Dissertation/Thesis Abstract

Authenticating executions for trusted systems
by Aktas, Erdem, Ph.D., State University of New York at Binghamton, 2013, 215; 3596989
Abstract (Summary)

Constructing trustworthy computer systems requires validating that every executed piece of code is genuine and that the programs do exactly what they are supposed to do. However, pre-execution code integrity validations can fail to detect run-time compromises, such as code injection, return and jump-oriented programming, and illegal linking of code to compromised library functions. In this dissertation, we propose and investigate three distinct mechanisms for authenticating code execution at run-time. The common goal of these techniques is to detect run-time compromises, irrespective of the specific type of attack that may have been carried out. Thus, these solutions are universal and are in sharp contrast to piecemeal solutions that have been proposed to detect specific types of attacks that compromise execution.

Our first technique does not rely on specialized hardware support within the platform and uses a challenge-response mechanism to verify the signature of the execution program running on a remote host. The execution signature at randomly chosen points in the code is verified against a reference. This technique is limited in its use of run time modifications of the binary and has a high execution overhead. Our next technique attempts to avoid these limitations by performing run-time authentication of control flow by using existing hardware support in contemporary CPUs for branch tracing, a mechanism that was originally added to support debugging. As the program executes, its trace of taken branches, as logged by the tracing hardware is verified against a reference control flow graph, that has edges corresponding to control flow paths, by a separated and trusted control thread. The execution overhead for full authentication of the control flow path is considerable. However, used judiciously, this mechanism can authenticate the full control flow path in critical functions, such as frequent systems calls, with a reasonably low execution overhead, as low as 20% of 30%. This technique does not require any modification of the binaries, so reentrancy is ensured.

The final mechanism for execution recognizes and addresses the need for full execution authentication with a low overhead, where both code integrity and control flow integrity are simultaneously validated. This mechanism, called REV (Run-time Execution Validator) can be retrofitted into an existing out-of-order CPU pipeline. Prior to presenting REV, we also formulate the ideal requirements of a mechanism for authenticating execution and use it later to see if REV meets these requirements. REV not only authenticates the control flow path and instructions along the instructions along the execution path but it also prevents the results of compromised executions from propagating to memory. REV offers a scalable solution that handles multiple execution modules, irrespective of their sizes and does not require any binary modification, nor access to the source code. The assessment of REV using a cycle-accurate simulator shows that execution overhead is limited to an average of less than 2% on the SPEC benchmarks. REV thus meets all of the requirements of an ideal mechanism for authenticating code and control flow integrity at run-time.

Indexing (document details)
Advisor: Ghose, Kanad
Commitee: Fowler, Mark, Madden, Patrick, Yang, Ping
School: State University of New York at Binghamton
Department: Computer Science
School Location: United States -- New York
Source: DAI-B 75/01(E), Dissertation Abstracts International
Subjects: Computer science
Keywords: Code integrity, Computer security, Control flow integrity, Execution authentication, Execution verification, Trusted systems
Publication Number: 3596989
ISBN: 9781303444418
Copyright © 2019 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy