Title of Selected Paper:

IMPRES: Integrated Monitoring for Processor Reliability and Security

Authors: Roshan G. Ragel and Sri Parameswaran

Presented by:Arjun Prakash

Outline

• What is Code Injection Attack?• Related Work • Motivation• IMPRES Architecture – An overview

• Software Instrumentation• Code Injection Attack Detection• Check-summing at Runtime

• Contribution and Limitations• Code Integrity Violation Model• Encryption Hardware• Design Flow• Evaluation• Summary

Format String Vulnerabilities

Stack Based Buffer Overflows

Heap Based Buffer Overflows

Attacks violating software integrity (dynamically changing instructions with the intention of gainingaccess to a program) . Insertion of harmful instructions into the program stream.

Dangling Pointer References

Code Injection Attacks

47% of vulnera

bilities

reporte

d from 1994-

2004 were

code

injection

Examples for Code Injection Attack (1)

Return Address Overwriting

buffer[0]

buffer[1]

...

...

buffer[L-1]

other_local_vars

saved FP g()

return address g()

argN

...

arg0

local variable f()

local variable f()

local variable f()

saved FP f()

return address f()

Lower Addresses

Higher Addresses

Stac

k G

row

th

StackFrame

g()

StackFrame

f()

Malicious Code

corrupted return address

argN

...

arg0

local variable f()

local variable f()

local variable f()

saved FP f()

return address f()

#define L 100

int f(){

...

...g(p,q);......

}

int g(char *str1, char *str2){

...

...

...char buffer[L];......strcpy(buffer, str1);......

}

(a) Vulnerable Code (b) Stack Layout (b) Return Address Overwriting

Buffe

r Ove

rflow

Heap Based Buffer Overflow

Size of Previous Heap Segment

Size of Heap Segment0

Injected Code

Size of Previous Heap Segment

Size of Heap Segment1

Next Pointer

Prev Pointer

Old user data

Lower Addresses

Higher Addresses

Size of Previous Heap Segment

Size of Heap Segment2

Next Pointer

Prev Pointer

Old user data

Size of Previous Heap Segment

Size of Heap Segment3

Next Pointer

Prev Pointer

Old user data

Segment0

Segment1

Segment2

Segment3

Buffe

r Ove

rflow

Return Address

Saved FramePointer

Local variable

Local variable

Stack Frame of the current function

Higher Addresses

Stac

k Gr

owth

Examples for Code Injection Attack (2)

Related Work

Existing work on Code Injection detection can be categorized into:

• Software based• Static Technique

• Detect Vulnerability at compile time (automated static code analysis)

• Dynamic Technique• Methods to prove program behaves as expected at runtime• Software constructs to prove program behavior

• Hardware based (Usually attack specific)• Use of additional co-processor• Addition co-processor & hardware tables• Embedded Micro Monitoring - MicroInstruction routines to

perform in-line security monitoring (only partial support)

Motivation

Software ApproachHuge Code-size OverheadHigh Performance PenaltyCheck-summing is

susceptible to code injection attacks

Application Binary

InstrumentedApplication

Binary

Processor

Monitoring Hardware

External Interface

Solutions to Code Injection Attacks

• Hardware Approach– High Area Impact– Interfacing Problem– Memory/table limitations– Scalability Problems

IMPRES is a novel Hardware/Software

technique at the granularity if micro-

instructions to reduce overheads

considerably

SoftwareInstrumentation

Compile

Assemble & Link

ApplicationSource Code

Code Injection

Code InjectionDetection

IMPRESHARDWARE

Secure

IMPRES Architecture: An Overview

InstrumentedBinary

Loading

$L2:lw $3,4356($fp)addu $2,$3,4lw $3,0($2)lb $2,0($3)li $3,0x00000045beq $2,$3,$L4addu $2,$3,4lw $3,0($2)lb $2,0($3)li $3,0x00000044lw $2,4320($fp)lw $3,4320($fp)lw $2,4($2)lw $3,8($3)j $L3

$L4:li $2,0x00000001sw $2,4308($fp)lw $3,4356($fp)addu $2,$3,4lw $3,0($2)addu $16,$3,$2lb $2,0($3)j $L5

$L3:lw $3,4356($fp)addu $2,$3,4lw $3,0($2)addu $16,$3,$2lb $2,0($3)li $3,0x00000064beq $2,$3,$L7

lw $3,4356($fp)addu $2,$3,4lw $3,0($2)lb $2,0($3)li $3,0x00000045beq $2,$3,$L4

li $2,0x00000001sw $2,4308($fp)lw $3,4356($fp)addu $2,$3,4lw $3,0($2)addu $16,$3,$2lb $2,0($3)j $L5

addu $2,$3,4lw $3,0($2)lb $2,0($3)li $3,0x00000044lw $2,4320($fp)lw $2,4($2)lw $3,8($3)j $L3

lw $3,4356($fp)addu $2,$3,4lw $3,0($2)addu $16,$3,$2lb $2,0($3)li $3,0x00000064beq $2,$3,$L7

chk $0,4452($30)lw $3,4356($fp)addu $2,$3,4lw $3,0($2)lb $2,0($3)li $3,0x00000045beq $2,$3,$L4

chk $16,4521($30)li $2,0x00000001sw $2,4308($fp)lw $3,4356($fp)addu $2,$3,4lw $3,0($2)addu $16,$3,$2lb $2,0($3)j $L5

chk $16,215($0)addu $2,$3,4lw $3,0($2)lb $2,0($3)li $3,0x00000044lw $2,4320($fp)lw $2,4($2)lw $3,8($3)j $L3

chk $0,4435($30)lw $3,4356($fp)addu $2,$3,4lw $3,0($2)addu $16,$3,$2lb $2,0($3)li $3,0x00000064beq $2,$3,$L7

(a) a code segment (b) control flow graph for the code segment (c ) control flow graph with check instructions

Software Instrumentation

A special instruction (chk), with the checksum is inserted at the beginning of each logical basic block

Chk e-checksum

Inst1

Inst2

Inst3

Inst4

Inst5

CFI

Check-summing at Runtime

e-checksum

e-checksum’

Chksum1

Encrypt

= √Chksum1-2

+

Chksum1-3+

Chksum1-4+

Chksum1-5+

ChksumBB+

A Typical Basic Block

Incremental checksum

recalculation:- Does n

ot

accumulate workload to

particular p

oints in th

e

program flow

Encryption (a time

consuming task) is used

only when it is required.

Decreases overhead!

chk $0,4452($30)lw $3,4356($fp)addu $2,$3,4lw $3,0($2)lb $2,0($3)li $3,0x00000045beq $2,$3,$L4

chk #$!@% &̂*~| \ .lw $3,4356($fp)addu $2,$3,4lw $3,0($2)lb $2,0($3)li $3,0x00000045beq $2,$3,$L4

Encrypt

Untrusted Code

Secure Loading

Calculate Checksum

Encrypt

#$!% &̂*~| \ .

== chk #$!@% &̂*~| \ .lw $3,4356($fp)addu $2,$3,4lw $3,0($2)lb $2,0($3)li $3,0x00000045beq $2,$3,$L4

Y

Trusted Code

Execution

Hardware key

Code Injection Attack Detection

Static time Check-summing Load time encryption using hardware secret key Runtime encrypted check-summing and

comparison fBB flag : Set only when

Check Instructions at the beginning of BBs

and micro instruction embedded into the

machine instructions server as interface

between H/w and S/w

A code injection detector which require only a rudimentary software analysis

Instruction memory transient fault detector(Single Event Upset in the instruction memory are fully detected with small latency)

Encrypted Basic Block Check-summing for code integrity violation detection

× Will only detect code injection attacks and will NOT detect any other security threats

Contributions & Limitations

Code Integrity Violation Model

chk eChkSum

Inst-1..Inst-n

CFI

BI

nonBIs

chk eChkSum’

Inst-1..Inst-n

CFI

CFI’

Inst-1..Inst-n

CFI

nonBI-0

Inst-1..Inst-n

CFI

Undefined-0

Inst-1..Inst-n

CFI

chk eChkSum

Inst-1..Inst-n

CFI’

chk eChkSum

Inst-1..Inst-n

chk eChkSum’’

chk eChkSum

Inst-1..Inst-n

nonBI-1

chk eChkSum

Inst-1..Inst-n

Undefined-1

chk eChkSum

Inst-1'..Inst-n

CFI

chk eChkSum

chk eChkSum’’’..Inst-n

CFI

chk eChkSum

CFI’’..Inst-n

CFI

chk eChkSum

Undefined-2..Inst-n

CFI

chk eChkSum

Inst-1..Inst-n

CFI

iInst-1...iInst-x

chk eChkSum

Inst-1..Inst-n

CFI

iInst-1...…...

iInst-x

(a) Original BB (b) T01 (c) T02 (d) T03 (e) T04

(f) T05 (g) T06 (h) T07 (i) T08 (j) T09

(k) T10 (l) T11 (m) T12 (n) T13 (o) T14

Code Integrity Violation Model (2)

chk eChkSum

Inst-1'..Inst-n’

CFI

chk eChkSum

Inst-1..Inst-n

CFI

iInst-1...iInst-x

chk eChkSum’’’

Inst-1..Inst-n

CFI’’’

(a) D1 (b) D2 (c) D3

The model in the previous slide covers all the possible cases

All the combinations other than those presented in the previous slide are duplicates/subsets

Some duplicates are depicted below (D1 ε T01, D2 ε T09 and D3 ε T14)

Integrity Violation DetectionType Original Changed Error Signal

T01 chk checksum SIGCKSM

T02 chk CFI SIGCKSM

T03 chk nonBI SIGCKSM

T04 chk undefined SIGSYSM

T05 CFI another CFI SIGCKSM

T06 CFI chk SIGNCFI

T07 CFI nonBI SIGNCFI

T08 CFI undefined SIGSYSM

T09 nonBI nonBI SIGCKSM

T10 nonBI chk SIGNCFI

T11 nonBI CFI SIGCKSM

T12 nonBI undefined SIGSYSM

T13 chk & nonBIs any insts. SIG(CKSM/NCFI)

T14 whole BB any insts. SIG(CKSM/NCFI)

Encryption Hardware

INPUT

P

L 0R

0

L 1R

1

f

KEY

OUTPUT

KEY

INPUT

OUTPUT

CLK

EorD DS

RESET

L15

R15

Round: 1

Roun

ds: 2-1

6

(a) DES56 Core (b) DES56 Algorithm

RDY

64

64

64

0 1 2 3 15 16 17 18

CLK

RESET

DS

KEY

INPUT

OUTPUT

RDY

The encryption is performed in parallel to the pipeline. A single encryption takes 18 clock cycles with a clock period 20x smaller than that of the processor.

Design Flow

Select Functional Units

Resource Pool

Generate Hardware

IMPRESProcessor

ASIP Design Tool

ISA of the target architecture

Micro-instructions for

the ISA

Integrate DES56 Core

Source

Compiler Front End

Identify BBSource.s

Insert Checksum Assemble and Link

iBinaryParserCalculate Checksum

(a) Software Instrumentation

(b) IMPRES Hardware Model

Evaluation

ModelSim® Hardware Simulator

Synopsys® Design Compiler

Clock Cycle Count

Clock Period & Area

Fault Injector

iBinaryIMPRES

VerifiedHardware Model

SimpleScalar® Instruction-set

Simulator

SIGCKSM SIGNCFI SIGSYSM

Modified SimpleScalar®

Simulator

SIGCHSM - Encrypted Checksum mismatch

SIGNCFI - No Control Flow Instruction

SIGSYSM - System Error

0.00

0.50

1.00

1.50

2.00

2.50

Applications

Exec

utio

n Ti

me

(s)

Ordinary IMPRES

Performance Overhead

Average performance overhead is

Blowfish benchmark

performs better…

Why?

Hardware and Memory Overheads

0

500

1000

1500

2000

2500

3000

3500

adpcm.encode adpcm.decode blow fish.encrypt blow fish.decrypt crc32.checksum

Applications

Co

de S

ize (

lin

es)

Ordinary

IMPRES

  

Clock Period(ns)

Area(gates)

Leakage Power (10-6 watt)

Ordinary H/W 16.84 227077 478

IMPRES H/W 16.85 229143 483

Overhead (%) 0.06% 0.91% 1.05%

0

2000

4000

6000

8000

10000

12000

Applications

Nu

mb

er

of

Fa

ult

s

Not Act.

System

CKSM

NCFI

Total

Fault Injection Analysis

Error Detection LatencyType Activated At Detected At (/bbsize)

T01 1 bbsize bbsize-1 1

T02 1 1 0 1

T03 1 1 0 1

T04 1 1 0 1

T05 bbsize bbsize 0 1

T06 bbsize bbsize 0 1

T07 bbsize bbsize+1 1 1

T08 bbsize bbsize 0 1

T09 bbsize/2 bbsize bbsize/2 bbsize-2

T10 bbsize/2 bbsize/2 0 bbsize-2

T11 bbsize/2 bbsize/2 0 bbsize-2

T12 bbsize/2 bbsize/2 0 bbsize-2

24/12/)*)(12

01

bbsizexxT

Tx

Average Error Detection Latency =

12

01

12/)(*)T

Tx

xx

Summary and Conclusions

Code Injection Attacks are still Real IMPRES provides a low cost rudimentary solution to code

injection attacks IMPRES’s overheads and detection latency are minimum

THANK YOU!