Orlando Arias

HAFIX: hardware-assisted flow integrity extension

Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity Extension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of HAFIX for the Intel® Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.

Privacy and Security in Internet of Things and Wearable Devices

Enter the nascent era of Internet of Things (IoT) and wearable devices, where small embedded devices loaded with sensors collect information from its surroundings, process it, and relay it to remote locations for further analysis. Albeit looking harmless, these nascent technologies raise security and privacy concerns. We pose the question of the possibility and effects of compromising such devices. Concentrating on the design flow of IoT and wearable devices, we discuss some common design practices and their implications on security and privacy. Two representatives from each category, the Google Nest Thermostat and the Nike+ Fuelband, are selected as examples on how current industry practices of security as an afterthought or an add-on affect the resulting device and the potential consequences to the users security and privacy. We then discuss design flow enhancements, through which security mechanisms can efficiently be added into a device, vastly differing from traditional practices.

Security analysis on consumer and industrial IoT devices

The fast development of Internet of Things (IoT) and cyber-physical systems (CPS) has triggered a large demand of smart devices which are loaded with sensors collecting information from their surroundings, processing it and relaying it to remote locations for further analysis. The wide deployment of IoT devices and the pressure of time to market of device development have raised security and privacy concerns. In order to help better understand the security vulnerabilities of existing IoT devices and promote the development of low-cost IoT security methods, in this paper, we use both commercial and industrial IoT devices as examples from which the security of hardware, software, and networks are analyzed and backdoors are identified. A detailed security analysis procedure will be elaborated on a home automation system and a smart meter proving that security vulnerabilities are a common problem for most devices. Security solutions and mitigation methods will also be discussed to help IoT manufacturers secure their products.

Strategy without tactics: policy-agnostic hardware-enhanced control-flow integrity

Control-flow integrity (CFI) is a general defense against codereuse exploits that currently constitute a severe threat against diverse computing platforms. Existing CFI solutions (both in software and hardware) suffer from shortcomings such as (i) inefficiency, (ii) security weaknesses, or (iii) are not scalable. In this paper, we present a generic hardware-enhanced CFI scheme that tackles these problems and allows to enforce diverse CFI policies. Our approach fully supports multi-tasking, shared libraries, prevents various forms of code-reuse attacks, and allows CFI protected code and legacy code to co-exist. We evaluate our implementation on SPARC LEON3 and demonstrate its high efficiency.

Security and Privacy in IoT Era

Trends in miniaturization have resulted in an explosion of small, low-power devices with network connectivity. Welcome to the era of Internet of Things (IoT), wearable devices, and automated home and industrial systems. These devices are loaded with sensors, collect information from their surroundings, process it, and relay it to remote locations for further analysis. Pervasive and seemingly harmless, this new breed of devices raise security and privacy concerns. In this chapter, we evaluate the security of these devices from an industry point of view, concentrating on the design flow, and catalogue the types of vulnerabilities we have found. We also present an in-depth evaluation of the Google Nest Thermostat, the Nike+ Fuelband SE Fitness Tracker, the Haier SmartCare home automation system, and the Itron Centron CL200 electric meter. We study and present an analysis of the effects of these compromised devices in an every day setting. We then finish by discussing design flow enhancements, with security mechanisms that can be efficiently added into a device in a comparative way.

Hardware control flow integrity

Control-Flow Integrity (CFI) is a promising and general defense against control-flow hijacking with formal underpinnings. A key insight from the extensive research on CFI is that its effectiveness depends on the precision and coverage of a programs Control-Flow Graph (CFG). Since precise CFG generation is highly challenging and often difficult, many CFI schemes rely on brittle heuristics and imprecise, coarse-grained CFGs. Furthermore, comprehensive, fine-grained CFI defenses implemented purely in software incur overheads that are unacceptably high. In this chapter, we first specify a CFI model that captures many known CFI techniques, including stateless and stateful approaches as well as fine-grained and coarse-grained CFI policies.We then design and implement a novel hardwareenhanced CFI. Key to this approach is a set of dedicated CFI instructions that can losslessly enforce any CFG and diverse CFI policies within our model. Moreover, we fully support multi-tasking and shared libraries, prevent various forms of codereuse attacks, and allow code protected with CFI to interoperate with unprotected legacy code. Our prototype implementation on the SPARC LEON3 is highly efficient with a performance overhead of 1.75% on average when applied to several SPECInt2006 benchmarks and 0.5% when applied to EEMBCs CoreMark benchmark.

LAZARUS: Practical Side-channel Resilient Kernel-Space Randomization

Kernel exploits are commonly used for privilege escalation to take full control over a system, e.g., by means of code-reuse attacks. For this reason modern kernels are hardened with kernel Address Space Layout Randomization (KASLR), which randomizes the start address of the kernel code section at boot time. Hence, the attacker first has to bypass the randomization, to conduct the attack using an adjusted payload in a second step. Recently, researchers demonstrated that attackers can exploit unprivileged instructions to collect timing information through side channels in the paging subsystem of the processor. This can be exploited to reveal the randomization secret, even in the absence of any information-disclosure vulnerabilities in the software.

HA2lloc: Hardware-Assisted Secure Allocator

With ever-increasing complexity of software systems, the number of reported security issues increases as well. Among them, memory corruption attacks are a prevalent vector used against todays software stacks. These attacks are repeatedly leveraged to compromise common application software, such as web browsers or document viewers. However, previous work to mitigate memory corruption attacks either suffer from high overhead or can be bypassed by a knowledgeable attacker. In this work, we introduce HA2lloc, a hardware-assisted allocator that is capable of leveraging an extended memory management unit to detect memory errors in the heap. We also perform some preliminary testing using HA2lloc in a simulation environment and find that the approach is capable of detecting and preventing common memory vulnerabilities.

Voting system design pitfalls: Vulnerability analysis and exploitation of a model platform

Homomorphic encryption may be seen as a substantial potential boon to voting systems. If properly used, it allows provably anonymous elections to take place. However, when poorly constructed, using weak cryptographic primitives results in highly vulnerable systems that are prone to attacks. This paper details one attack done against a model of an election system as part of a security competition, where a hardware Trojan has weakened its security. We designed a proof of concept exploit and implemented it on an FPGA, demonstrating weaknesses in the system regardless of the existence of this Trojan.