nach oben

International Journal of Parallel Programming

Erschienen in:

03.10.2017

RollSec: Automatically Secure Software States Against General Rollback

verfasst von: Weiqi Dai, Yukun Du, Hai Jin, Weizhong Qiang, Deqing Zou, Shouhuai Xu, Zhongze Liu

Erschienen in: International Journal of Parallel Programming | Ausgabe 4/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The rollback mechanism is critical in crash recovery and debugging, but its security problems have not been adequately addressed. This is justified by the fact that existing solutions always require modifications on target software or only work for specific scenarios. As a consequence, rollback is either neglected or restricted or prohibited in existing systems. In this paper, we systematically characterize security threats of rollback as abnormal states of non-deterministic variables and resumed program points caused by rollback. Based on this, we propose RollSec (for Rollback Security), which provides general measurements including state extracting, recording, and compensating, to maintain correctness of these abnormal states for eliminating rollback threats. RollSec can automatically extract these states based on language-independent information of software as protection targets, which will be monitored during run-time, and compensated to correct states on each rollback without requiring extra modifications or supports of specific architectures. At last, we implement a prototype of RollSec to verify its effectiveness, and conduct performance evaluations which demonstrate that only acceptable overhead is introduced.

Vorheriger Artikel UniCNN: A Pipelined Accelerator Towards Uniformed Computing for CNNs

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (2013)

Berger, S., Cceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 305–320 (2006)

Chandra, R., Kim, T., Zeldovich, N.: Asynchronous intrusion recovery for interconnected web services. In: Proceedings of the 24th ACM Symposium on Operating Systems Principles, pp. 213–227. ACM (2013)

Chen, H., Kim, T., Wang, X., Zeldovich, N., Kaashoek, M.F.: Identifying information disclosure in web applications with retroactive auditing. In: Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, pp. 555–569 (2014)

Developers, N.: Neo4j. Graph NoSQL Database (2012)

Egwutuoha, I.P., Levy, D., Selic, B., Chen, S.: A survey of fault tolerance mechanisms and checkpoint/restart implementations for high performance computing systems. J. Supercomput. 65(3), 1302–1326 (2013)CrossRef

Elnozahy, E.N., Alvisi, L., Wang, Y.M., Johnson, D.B.: A survey of rollback-recovery protocols in message-passing systems. ACM Comput. Surv. 34(3), 375–408 (2002)CrossRef

Fu, M., Bass, L., Liu, A.: Towards a taxonomy of cloud recovery strategies. In: Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 696–701. IEEE (2014)

Fu, M., Zhu, L., Bass, L., Liu, A.: Recovery for failures in rolling upgrade on clouds. In: Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 642–647. IEEE (2014)

10.

Garfinkel, T., Rosenblum, M.: When virtual is harder than real: security challenges in virtual machine based computing environments. In: Proceedings of 10th Workshop on Hot Topics in Operating Systems (2005)

11.

Greene, J.: Intel trusted execution technology. Intel Technology White Paper (2012)

12.

Henning, J.L.: SPEC CPU2006 benchmark descriptions. ACM SIGARCH Comput. Archit. News 34(4), 1–17 (2006)CrossRef

13.

Honarmand, N., Torrellas, J.: Replay debugging: leveraging record and replay for program debugging. In: Proceedings of the 41st International Symposium on Computer Architecture, pp. 445–456. IEEE (2014)

14.

Jin, H., Dai, W., Zou, D.: Theory and methodology of research on cloud security. Sci. China Inf. Sci. 59(5), 1–3 (2016)CrossRef

15.

Jin, H., Zou, D., Dai, W., Wang, F.: Synchronized virtual trusted platform modules (vTPM) and virtual machine (VM) rollbacks (2016). US Patent 9,275,240

16.

Jin, S., Ahn, J., Cha, S., Huh, J.: Architectural support for secure virtualization under a vulnerable hypervisor. In: Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture, pp. 272–283. IEEE (2011)

17.

Kalleberg, K.T.: Programming language independent abstract syntax trees (2003). http://www.ii.uib.no/~karltk/phd/nwpt03-presentation.pdf

18.

Maruyama, M., Tsumura, T., Nakashima, H.: Parallel program debugging based on data-replay. In: Proceedings of the International Conference on Parallel and Distributed Computing Systems, pp. 151–156 (2005)

19.

Matetic, S., Ahmed, M., Kostiainen, K., Dhar, A., Sommer, D., Gervais, A., Juels, A., Capkun, S.: ROTE: rollback protection for trusted execution. Cryptology ePrint Archive (2017)

20.

McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: efficient TCB reduction and attestation. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 143–158. IEEE (2010)

21.

Narayanasamy, S., Pokam, G., Calder, B.: Bugnet: continuously recording program execution for deterministic replay debugging. In: Proceedings of the 32nd International Symposium on Computer Architecture, pp. 284–295 (2005)

22.

Parno, B., Lorch, J.R., Douceur, J.R., Mickens, J., McCune, J.M.: Memoir: practical state continuity for protected modules. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 379–394. IEEE (2011)

23.

Pokam, G., Danne, K., Pereira, C., Kassa, R., Kranich, T., Hu, S., Gottschlich, J., Honarmand, N., Dautenhahn, N., King, S.T., Torrellas, J.: QuickRec: prototyping an Intel architecture extension for record and replay of multithreaded programs. In: Proceedings of the 40th Annual International Symposium on Computer Architecture, pp. 643–654. IEEE (2013)

24.

Sherry, J., Gao, P.X., Basu, S., Panda, A., Krishnamurthy, A., Maciocco, C., Manesh, M., Martins, J., Ratnasamy, S., Rizzo, L., Shenker, S.: Rollback-recovery for middleboxes. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 227–240. ACM (2015)

25.

Srinivasan, S.M., Kandula, S., Andrews, C.R., Zhou, Y.: Flashback: a lightweight extension for rollback and deterministic replay for software debugging. In: Proceedings of the USENIX Annual Technical Conference, pp. 29–44 (2004)

26.

Strackx, R., Jacobs, B., Piessens, F.: ICE: a passive, high-speed, state-continuity scheme. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 106–115. ACM (2014)

27.

Strackx, R., Piessens, F.: Ariadne: a minimal approach to state continuity. In: Proceedings of 25th USENIX Security Symposium, pp. 875–892 (2016)

28.

Szefer, J., Lee, R.B.: Architectural support for hypervisor-secure virtualization. In: Proceedings of the 17th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 437–450. ACM (2012)

29.

Wang, Y., Yang, L., Sun, W.: Implementation of IBM vTPM with Xen. J. Mil. Commun. Technol. 31(3), 67–71 (2010)

30.

Xia, Y., Liu, Y., Chen, H., Zang, B.: Defending against VM rollback attack. In: Proceedings of International Conference on Dependable Systems and Networks Workshops, pp. 1–5 (2012)

31.

Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: Proceeedings of IEEE Symposium on Security and Privacy, pp. 590–604. IEEE (2014)

32.

Zhang, F., Chen, J., Chen, H., Zang, B.: CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the 23rd ACM Symposium on Operating Systems Principles, pp. 203–216. ACM (2011)

Titel: RollSec: Automatically Secure Software States Against General Rollback
verfasst von: Weiqi Dai
Yukun Du
Hai Jin
Weizhong Qiang
Deqing Zou
Shouhuai Xu
Zhongze Liu
Publikationsdatum: 03.10.2017
Verlag: Springer US
Erschienen in: International Journal of Parallel Programming / Ausgabe 4/2018
Print ISSN: 0885-7458
Elektronische ISSN: 1573-7640
DOI: https://doi.org/10.1007/s10766-017-0523-0

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 4/2018

Accelerating Deep Learning with a Parallel Mechanism Using CPU + MIC

Combining Hadoop with MPI to Solve Metagenomics Problems that are both Data- and Compute-intensive

Have Your Cake and Eat it (Too): A Concurrent Hash Table with Hardware Transactions

SparseNN: A Performance-Efficient Accelerator for Large-Scale Sparse Neural Networks

The Design of NoC-Side Memory Access Scheduling for Energy-Efficient GPGPUs

Editor’s Note: Special Issue on Network and Parallel Computing for New Architectures and Applications