Hardware Assisted Control Flow Obfuscation for Embedded Processors - PowerPoint PPT Presentation

About This Presentation
Title:

Hardware Assisted Control Flow Obfuscation for Embedded Processors

Description:

Hardware Assisted Control Flow Obfuscation for Embedded Processors ... A separately stored bitmap is used to record whether a block is locked or not ... – PowerPoint PPT presentation

Number of Views:69
Avg rating:3.0/5.0
Slides: 26
Provided by: martinr9
Category:

less

Transcript and Presenter's Notes

Title: Hardware Assisted Control Flow Obfuscation for Embedded Processors


1
Hardware Assisted Control Flow Obfuscation for
Embedded Processors
  • Xiaoton Zhuang, Tao Zhang, Hsien-Hsin S. Lee,
    Santosh Pande

HIDE An Infrastructure for Efficiently
Protecting Information Leakage on the Address Bus
Xiaoton Zhuang, Tao Zhang, Santosh Pande
2
Overview
  • Software Obfuscation
  • Obfuscate - v - render obscure, unclear, or
    unintelligible - bewilder (someone)
  • Information Leakage
  • Layout leakage
  • Recurrence leakage
  • Hardware Obfuscation Techniques

3
Assumptions
  • XOM model
  • Everything outside the processor chip is assumed
    to be insecure
  • Memory contents are encrypted

4
Software Obfuscation(and why it doesnt work)
  • Lacks of theoretical foundation
  • It has been proven the perfect obfuscation does
    not exist
  • May incur large overheads in code size
  • Performance may be penalized due to carrying out
    extra computations
  • History has proven it inefficient

5
How is Software Obfuscation Vulnerable to Attack ?
  • Layout Leakage
  • Spatial vicinity
  • Recurrence Leakage
  • Recurring addresses

6
Layout Leakage
100
101
102
103
104
7
Recurrence Leakage
100
101
102
103
104
8
So What? Its just Control Flow.
  • Control flow info is the essential part of
    algorithms
  • Competing
  • company ex.
  • Can help identify
  • reuse code
  • Control obfuscation techniques are well known and
    can be reversed

9
Hardware Obfuscation Overview (paper 1)
  • Encrypt the Address Bus (layout leakage)
  • Relocate blocks every time they are written out
    to memory (recurrence leakage)

10
Address Bus Encryption
Equates to a fixed mapping
11
Shuffle Buffer
  • Designed to reorder all writes to memory
  • Exclusive to external memory

12
Shuffle Buffer
  • Indexed array through the block address table
  • No address tag
  • Smaller size / cheaper
  • Blocks can be stored anywhere
  • Blocks can be randomly replaced (circuit white
    noise)
  • Assume program binary updatable then multi-run
    recurrence prevented

13
Block Address Table (BAT) Cache
  • Records the current location of blocks
  • Use original block address to index into BAT to
    get new address
  • Worst case scenario 10 overhead in virtual
    memory space
  • Each access request from cache checks with BAT
    use BAT cache to speed things up

14
How Secure Is This?
  • With a shuffle buffer of 128 blocks 0.8 chance
    of guessing one recurrence correctly
  • For n-recurrences the chance of guessing all
    correctly is 1/(Mn) where M is the size of the
    shuffle buffer

15
Performance/Cost Summary
  • Performance degradation can be below 1
  • Hardware costs consist of small on chip shuffle
    buffer and BAT cache

16
HIDE(Hardware-support for Leakage-Immune Dynamic
Execution)
  • Basic idea is to break the correlation between
    repeated memory addresses
  • Achieved by permuting the address space at
    suitable intervals during execution

17
Hide Cache
  • A cache same as a normal cache except that that
    blocks fetched after the previous permutation are
    all locked
  • A locked block cannot be replaced until the
    memory space they belong to is permuted again

18
How The Hide Cache Works
19
Other Details
  • When evicting a block choose the least recently
    used block among the unlocked blocks
  • A separately stored bitmap is used to record
    whether a block is locked or not

20
Hardware Flowgraph
21
HIDE at Chunk Level
  • Chunk - one or more pages that are protected and
    permuted together
  • Designed to limit size of permutation
  • Large memory permutations performance cost
  • At chunk level the permutation unit only permutes
    all the blocks within a chunk
  • With the smallest chunk size (a page) 75 of
    transition from one address to the next are
    intra-chunk
  • Chunks can be specified in the code or at runtime
    with instructions inserted into the header of the
    binary code

22
Page Info Cache
  • Stores the Page Info Record to speed up access

23
How Secure Is this?
  • With 64K chunk protection and layout
    optimizations, 87 of address sequence is
    protected, in which 95 of the accesses to code
    and static data are hidden
  • Interfaces are provided for the compiler or the
    user to increase the security to achieve almost
    complete protection

24
Performance/Cost Summary
  • The performance overhead in their experiments was
    at most 1.5 mainly due to permutations
  • Most on chip components are small

25
References
  • Xiaotong Zhuang, Tao Zhang, Hsien-Hsin Lee and
    Santosh Pande. Hardware Assisted Control Flow
    Obfuscation for Embedded Processors. CASES,
    Washington DC, Sept. 2004.
  • Zhuang, X., Zhang, T. and Pande, S. HIDE An
    Infrastructure for Efficiently Protecting
    Information Leakage on the Address Bus.
    International Conference on Architectural Support
    for Programming Languages and Operating Systems,
    Boston, MA., Oct 2004.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Hardware Assisted Control Flow Obfuscation for Embedded Processors" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!