Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Careful Packing

CODASPY Presentation

  • Be the first to comment

  • Be the first to like this

Careful Packing

  1. 1. Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing Flavio Toffalini1,2 , Martín Ochoa2,3 , Jun Sun1,2 , and Jianying Zhou1 1 Singapore University of Technology and Design 2 ST Electronics-SUTD Cyber Security Laboratory 3 Cyxtera Technologies
  2. 2. Agenda - Introduction - Attacker’s goal and assumptions - Careful-Packing’s approach - Challenges - Implementation - Evaluation
  3. 3. The Problem Secure Monitor: - Antivirus - Intrusion Detector - Insider Threat Detector Software tampering
  4. 4. Careful-Packing’s goal Avoiding an attacker to tamper with the software binary code. void makeALotOfMoney() { int x = 0; for (int i = 0; i < maxIteraction; i++) { int dollars = initialBudget(); If (dollars > 10) // use a strategy else // use the super strategy.. x += dollars; } } Software Important piece of code to protect (critical section)
  5. 5. Attacker’s goal Install a running compromised client in a corporate network
  6. 6. Attacker model - Tamper code offline: patching - Tamper code online: patching & repair - Debug/Emulate Assumption: OS Task scheduler not compromised
  7. 7. Previous Approaches - Fully Trusted Computing (SGX) How: memory regions physically isolated by hardware Idea: move the entire process (or a piece of) in these areas Limitation: (i) difficult interaction with the OS, (ii) limited available space Untrusted memory Trusted memory Process to protect
  8. 8. Previous Approaches - Purely Software Anti-Tampering (AT) How: the software checks itself Idea: using special functions (checkers) that inspect the memory Limitation: these approaches rise the bar but not resolve the problem Process to protect Untrusted memory Checkers
  9. 9. Careful-Packing’s Approach Checkers inside a trusted region Critical Sections outside From trusted region monitors the outside code!
  10. 10. Challenges Denial of service (packing, heartbeat) Concurrency Installation phase Booting phase
  11. 11. Packing Critical Sections (CS) encrypted most of the time CS plain only when the process needs to execution them
  12. 12. Heartbeat TrustedUntrusted Proof of correctness Random choice Insert proof of correctness inside a normal communication between client and server. If the server does not receive a proof and/or the proof is wrong -> the attack is caught
  13. 13. Concurrency The CS can be invoked by concurrency threads. CS PC Thread 1 PC Thread 2 CS = 1 A counter in the trusted module traces how many threads are using the a CS decrypt(CS) encrypt(CS)
  14. 14. Installation phase Server: has a list of valid license keys and the critical sections associated Client: identifies itself through one of its critical section Client Server (I) Installation Request (CS) (II) Resp. License Key (III) Key Sealing (II) Key Fetch Key Repository K1 K3 (0) Remote attestation
  15. 15. TrustedUntrusted Boot phase Client loads the sealed key to execute the packing mechanism Key Sealed in the hard-drive
  16. 16. Proof of Concept Implementation Monitoring agent (simple keystrokes and mouse tracing). A client is executed on a client, collects data, and ships them to a central server. Based on SGX for Windows platforms. -10 LoC on top of the original program (only function call to checkers). - Enclave size: ~300Kb
  17. 17. Evaluation - single instance Around 5% with related to the original program
  18. 18. Evaluation - multiple parallel instances Linear overhead with respect to the number of instances (no bottleneck)
  19. 19. Conclusion & Take away - To some extent, it is possible to combine trusted computing technologies and anti-tampering techniques to increase the security guarantees - Extend careful-packing to protect variables (now we limit to the code) - Fully untrusted environment: work on techniques that do not require a trusted scheduler
  20. 20. The End! Thanks for your attention