SlideShare a Scribd company logo

2010.hari_kannan.phd_thesis.slides.pdf

A
AlexKarasulu1

The document describes a hardware-assisted approach called Dynamic Information Flow Tracking (DIFT) to provide practical and efficient software security. A flexible hardware design is proposed that works with unmodified binaries to track tainted data from untrusted sources and check for unsafe uses. A key idea is to offload DIFT operations to a separate coprocessor to minimize changes to the main processor core while providing robust, flexible and practical end-to-end security with low overhead. System calls are used as synchronization points between the main core and DIFT coprocessor to prevent exploits while maintaining the DIFT security model. Experiments show the approach can detect various attacks without false positives in real-world applications and unmodified binaries.

Engineering
1 of 56
Download to read offline
Building Hardware Systems for Information Flow Tracking Hari Kannan Computer Systems Laboratory Stanford University
The Computer Security Crisis More systems are online, vulnerable Banking, Power, Water, Government Threats have multiplied XSS, SQL Injection, Phishing, ... Old challenges remain Buffer overflows, broken access control 2
A Blast from the Past? 3
Wave of the Future? 4 Source: cyberinsecure.com
Motivation Security research Provide simple practical abstractions for expressing and enforcing security policies The resulting system must be Robust: protects against wide range of threats Flexible: can be adjusted for future threats Practical: works with all types of existing SW End-to-end: protects both user and kernelspace code Fast: no significant runtime overheads 5
Why Hardware Support? Advantages of HW support Better performance Fine-granularity protection Lowest level of the system stack Difficult to bypass, can build upon its guarantees Simplify the SW security framework Our focus: combine the best of HW + SW HW: low-level operations and enforcement SW: high-level policies and analysis 6
DIFT: Dynamic Information Flow Tracking DIFT taints data from untrusted sources Extra tag bit per word marks if untrusted Propagate taint during program execution Operations with tainted data produce tainted results Check for unsafe uses of tainted data Tainted code execution Tainted pointer dereference (code data) Tainted SQL command Can detect both low-level high-level threats 7
Thesis Overview Design practical hardware systems implementing Dynamic Information Flow Tracking (DIFT) for software security Thesis contributions Co-developed a flexible hardware design for efficient, practical DIFT on binaries Including a real full-system prototype (HW+SW) Developed hardware mechanisms for DIFT to allow for practical, cost-effective implementation Implemented a DIFT coprocessor (real full-system prototype) Developed a mechanism for safe DIFT on multi-threaded binaries Leveraged DIFT mechanisms and co-developed a flexible hardware design for information flow control Hardware directly enforces application security policies Allows for significant reduction in size of OS’ trusted computing base Including a real full-system prototype (HW+SW) 8
Outline DIFT overview Raksha: hardware support for DIFT [WDDD’06, ISCA’07] Flexible HW design for efficient, practical DIFT on binaries Decoupling DIFT from the processor [DSN’09] Using a coprocessor to minimize changes to the main core Multi-processor DIFT [MICRO’09] Ensuring consistency between data and metadata under decoupling Loki: hardware support for information flow control [OSDI’08] Enforcement of app security policies with minimal trusted code 9
r1:input+1020 r2:0 r3: buf+1024 retaddr: safe Data T DIFT Example: Memory Corruption Tainted pointer dereference security trap char buf[1024]; strcpy(buf,input);//buffer overflow Vulnerable C Code r1 r1 + 4 load r2 M[r1] store M[r3] r2 jmp M[retaddr] retaddr: bad r1: input+1024 r2: bad TRAP 10
DIFT Example: SQL Injection Vulnerable SQL Code Username: christos’ OR ‘1’=‘1 SELECT * FROM table WHERE name= ‘christos’ OR ‘1’=‘1’ ; Data T WHERE name= username OR 1=1 christos TRAP SELECT * FROM table WHERE name= ‘username’; Password: Tainted SQL command security trap 11
Implementing DIFT on Binaries Software DIFT [Newsome’05, Quin’06] Use Dynamic Binary Translation (DBT) to implement DIFT Runs on existing hardware, flexible security policies High overheads (3–40x), incompatible with threaded or self- modifying code, limited to a single core Hardware DIFT [Suh’04, Crandall’04, Chen’05] Modify CPU caches, registers, memory consistency, DRAM Negligible overhead, works for all types of binaries, multi-core Inflexible policies (false positives/negatives), cannot protect OS Best of both worlds HW for tag propagation and checks SW for policy management and high-level analysis Robust, flexible, practical, end-to-end, and fast 12
Outline DIFT overview Raksha: hardware support for DIFT [WDDD’06, ISCA’07] Flexible HW design for efficient, practical DIFT on binaries Decoupling DIFT from the processor [DSN’09] Using a coprocessor to minimize changes to the main core Multi-processor DIFT [MICRO’09] Ensuring consistency between data and metadata under decoupling Loki: hardware support for information flow control [OSDI’08] Enforcement of app security policies with minimal trusted code 13
Raksha System Overview HW Architecture Tags Operating System Tag Aware App Binary 4 tag bits per word Programmable check/propagate User-level security traps App Binary Security Manager User 1 User 2 Save/restore tags Cross-process info flow Set HW security policies Further SW analysis Unmodified binaries App Binary User 3 14
HW/SW Interface for DIFT Policies A pair of policy registers per tag bit Set by security manager (SW) when and as needed Policy granularity: operation type Select input operands to be checked for taint Select input operands that propagate taint to output Select the propagation mode (and, or, xor) ISA instructions decomposed to 1 operations Types: ALU, comparison, insn fetch, data movement, … Makes policies independent of ISA packaging Same HW policies for both RISC CISC ISAs Don’t care how operations are packaged into ISA insns 15
Propagate Policy Example: load load r2 M[r1+offset] Propagate Enables 1.Propagate only from source register Tag(r2) Tag(r1) 2.Propagate only from source address Tag(r2) Tag(M[r1+offset]) 3.Propagate only from both sources OR mode: Tag(r2) Tag(r1) | Tag(M[r1+offset]) AND mode: Tag(r2) Tag(r1) Tag(M[r1+offset]) XOR mode: Tag(r2) Tag(r1) ^ Tag(M[r1+offset]) load r2 M[r1+offset] load r2 M[r1+offset] load r2 M[r1+offset] 16
Check Policy Example: load load r2 M[r1+offset] Check Enables 1.Check source register If Tag(r1)==1 then security_trap 2.Check source address If Tag(M[r1+offset])==1 then security_trap Both enables may be set simultaneously Support for checks across multiple tag bits load r2 M[r1+offset] load r2 M[r1+offset] 17
Raksha Hardware Policy Decode Tag ALU Tag Check Decode D-Cache RegFile ALU I-Cache Traps W B 18 Registers, caches memory extended with tag bits 4 tag bits per word of memory Tags flow through pipeline along with corresponding data No changes in forwarding logic
Tag Storage Simple approach: +4 bits/word in registers, caches, memory 12.5% storage overhead Used in our original prototype Multi-granular tag storage scheme Exploit tag locality to reduce storage overhead (~1-2%) Page-level tags cache line-level tags word-level tags Page 1 Page 2 Memory Page Table Entry 1 Entry 2 Entry 3 Entry 4 Cache Line 1 Line 2 Line 3 Line 4 Tag Page Tag Cache Fine C C C C F 19
Raksha Prototype Hardware Modified SPARC V8 CPU (LEON-3) Mapped to FPGA board Software Full-featured Gentoo Linux workstation Used with 14k packages (LAMP, etc) Design statistics Clock frequency: same as original Logic: +4.3% overhead Performance: 1% slowdown Across a wide range of applications SW DIFT is 3-40x slowdown GR-CPCI-XC2V Leon-3 @40MH z 512MB DRAM Ethernet AoE Ethernet AoE Leon-3 @65MHz 512MB DRAM 20
Security Policies Overview 21 P Bit T Bit B Bit S Bit Buffer Overflow Policy Identify all pointers, and track data taint. Check for illegal tainted ptr use. Y Y Offset-based attacks (control ptr) Track data taint, and bounds check to validate. Y Format String Policy Check tainted args to print commands. Y Y SQL/XSS Check tainted commands. Y Y Red zone Policy Sandbox heap data. Y Sandboxing Policy Protect the security handler. Y
Security Experiments Unmodified SPARC binaries from real-world programs Basic/net utilities, servers, web apps, search engine 22 Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted ‘%n’ in vfprintf string SUS C Format String Tainted ‘%n’ in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr OpenSSH C Command Injection Execve tainted file ProFTPD C SQL Injection Tainted SQL command htdig C++ Cross-site Scripting Tainted script tag Scry PHP Cross-site Scripting Tainted script tag
Security Experiments Protection is independent of programming language Propagation checks at the level of basic ops 23 Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted ‘%n’ in vfprintf string SUS C Format String Tainted ‘%n’ in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr OpenSSH C Command Injection Execve tainted file ProFTPD C SQL Injection Tainted SQL command htdig C++ Cross-site Scripting Tainted script tag Scry PHP Cross-site Scripting Tainted script tag
Security Experiments Protection against low-level memory corruptions Both control non-control data attacks 24 Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted ‘%n’ in vfprintf string SUS C Format String Tainted ‘%n’ in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr OpenSSH C Command Injection Execve tainted file ProFTPD C SQL Injection Tainted SQL command htdig C++ Cross-site Scripting Tainted script tag Scry PHP Cross-site Scripting Tainted script tag
Security Experiments 1st hardware DIFT system to detect high-level attacks No false positives observed 25 Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted ‘%n’ in vfprintf string SUS C Format String Tainted ‘%n’ in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr OpenSSH C Command Injection Execve tainted file ProFTPD C SQL Injection Tainted SQL command htdig C++ Cross-site Scripting Tainted script tag Scry PHP Cross-site Scripting Tainted script tag
Outline DIFT overview Raksha: hardware support for DIFT [WDDD’06, ISCA’07] Flexible HW design for efficient, practical DIFT on binaries Decoupling DIFT from the processor [DSN’09] Using a coprocessor to minimize changes to the main core Multi-processor DIFT [MICRO’09] Ensuring consistency between data and metadata under decoupling Loki: hardware support for information flow control [OSDI’08] Enforcement of app security policies with minimal trusted code 26
HW Option 1: In-core DIFT Policy Decode Tag ALU Tag Check Decode D-Cache RegFile ALU I-Cache Traps W B 27 Integrated DIFT hardware [Dalton’07, Suh’04, Chen’05] No performance, minor power, and minor area overhead Invasive changes to processor High design and validation costs Synchronizes metadata and data per instruction
Core 1 (App) HW Option 2: Offloading DIFT Capture Trace Log buffer (L2 cache) 28 Core 2 (DIFT) Analyze Trace SW DIFT on modified multi-core chip (e.g., CMU’s LBA) Flexible support for various analyses Large area power overhead (2nd core, trace compress) Large performance overhead (DBT, memory traffic) Significant changes to processor memory hierarchy General Purpose Core General Purpose Core
Our Proposal: DIFT Coprocessor 29 Off-core DIFT coprocessor (similar to watchdog processors) Small performance, power, and area overhead Minor changes to processor Reuse across processor designs L2 Cache Cache Main Core Tag Cache Tag Core Instructions Exceptions DIFT Coprocessor General Purpose Core
r1:0 r2:idx r3:buffer r4:0 Data T r5:x What happens without Proc/Coproc Synchronization? int idx = tainted_input; buffer[idx] = x; // memory corruption Vulnerable C Code set r1 tainted_input load r2 M[r1] add r4 r2 + r3 store M[r4] r5 r4:buffer+idx r1:input r2:idx=input EXPLOIT 30 … exec (sys call) Attacker executes system call system compromise SYSTEM COMPROMISE
System Calls as Sync points Key Idea: Main core and coproc sync at system calls Security: This prevents attacker from executing system calls Application’s corrupted address space can be discarded Does not weaken the DIFT model DIFT detects attack only at time of exploit, not corruption Performance: Synchronization overhead typically tens of cycles Function of decoupling queue size Lost in the noise of system call overheads (hundreds of cycles) 31
r1:0 r2:idx r3:buffer r4:0 Data T r5:x System Call Synchronization int idx = tainted_input; buffer[idx] = x; // memory corruption Vulnerable C Code set r1 tainted_input load r2 M[r1] add r4 r2 + r3 store M[r4] r5 r4:buffer+idx r1:input r2:idx=input TRAP 32 … exec (sys call) STALL Tainted pointer dereference security exception
Coprocessor Design DIFT functionality in a coprocessor 4 tag bits of metadata per word of data Coprocessor Interface (via decoupling queue) Pass committed instruction information Instruction encoding could be at micro-op granularity (in x86) Physical address obviates need for MMU in coprocessor Processor Core I Cache D Cache Policy Decode Tag ALU Tag Check Tag Cache Tag RF W B DIFT Coprocessor PC Inst Encoding Physical Address Security exception L2 Cache 33 Decoupling queue Stall
Prototype Leon-3 @40MH z 512MB DRAM Ethernet AoE Ethernet AoE Leon-3 @65MHz 512MB DRAM 34 Hardware Paired with simple SPARC V8 core (Leon-3) Mapped to FPGA board Software Fully-featured Linux 2.6 Design statistics Clock frequency: same as original Logic: +7.5% overhead … of simple in-order core with no speculation Security Catches same attacks as Raksha No false positives or negatives
System Performance Overheads Runtime overhead 1% over SPEC benchmarks 512 byte tag cache 6-entry decoupling queue 35 0.00% 0.20% 0.40% 0.60% 0.80% 1.00% gzip gap vpr gcc mcf crafty parser vortex bzip2 twolf Runtime Overhead (%)
Coprocessors for complex cores Modest overheads with higher IPC cores Because main core rarely achieves peak IPC (=1) Coprocessor performs very simple operations Implies coprocessor can be paired with complex cores36 0.9 0.95 1 1.05 1.1 1.15 1.2 1 1.5 2 Relative Overhead Ratio of main core's clock to coprocessor's clock gzip gcc twolf
Outline DIFT overview Raksha: hardware support for DIFT [WDDD’06, ISCA’07] Flexible HW design for efficient, practical DIFT on binaries Decoupling DIFT from the processor [DSN’09] Using a coprocessor to minimize changes to the main core Multi-processor DIFT [MICRO’09] Ensuring consistency between data and metadata under decoupling Loki: hardware support for information flow control [OSDI’08] Enforcement of app security policies with minimal trusted code 37
The Consistency Problem Proc 1 Proc 2 Tag Proc 1 Tag Proc 2 38 1 4 3 2 u = t x = u tag(x) = tag(u) tag(u) = tag(t) Inconsistency between data and metadata (x updated first) Decoupling metadata breaks atomicity between data/tags Leads to consistency issues in multiprocessors Can cause false positives/negatives Spurious detections/miss real attacks
Fundamental Idea Keep track of data coherence requests Provides log of memory races between threads Enforce same ordering on metadata Core A requests data from Core B Tag Core A requests metadata from Tag Core B Intervening accesses delayed for consistency Ensures atomic view of (data, metadata) Replaying memory ordering ensures consistency 39
Consistency Mechanism 40 App Core Metadata Core Inflight Ops Memory Interconnect $ $ PTRT PTAT Every instruction associated with unique ID Inflight Operations Maintains information about the instruction in flight Similar to decoupling queue for DIFT coprocessor
Consistency Mechanism 41 App Core Metadata Core Inflight Ops Memory Interconnect $ $ PTRT PTAT PTRT = Pending Tag Request Table Logs app core’s coherence requests Metadata core indexes PTRT by instruction ID Directs metadata request to associated core
Consistency Mechanism 42 App Core Metadata Core Inflight Ops Memory Interconnect $ $ PTRT PTAT PTAT = Pending Tag Acknowledgement Table Logs last instruction ID to update data value On corresponding metadata request Check if insn tag processing complete before replying
Consistency Protocol 43 PTRT ID=1, Delay = 1 AC1 MC1 Inflight ID 1 IC ID=5 AC2 MC2 Inflight ID 5 PTAT (a) Update PTAT of responder and PTRT of requestor
Consistency Protocol 44 PTRT ID=1, Delay = 0 AC1 MC1 Inflight ---- IC ID=5 AC2 MC2 Inflight ID 5 PTAT (b) Reset delay bit in PTAT of responder
Consistency Protocol 45 PTRT ID=1, Delay = 0 AC1 MC1 Inflight ---- IC ID=5 AC2 MC2 Inflight ---- PTAT (c) Issue metadata request, receive response OK
Consistency Protocol 46 PTRT ID=1, Delay = 1 AC1 MC1 Inflight ID 1 IC ID=5 AC2 MC2 Inflight ---- PTAT (d) Early metadata request NACKed NACK
Set of FIFOs: PTAT maintains a FIFO for every address Versioning: Reqs served out of order. PTAT stores tag value System Performance Overheads 47 Different configurations for PTAT: FIFO: Metadata requests serviced in same order as data
Worst-case Overheads 48 0% 1% 2% 3% 4% 5% 6% 7% 8% FIFO Set of FIFOs Version Mgmt Performance overheads 7% with 32 processors Even simple FIFO design has good performance
0% 1% 2% 3% 4% Normal Noise Normal Noise Normal Noise Normal Noise Normal Noise 1 5 10 25 50 Scaling of HW tables (gap=20) PTAT stalls PTRT stalls Runtime overhead Scaling the Hardware Tables 49 Worst-case lock contention micro-benchmark Simulates the coprocessor environment
Scaling the Hardware Tables 50 Worst-case lock contention micro-benchmark Simulates the log-based architecture environment Scaling of HW tables (gap=100) PTAT stalls PTRT stalls Runtime overhead
Outline DIFT overview Raksha: hardware support for DIFT [WDDD’06, ISCA’07] Flexible HW design for efficient, practical DIFT on binaries Decoupling DIFT from the processor [DSN’09] Using a coprocessor to minimize changes to the main core Multi-processor DIFT [MICRO’09] Ensuring consistency between data and metadata under decoupling Loki: hardware support for information flow control [OSDI’08] Enforcement of app security policies with minimal trusted code 51
Dynamic Information Flow Control Single abstraction across all system layers Security policies as restrictions on data movement Basic idea Every object is marked with a label On accesses, look up label to get a R/W/X permission Building upon flow control App policy expressed using labels directly Labels describe protection domains with flexible sharing 52
Loki: HW Support for Info Control Loki implements tagged memory Each word of physical memory associated with a 32-bit tag Tags map to access permissions (R/W/X) for protection domain Fine-grained access control Simplifies security enforcement SW manages tags, but HW enforces security policies Helps maintain security in face of compromised OS Ties security policies to physical resources Physical resource policies avoid ambiguity Allows for a smaller TCB Reduced the TCB of HiStar by over a factor of two 53
Conclusion Hardware DIFT is a promising security solution Prevents HL/LL attacks, is fast, does not need src code Co-developed Raksha, a flexible hardware design for efficient, practical DIFT on binaries DIFT coprocessor to minimize changes to main core/cache Mechanism for safe DIFT on multithreaded binaries Including real full-system prototypes (HW+SW) Extended hardware DIFT techniques to implement information flow control Allows for significant reduction in size of OS’ TCB 54
Bibliography Deconstructing Hardware Architectures for Security, Michael Dalton, Hari Kannan, Christos Kozyrakis. 5th Annual Workshop on Duplicating, Deconstructing, and Debunking (WDDD) at ISCA, Boston, MA, June 2006. Raksha: A Flexible Information Flow Architecture for Software Security, Michael Dalton, Hari Kannan, Christos Kozyrakis. Proceedings of the 34th Intl. Symposium on Computer Architecture (ISCA), San Diego, CA, June 2007. Raksha: A Flexible Architecture for Software Security, Hari Kannan, Michael Dalton, Christos Kozyrakis. Technical Record of the 19th Hot Chips Symposium, Palo Alto, CA, August 2007. Thread-Safe Dynamic Binary Translation Using Transactional Memory, JaeWoong Chung, Michael Dalton, Hari Kannan, Christos Kozyrakis. Proceedings of the 14th Intl. Symposium on High-Performance Computer Architecture (HPCA), Salt Lake City, UT, February 2008. 55
Bibliography cont’d Real-World Buffer Overflow Protection for Userspace and Kernelspace, Michael Dalton, Hari Kannan, Christos Kozyrakis. Proceedings of the 17th Usenix Security Symposium, San Jose, CA, July 2008. Hardware Enforcement of Application Security Policies, Nickolai Zeldovich, Hari Kannan, Michael Dalton, Christos Kozyrakis. Proceedings of the 8th Usenix Symposium on Operating Systems Design Implementation (OSDI), San Diego, CA, December 2008. Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor, Hari Kannan, Michael Dalton, Christos Kozyrakis. Proceedings of the 39th Intl. Conference on Dependable Systems and Networks (DSN), Estoril, Portugal, June 2009. “Ordering Decoupled Metadata Accesses in Multiprocessors, Hari Kannan, Proceedings of the 42nd Intl. Symposium on Microarchitecture (MICRO), New York City, NY, December 2009. 56

Recommended

Resume_Appaji
Resume_AppajiResume_Appaji
Resume_AppajiAppaji K
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blockerakila_mano
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...Asma Swapna
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System zShawn Wells
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxssuser20fcbe
 

Recommended

Resume_Appaji
Resume_AppajiResume_Appaji
Resume_AppajiAppaji K
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blockerakila_mano
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...Asma Swapna
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System zShawn Wells
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxssuser20fcbe
 
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentMulti-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentIRJET Journal
 
Build Security into the Software with Sparrow
Build Security into the Software with SparrowBuild Security into the Software with Sparrow
Build Security into the Software with SparrowJason Sohn
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
SOHIL_RM (1).pptx
SOHIL_RM (1).pptxSOHIL_RM (1).pptx
SOHIL_RM (1).pptxSanketPatel295815
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Day4
Day4Day4
Day4Jai4uk
 
Websecurity
Websecurity Websecurity
Websecurity Merve Bilgen
 
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET Journal
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Enabling data integrity protection in regenerating coding-based cloud storage...
Enabling data integrity protection in regenerating coding-based cloud storage...Enabling data integrity protection in regenerating coding-based cloud storage...
Enabling data integrity protection in regenerating coding-based cloud storage...Papitha Velumani
 
Security Operations
Security OperationsSecurity Operations
Security Operationsankitmehta21
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...DevOps.com
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...DevOps for Enterprise Systems
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Deborah Schalm
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
 
RAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRazorpoint Security
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsUlf Mattsson
 
Software update for embedded systems
Software update for embedded systemsSoftware update for embedded systems
Software update for embedded systemsSZ Lin
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 

More Related Content

Similar to 2010.hari_kannan.phd_thesis.slides.pdf

Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentMulti-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentIRJET Journal
 
Build Security into the Software with Sparrow
Build Security into the Software with SparrowBuild Security into the Software with Sparrow
Build Security into the Software with SparrowJason Sohn
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET Journal
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Enabling data integrity protection in regenerating coding-based cloud storage...
Enabling data integrity protection in regenerating coding-based cloud storage...Enabling data integrity protection in regenerating coding-based cloud storage...
Enabling data integrity protection in regenerating coding-based cloud storage...Papitha Velumani
 
Security Operations
Security OperationsSecurity Operations
Security Operationsankitmehta21
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...DevOps.com
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...DevOps for Enterprise Systems
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Deborah Schalm
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsUlf Mattsson
 
Software update for embedded systems
Software update for embedded systemsSoftware update for embedded systems
Software update for embedded systemsSZ Lin
 

Similar to 2010.hari_kannan.phd_thesis.slides.pdf (20)

Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentMulti-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
 
Build Security into the Software with Sparrow
Build Security into the Software with SparrowBuild Security into the Software with Sparrow
Build Security into the Software with Sparrow
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
SOHIL_RM (1).pptx
SOHIL_RM (1).pptxSOHIL_RM (1).pptx
SOHIL_RM (1).pptx
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Day4
Day4Day4
Day4
 
Websecurity
Websecurity Websecurity
Websecurity
 
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
Enabling data integrity protection in regenerating coding-based cloud storage...
Enabling data integrity protection in regenerating coding-based cloud storage...Enabling data integrity protection in regenerating coding-based cloud storage...
Enabling data integrity protection in regenerating coding-based cloud storage...
 
Security Operations
Security OperationsSecurity Operations
Security Operations
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)
 
RAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARY
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOps
 
Software update for embedded systems
Software update for embedded systemsSoftware update for embedded systems
Software update for embedded systems
 

Recently uploaded

HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2RajaP95
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 

Recently uploaded (20)

HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 

2010.hari_kannan.phd_thesis.slides.pdf

  • 1. Building Hardware Systems for Information Flow Tracking Hari Kannan Computer Systems Laboratory Stanford University
  • 2. The Computer Security Crisis More systems are online, vulnerable Banking, Power, Water, Government Threats have multiplied XSS, SQL Injection, Phishing, ... Old challenges remain Buffer overflows, broken access control 2
  • 3. A Blast from the Past? 3
  • 4. Wave of the Future? 4 Source: cyberinsecure.com
  • 5. Motivation Security research Provide simple practical abstractions for expressing and enforcing security policies The resulting system must be Robust: protects against wide range of threats Flexible: can be adjusted for future threats Practical: works with all types of existing SW End-to-end: protects both user and kernelspace code Fast: no significant runtime overheads 5
  • 6. Why Hardware Support? Advantages of HW support Better performance Fine-granularity protection Lowest level of the system stack Difficult to bypass, can build upon its guarantees Simplify the SW security framework Our focus: combine the best of HW + SW HW: low-level operations and enforcement SW: high-level policies and analysis 6
  • 7. DIFT: Dynamic Information Flow Tracking DIFT taints data from untrusted sources Extra tag bit per word marks if untrusted Propagate taint during program execution Operations with tainted data produce tainted results Check for unsafe uses of tainted data Tainted code execution Tainted pointer dereference (code data) Tainted SQL command Can detect both low-level high-level threats 7
  • 8. Thesis Overview Design practical hardware systems implementing Dynamic Information Flow Tracking (DIFT) for software security Thesis contributions Co-developed a flexible hardware design for efficient, practical DIFT on binaries Including a real full-system prototype (HW+SW) Developed hardware mechanisms for DIFT to allow for practical, cost-effective implementation Implemented a DIFT coprocessor (real full-system prototype) Developed a mechanism for safe DIFT on multi-threaded binaries Leveraged DIFT mechanisms and co-developed a flexible hardware design for information flow control Hardware directly enforces application security policies Allows for significant reduction in size of OS’ trusted computing base Including a real full-system prototype (HW+SW) 8
  • 9. Outline DIFT overview Raksha: hardware support for DIFT [WDDD’06, ISCA’07] Flexible HW design for efficient, practical DIFT on binaries Decoupling DIFT from the processor [DSN’09] Using a coprocessor to minimize changes to the main core Multi-processor DIFT [MICRO’09] Ensuring consistency between data and metadata under decoupling Loki: hardware support for information flow control [OSDI’08] Enforcement of app security policies with minimal trusted code 9
  • 10. r1:input+1020 r2:0 r3: buf+1024 retaddr: safe Data T DIFT Example: Memory Corruption Tainted pointer dereference security trap char buf[1024]; strcpy(buf,input);//buffer overflow Vulnerable C Code r1 r1 + 4 load r2 M[r1] store M[r3] r2 jmp M[retaddr] retaddr: bad r1: input+1024 r2: bad TRAP 10
  • 11. DIFT Example: SQL Injection Vulnerable SQL Code Username: christos’ OR ‘1’=‘1 SELECT * FROM table WHERE name= ‘christos’ OR ‘1’=‘1’ ; Data T WHERE name= username OR 1=1 christos TRAP SELECT * FROM table WHERE name= ‘username’; Password: Tainted SQL command security trap 11
  • 12. Implementing DIFT on Binaries Software DIFT [Newsome’05, Quin’06] Use Dynamic Binary Translation (DBT) to implement DIFT Runs on existing hardware, flexible security policies High overheads (3–40x), incompatible with threaded or self- modifying code, limited to a single core Hardware DIFT [Suh’04, Crandall’04, Chen’05] Modify CPU caches, registers, memory consistency, DRAM Negligible overhead, works for all types of binaries, multi-core Inflexible policies (false positives/negatives), cannot protect OS Best of both worlds HW for tag propagation and checks SW for policy management and high-level analysis Robust, flexible, practical, end-to-end, and fast 12
  • 13. Outline DIFT overview Raksha: hardware support for DIFT [WDDD’06, ISCA’07] Flexible HW design for efficient, practical DIFT on binaries Decoupling DIFT from the processor [DSN’09] Using a coprocessor to minimize changes to the main core Multi-processor DIFT [MICRO’09] Ensuring consistency between data and metadata under decoupling Loki: hardware support for information flow control [OSDI’08] Enforcement of app security policies with minimal trusted code 13
  • 14. Raksha System Overview HW Architecture Tags Operating System Tag Aware App Binary 4 tag bits per word Programmable check/propagate User-level security traps App Binary Security Manager User 1 User 2 Save/restore tags Cross-process info flow Set HW security policies Further SW analysis Unmodified binaries App Binary User 3 14
  • 15. HW/SW Interface for DIFT Policies A pair of policy registers per tag bit Set by security manager (SW) when and as needed Policy granularity: operation type Select input operands to be checked for taint Select input operands that propagate taint to output Select the propagation mode (and, or, xor) ISA instructions decomposed to 1 operations Types: ALU, comparison, insn fetch, data movement, … Makes policies independent of ISA packaging Same HW policies for both RISC CISC ISAs Don’t care how operations are packaged into ISA insns 15
  • 16. Propagate Policy Example: load load r2 M[r1+offset] Propagate Enables 1.Propagate only from source register Tag(r2) Tag(r1) 2.Propagate only from source address Tag(r2) Tag(M[r1+offset]) 3.Propagate only from both sources OR mode: Tag(r2) Tag(r1) | Tag(M[r1+offset]) AND mode: Tag(r2) Tag(r1) Tag(M[r1+offset]) XOR mode: Tag(r2) Tag(r1) ^ Tag(M[r1+offset]) load r2 M[r1+offset] load r2 M[r1+offset] load r2 M[r1+offset] 16
  • 17. Check Policy Example: load load r2 M[r1+offset] Check Enables 1.Check source register If Tag(r1)==1 then security_trap 2.Check source address If Tag(M[r1+offset])==1 then security_trap Both enables may be set simultaneously Support for checks across multiple tag bits load r2 M[r1+offset] load r2 M[r1+offset] 17
  • 18. Raksha Hardware Policy Decode Tag ALU Tag Check Decode D-Cache RegFile ALU I-Cache Traps W B 18 Registers, caches memory extended with tag bits 4 tag bits per word of memory Tags flow through pipeline along with corresponding data No changes in forwarding logic
  • 19. Tag Storage Simple approach: +4 bits/word in registers, caches, memory 12.5% storage overhead Used in our original prototype Multi-granular tag storage scheme Exploit tag locality to reduce storage overhead (~1-2%) Page-level tags cache line-level tags word-level tags Page 1 Page 2 Memory Page Table Entry 1 Entry 2 Entry 3 Entry 4 Cache Line 1 Line 2 Line 3 Line 4 Tag Page Tag Cache Fine C C C C F 19
  • 20. Raksha Prototype Hardware Modified SPARC V8 CPU (LEON-3) Mapped to FPGA board Software Full-featured Gentoo Linux workstation Used with 14k packages (LAMP, etc) Design statistics Clock frequency: same as original Logic: +4.3% overhead Performance: 1% slowdown Across a wide range of applications SW DIFT is 3-40x slowdown GR-CPCI-XC2V Leon-3 @40MH z 512MB DRAM Ethernet AoE Ethernet AoE Leon-3 @65MHz 512MB DRAM 20
  • 21. Security Policies Overview 21 P Bit T Bit B Bit S Bit Buffer Overflow Policy Identify all pointers, and track data taint. Check for illegal tainted ptr use. Y Y Offset-based attacks (control ptr) Track data taint, and bounds check to validate. Y Format String Policy Check tainted args to print commands. Y Y SQL/XSS Check tainted commands. Y Y Red zone Policy Sandbox heap data. Y Sandboxing Policy Protect the security handler. Y
  • 22. Security Experiments Unmodified SPARC binaries from real-world programs Basic/net utilities, servers, web apps, search engine 22 Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted ‘%n’ in vfprintf string SUS C Format String Tainted ‘%n’ in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr OpenSSH C Command Injection Execve tainted file ProFTPD C SQL Injection Tainted SQL command htdig C++ Cross-site Scripting Tainted script tag Scry PHP Cross-site Scripting Tainted script tag
  • 23. Security Experiments Protection is independent of programming language Propagation checks at the level of basic ops 23 Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted ‘%n’ in vfprintf string SUS C Format String Tainted ‘%n’ in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr OpenSSH C Command Injection Execve tainted file ProFTPD C SQL Injection Tainted SQL command htdig C++ Cross-site Scripting Tainted script tag Scry PHP Cross-site Scripting Tainted script tag
  • 24. Security Experiments Protection against low-level memory corruptions Both control non-control data attacks 24 Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted ‘%n’ in vfprintf string SUS C Format String Tainted ‘%n’ in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr OpenSSH C Command Injection Execve tainted file ProFTPD C SQL Injection Tainted SQL command htdig C++ Cross-site Scripting Tainted script tag Scry PHP Cross-site Scripting Tainted script tag
  • 25. Security Experiments 1st hardware DIFT system to detect high-level attacks No false positives observed 25 Program Lang. Attack Detected Vulnerability tar C Directory Traversal Open tainted dir gzip C Directory Traversal Open tainted dir Wu-FTPD C Format String Tainted ‘%n’ in vfprintf string SUS C Format String Tainted ‘%n’ in syslog quotactl syscall C User/kernel pointer dereference Tainted pointer to kernelspace sendmail C Buffer (BSS) Overflow Tainted code ptr polymorph C Buffer Overflow Tainted code ptr OpenSSH C Command Injection Execve tainted file ProFTPD C SQL Injection Tainted SQL command htdig C++ Cross-site Scripting Tainted script tag Scry PHP Cross-site Scripting Tainted script tag
  • 26. Outline DIFT overview Raksha: hardware support for DIFT [WDDD’06, ISCA’07] Flexible HW design for efficient, practical DIFT on binaries Decoupling DIFT from the processor [DSN’09] Using a coprocessor to minimize changes to the main core Multi-processor DIFT [MICRO’09] Ensuring consistency between data and metadata under decoupling Loki: hardware support for information flow control [OSDI’08] Enforcement of app security policies with minimal trusted code 26
  • 27. HW Option 1: In-core DIFT Policy Decode Tag ALU Tag Check Decode D-Cache RegFile ALU I-Cache Traps W B 27 Integrated DIFT hardware [Dalton’07, Suh’04, Chen’05] No performance, minor power, and minor area overhead Invasive changes to processor High design and validation costs Synchronizes metadata and data per instruction
  • 28. Core 1 (App) HW Option 2: Offloading DIFT Capture Trace Log buffer (L2 cache) 28 Core 2 (DIFT) Analyze Trace SW DIFT on modified multi-core chip (e.g., CMU’s LBA) Flexible support for various analyses Large area power overhead (2nd core, trace compress) Large performance overhead (DBT, memory traffic) Significant changes to processor memory hierarchy General Purpose Core General Purpose Core
  • 29. Our Proposal: DIFT Coprocessor 29 Off-core DIFT coprocessor (similar to watchdog processors) Small performance, power, and area overhead Minor changes to processor Reuse across processor designs L2 Cache Cache Main Core Tag Cache Tag Core Instructions Exceptions DIFT Coprocessor General Purpose Core
  • 30. r1:0 r2:idx r3:buffer r4:0 Data T r5:x What happens without Proc/Coproc Synchronization? int idx = tainted_input; buffer[idx] = x; // memory corruption Vulnerable C Code set r1 tainted_input load r2 M[r1] add r4 r2 + r3 store M[r4] r5 r4:buffer+idx r1:input r2:idx=input EXPLOIT 30 … exec (sys call) Attacker executes system call system compromise SYSTEM COMPROMISE
  • 31. System Calls as Sync points Key Idea: Main core and coproc sync at system calls Security: This prevents attacker from executing system calls Application’s corrupted address space can be discarded Does not weaken the DIFT model DIFT detects attack only at time of exploit, not corruption Performance: Synchronization overhead typically tens of cycles Function of decoupling queue size Lost in the noise of system call overheads (hundreds of cycles) 31
  • 32. r1:0 r2:idx r3:buffer r4:0 Data T r5:x System Call Synchronization int idx = tainted_input; buffer[idx] = x; // memory corruption Vulnerable C Code set r1 tainted_input load r2 M[r1] add r4 r2 + r3 store M[r4] r5 r4:buffer+idx r1:input r2:idx=input TRAP 32 … exec (sys call) STALL Tainted pointer dereference security exception
  • 33. Coprocessor Design DIFT functionality in a coprocessor 4 tag bits of metadata per word of data Coprocessor Interface (via decoupling queue) Pass committed instruction information Instruction encoding could be at micro-op granularity (in x86) Physical address obviates need for MMU in coprocessor Processor Core I Cache D Cache Policy Decode Tag ALU Tag Check Tag Cache Tag RF W B DIFT Coprocessor PC Inst Encoding Physical Address Security exception L2 Cache 33 Decoupling queue Stall
  • 34. Prototype Leon-3 @40MH z 512MB DRAM Ethernet AoE Ethernet AoE Leon-3 @65MHz 512MB DRAM 34 Hardware Paired with simple SPARC V8 core (Leon-3) Mapped to FPGA board Software Fully-featured Linux 2.6 Design statistics Clock frequency: same as original Logic: +7.5% overhead … of simple in-order core with no speculation Security Catches same attacks as Raksha No false positives or negatives
  • 35. System Performance Overheads Runtime overhead 1% over SPEC benchmarks 512 byte tag cache 6-entry decoupling queue 35 0.00% 0.20% 0.40% 0.60% 0.80% 1.00% gzip gap vpr gcc mcf crafty parser vortex bzip2 twolf Runtime Overhead (%)
  • 36. Coprocessors for complex cores Modest overheads with higher IPC cores Because main core rarely achieves peak IPC (=1) Coprocessor performs very simple operations Implies coprocessor can be paired with complex cores36 0.9 0.95 1 1.05 1.1 1.15 1.2 1 1.5 2 Relative Overhead Ratio of main core's clock to coprocessor's clock gzip gcc twolf
  • 37. Outline DIFT overview Raksha: hardware support for DIFT [WDDD’06, ISCA’07] Flexible HW design for efficient, practical DIFT on binaries Decoupling DIFT from the processor [DSN’09] Using a coprocessor to minimize changes to the main core Multi-processor DIFT [MICRO’09] Ensuring consistency between data and metadata under decoupling Loki: hardware support for information flow control [OSDI’08] Enforcement of app security policies with minimal trusted code 37
  • 38. The Consistency Problem Proc 1 Proc 2 Tag Proc 1 Tag Proc 2 38 1 4 3 2 u = t x = u tag(x) = tag(u) tag(u) = tag(t) Inconsistency between data and metadata (x updated first) Decoupling metadata breaks atomicity between data/tags Leads to consistency issues in multiprocessors Can cause false positives/negatives Spurious detections/miss real attacks
  • 39. Fundamental Idea Keep track of data coherence requests Provides log of memory races between threads Enforce same ordering on metadata Core A requests data from Core B Tag Core A requests metadata from Tag Core B Intervening accesses delayed for consistency Ensures atomic view of (data, metadata) Replaying memory ordering ensures consistency 39
  • 40. Consistency Mechanism 40 App Core Metadata Core Inflight Ops Memory Interconnect $ $ PTRT PTAT Every instruction associated with unique ID Inflight Operations Maintains information about the instruction in flight Similar to decoupling queue for DIFT coprocessor
  • 41. Consistency Mechanism 41 App Core Metadata Core Inflight Ops Memory Interconnect $ $ PTRT PTAT PTRT = Pending Tag Request Table Logs app core’s coherence requests Metadata core indexes PTRT by instruction ID Directs metadata request to associated core
  • 42. Consistency Mechanism 42 App Core Metadata Core Inflight Ops Memory Interconnect $ $ PTRT PTAT PTAT = Pending Tag Acknowledgement Table Logs last instruction ID to update data value On corresponding metadata request Check if insn tag processing complete before replying
  • 43. Consistency Protocol 43 PTRT ID=1, Delay = 1 AC1 MC1 Inflight ID 1 IC ID=5 AC2 MC2 Inflight ID 5 PTAT (a) Update PTAT of responder and PTRT of requestor
  • 44. Consistency Protocol 44 PTRT ID=1, Delay = 0 AC1 MC1 Inflight ---- IC ID=5 AC2 MC2 Inflight ID 5 PTAT (b) Reset delay bit in PTAT of responder
  • 45. Consistency Protocol 45 PTRT ID=1, Delay = 0 AC1 MC1 Inflight ---- IC ID=5 AC2 MC2 Inflight ---- PTAT (c) Issue metadata request, receive response OK
  • 46. Consistency Protocol 46 PTRT ID=1, Delay = 1 AC1 MC1 Inflight ID 1 IC ID=5 AC2 MC2 Inflight ---- PTAT (d) Early metadata request NACKed NACK
  • 47. Set of FIFOs: PTAT maintains a FIFO for every address Versioning: Reqs served out of order. PTAT stores tag value System Performance Overheads 47 Different configurations for PTAT: FIFO: Metadata requests serviced in same order as data
  • 48. Worst-case Overheads 48 0% 1% 2% 3% 4% 5% 6% 7% 8% FIFO Set of FIFOs Version Mgmt Performance overheads 7% with 32 processors Even simple FIFO design has good performance
  • 49. 0% 1% 2% 3% 4% Normal Noise Normal Noise Normal Noise Normal Noise Normal Noise 1 5 10 25 50 Scaling of HW tables (gap=20) PTAT stalls PTRT stalls Runtime overhead Scaling the Hardware Tables 49 Worst-case lock contention micro-benchmark Simulates the coprocessor environment
  • 50. Scaling the Hardware Tables 50 Worst-case lock contention micro-benchmark Simulates the log-based architecture environment Scaling of HW tables (gap=100) PTAT stalls PTRT stalls Runtime overhead
  • 51. Outline DIFT overview Raksha: hardware support for DIFT [WDDD’06, ISCA’07] Flexible HW design for efficient, practical DIFT on binaries Decoupling DIFT from the processor [DSN’09] Using a coprocessor to minimize changes to the main core Multi-processor DIFT [MICRO’09] Ensuring consistency between data and metadata under decoupling Loki: hardware support for information flow control [OSDI’08] Enforcement of app security policies with minimal trusted code 51
  • 52. Dynamic Information Flow Control Single abstraction across all system layers Security policies as restrictions on data movement Basic idea Every object is marked with a label On accesses, look up label to get a R/W/X permission Building upon flow control App policy expressed using labels directly Labels describe protection domains with flexible sharing 52
  • 53. Loki: HW Support for Info Control Loki implements tagged memory Each word of physical memory associated with a 32-bit tag Tags map to access permissions (R/W/X) for protection domain Fine-grained access control Simplifies security enforcement SW manages tags, but HW enforces security policies Helps maintain security in face of compromised OS Ties security policies to physical resources Physical resource policies avoid ambiguity Allows for a smaller TCB Reduced the TCB of HiStar by over a factor of two 53
  • 54. Conclusion Hardware DIFT is a promising security solution Prevents HL/LL attacks, is fast, does not need src code Co-developed Raksha, a flexible hardware design for efficient, practical DIFT on binaries DIFT coprocessor to minimize changes to main core/cache Mechanism for safe DIFT on multithreaded binaries Including real full-system prototypes (HW+SW) Extended hardware DIFT techniques to implement information flow control Allows for significant reduction in size of OS’ TCB 54
  • 55. Bibliography Deconstructing Hardware Architectures for Security, Michael Dalton, Hari Kannan, Christos Kozyrakis. 5th Annual Workshop on Duplicating, Deconstructing, and Debunking (WDDD) at ISCA, Boston, MA, June 2006. Raksha: A Flexible Information Flow Architecture for Software Security, Michael Dalton, Hari Kannan, Christos Kozyrakis. Proceedings of the 34th Intl. Symposium on Computer Architecture (ISCA), San Diego, CA, June 2007. Raksha: A Flexible Architecture for Software Security, Hari Kannan, Michael Dalton, Christos Kozyrakis. Technical Record of the 19th Hot Chips Symposium, Palo Alto, CA, August 2007. Thread-Safe Dynamic Binary Translation Using Transactional Memory, JaeWoong Chung, Michael Dalton, Hari Kannan, Christos Kozyrakis. Proceedings of the 14th Intl. Symposium on High-Performance Computer Architecture (HPCA), Salt Lake City, UT, February 2008. 55
  • 56. Bibliography cont’d Real-World Buffer Overflow Protection for Userspace and Kernelspace, Michael Dalton, Hari Kannan, Christos Kozyrakis. Proceedings of the 17th Usenix Security Symposium, San Jose, CA, July 2008. Hardware Enforcement of Application Security Policies, Nickolai Zeldovich, Hari Kannan, Michael Dalton, Christos Kozyrakis. Proceedings of the 8th Usenix Symposium on Operating Systems Design Implementation (OSDI), San Diego, CA, December 2008. Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor, Hari Kannan, Michael Dalton, Christos Kozyrakis. Proceedings of the 39th Intl. Conference on Dependable Systems and Networks (DSN), Estoril, Portugal, June 2009. “Ordering Decoupled Metadata Accesses in Multiprocessors, Hari Kannan, Proceedings of the 42nd Intl. Symposium on Microarchitecture (MICRO), New York City, NY, December 2009. 56