Advertisement

Provably-Secure Remote Memory Attestation for Heap Overflow Protection

  • Alexandra BoldyrevaEmail author
  • Taesoo Kim
  • Richard Lipton
  • Bogdan Warinschi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9841)

Abstract

Memory corruption attacks may lead to complete takeover of systems. There are numerous works offering protection mechanisms for this important problem. But the security guarantees that are offered by most works are only heuristic and, furthermore, most solutions are designed for protecting the local memory. In this paper we initiate the study of provably secure remote memory attestation; we concentrate on provably detecting heap-based overflow attacks and consider the setting where we aim to protect the memory in a remote system. We present two protocols offering various efficiency and security trade-offs (but all solutions are efficient enough for practical use as our implementation shows) that detect the presence of injected malicious code or data in remotely-stored heap memory. While our solutions offer protection only against a specific class of attacks, our novel formalization of threat models is general enough to cover a wide range of attacks and settings.

Keywords

Secret Sharing Random Oracle Security Model Secret Sharing Scheme Message Authentication Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

The first author was supported in part by the NSF award CNS-1422794. The fourth author was supported in part by European Union Seventh Framework Programme (FP7/2007–2013) grant agreement 609611 (PRACTICE). We thank Sangmin Lee for great help with implementations. We thank Tom Conte and Milos Prvulovic for useful discussions and Rafail Ostrovsky and Vassilis Zikas for clarifications on [26].

References

  1. 1.
    Abdalla, M., Benhamouda, F., Pointcheval, D.: Public-key encryption indistinguishable under plaintext-checkable attacks. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 332–352. Springer, Heidelberg (2015)Google Scholar
  2. 2.
    One, A.: Smashing the stack for fun and profit. Phrack 7(49), 14–16 (1996)Google Scholar
  3. 3.
    Armknecht, F., Sadeghi, A.-R., Schulz, S., Wachsmann, C.: A security framework for the analysis and design of software attestation. In: Proceedings of 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1–12. ACM (2013)Google Scholar
  4. 4.
    Barnett, R.: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235). https://www.trustwave.com/Resources/SpiderLabs-Blog/GHOST-gethostbyname()-heap-overflow-in-glibc-(CVE-2015-0235)
  5. 5.
    Bellare, M., Cash, D., Miller, R.: Cryptography secure against related-key attacks and tampering. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 486–503. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491–506. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Paterson, K.G., Thomson, S.: RKA security beyond the linear barrier: IBE, encryption and signatures. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 331–348. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  8. 8.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM (1993)Google Scholar
  9. 9.
    Berger, E.D.: HeapShield: library-based heap overflow protection for free. University of Massachusetts Amherst, TR 06–28 (2006)Google Scholar
  10. 10.
    Bhattacharyya, R., Roy, A.: Secure message authentication against related-key attack. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 305–324. Springer, Heidelberg (2014)Google Scholar
  11. 11.
    Boldyreva, A., Kim, T., Lipton, R., Warinschi, B.: Provably-secure remote memory attestation to prevent heap overflow attacks. Cryptology ePrint Archive, Report 2015/729 (2015). Full version of this paper http://eprint.iacr.org/2015/729
  12. 12.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM (JACM) 51(4), 557–594 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: Proceedings of 16th ACM Conference on Computer and Communications Security, CCS 2009 (2009)Google Scholar
  14. 14.
    Cowan, C., Pu, C., Maier, D., Hintony, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of 7th Conference on USENIX Security Symposium, SSYM 1998, vol. 7 (1998)Google Scholar
  15. 15.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    Duflot, L., Perez, Y.-A., Morin, B.: What if you can’t trust your network card? In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 378–397. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Etoh, H.: GCC extension for protecting applications from stack-smashing attacks (ProPolice) (2003). http://www.trl.ibm.com/projects/security/ssp/
  18. 18.
    Francillon, A., Nguyen, Q., Rasmussen, K.B., Tsudik, G.: A minimalist approach to remote attestation. In: Design, Automation and Test in Europe Conference and Exhibition, DATE 2014, pp. 1–6 (2014)Google Scholar
  19. 19.
    Frantzen, M., Shuey, M.: StackGhost: hardware facilitated stack protection. In: Proceedings of 10th Usenix Security Symposium, pp. 55–66 (2001)Google Scholar
  20. 20.
    Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)Google Scholar
  21. 21.
    Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., Del Cuvillo, J.: Using innovative instructions to create trustworthy software solutions. In: Proceedings of 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP) (2013)Google Scholar
  22. 22.
    Jakobsson, M., Johansson, K.-A.: Practical and secure software-based attestation. In: 2011 Workshop on Lightweight Security and Privacy: Devices, Protocols and Applications (LightSec), pp. 1–9. IEEE (2011)Google Scholar
  23. 23.
    Kovah, X., Kallenberg, C., Weathers, C., Herzog, A., Albin, M., Butterworth, J.: New results for timing-based attestation. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 239–253. IEEE (2012)Google Scholar
  24. 24.
    Li, Y., McCune, J.M., Perrig, A.: SBAP: software-based attestation for peripherals. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 16–29. Springer, Heidelberg (2010)Google Scholar
  25. 25.
    Li, Y., McCune, J.M., Perrig, A.: Viper: verifying the integrity of peripherals’ firmware. In: Proceedings of 18th ACM Conference on Computer and Communications Security, pp. 3–16. ACM (2011)Google Scholar
  26. 26.
    Lipton, R.J., Ostrovsky, R., Zikas, V.: Provable virus detection: using the uncertainty principle to protect against Malware. Cryptology ePrint Archive, Report 2015/728 (2015). http://eprint.iacr.org/
  27. 27.
    Lu, K., Song, C., Lee, B., Chung, S.P., Kim, T., Lee, W.: ASLR-guard: stopping address space leakage for code reuse attacks. In: Proceedings of 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 (2015)Google Scholar
  28. 28.
    McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: Trustvisor: efficient TCB reduction and attestation. In: Proceedings of 2010 IEEE Symposium on Security and Privacy, SP 2010, pp. 143–158 (2010)Google Scholar
  29. 29.
    McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: Proceedings of 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, Eurosys 2008 (2008)Google Scholar
  30. 30.
    McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., Shanbhogue, V., Savagaonkar, U.R.: Innovative instructions and software model for isolated execution. In: Proceedings of 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP) (2013)Google Scholar
  31. 31.
    Nikiforakis, N., Piessens, F., Joosen, W.: HeapSentry: kernel-assisted protection against heap overflows. In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol. 7967, pp. 177–196. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  32. 32.
    Okamoto, T., Pointcheval, D.: REACT: rapid enhanced-security asymmetric cryptosystem transform. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 159–175. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  33. 33.
    Robertson, W., Kruegel, C., Mutz, D., Valeur, F.: Run-time detection of heap-based overflows. In: Proceedings of 17th USENIX Conference on System Administration, LISA 2003 (2003)Google Scholar
  34. 34.
    Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. In: Proceedings of 2012 USENIX Conference on Annual Technical Conference, USENIX ATC 2012 (2012)Google Scholar
  35. 35.
    Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: Proceedings of 20th ACM Symposium on Operating Systems Principles, SOSP 2005 (2005)Google Scholar
  36. 36.
    Seshadri, A., Perrig, A., Van Doorn, L., Khosla, P.: SWATT: software-based attestation for embedded devices. In: 2004 IEEE Symposium on Security and Privacy, Proceedings, pp. 272–282. IEEE (2004)Google Scholar
  37. 37.
    Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of 11th ACM Conference on Computer and Communications Security, CCS 2004 (2004)Google Scholar
  38. 38.
    Wee, H.: Public key encryption against related key attacks. In: Public Key Cryptography - PKC 2012–15th International Conference on Practice and Theory in Public Key Cryptography Proceedings, pp. 262–279 (2012)Google Scholar
  39. 39.
    Younan, Y., Joosen, W., Piessens, F.: Efficient protection against heap-based buffer overflows without resorting to magic. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 379–398. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Alexandra Boldyreva
    • 1
    Email author
  • Taesoo Kim
    • 1
  • Richard Lipton
    • 1
  • Bogdan Warinschi
    • 2
  1. 1.Georgia Institute of TechnologyAtlantaUSA
  2. 2.University of BristolBristolUK

Personalised recommendations