Hardware-Based Tagging: Building in Security from the Ground Up
Presented as part of the 2014 HCSS conference.
Abstract:
This talk provides an overview of hardware-based security tagging architectures (STA) and the use of these a building blocks for secure computing. This talk is based on a recently completed AFRL-funded study into the use of STAs, specifically on the benefits and limitations of this technology beyond the lab. We will expand on the following
STAs are known as promising mechanisms for enhancing the security of computer systems. A review of the literature demonstrates that the advantages of using security tagging schemes are quite clear. Security tagging was first designed and implemented to protect against a few low-level attacks, such as buffer overflow and format string attacks. Recently, security tagging schemes have been introduced that claim to support prevention of high-level attacks, which can include SQL injection and cross-site scripting. Tags are also implemented in some architecture to support memory access control. In this talk we will provide a brief overview of the existing approaches.
STAs can be used to detect type mismatches in memory access, control flow operations and machine code operations. The assignment of types to memory addresses and registers must be under the control of software. Therefore additional software, in the operating system or even at the middleware and application level, is needed to set the tags, and interpret errors generated by the hardware. This software will be more complex than traditional operating system memory protection software and will therefore require increased verification and validation. In this talk we will discuss the ramifications of this complexity to the design, implementations and verification of security solutions that utilize STAs.
STA hardware provides continual checks for type mismatches, relieving software of that burden, and providing greater confidence in the correct behavior of the system. However, care must be taken to not assume more functionality in the STA hardware than really exists, such as that found in some of the literature. Additional work is needed to understand the tradeoffs between STA supported security features and software-only based security features. This talk will provide examples of these misplaced assumptions and what additional work is needed.
In addition, in order to provide strong assurance of run-time enforceable security policies we contend that all executable hardware of the system (Direct Memory Access (DMA) controllers, co-processors, network cards, etc.) will have to conform to STA principles, or will have to be isolated by STA hardware; a future area of research. This talk, given time, will discuss these concerns as well.
Presenter Bio:
Jim Alves-Foss is a professor in the Department of Computer Science at University of Idaho, where he is the director of the University of Idaho's Center for Secure and Dependable Systems. His main research interests are in the design and analysis of secure distributed systems, with a focus on formal methods and software engineering. Alves-Foss received a PhD in Computer Science from the University of California, Davis (UCD). He is a senior member of the IEEE and ACM.