Software-based Integrity Protection Flashcards
What is the definition of a MATE attacker?
MATE refers to a class of the attackers whose access extends to the environment on which software is being executed, thus they can tamper with the program’s logic, interfere with their execution, extract and manipulate their sensitive data.
What are pre and post distribution elements of an integrity protection system?
pre distribution:
- compute invariants
post distribution
- monitor
- detect
- respond
- secure storage
how does software based integrity protection realize the elements of an integrity protection system?
- Protection operations need to be shipped into the desired program
- Such operations need to be obfuscated to resist against potential attacks
how does hardware based integrity protection realize the elements of an integrity protection system?
- A dedicated security hardware module undertakes protection operations
- operation integrity is guaranteed (hardened)
- dedicated security utilities such as cryptographic operations, secure data provisioning, remote attestation are provided
- users can implement own desired operations atop the hardware
What are pros and cons of software based integrity protection?
pros:
- applicable almost to any problem context
- no dependency to hardware
cons:
- hard to implement and deploy
- hard to quantify security
- secure until broken
What are pros and cons of hardware based integrity protection?
pros:
- easier to deploy
- offer an acceptable security
cons:
- hardware needed
- vendor lock-in
- side-channel attacks
- special equipment can bypass
Describe Chang and Atallah’s Self-Checksumming Scheme
Idea: Augment the program with functions that compute hashes over code regions to compare to expected values
Hardening 1: Construct a network of checkers and responders so that checkers check each other and responders repair tampered regions (or provide some kind of reaction)
Hardening 2: Hide hash numbers so they won’t give away the location of checkers, blend the response mechanism with the program logic
What are cyclic checkers and how are they set up?
- checkers check themselves in a cycle
- challenge: precomputing hash values in cycles
- solution: utilize place holder patching to close the cycle
Describe an attack on Chang and Atallah’s Self-Checksumming scheme + possible countermeasures
- Use pattern matching to detect checker
- Patch conditions
- Precompute jumps (hardening 2!)
Countermeasures: obfuscation, cyclic checking
Describe the “generic attack against self-hashing algorithms”
- Copy program P to P_orig
- Modify P as desired to a hacked version P’
- Modify the kernel such that data reads are directed to P_orig, instruction reads to P’ (Split TLB attack: I-TLB, D-TLB)
Describe a countermeasure against the “generic attack against self-hashing algorithms”
Self-modifying code: If the fetch and read memories are disjoint, the unmodified code will be executed! -> “Self modification guards”
Describe another generic attack on self-checksumming protections
Guards follow a predictable routine:
- instantiate hash variable
- self read and modify hash variable
- branch condition on hash value
Use a combination of backward and forward taint analysis to detect SC guards:
- backward taint: code read/written by instruction? locate source
- forward taint: locate usages in instruction operands
What are pros and cons of self-checksumming techniques?
pros:
- potentially 100% coverage
cons:
- architecture dependent
- memory split attack
- taint-based attack
- pattern matching attacks
What is the idea behind State inspection?
Check the integrity of computation instead of code (-> self-checksumming)
What are some parts of program state that have been used for state inspection?
- function return values
- stack trace
- hardware performance counters
- execution trace hash
How does Stlns4CS work?
- Instantiate target class
- Invoke method
- Check result against known value
- Cycles in checking and execution by checking if a particular function is already in the stack trace before executing a check
How does protection against changeware by stack trace verification work?
- check stack traces at given points in program
- only allow legitimate stack traces
How does protection based on hardware performance counters work?
phase1
- capture HPC profiling information
- detect equations and hidden relations using Eurequa
- inject verifiers with a threshold
phase2
- collect runtime information
- evaluate equations
- respond
What is the idea of oblivious hashing?
Verify integrity of computation by hashing execution traces (instruction sequence + memory references)
What is a major limitation of oblivious hashing?
It only works for input independent computations
What are data dependent instructions (DDI)?
Instructions where at least one operand depends on input data
What are control flow dependent instructions (CFDI)?
Instructions where the condition leading to a branch the instruction resides in depends on input data
What are data independent instructions (DII)?
Instructions that are control flow dependent (CFDI) but not data dependent (DDI)
What is the idea behind short range oblivious hashing (SROH)?
Extend OH to protect data independent instructions (DII):
Some blocks in a CFG are executed if and only if a sequence of mutually adjacent blocks have been executed before - and these form a path.
-> protect data independent instructions in those paths
Intuition: if some block was executed, which predecessor block(s) must have been executed as well?
- > we introduce one hash variable for each fo these paths
- instantiate variable at start of path
- verify at end of path
How can we compose the two different type of software integrity protections?
SC guards are data-independent hence either OH or SROH can protect them
- > protect SC guards with OH / SROH
- > protect rest with SC
What is the motivation behind VirtSC?
SC has problems:
- awkwardness of installing, patching placeholders (architecture dependent, hinders obfuscation, limits other protections)
- awkwardness of self-modifying code
How does VirtSC work? What are the benefits?
Compose Virtualization obfuscation and SC
- improved composability with other protections
- no self-modifying code -> better stealth
