications.

[30]  Marc Fischlin,et al.  Public key cryptography -- PKC 2012 : 15th International Conference on Practice and Theory in Public Key Cryptography, Darmstadt, Germany, May 21-23 2012 : proceedings , 2012 .

[31]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[32]  Frederik Armknecht,et al.  A security framework for the analysis and design of software attestation , 2013, CCS.

[33]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[34]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[35]  Wouter Joosen,et al.  Efficient Protection Against Heap-Based Buffer Overflows Without Resorting to Magic , 2006, ICICS.

[36]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[37]  David Pointcheval,et al.  Public-key encryption indistinguishable under plaintext-checkable attacks , 2016, IET Inf. Secur..

[38]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[39]  E. Berger HeapShield : Library-Based Heap Overflow Protection for Free , 2006 .

[40]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.

[41]  Victor Shoup,et al.  Public Key Encryption , 2011, Encyclopedia of Cryptography and Security.

[42]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[43]  Richard J. Lipton,et al.  Towards Provably-Secure Remote Memory Attestation , 2015, IACR Cryptol. ePrint Arch..

[44]  Derek Bruening,et al.  AddressSanitizer: A Fast Address Sanity Checker , 2012, USENIX Annual Technical Conference.

[45]  Gene Tsudik,et al.  A minimalist approach to Remote Attestation , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[46]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.