Top

Published in:

2021 | OriginalPaper | Chapter

12. Software Security with Hardware in Mind

Authors : Muhammad Monir Hossain, Fahim Rahman, Farimah Farahmandi, Mark Tehranipoor

Published in: Emerging Topics in Hardware Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Software is ubiquitous, spanning from our everyday life to space station. With a significant increase in the processing power of modern computing devices, the number of software that deals with sensitive data rises exponentially, providing incentives for performing attacks against these systems. The devices may face various adversarial attacks based on cache side channel, Spectre, Meltdown, Ransomware, buffer and integer overflow, etc. The primary objective of software security is to enhance security in such a way so that software becomes resilient against various malicious attacks during run-time. However, many software-based approaches have been implemented to protect the software from the adversarial attacks. Unfortunately, these techniques cannot provide comprehensive protection as most software vulnerabilities arise not only for the development faults but also for weak hardware architecture. Additionally, software-based approaches may create backdoors for future attacks. Therefore, it is not practical to enhance security only from a software or hardware point of view in a mutually exclusive fashion. This chapter explores various software and hardware vulnerabilities to understand the potential exploitable scenarios better and protect the software from hardware and software perspectives.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Homomorphic Encryption

next chapter Firmware Protection

G. McGraw, Software security. IEEE Secur. Privacy 2(2), 80–83 (2004)CrossRef

https://www.intel.com/content/www/us/en/support/articles/000025873/technologies.html

https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions.html

T. Alves, D. Felton, Trustzone: Integrated Hardware and Software Security-Enabling Trusted Computing in Embedded Systems (July 2004) (2014)

https://developer.amd.com/sev/

https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/tdt-product-brief.pdf

S. Gueron, Intel advanced encryption standard (AES) instructions set. Intel. White Paper Rev. 3, 1–94 (2010)

C. Percival, Cache Missing for Fun and Profit (2005)

D.J. Bernstein, Cache-Timing Attacks on AES (2005)

10.

D.A. Osvik, A. Shamir, E. Tromer, Cache attacks and countermeasures: the case of AES, in Cryptographers’ Track at the RSA Conference (Springer, New York, 2006), pp. 1–20MATH

11.

Y. Zhang, A. Juels, M.K. Reiter, T. Ristenpart, Cross-vm side channels and their use to extract private keys, in Proceedings of the 2012 ACM Conference on Computer and Communications Security (2012), pp. 305–316

12.

Y. Zhang, M.K. Reiter, Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud, in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (2013), pp. 827–838

13.

D. Gullasch, E. Bangerter, S. Krenn, Cache games–bringing access-based cache attacks on aes to practice, in Proceedings of the 2011 IEEE Symposium on Security and Privacy (IEEE, New York, 2011), pp. 490–505

14.

E. Tromer, D.A. Osvik, A. Shamir, Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)MathSciNetCrossRef

15.

S. Wang, P. Wang, X. Liu, D. Zhang, D. Wu, Cached: identifying cache-based timing channels in production software, in Proceedings of the 26th {USENIX} Security Symposium ({USENIX} Security 17) (2017), pp. 235–252

16.

G. Doychev, B. Köpf, L. Mauborgne, J. Reineke, Cacheaudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. (TISSEC) 18(1), 1–32 (2015)

17.

G. Doychev, B. Köpf, Rigorous analysis of software countermeasures against cache attacks, in Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (2017), pp. 406–421

18.

R. Brotzman, S. Liu, D. Zhang, G. Tan, M. Kandemir, CASYM: Cache aware symbolic execution for side channel detection and mitigation, in Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP) (IEEE, New York, 2019), pp. 505–521

19.

Z. Wang, R.B. Lee, New cache designs for thwarting software cache-based side channel attacks, in Proceedings of the 34th Annual International Symposium on Computer Architecture (2007), pp. 494–505

20.

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf

21.

https://developer.amd.com/wp-content/resources/Managing-Speculation-on-AMD-Processors.pdf

22.

http://www.chromium.org/Home/chromium-security/site-isolation

23.

https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/

24.

Y. Yarom, K. Falkner, Flush+ reload: a high resolution, low noise, l3 cache side-channel attack, in Proceedings of the 23rd {USENIX} Security Symposium ({USENIX} Security 14) (2014), pp. 719–732

25.

F. Liu, Y. Yarom, Q. Ge, G. Heiser, R.B. Lee, Last-level cache side-channel attacks are practical, in Proceedings of the 2015 IEEE Symposium on Security and Privacy (IEEE, New York, 2015), pp. 605–622CrossRef

26.

M. Lipp, D. Gruss, R. Spreitzer, C. Maurice, S. Mangard, Armageddon: cache attacks on mobile devices, in Proceedings of the 25th {USENIX} Security Symposium ({USENIX} Security 16) (2016), pp. 549–564

27.

D. Gruss, C. Maurice, K. Wagner, S. Mangard, Flush+ flush: a fast and stealthy cache attack, in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (Springer, Berlin, 2016), pp. 279–299

28.

M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin et al., Meltdown: reading kernel memory from user space, in Proceedings of the 27th {USENIX} Security Symposium ({USENIX} Security 18) (2018), pp. 973–990

29.

D. Gruss, M. Lipp, M. Schwarz, R. Fellner, C. Maurice, S. Mangard, Kaslr is dead: long live kaslr, in International Symposium on Engineering Secure Software and Systems (Springer, Berlin, 2017), pp. 161–176CrossRef

30.

C. Beek, D. Dinkar, Y. Gund, G. Lancioni, N. Minihane, F. Moreno, E. Peterson, T. Roccia, C. Schmugar, R. Simon et al., Mcafee labs threats report, in McAfee, Santa Clara, CA, USA, Technical Report (2017)

31.

K. hutcherson, Ransomware Reigns Supreme in 2018, as Phishing Attacks Continue to Trick Employees. https://www.cnn.com/2018/03/27/us/atlanta-ransomware-computers/index.html

32.

R. Vamosi, Wannacry Ransomware Attack Takes the World by Storm. https://www.synopsys.com/blogs/software-security/how-to-prevent-ransomware-attacks-2019/

33.

G. O’Gorman, G. McDonald, Ransomware: a growing menace, in Symantec Corporation (2012)

34.

The Wannacry Ransomware Attack has Spread to 150 Countries. https://www.theverge.com/2017/5/14/15637888/authorities-wannacry-ransomware-attack-spread-150-countries

35.

E. Kirda, Unveil: a large-scale, automated approach to detecting ransomware (keynote), in Proceedings of the 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER) (IEEE, New York, 2017), pp. 1–1

36.

A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge, E. Kirda, Cutting the Gordian knot: a look under the hood of ransomware attacks, in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (Springer, Berlin, 2015), pp. 3–24

37.

N. Scaife, H. Carter, P. Traynor, K.R. Butler, Cryptolock (and drop it): stopping ransomware attacks on user data, in Proceeding of the 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS) (IEEE, New York, 2016), pp. 303–312

38.

D. Sgandurra, L. Muñoz-González, R. Mohsen, E.C. Lupu, Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv preprint: 1609.03020 (2016)

39.

IntelⓇ 64 and ia-32 Architectures Software Developer’s Manua. https://software.intel.com/sites/default/files/managed/a4/60/325384-sdm-vol-3abcd.pdf

40.

Arm Cortexa9 Technical Reference Manual—Chapter 11 Performance Monitoring Unit. https://developer.arm.com/documentation/ddi0433/c/performance-monitoring-unit

41.

L. Szekeres, M. Payer, T. Wei, D. Song, Sok: eternal war in memory, in Proceedings of the 2013 IEEE Symposium on Security and Privacy (IEEE, New York, 2013), pp. 48–62CrossRef

42.

https://nvd.nist.gov/vuln/search/results?adv_search=true&form_type=advanced&results_type=overview&query=buffer+overflow

43.

C. Cadar, D. Dunbar, D. R. Engler et al., Klee: unassisted and automatic generation of high-coverage tests for complex systems programs, in OSDI, vol. 8 (2008), pp. 209–224

44.

P. Akritidis, M. Costa, M. Castro, S. Hand, Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors, in USENIX Security Symposium (2009), pp. 51–66

45.

N. Hasabnis, A. Misra, R. Sekar, Light-weight bounds checking, in Proceedings of the Tenth International Symposium on Code Generation and Optimization (2012), pp. 135–144

46.

F.C. Eigler, Mudflap: pointer use checking for c/c+, in GCC Developers Summit (Citeseer, New York, 2003), p. 57

47.

K. Serebryany, D. Bruening, A. Potapenko, D. Vyukov, Addresssanitizer: a fast address sanity checker, in Presented as part of the 2012 {USENIX} Annual Technical Conference ({USENIX}{ATC} 12) (2012), pp. 309–318

48.

C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, H. Hinton, Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks, in USENIX Security Symposium, San Antonio, TX, vol. 98 (1998), pp. 63–78

49.

www.research.ibm.com/trl/projects/security/

50.

T.-C. Chiueh, F.-H. Hsu, Rad: a compile-time solution to buffer overflow attacks, in Proceedings 21st International Conference on Distributed Computing Systems (IEEE, New York, 2001), pp. 409–417

51.

https://www.openbsd.org/

52.

A. Baratloo, N. Singh, T.K. Tsai et al., Transparent run-time defense against stack-smashing attacks, in USENIX Annual Technical Conference, General Track (2000), pp. 251–262

53.

M. Prasad, T.-c. Chiueh, A binary rewriting defense against stack based buffer overflow attacks, in USENIX Annual Technical Conference, General Track (2003), pp. 211–224

54.

C. Cowan, D. McNamee, A.P. Black, C. Pu, J. Walpole, C. Krasic, P. Wagle, Q. Zhang, A Toolkit for Specializing Production Operating System Code (1997)

55.

M. Corporation, Cve-2002-0639: Integer Overflow in SSHD in Openssh (2002). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639

56.

Cve-2010-2753: Integer Overflow in Mozilla Firefox, Thunderbird and Seamonkey (2010). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639

57.

D. Brumley, T.-c. Chiueh, R. Johnson, H. Lin, D. Song, Rich: Automatically Protecting Against Integer-Based Vulnerabilities (2007)

58.

C. Cadar, V. Ganesh, P.M. Pawlowski, D.L. Dill, D.R. Engler, Exe: automatically generating inputs of death. ACM Trans. Inform. System Security (TISSEC) 12(2), 1–38 (2008)

59.

M. Pomonis, T. Petsios, K. Jee, M. Polychronakis, A.D. Keromytis, Intflow: improving the accuracy of arithmetic error detection using information flow tracking, in Proceedings of the 30th Annual Computer Security Applications Conference (2014), pp. 416–425

60.

T. Wang, T. Wei, Z. Lin, W. Zou, Intscope: automatically detecting integer overflow vulnerability in x86 binary using symbolic execution, in NDSS (Citeseer, New York, 2009)

61.

W. Dietz, P. Li, J. Regehr, V. Adve, Understanding integer overflow in C/C++. ACM Trans. Softw. Eng. Methodology (TOSEM) 25(1), 1–29 (2015)

Title: Software Security with Hardware in Mind
Authors: Muhammad Monir Hossain
Fahim Rahman
Farimah Farahmandi
Mark Tehranipoor
Publisher: Springer International Publishing
Book: Emerging Topics in Hardware Security
Print ISBN: 978-3-030-64447-5

Electronic ISBN: 978-3-030-64448-2

Copyright Year: 2021
DOI: https://doi.org/10.1007/978-3-030-64448-2_12

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"