Hardware Assisted Control Flow Obfuscation for Embedded

Processors

Xiaoton Zhuang, Tao Zhang, Hsien-Hsin S. Lee, Santosh

PandeHIDE: An Infrastructure for

Efficiently Protecting Information Leakage on the Address Bus

Xiaoton Zhuang, Tao Zhang, Santosh Pande

Overview

• Software Obfuscation• Obfuscate - v - render obscure, unclear, or

unintelligible - bewilder (someone)

• Information Leakage• Layout leakage• Recurrence leakage

• Hardware Obfuscation Techniques

Assumptions

• XOM model • Everything outside the processor chip is

assumed to be insecure

• Memory contents are encrypted

Software Obfuscation(and why it doesn’t work)

• Lacks of theoretical foundation

• It has been proven the perfect obfuscation does not exist

• May incur large overheads in code size

• Performance may be penalized due to carrying out extra computations

• History has proven it inefficient

How is Software Obfuscation Vulnerable to Attack ?

• Layout Leakage• Spatial vicinity

• Recurrence Leakage• Recurring addresses

Layout Leakage

100

101

102 103

104

Recurrence Leakage

100

101

102 103

104

So What? It’s just Control Flow.

• Control flow info is the essential part of algorithms

• Competing company ex.

• Can help identify reuse code

• Control obfuscation techniques are well known and can be reversed

Hardware Obfuscation Overview (paper 1)

• Encrypt the Address Bus (layout leakage)

• Relocate blocks every time they are written out to memory (recurrence leakage)

Address Bus Encryption

Equates to a fixed mapping

Shuffle Buffer

• Designed to reorder all writes to memory

• Exclusive to external memory

Shuffle Buffer

• Indexed array through the block address table

• No address tag• Smaller size / cheaper

• Blocks can be stored anywhere

• Blocks can be randomly replaced (circuit white noise)

• Assume program binary updatable then multi-run recurrence prevented

Block Address Table (BAT) & Cache

• Records the current location of blocks• Use original block address to index into

BAT to get new address• Worst case scenario 10% overhead in

virtual memory space• Each access request from cache

checks with BAT use BAT cache to speed things up

How Secure Is This?

• With a shuffle buffer of 128 blocks 0.8% chance of guessing one recurrence correctly

• For n-recurrences the chance of guessing all correctly is 1/(M^n) where M is the size of the shuffle buffer

Performance/Cost Summary

• Performance degradation can be below 1%

• Hardware costs consist of small on chip shuffle buffer and BAT cache

HIDE(Hardware-support for Leakage-Immune

Dynamic Execution)

• Basic idea is to break the correlation between repeated memory addresses

• Achieved by permuting the address space at suitable intervals during execution

Hide Cache

• A cache same as a normal cache except that that blocks fetched after the previous permutation are all locked

• A locked block cannot be replaced until the memory space they belong to is permuted again

How The Hide Cache Works

Other Details

• When evicting a block choose the least recently used block among the unlocked blocks

• A separately stored bitmap is used to record whether a block is locked or not

Hardware Flowgraph

HIDE at Chunk Level

• Chunk - one or more pages that are protected and permuted together

• Designed to limit size of permutation• Large memory permutations = performance cost• At chunk level the permutation unit only permutes all the blocks

within a chunk

• With the smallest chunk size (a page) 75% of transition from one address to the next are intra-chunk

• Chunks can be specified in the code or at runtime with instructions inserted into the header of the binary code

Page Info Cache

• Stores the Page Info Record to speed up access

How Secure Is this?

• With 64K chunk protection and layout optimizations, 87% of address sequence is protected, in which 95% of the accesses to code and static data are hidden

• Interfaces are provided for the compiler or the user to increase the security to achieve almost complete protection

Performance/Cost Summary

• The performance overhead in their experiments was at most 1.5% mainly due to permutations

• Most on chip components are small

References

• Xiaotong Zhuang, Tao Zhang, Hsien-Hsin Lee and Santosh Pande. Hardware Assisted Control Flow Obfuscation for Embedded Processors. CASES, Washington DC, Sept. 2004.

• Zhuang, X., Zhang, T. and Pande, S. HIDE: An Infrastructure for Efficiently Protecting Information Leakage on the Address Bus. International Conference on Architectural Support for Programming Languages and Operating Systems, Boston, MA., Oct 2004.