Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

9
7 2
Reset filters

Settings
Now showing 1 - 9 of 9
  • Publication
    CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in C/C++
    ( 2023)
    Hohentanner, Konrad
    ;
    Zieris, Philipp
    ;
    Horsch, Julian
    Memory safety bugs remain in the top ranks of security vulnerabilities, even after decades of research on their detection and prevention. Various mitigations have been proposed for C/C++, ranging from language dialects to instrumentation. Among these, compiler-based instrumentation is particularly promising, not requiring manual code modifications and being able to achieve precise memory safety. Unfortunately, existing compiler-based solutions compromise in many areas, including performance but also usability and memory safety guarantees. New developments in hardware can help improve performance and security of compiler-based memory safety. ARM Pointer Authentication, added in the ARMv8.3 architecture, is intended to enable hardware-assisted Control Flow Integrity (CFI). But since its operations are generic, it also enables other, more comprehensive hardware-supported runtime integrity approaches. As such, we propose CryptSan, a memory safety approach based on ARM Pointer Authentication. CryptSan uses pointer signatures to retrofit memory safety to C/C++ programs, protecting heap, stack, and globals against temporal and spatial vulnerabilities. We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro, i.e., on actual ARMv8.3 hardware. Our prototype evaluation shows that the system outperforms similar approaches under real-world conditions. This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.
  • Publication
    Compiler-based Attack Origin Tracking with Dynamic Taint Analysis
    ( 2022)
    Braunsdorf, Oliver
    ;
    Sessinghaus, Stefan
    ;
    Horsch, Julian
    Over the last decade, many exploit mitigations based on Control Flow Integrity (CFI) have been developed to secure programs from being hijacked by attackers. However, most of them only abort the protected application after attack detection, producing no further information for attack analysis. Solely restarting the application leaves it open for repeated attack attempts. We propose Resilient CFI, a compiler-based CFI approach that utilizes dynamic taint analysis to detect code pointer overwrites and trace attacks back to their origin. Gained insights can be used to identify attackers and exclude them from further communication with the application. We implemented our approach as extension to LLVM’s Dataflow Sanitizer, an actively maintained data-flow tracking engine. Our results show that control-flow hijacking attempts can be reliably detected. Compared to previous approaches based on Dynamic Binary Instrumentation, our compiler-based static instrumentation introduces less run-time overhead: on average 3.52x for SPEC CPU2017 benchmarks and 1.56x for the real-world web server NginX.
  • Publication
    SEVered: Subverting AMD's virtual machine encryption
    ( 2018)
    Morbitzer, Mathias
    ;
    Huber, Manuel
    ;
    Horsch, Julian
    ;
    Wessel, Sascha
    AMD SEV is a hardware feature designed for the secure encryption of virtual machines. SEV aims to protect virtual machine memory not only from other malicious guests and physical attackers, but also from a possibly malicious hypervisor. This relieves cloud and virtual server customers from fully trusting their server providers and the hypervisors they are using. We present the design and implementation of SEVered, an attack from a malicious hypervisor capable of extracting the full contents of main memory in plaintext from SEV-encrypted virtual machines. SEVered neither requires physical access nor colluding virtual machines, but only relies on a remote communication service, such as a web server, running in the targeted virtual machine. We verify the effectiveness of SEVered on a recent A MD SEV-enabled server platform running different services, such as web or SSH servers, in encrypted virtual machines. With these examples, we demonstrate that SEVered reliably and efficiently extracts all memory contents even in scenarios where the targeted virtual machine is under high load.
  • Publication
    A leak-resilient dual stack scheme for backward-edge control-flow integrity
    ( 2018)
    Zieris, Philipp
    ;
    Horsch, Julian
    Manipulations of return addresses on the stack are the basis for a variety of attacks on programs written in memory unsafe languages. Dual stack schemes for protecting return addresses promise an efficient and effective defense against such attacks. By introducing a second, safe stack to separate return addresses from potentially unsafe stack objects, they prevent attacks that, for example, maliciously modify a return address by overflowing a buffer. However, the security of dual stacks is based on the concealment of the safe stack in memory. Unfortunately, all current dual stack schemes are vulnerable to information disclosure attacks that are able to reveal the safe stack location, and therefore effectively break their promised security properties. In this paper, we present a new, leak-resilient dual stack scheme capable of withstanding sophisticated information disclosure attacks. We carefully study previous dual stack schemes and systematically develop a novel design for stack separation that eliminates flaws leading to the disclosure of safe stacks. We show the feasibility and practicality of our approach by presenting a full integration into the LLVM compiler framework with support for the x86-64 and ARM64 architectures. With an average of 2.7% on x86-64 and 0.0% on ARM64, the performance overhead of our implementation is negligible.
  • Publication
    TransCrypt: Transparent main memory encryption using a minimal ARM hypervisor
    ( 2017)
    Horsch, Julian
    ;
    Huber, Manuel
    ;
    Wessel, Sascha
    Attacks on memory, revealing secrets, for example, via DMA or cold boot, are a long known problem. In this paper, we present TransCrypt, a concept for transparent and guest-agnostic, dynamic kernel and user main memory encryption using a custom minimal hypervisor. The concept utilizes the address translation features provided by hardware-based virtualization support of modern CPUs to restrict the guest to a small working set of recently accessed physical pages. The rest of the pages, which constitute the majority of memory, remain securely encrypted. Furthermore, we present a transparent and guest-agnostic mechanism for recognizing pages to be excluded from encryption to still ensure correct system functionality, for example, for pages shared with peripheral devices. The detailed evaluation using our fully functional prototype on an ARM Cortex-A15 development board running Android shows that TransCrypt is able to effectively protect secrets in memory while keeping the p erformance impact small. For example, the system is able to keep the E-mail account password of a typical user in the Android mail app's memory encrypted 98.99% of the time, while still reaching 81.7% and 99.8% of native performance in different benchmarks.
  • Publication
    CoKey: Fast token-based cooperative cryptography
    ( 2016)
    Horsch, Julian
    ;
    Wessel, Sascha
    ;
    Eckert, Claudia
    Keys for symmetric cryptography are usually stored in RAM and therefore susceptible to various attacks, ranging from simple buffer overflows to leaks via cold boot, DMA or side channels. A common approach to mitigate such attacks is to move the keys to an external cryptographic token. For low-throughput applications like asymmetric signature generation, the performance of these tokens is sufficient. For symmetric, data-intensive use cases, like disk encryption on behalf of the host, the connecting interface to the token often is a serious bottleneck. In order to overcome this problem, we present CoKey, a novel concept for partially moving symmetric cryptography out of the host into a trusted detachable token. CoKey combines keys from both entities and securely encrypts initialization vectors on the token which are then used in the cryptographic operations on the host. This forces host and token to cooperate during the whole encryption and decryption process. Our concept strongly and efficiently binds encrypted data on the host to the specific token used for their encryption, while still allowing for fast operation. We implemented the concept using Linux hosts and the USB armory, a USB thumb drive sized ARM computer, as detachable crypto token. Our detailed performance evaluation shows that our prototype is easily fast enough even for data-intensive and performance-critical use cases like full disk encryption, thus effectively improving security for symmetric cryptography in a usable way.
  • Publication
    Transparent page-based kernel and user space execution tracing from a custom minimal ARM hypervisor
    ( 2015)
    Horsch, Julian
    ;
    Wessel, Sascha
    In this paper, we present a framework for transparent kernel and user execution tracing from a minimal ARM hypervisor. The framework utilizes hardware-supported virtualization on modern ARM CPUs to restrict the number of executable pages in the system without interfering with the traced guest. The resulting page faults give the framework access to page-granular control flow information. The framework is transparent and agnostic to kernel and user space software not requiring any changes or additional components in the traced guest. The application scenarios for the framework include malware analysis, malware detection and runtime integrity protection. We furthermore present a detailed example application for the framework which uses the provided trace data to enforce a particular page-granular control flow to defend the guest against control flow hijacking attacks like return-oriented programming. The detailed performance analysis of our prototype implementation running on a Cortex-A15 development board with Android shows that the framework and the example application perform well even in adverse benchmarking scenarios. Therefore, the framework not only can be useful for realizing virtualization-based security mechanisms known and researched on x86 platforms for ARM, but also shows that the very lightweight ARM hardware virtualization support allows for new mechanisms relying on very frequent interaction with the hypervisor.
  • Publication
    TrustID: Trustworthy identities for untrusted mobile devices
    ( 2014)
    Horsch, Julian
    ;
    Böttinger, Konstantin
    ;
    Weiß, Michael
    ;
    Wessel, Sascha
    ;
    Stumpf, Frederic
    Identity theft has deep impacts in today's mobile ubiquitous environments. At the same time, digital identities are usually still protected by simple passwords or other insuficient security mechanisms. In this paper, we present the TrustID architecture and protocols to improve this situation. Our architecture utilizes a Secure Element (SE) to store multiple context-specific identities securely in a mobile device, e.g., a smartphone. We introduce protocols for securely deriving identities from a strong root identity into the SE inside the smartphone as well as for using the newly derived IDs. Both protocols do not require a trustworthy smartphone operating system or a Trusted Execution Environment. In order to achieve this, our concept includes a secure combined PIN entry mechanism for user authentication, which prevents attacks even on a malicious device. To show the feasibility of our approach, we implemented a prototype running on a Samsung Galaxy SIII smartphone utilizing a microSD card SE. The German identity card nPA is used as root identity to derive context-specific identities.
  • Publication
    SobTra - A software-based trust anchor for ARM cortex application processors
    ( 2014)
    Horsch, Julian
    ;
    Wessel, Sascha
    ;
    Stumpf, Frederic
    ;
    Eckert, Claudia
    In this paper, we present SobTrA, a Software-based Trust Anchor for ARM Cortex-A processors to protect systems against software-based attacks. SobTrA enables the implementation of a software-based secure boot controlled by a third party independent from the manufacturer. Compared to hardware-based trust anchors, our concept provides some other advantages like being updateable and also usable on legacy hardware. The presented software-based trust anchor involves a trusted third party device, the verifier, locally connected to the untrusted device, e.g., via the microSD card slot of a smartphone. The verifier is verifying the integrity of the untrusted device by making sure that a piece of code is executed untampered on it using a timing-based approach. This code can then act as an anchor for a chain of trust similar to a hardware-based secure boot. Tests on our prototype showed that tampered and untampered execution of SobTrA can be clearly and reliably distinguished.