research-article

Vulnerability-tolerant secure architectures

Authors:

Valeria Bertacco,

Mohit TiwariAuthors Info & Claims

ICCAD '18: Proceedings of the International Conference on Computer-Aided Design

Article No.: 46, Pages 1 - 5

https://doi.org/10.1145/3240765.3273057

Published: 05 November 2018 Publication History

Abstract

Today, secure systems are built by identifying potential vulnerabilities and then adding protections to thwart the associated attacks. Unfortunately, the complexity of today's systems makes it impossible to prove that all attacks are stopped, so clever attackers find a way around even the most carefully designed protections. In this article, we take a sobering look at the state of secure system design, and ask ourselves why the "security arms race" never ends? The answer lies in our inability to develop adequate security verification technologies. We then examine an advanced defensive system in nature - the human immune system - and we discover that it does not remove vulnerabilities, rather it adds offensive measures to protect the body when its vulnerabilities are penetrated We close the article with brief speculation on how the human immune system could inspire more capable secure system designs.

References

[1]

C. Hawblitzel, J. Howell, M. Kapritsos, J. Lorch, B. Parno, M. L. Roberts, S. Setty, and B. Zill, "Ironfleet: Proving practical distributed systems correct," in SOSP'15, October 2015.

Digital Library

[2]

B. Bond, C. Hawblitzel, M. Kapritsos, K. R. M. Leino, J. R. Lorch, B. Parno, A. Rane, S. Setty, and L. Thompson, "Vale: Verifying high-performance cryptographic assembly code," in USENIX Sec'17, 2017.

Digital Library

[3]

T. Ball and S. K. Rajamani, "The SLAM project Debugging system software via static analysis," SIGPLAN Not., vol. 37, Jan. 2002.

Digital Library

[4]

P. Deligiannis, A. F. Donaldson, and Z. Rakamaric, "Fast and precise symbolic analysis of concurrency bugs in device drivers," in 30th IEEE/ACM Int'l Conf. on Automated Software Engineering, 2015.

[5]

J. Hansson, S. Helton, and P. Feiler, "ROI analysis of the system architecture virtual integration initiative," Tech. Rep. CMU/SEI-2018-TR-002, Carnegie Mellon University, 2018.

[6]

R. Saracco, "Guess what requires 150 million lines of code..." IEEE Future Directions Tech Blog, 2016. http://sites.ieee.org/futuredirections/2016/01/13/guess-what-requires-150-million-lines-of-code/.

[7]

Y. S. Shao, B. Reagen, G. Wei, and D. Brooks, "The Aladdin approach to accelerator design and modeling," IEEE Micro, vol. 35, May 2015.

[8]

B. Bentley, "Validating a modern microprocessor," Computer Aided Verification, 2005.

Digital Library

[9]

S. Tasiran and K. Keutzer, "Coverage metrics for functional validation of hardware designs," IEEE Design and Test, vol. 18, July 2001.

Digital Library

[10]

I. Wagner and V. Bertacco, "Engineering trust with semantic guardians," in 2007 Design, Automation Test in Europe, April 2007.

Digital Library

[11]

E. Schnarr and J. R. Larus, "Fast out-of-order processor simulation using memoization," in Int'l Conf. on Architectural Support for Programming Languages and Operating Systems, ASPLOS VIII, 1998.

Digital Library

[12]

W. Arthur, B. Mammo, R. Rodriguez, T. Austin, and V. Bertacco, "Schnauzer: Scalable profiling for likely security bug sites," in Int'l Symp. on Code Generation and Optimization (CGO), Feb 2013.

Digital Library

[13]

P. Godefroid, M. Y. Levin, and D. Molnar, "SAGE: Whitebox fuzzing for security testing," Queue, vol. 10, pp. 20:20--20:27, Jan. 2012.

Digital Library

[14]

M. Fenton, "Restoring executive confidence: Red team operations," Network Security, Nov 2005.

[15]

"Secure and trustworthy cyberspace (SaTC)." https://www.naf.gov/funding/pgm_summ.jsp?pims_id=504709.

[16]

H. Hata, M. Guo, and M, A. Babar, "Understanding the heterogeneity of contributors in bug bounty programs," in Int'l Symp. on Empirical Software Engineering and Measurement, ESEM '17, 2017.

Digital Library

[17]

"Vulnerability metrics." https://nvd.nist.gov/vuln-metrics.

[18]

"Expanding Intel's bug bounty program: New side channel program, increased awards." https://newsroom.intel.com/news/expanding-intels-bug-bounty-program/, Feb. 2018.

[19]

"T cell." https://en.wikipedia.org/wiki/T_cell.

[20]

S. Jajodia, A. K. Ghosh, V. Swarup, C. Wang, and X. S. Wang, Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer Publishing, 2011.

Digital Library

[21]

Apple Corp., "Undefined Behavior Sanitizer." https://developer.apple.com/documentation/code_diagnostics/undefined_behavior_sanitizer.

[22]

PaX Team, "PaX address space layout randomization (ASLR)." http://pax.grsecurity.net/docs/aslr.txt, 2003.

[23]

B. Gras, K. Razavi, E. Bosman, H. Bos, and C. Giuffrida, "ASLR on the Line: Practical Cache Attacks on the MMU," in NDSS, Feb. 2017.

[24]

H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh, "On the Effectiveness of Address-space Randomization," in Conf. on Computer and Communications Security, CCS '04, 2004.

Digital Library

[25]

A. Bittau, A. Belay, A. Mashtizadeh, D. Mazières, and D. Boneh, "Hacking Blind," in IEEE Symp. on Security and Privacy, SP' 14, 2014.

Digital Library

[26]

R. Gawlik, B. Kollenda, P. Koppe, B. Gannany, and T. Holz, "Enabling client-side crash-resistance to overcome diversification and information hiding," in NDSS, 2016.

[27]

E. Bosman, K. Razavi, H. Bos, and C. Giuffrida, "Dedup est machina: Memory deduplication as an advanced exploitation vector," in IEEE Symp. on Security and Privacy (SP), May 2016.

[28]

D. Evtyushkin, D. Ponomarev, and N. Abu-Ghazaleh, "Jump over ASLR: Attacking branch predictors to bypass ASLR," in Int'l Symp. on Microarchitecture (MICRO), Oct 2016.

Digital Library

Cited By

Flikkema PPalmer JYalcin TCambou B(2020)Dynamic Computational Diversity with Multi-Radix Logic and Memory2020 IEEE High Performance Extreme Computing Conference (HPEC)10.1109/HPEC43674.2020.9286255(1-6)Online publication date: 22-Sep-2020
https://doi.org/10.1109/HPEC43674.2020.9286255

Recommendations

A security vulnerability analysis of SoCFPGA architectures
DAC '18: Proceedings of the 55th Annual Design Automation Conference

SoCFPGAs or FPGAs integrated on the same die with chip multi processors have made it to the market in the past years. In this article we analyse various security loopholes, existing precautions and countermeasures in these architectures. We consider ...
A Security Vulnerability Analysis of SoCFPGA Architectures
2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC)
SoCFPGAs or FPGAs integrated on the same die with chip multi processors have made it to the market in the past years. In this article we analyse various security loopholes, existing precautions and countermeasures in these architectures. We consider Intel ...
Side-channel vulnerability factor: a metric for measuring information leakage
ISCA '12

There have been many attacks that exploit side-effects of program execution to expose secret information and many proposed countermeasures to protect against these attacks. However there is currently no systematic, holistic methodology for understanding ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICCAD '18: Proceedings of the International Conference on Computer-Aided Design

November 2018

1020 pages

ISBN:9781450359504

DOI:10.1145/3240765

General Chair:
Iris Bahar
Brown Univ. School of Engineering, Providence, RI

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

IEEE-EDS: Electronic Devices Society
IEEE CAS
IEEE CEDA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 November 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

ICCAD '18

Sponsor:

IEEE-EDS

ICCAD '18: IEEE/ACM INTERNATIONAL CONFERENCE ON COMPUTER-AIDED DESIGN

November 5 - 8, 2018

California, San Diego

Acceptance Rates

Overall Acceptance Rate 457 of 1,762 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
209
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Flikkema PPalmer JYalcin TCambou B(2020)Dynamic Computational Diversity with Multi-Radix Logic and Memory2020 IEEE High Performance Extreme Computing Conference (HPEC)10.1109/HPEC43674.2020.9286255(1-6)Online publication date: 22-Sep-2020
https://doi.org/10.1109/HPEC43674.2020.9286255

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents