Global ETD Search

1	Protecting Functional Programs From Low-Level Attackers Larmuseau, Adriaan January 2016 (has links) Software systems are growing ever larger. Early software systems were singular units developed by small teams of programmers writing in the same programming language. Modern software systems, on the other hand, consist of numerous interoperating components written by different teams and in different programming languages. While this more modular and diversified approach to software development has enabled us to build ever larger and more complex software systems, it has, however, made it harder to ensure the reliability and security of software systems. In this thesis we study and remedy the security flaws that arise when attempting to resolve the difference in abstractions between components written in high-level functional programming languages and components written in imperative low-level programming languages. High-level functional programming languages, treat computation as the evaluation of mathematical functions. Low-level imperative programming languages, on the contrary, provide programmers with features that enable them to directly interact with the underlying hardware. While these features help programmers write more efficient software, they also make it easy to write malware through techniques such as buffer overflows and return oriented programming. Concretely, we develop new run-time approaches for protecting components written in functional programming languages from malicious components written in low-level programming languages by making using of an emerging memory isolation mechanism.This memory isolation mechanism is called the Protected Module Architecture (PMA). Informally, PMA isolates the code and data that reside within a certain area of memory by restricting access to that area based on the location of the program counter. We develop these run-time protection techniques that make use of PMA for three important areas where components written in functional programming languages are threatened by malicious low-level components: foreign function interfaces, abstract machines and compilation. In everyone of these three areas, we formally prove that our run-time protection techniques are indeed secure. In addtion to that we also provide implementations of our ideas through a fully functional compiler and a well-performing abstract machine. Security Functional Programming Compilation Interoperation Bisimulation Memory Protection
2	Implementing Memory Protection in a Minimal OS Fagrell, Per, Eklycke, Richard January 2009 (has links) <p>The car industry has created a series of standards called AutoSAR as a response to the increasing number of processors in modern vehicles. Among these specifications is one for real-time operating systems (RTOS). This RTOS standard includes requirements for memory protection. This thesis outlines the work involved in introducing the memory protection outlined in this specification in the OSEck operating system. The work consisted of updating the operating system, implementing the AutoSAR OS API, and updating the suite of toolsused to build the finished system.The AutoSAR specifications were found to be very thorough and well thoughtout. The OS API was successfully implemented, and the data-structures needed to permit its functionality. The existing software tools were updated to conformwith the new requirements from AutoSAR, and additional software was createdto ease the configuration process.Memory protection was successfully implemented in the OSEck operating system, including two implementations of the trap interface. The memory protection functionality adds yet another layer of user-configuration to the operating system. Also, additional overhead for system calls, context switches and message passing is expected. A general evaluation of how OSEck application performance is aff ected is beyond the scope of this thesis, but preliminary studies of additional instruction counts on certain system calls have been performed.</p> MMU AUTOSAR OSEK MEMORY PROTECTION EMBEDDED Computer science Datavetenskap
3	Implementing Memory Protection in a Minimal OS Fagrell, Per, Eklycke, Richard January 2009 (has links) The car industry has created a series of standards called AutoSAR as a response to the increasing number of processors in modern vehicles. Among these specifications is one for real-time operating systems (RTOS). This RTOS standard includes requirements for memory protection. This thesis outlines the work involved in introducing the memory protection outlined in this specification in the OSEck operating system. The work consisted of updating the operating system, implementing the AutoSAR OS API, and updating the suite of toolsused to build the finished system.The AutoSAR specifications were found to be very thorough and well thoughtout. The OS API was successfully implemented, and the data-structures needed to permit its functionality. The existing software tools were updated to conformwith the new requirements from AutoSAR, and additional software was createdto ease the configuration process.Memory protection was successfully implemented in the OSEck operating system, including two implementations of the trap interface. The memory protection functionality adds yet another layer of user-configuration to the operating system. Also, additional overhead for system calls, context switches and message passing is expected. A general evaluation of how OSEck application performance is aff ected is beyond the scope of this thesis, but preliminary studies of additional instruction counts on certain system calls have been performed. MMU AUTOSAR OSEK MEMORY PROTECTION EMBEDDED Computer Sciences Datavetenskap (datalogi)
4	Impact of Increased Cache Misses on Runtime Performance of MPX-enabled Programs Sharma, Niti 10 June 2019 (has links) Low level languages like C and C++ provide high performance and direct control over memory management. But these languages are prone to memory safety violations. Intel introduced a new ISA extension-Memory Protection Extension(MPX), a hardware-assisted full-stack solution, to protect against the memory safety violations. While MPX efficiently prevents memory errors like buffer overflows and out of bound memory accesses, it comes at the cost of high performance overheads. Also, the cache locality worsens in MPX protected applications. In our research, we analyze if there is a correlation between increase in cache misses and runtime degradation in programs compiled with MPX support. We analyze 15 SPEC CPU benchmark programs for different input sizes on Windows platform, compiled with Intel's ICC compiler. We find that for input sizes train(medium) and ref(large), the average performance overheads are 140% and 144% respectively. We find that 5 out of 15 benchmarks do not have any runtime overheads and also, do not have any change in cache misses at any level. However for rest of the 10 benchmarks, we find a strong correlation between runtime overheads and cache misses overheads, with the correlation coefficients ranging from 0.8 to 0.36 for different input sizes. Based on our findings, we conclude that there is a direct correlation between runtime overheads and increase in cache misses. We also find that instructions overheads and runtime overheads have a positive correlation, with the coefficient values ranging from 0.7 to 0.33 for different input sizes. / Master of Science / Low level programming languages like C and C++ are primary choices to write low-level systems software such as operating systems, virtual machines, embedded software, and performance-critical applications. But these languages are considered as unsafe and prone to memory safety errors. Intel introduced a new technique- Memory Protection Extensions (MPX) to protect against these memory errors. But prior research found that applications supported with MPX have increased runtimes (slowdowns). In our research, we analyze these slowdowns for different input sizes(medium and large) in 15 benchmark applications. Based on the input sizes, the average slowdowns range from 140% to 144%. We then examine if there is a correlation between increase in cache misses under MPX and the slowdowns. A hardware cache is a component that stores data so that future requests for that data can be served faster. Hence, cache miss is a state where the data requested for processing by a component or application is not found in the cache. Whenever a cache miss happen, the processor waits for the data to be fetched from the next cache level or from main memory before it can continue to execute. This wait influences the runtime performance of the application. Our evaluations find that 10 out of 15 applications which have increased runtimes, also have increase in cache misses. This shows a positive correlation between these two parameters. Along with that, we also found that increase in instruction size in MPX protected applications also has a direct correlation with the runtime degradation. We also quantify these relationships with a statistical measure called correlation coefficient. Spatial Security Memory Protection Extensions Caches Benchmarks Runtime Overheads TLB
5	Remote Software Guard Extension (RSGX) Sundarasamy, Abilesh 21 December 2023 (has links) With the constant evolution of hardware architecture extensions aimed at enhancing software security, a notable availability gap arises due to the proprietary nature and design-specific characteristics of these features, resulting in a CPU-specific implementation. This gap particularly affects low-end embedded devices that often rely on CPU cores with limited resources. Addressing this challenge, this thesis focuses on providing access to hardware-based Trusted Execution Environments (TEEs) for devices lacking TEE support. RSGX is a framework crafted to transparently offload security-sensitive workloads to an enclave hosted in a remote centralized edge server. Operating as clients, low-end TEE-lacking devices can harness the hardware security features provided by TEEs of either the same or different architecture. RSGX is tailored to accommodate applications developed with diverse TEE-utilizing SDKs, such as the Open Enclave SDK, Intel SGX SDK, and many others. This facilitates easy integration of existing enclave-based applications, and the framework allows users to utilize its features without requiring any source code modifications, ensuring transparent offloading behind the scenes. For the evaluation, we set up an edge computing environment to execute C/C++ applications, including two overhead micro-benchmarks and four popular open-source applications. This evaluation of RSGX encompasses an analysis of its security benefits and a measurement of its performance overhead. We demonstrate that RSGX has the potential to mitigate a range of Common Vulnerability Exposures (CVEs), ensuring the secure execution of confidential computations on hybrid and distributed machines with an acceptable performance overhead. / Master of Science / A vast amount of data is generated globally every day, most of which contains critical information and is often linked to individuals. Therefore, safeguarding data is essential at every stage, whether it's during transmission, storage, or processing. Different security principles are applied to protect data at various stages. This thesis particularly focuses on data in use. To protect data in use, several technologies are available, and one of them is confidential computing, which is a hardware-based security technology. However, confidential computing is limited to certain high-end computing machines, and many resource-constrained devices do not support it. In this thesis, we propose RSGX, a framework to offload secured computation to a confidential computing-capable remote device with a Security as a Service (SECaaS) approach. Through RSGX, users can leverage confidential computing capabilities for any of their applications based on any SDK. RSGX provides this capability transparently and securely. Our evaluation shows that users, by adapting RSGX, can mitigate several security vulnerabilities, thereby enhancing security with a reasonable overhead. SGX TEE Heterogeneous ISA Memory Protection Software Security Enclave Offloading
6	Moderní operační systém bez MMU / Modern operating system without MMU Tlach, Jiří January 2011 (has links) Memory management unit (MMU) is a hardware component providing above all the translation of virtual addresses to physical addresses and thus providing secure isolation of kernel and processes. HelenOS is a research operating system which is being developed at MFF UK. The kernel of HelenOS uses hardware MMU of the processor for virtual to physical memory translation using paging. The goal of this work is to provide an overview of the techniques which can be used to (partially) substitute the functionality of MMU by other means. A proposed design, analysis and prototype implementation of an extension to HelenOS is also part of this work. This extension enables functionality of HelenOS on processors without MMU.
7	Architectural Support for Protecting Memory Integrity and Confidentiality Shi, Weidong 10 May 2006 (has links) This dissertation describes efficient design of tamper-resistant secure processor and cryptographic memory protection model that will strength security of a computing system. The thesis proposes certain cryptographic and security features integrated into the general purpose processor and computing platform to protect confidentiality and integrity of digital content stored in a computing system's memory. System designers can take advantages of the availability of the proposed security model to build future security systems such as systems with strong anti-reverse engineering capability, digital content protection system, or trusted computing system with strong tamper-proof protection. The thesis explores architecture level optimizations and design trade-offs for supporting high performance tamper-resistant memory model and micro-processor architecture. It expands the research of the previous studies on tamper-resistant processor design on several fronts. It offers some new architecture and design optimization techniques to further reduce the overhead of memory protection over the previous approaches documented in the literature. Those techniques include prediction based memory decryption and efficient memory integrity verification approaches. It compares different encryption modes applicable to memory protection and evaluates their pros and cons. In addition, the thesis tries to solve some of the security issues that have been largely ignored in the prior art. It presents a detailed investigation of how to integrate confidentiality protection and integrity protection into the out-of-order processor architecture both efficiently and securely. Furthermore, the thesis also expands the coverage of protection from single processor to multi-processor. Anti-reverse engineering Secure processor Memory protection Data encryption (Computer science) Computer security Computer storage devices
8	Dynamic pointer tracking and its applications Zhang, Kun 12 January 2010 (has links) Due to the significant limitations of static analysis and the dynamic nature of pointers in weakly typed programming languages like C and C++, the points-to sets obtained at compile time are quite conservative. Most static pointer analysis methods trade the precision for the analysis speed. The methods that perform the analysis in a reasonable amount of time are often context and/or flow insensitive. Other methods that are context, flow, and field sensitive have to perform the whole program inter-procedural analysis, and do not scale with respect to the program size. A large class of problems involving optimizations such as instruction prefetching, control and data speculation, redundant load/store instructions removal, instruction scheduling, and memory disambiguation suffer due to the imprecise and conservative points-to sets computed statically. One could possibly live without optimizations, but in domains involving memory security and safety, lack of the precise points-to sets can jeopardize the security and safety. In particular, the lack of dynamic points-to sets drastically reduce the ability to reason about a program's memory access behavior, and thus illegal memory accesses can go unchecked leading to bugs as well as security holes. On the other hand, the points-to sets can be very useful for other domains such as the heap shape analysis and garbage collection. The knowledge of precise points-to sets is therefore becoming very important, but has received little attention so far beyond a few studies, which have shown that the pointers exhibit very interesting behaviors during execution. How to track such behaviors dynamically and benefit from them is the topic covered by this research. In this work, we propose a technique to compute the precise points-to sets through dynamic pointer tracking. First, the compiler performs the pointer analysis to obtain the static points-to sets. Then, the compiler analyzes the program, and inserts the necessary instructions to refine the points-to sets. At runtime, the inserted instructions automatically update the points-to sets. Dynamic pointer tracking in software can be expensive and can be a barrier to the practicality of such methods. Several optimizations including removal of redundant update, post-loop update, special pattern driven update removal, pointer initialization update removal, update propagation, invariant removal, and on demand update optimization are proposed. Our experimental results demonstrate that our mechanism is able to compute the points-to sets dynamically with tolerable overheads. Finally, the memory protection and garbage collection work are presented as the consumers of dynamic pointer tracking to illustrate its importance. In particular, it is shown how different memory properties can be easily tracked using the dynamic points-to sets opening newer possibilities. Garbage collection Memory protection Dynamic pointer tracking Pointer analysis C (Computer program language) C++ (Computer program language) Software engineering
9	RISC-V Thread Isolation : Using Zephyr RTOS / RISC-V Trådisolering : Med Zephyr RTOS Midéus, Gustav, Morales Chavez, Antonio January 2020 (has links) Many embedded systems lack a memory management unit (MMU) and thus often also lack protection of memory. This causes these systems to be less robust since the operating system (OS), processes, and threads are no longer isolated from each other. This is also a potential security issue and with the number of embedded systems rapidly increasing as a result of the rise of Internet of things (IoT), vulnerabilities like this could become a major problem. However, with a recent update to the RISC-V processor architecture, a possibility to isolate regions of memory without an MMU was introduced. This study aims to identify problems and possibilities of implementing such memory protection with RISC-V. Based on a study of literature and documentation on memory protection and the RISC-V architecture, a prototype was designed and implemented to determine potential problems and evaluate performance in terms of execution time and memory cost. The developed prototype showed aworking implementation of memory protection for the memory regions with RISC-V. The evaluation of the prototype demonstrated an increase in context switch execution time and memory usage. The results indicate that the implemented memory protection comes with an increased cost in performance with a constant factor and a small memory overhead. Therefore, it is recommended that implementations that wish to implement memory protection with RISC-V on smaller embedded systems where time and memory may be crucial takes the overhead in consideration. Further research and testing is needed to identify optimizations that could improve the performance as well as discover security flaws. / Många inbyggda system saknar en enhet för minneshantering (s.k. MMU) och saknar därför oftast minnesskydd. Detta leder till att dessa system blir mindre robusta eftersom operativsystemet, processer och trådar inte längre är isolerade från varandra. Detta är också en säkerhetsbrist och med antalet inbyggda system som snabbt ökar på grund av tillväxten av Internet of things (IoT), så kan sårbarheter som denna bli ett stort problem. Med en nyligen introducerad uppdatering av RISC-Vprocessor arkitekturen, så introducerades en möjlighet till att isolera minne utan hjälp av en MMU. Denna studie syftar till att identifiera problem och möjligheter av att implementera sådant minneskydd med RISC-V. Baserat på en studie av litteratur och dokumentation om minnesskydd och RISC-V arkitekturen designades och implementerades en prototyp för att hjälpa till att fastställa problem och möjligheter samt göra en utvärdering med avseende på prestanda- och minneskostnader. Den utvecklade prototypen visade en fungerande implementering av minneskydd för minnesregioner med RISC-V. Utvärderingen av prototypen visade en ökad exekveringstid för kontextbyten och ökad minnesanvändning. Resultaten indikerar att det implementerade minneskyddet kommer med en ökad kostnad i prestanda med en konstant faktor och en liten omkostnad i minne. Därför rekommenderas att implementeringar som vill implementera minneskydd med RISC-V på mindre inbyggda system där tid och minne kan vara avgörande tar hänsyn till omkostnaderna. Ytterligare studier och tester behövs för att identifiera optimeringar som kan förbättra prestandan och upptäcka säkerhetsbrister. RISC-V memory protection embedded systems thread isolation real-time operating system (RTOS) IoT RISC-V minnesskydd inbyggda system trådisolering RTOS IoT Computer Engineering Datorteknik
10	Efektivní správa paměti ve vícevláknových aplikacích / Effective Memory Management for Multi-Threaded Applications Vašíček, Libor January 2008 (has links) This thesis describes design and implementation of effective memory management for multi-threaded applications. At first, the virtual memory possibilities are described, which can be found in the latest operating systems, such as Microsoft Windows and Linux. Afterwards the most frequently used algorithms for memory management are explained. Consequently, their features are used properly for a new memory manager. Final design includes particular tools for application debugging and profiling. At the end of the thesis a series of tests and evaluation of achieved results were done.

Search results