Architecture Support for Dynamic Integrity Checking

Kanuparthi, Arun K.; Zahran, Mohamed; Karri, Ramesh

doi:10.1109/tifs.2011.2166960

Cited by 17 publications

(12 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Table I shows the memory requirement for different benchmarks. The results show that our method has relatively lower memory overhead than REM [12] and DIC techniques [17], while they were performing integrity checking. The largest benchmark 403.gcc requires around 209 KB for storing BBs.…”

Section: B Experimental Resultsmentioning

confidence: 92%

Reconfigurable Dynamic Trusted Platform Module for Control Flow Checking

Das

Zhang

Liu

2014

2014 IEEE Computer Society Annual Symposium on VLSI

View full text Add to dashboard Cite

Trusted Platform Module (TPM) has gained its popularity in computing systems as a hardware security approach. TPM provides the boot time security by verifying the platform integrity including hardware and software. However, once the software is loaded, TPM can no longer protect the software execution. In this work, we propose a dynamic TPM design, which performs control flow checking to protect the program from runtime attacks. The control flow checker is integrated at the commit stage of the processor pipeline. The control flow of program is verified to defend the attacks such as stack smashing using buffer overflow and code reuse. We implement the proposed dynamic TPM design in FPGA to achieve high performance, low cost and flexibility for easy functionality upgrade based on FPGA. In our design, neither the source code nor the Instruction Set Architecture (ISA) needs to be changed. The benchmark simulations demonstrate less than 1% of performance penalty on the processor, and an effective software protection from the attacks.

show abstract

Section: B Experimental Resultsmentioning

confidence: 92%

Reconfigurable Dynamic Trusted Platform Module for Control Flow Checking

Das

Zhang

Liu

2014

2014 IEEE Computer Society Annual Symposium on VLSI

View full text Add to dashboard Cite

show abstract

“…The TPM is the root of trust for a computing system. It manages the three roots of trust that lie at the core of a trusted platform: (i) A root of trust for measurement (RTM) to measure the platform integrity; (ii) a root of trust for storage (RTS) to securely store different integrity measurements, secrets, and keys; and (iii) a root of trust for reporting (RTR) that reliably and securely reports the platform information stored in the RTS [4]. The TPM stores secret keys, passwords, and digital certificates in its secure internal storage protecting them from software and physical attacks.…”

Section: Secure Bootmentioning

confidence: 99%

“…A cryptographic hash value of the platform configuration is calculated and compared against the precomputed hash value of the platform. Access to the platform is denied if the integrity check fails [4]. This is the beginning of the "chain-of-trust" for software modules that are subsequently initiated.…”

Section: Secure Bootmentioning

confidence: 99%

“…For example, existing TPM architectures do not support runtime integrity checking and this allows attackers to exploit vulnerabilities to modify the program after it has been verified (at time of check or TOC) but before the time of its use (at time of use or TOU) to trigger unintended program behavior, such as the execution of malicious code or the leaking of sensitive data [4]. Since Iot devices are designed to run continuously, barring power outages or other unpredictable events, code may be compromised at run time through a vulnerability and never be discovered.…”

Section: Runtime Integritymentioning

confidence: 99%

See 1 more Smart Citation

Ensuring Software Integrity in IoT Devices

Echard¹

2017

J Inform Tech Softw Eng

View full text Add to dashboard Cite

This paper will review the available literature covering topics relevant to ensuring software integrity of the boot image and running code in networked devices. The paper will focus on hardware devices defined as IoT (Internet of Things) in the consumer space. Software-only (virtual) devices will also be discussed. Topics reviewed will include trusted anchor concepts and technologies, chain of trust and validation of code integrity, as well as the technologies which support them, such as PKI (public key infrastructure), secure storage and mutable and immutable identities.

show abstract

“…These include software-based control flow integrity techniques such as [4], [5], [6], [7], [8], and hardware-based techniques such as [2], [9], [10], [11], [12], [13], [14]. However, these approaches either do not protect against CRAs or suffer from high performance overheads.…”

Section: Introductionmentioning

confidence: 99%

Controlling your control flow graph

Kanuparthi

Rajendran²,

Karri

2016

2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

Self Cite

View full text Add to dashboard Cite

Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.

show abstract

Architecture Support for Dynamic Integrity Checking

Cited by 17 publications

References 27 publications

Reconfigurable Dynamic Trusted Platform Module for Control Flow Checking

Reconfigurable Dynamic Trusted Platform Module for Control Flow Checking

Ensuring Software Integrity in IoT Devices

Controlling your control flow graph

Contact Info

Product

Resources

About