Pwning ARM Debug Components for Sec-Related Stuff...
Transcript of Pwning ARM Debug Components for Sec-Related Stuff...
Pwning ARM Debug Components for
Sec-Related Stuff (HardBlare project)
HITB COMMSEC
Muhammad Abdul WAHAB, Pascal COTRET
April 14, 2017
CentraleSupelec
Who am I ?
2nd year PhD Student at CentraleSuplec
E-mail: [email protected]
HardBlare project1 funded by CominLabs and Brittany region
1www.hardblare.cominlabs.ueb.eu
0
Outline
Outline
Motivation
ARM CoreSight components
Software Security
Conclusion
1
Motivation
Software Security
SoC = Hardcore CPU + FPGA (+ Peripherals)
Figure 1: Zynq SoC
Source: Xilinx 2
Software Security
SoC = Hardcore CPU + FPGA (+ Peripherals)
Figure 1: Zynq SoC
Source: Xilinx 2
Dynamic Information Flow Tracking (DIFT)
Information flow
Information flow is the transfer of information from an information
container c1 to c2 in a given process P.
c1 −→P
c2
Example
int a, b, w, x;
a = 11;
b = 5;
w = a * 2;
x = b + 1;
3
Dynamic Information Flow Tracking (DIFT)
Information flow
Information flow is the transfer of information from an information
container c1 to c2 in a given process P.
c1 −→P
c2
Example
int a, b, w, x;
a = 11;
b = 5;
w = a * 2;
x = b + 1; 3
DIFT: Dynamic Information Flow Tracking
Principle
• We attach labels called tags to such containers and specify an
information flow policy, i.e. relations between tags
• At runtime, we propagate tags to reflect information flows
that occur and detect any policy violation
4
DIFT: Dynamic Information Flow Tracking
Principle
• We attach labels called tags to such containers and specify an
information flow policy, i.e. relations between tags
• At runtime, we propagate tags to reflect information flows
that occur and detect any policy violation
4
DIFT Example: Memory corruption
Attacker overwrites return address and takes control
int idx = tainted_input; //stdin (> BUFFER SIZE)
buffer[idx] = x; // buffer overflow
set r1 ← &tainted input
load r2 ← M[r1]
add r4 ← r2 + r3
store M[r4] ← r5
T Data
r1:&input
r2:idx=input
r3:&buffer
r4:&buffer+idx
r5:x
T Data
Return Address
int buffer[Size]
5
DIFT Example: Memory corruption
Attacker overwrites return address and takes control
int idx = tainted_input; //stdin (> BUFFER SIZE)
buffer[idx] = x; // buffer overflow
set r1 ← &tainted input
load r2 ← M[r1]
add r4 ← r2 + r3
store M[r4] ← r5
T Data
r1:&input
r2:idx=input
r3:&buffer
r4:&buffer+idx
r5:x
T Data
Return Address
int buffer[Size]
5
DIFT Example: Memory corruption
Attacker overwrites return address and takes control
int idx = tainted_input; //stdin (> BUFFER SIZE)
buffer[idx] = x; // buffer overflow
set r1 ← &tainted input
load r2 ← M[r1]
add r4 ← r2 + r3
store M[r4] ← r5
T Data
r1:&input
r2:idx=input
r3:&buffer
r4:&buffer+idx
r5:x
T Data
Return Address
int buffer[Size]
5
DIFT Example: Memory corruption
Attacker overwrites return address and takes control
int idx = tainted_input; //stdin (> BUFFER SIZE)
buffer[idx] = x; // buffer overflow
set r1 ← &tainted input
load r2 ← M[r1]
add r4 ← r2 + r3
store M[r4] ← r5
T Data
r1:&input
r2:idx=input
r3:&buffer
r4:&buffer+idx
r5:x
T Data
Return Address
int buffer[Size]
5
DIFT Example: Memory corruption
Attacker overwrites return address and takes control
int idx = tainted_input; //stdin (> BUFFER SIZE)
buffer[idx] = x; // buffer overflow
set r1 ← &tainted input
load r2 ← M[r1]
add r4 ← r2 + r3
store M[r4] ← r5
T Data
r1:&input
r2:idx=input
r3:&buffer
r4:&buffer+idx
r5:x
T Data
Return Address
int buffer[Size]
5
DIFT: Dynamic Information Flow Tracking
DIFT principle
1. DIFT taints data from untrusted sources
• Extra tag bit per word marks if untrusted
2. Propagate taint during program execution
• Operations with tainted data produce tainted results
3. Check for unsafe uses of tainted data
Motivation
• Protection from low-level and high-level threats
• Program understanding
• Software testing and debugging
6
DIFT: Dynamic Information Flow Tracking
DIFT principle
1. DIFT taints data from untrusted sources
• Extra tag bit per word marks if untrusted
2. Propagate taint during program execution
• Operations with tainted data produce tainted results
3. Check for unsafe uses of tainted data
Motivation
• Protection from low-level and high-level threats
• Program understanding
• Software testing and debugging
6
DIFT - overview
Constraints
• Zedboard : Zynq SoC
• ARM Cortex-A9 dual core CPU
• Programmable Logic
• Linux OS
Main Goal: DIFT implementation
• How to recover information about each CPU instruction ?
7
ARM CoreSight components
Coresight components
A set of IP blocks providing HW-assisted system tracing
Figure 2: ARM Coresight components in Zynq SoC
Source: ARM CoreSight components TRM
8
Coresight components
A set of IP blocks providing HW-assisted system tracing
Figure 2: ARM Coresight components in Zynq SoC
Source: ARM CoreSight components TRM 8
Coresight components
Features
• Trace Filter (all code or
regions of code)
• Branch Broadcast
• Context ID comparator
• CycleAccurate tracing
• Timestamping
ELF Header
Program header table
Section 1
Section 2
...
...
Section n
Section header table
9
Coresight components
Features
• Trace Filter (all code or
regions of code)
• Branch Broadcast
• Context ID comparator
• CycleAccurate tracing
• Timestamping
(i) MOV PC, LR
(ii) ADD R1, R2, R3
(iii) B 0x8084
9
Coresight components
Features
• Trace Filter (all code or
regions of code)
• Branch Broadcast
• Context ID comparator
• CycleAccurate tracing
• Timestamping
(i) MOV PC, LR
(ii) ADD R1, R2, R3
(iii) B 0x8084
9
Trace generation
Address Instruction Trace, if any, with explanation
0x1000 MOV -
0x1004 ADD -
0x1008 B 0x1100 Direct branch taken. E atom generated.
0x1104 LDR -
0x110C CMP -
0x1110 BNE 0x1104 Direct branch taken. E atom generated.
0x1104 LDR -
0x1108 ADD -
0x110C CMP -
0x1110 BNE 0x1444 Direct branch not taken. N atom generated.
10
Trace generation
Address Instruction Trace, if any, with explanation
0x1000 MOV -
0x1004 ADD -
0x1008 B 0x1100 Direct branch taken. E atom generated.
0x1104 LDR -
0x110C CMP -
0x1110 BNE 0x1104 Direct branch taken. E atom generated.
0x1104 LDR -
0x1108 ADD -
0x110C CMP -
0x1110 BNE 0x1444 Direct branch not taken. N atom generated.
10
Trace generation
Address Instruction Trace, if any, with explanation
0x1000 MOV -
0x1004 ADD -
0x1008 B 0x1100 Direct branch taken. E atom generated.
0x1104 LDR -
0x110C CMP -
0x1110 BNE 0x1104 Direct branch taken. E atom generated.
0x1104 LDR -
0x1108 ADD -
0x110C CMP -
0x1110 BNE 0x1444 Direct branch not taken. N atom generated.
10
Configuration of CoreSight components
Fun fact: Unlocking CoreSight components
Write 0xC5ACCE55 to Lock Access Register
LeetSpeak of CSACCESS (CoreSight Access) ! î
1 echo 0 > / s y s / d e v i c e s / system/cpu/cpu1/ o n l i n e
2 cd / s y s /bus / c o r e s i g h t / d e v i c e s / f889c000 . ptm0/
3 # Con f i gu r e PTM components
4 echo 20 > mode
5 echo 1 > a d d r i d x
6 echo 0 > add r a c c t yp e
7 echo 0 > a d d r i d x
8 echo 0 > add r a c c t yp e
9 echo 8638 8684 > add r r ange
10 # Enable S ink (ETB or TPIU)
11 echo 1 > f8803000 . t p i u / e n a b l e s i n k
12 #echo 1 > f8801000 . e tb / e n a b l e s i n k
13 # Enable Source
14 echo 1 > f889c000 . ptm0/ e n a b l e s o u r c e
15 # Launch Program
16 . / a p p l i c a t i o n . e l f
17 # Recover t r a c e
18 . / r e c o v e r t r a c e f p g a . e l f
19 #dd i f =/dev/ f8801000 . e tb o f=t r a c e . b i n
Listing 1: Coresight configuration
11
Configuration of CoreSight components
1 echo 0 > / s y s / d e v i c e s / system/cpu/cpu1/ o n l i n e
2 cd / s y s /bus / c o r e s i g h t / d e v i c e s / f889c000 . ptm0/
3 # Con f i gu r e PTM components
4 echo 20 > mode
5 echo 1 > a d d r i d x
6 echo 0 > add r a c c t yp e
7 echo 0 > a d d r i d x
8 echo 0 > add r a c c t yp e
9 echo 8638 8684 > add r r ange
10 # Enable S ink (ETB or TPIU)
11 echo 1 > f8803000 . t p i u / e n a b l e s i n k
12 #echo 1 > f8801000 . e tb / e n a b l e s i n k
13 # Enable Source
14 echo 1 > f889c000 . ptm0/ e n a b l e s o u r c e
15 # Launch Program
16 . / a p p l i c a t i o n . e l f
17 # Recover t r a c e
18 . / r e c o v e r t r a c e f p g a . e l f
19 #dd i f =/dev/ f8801000 . e tb o f=t r a c e . b i n
Listing 2: Coresight configuration
11
Configuration of CoreSight components
1 echo 0 > / s y s / d e v i c e s / system/cpu/cpu1/ o n l i n e
2 cd / s y s /bus / c o r e s i g h t / d e v i c e s / f889c000 . ptm0/
3 # Con f i gu r e PTM components
4 echo 20 > mode
5 echo 1 > a d d r i d x
6 echo 0 > add r a c c t yp e
7 echo 0 > a d d r i d x
8 echo 0 > add r a c c t yp e
9 echo 8638 8684 > add r r ange
10 # Enable S ink (ETB or TPIU)
11 echo 1 > f8803000 . t p i u / e n a b l e s i n k
12 #echo 1 > f8801000 . e tb / e n a b l e s i n k
13 # Enable Source
14 echo 1 > f889c000 . ptm0/ e n a b l e s o u r c e
15 # Launch Program
16 . / a p p l i c a t i o n . e l f
17 # Recover t r a c e
18 . / r e c o v e r t r a c e f p g a . e l f
19 #dd i f =/dev/ f8801000 . e tb o f=t r a c e . b i n
Listing 3: Coresight configuration
11
Configuration of CoreSight components
1 echo 0 > / s y s / d e v i c e s / system/cpu/cpu1/ o n l i n e
2 cd / s y s /bus / c o r e s i g h t / d e v i c e s / f889c000 . ptm0/
3 # Con f i gu r e PTM components
4 echo 20 > mode
5 echo 1 > a d d r i d x
6 echo 0 > add r a c c t yp e
7 echo 0 > a d d r i d x
8 echo 0 > add r a c c t yp e
9 echo 8638 8684 > add r r ange
10 # Enable S ink (ETB or TPIU)
11 echo 1 > f8803000 . t p i u / e n a b l e s i n k
12 #echo 1 > f8801000 . e tb / e n a b l e s i n k
13 # Enable Source
14 echo 1 > f889c000 . ptm0/ e n a b l e s o u r c e
15 # Launch Program
16 . / a p p l i c a t i o n . e l f
17 # Recover t r a c e
18 . / r e c o v e r t r a c e f p g a . e l f
19 #dd i f =/dev/ f8801000 . e tb o f=t r a c e . b i n
Listing 4: Coresight configuration
11
Configuration of CoreSight components
1 echo 0 > / s y s / d e v i c e s / system/cpu/cpu1/ o n l i n e
2 cd / s y s /bus / c o r e s i g h t / d e v i c e s / f889c000 . ptm0/
3 # Con f i gu r e PTM components
4 echo 20 > mode
5 echo 1 > a d d r i d x
6 echo 0 > add r a c c t yp e
7 echo 0 > a d d r i d x
8 echo 0 > add r a c c t yp e
9 echo 8638 8684 > add r r ange
10 # Enable S ink (ETB or TPIU)
11 echo 1 > f8803000 . t p i u / e n a b l e s i n k
12 #echo 1 > f8801000 . e tb / e n a b l e s i n k
13 # Enable Source
14 echo 1 > f889c000 . ptm0/ e n a b l e s o u r c e
15 # Launch Program
16 . / a p p l i c a t i o n . e l f
17 # Recover t r a c e
18 . / r e c o v e r t r a c e f p g a . e l f
19 #dd i f =/dev/ f8801000 . e tb o f=t r a c e . b i n
Listing 5: Coresight configuration
11
Configuration of CoreSight components
1 echo 0 > / s y s / d e v i c e s / system/cpu/cpu1/ o n l i n e
2 cd / s y s /bus / c o r e s i g h t / d e v i c e s / f889c000 . ptm0/
3 # Con f i gu r e PTM components
4 echo 20 > mode
5 echo 1 > a d d r i d x
6 echo 0 > add r a c c t yp e
7 echo 0 > a d d r i d x
8 echo 0 > add r a c c t yp e
9 echo 8638 8684 > add r r ange
10 # Enable S ink (ETB or TPIU)
11 echo 1 > f8803000 . t p i u / e n a b l e s i n k
12 #echo 1 > f8801000 . e tb / e n a b l e s i n k
13 # Enable Source
14 echo 1 > f889c000 . ptm0/ e n a b l e s o u r c e
15 # Launch Program
16 . / a p p l i c a t i o n . e l f
17 # Recover t r a c e
18 . / r e c o v e r t r a c e f p g a . e l f
19 #dd i f =/dev/ f8801000 . e tb o f=t r a c e . b i n
Listing 6: Coresight configuration
11
Example Trace
Code Source
1 i n t i ;
2 f o r ( i = 0 ; i < 10 ; i++)
Assembly
8638 for loop:
. . .
b 8654:
. . .
866c: bcc 8654
Trace
00 00 00 00 00 80 08 38 86 00
00 21 2a 2a 2a 2a 2a 2a 2a 2a
2a 2a 86 01 00 00 00 00 00 00
00 00
Decoded Trace
A-sync
Address 00008638, (I-sync
Context 00000000, IB 21)
Address 00008654, Branch
Address packet (x 10)
12
Example Trace
Code Source
1 i n t i ;
2 f o r ( i = 0 ; i < 10 ; i++)
Assembly
8638 for loop:
. . .
b 8654:
. . .
866c: bcc 8654
Trace
00 00 00 00 00 80 08 38 86 00
00 21 2a 2a 2a 2a 2a 2a 2a 2a
2a 2a 86 01 00 00 00 00 00 00
00 00
Decoded Trace
A-sync
Address 00008638, (I-sync
Context 00000000, IB 21)
Address 00008654, Branch
Address packet (x 10)
12
Example Trace
Code Source
1 i n t i ;
2 f o r ( i = 0 ; i < 10 ; i++)
Assembly
8638 for loop:
. . .
b 8654:
. . .
866c: bcc 8654
Trace
00 00 00 00 00 80 08 38 86 00
00 21 2a 2a 2a 2a 2a 2a 2a 2a
2a 2a 86 01 00 00 00 00 00 00
00 00
Decoded Trace
A-sync
Address 00008638, (I-sync
Context 00000000, IB 21)
Address 00008654, Branch
Address packet (x 10)
12
Example Trace
Code Source
1 i n t i ;
2 f o r ( i = 0 ; i < 10 ; i++)
Assembly
8638 for loop:
. . .
b 8654:
. . .
866c: bcc 8654
Trace
00 00 00 00 00 80 08 38 86 00
00 21 2a 2a 2a 2a 2a 2a 2a 2a
2a 2a 86 01 00 00 00 00 00 00
00 00
Decoded Trace
A-sync
Address 00008638, (I-sync
Context 00000000, IB 21)
Address 00008654, Branch
Address packet (x 10)
12
Example Trace
Figure 3: Control Flow Graph
Decoded Trace
A-sync
Address 00008638, (I-sync
Context 00000000, IB 21)
Address 00008654, Branch
Address packet (x 10)
13
CoreSight components - Performance overhead
choleski crc dft fir lu matrixnbody radix wht0
1,000
2,00079
5 935
208
13
2,65
9
2,33
9
1,05
7
1,16
0
6
794 93
5
208
12
2,65
7
2,34
0
1,05
3
1,15
9
6
Ave
rage
exec
uti
onti
me
(inµ
s)
trace disabled trace enabled
14
CoreSight components - Summary
Brief overview
• Trace .text section
• Recover all branch
addresses
• Reconstruct CFG of the
application
• PTM Non-intrusive
15
CoreSight components - Summary
Brief overview
• Trace .text section
• Recover all branch
addresses
• Reconstruct CFG of the
application
• PTM Non-intrusive
15
CoreSight components - Summary
Brief overview
• Trace .text section
• Recover all branch
addresses
• Reconstruct CFG of the
application
• PTM Non-intrusive
15
CoreSight components - Summary
Brief overview
• Trace .text section
• Recover all branch
addresses
• Reconstruct CFG of the
application
• PTM Non-intrusive
15
Software Security
DIFT
• How to recover information about each CPU instruction ?
• CFG reconstruction on the FPGA
• What happens inside each basic block ?
Static code analysis
Example Instructions Output of static analysis
sub r0, r1, r2 r0 = r1 + r2
mov r3, r0 r3 = r0
str r1, [PC, #4] @Mem(PC+4) = r1
16
DIFT
• How to recover information about each CPU instruction ?
• CFG reconstruction on the FPGA
• What happens inside each basic block ?
Static code analysis
Example Instructions Output of static analysis
sub r0, r1, r2 r0 = r1 + r2
mov r3, r0 r3 = r0
str r1, [PC, #4] @Mem(PC+4) = r1
16
DIFT
• How to recover information about each CPU instruction ?
• CFG reconstruction on the FPGA
• What happens inside each basic block ?
Static code analysis
Example Instructions Output of static analysis
sub r0, r1, r2 r0 = r1 + r2
mov r3, r0 r3 = r0
str r1, [PC, #4] @Mem(PC+4) = r1
16
Overall architecture
ARM Cortex-A9
CPU 0
CoreSight Components PFT Decoder AXI BRAM
DIFT Coprocessor
Processing System (PS) Programmable Logic (PL)EMIOinterface
TRF
Config
interrupt
AXI GP
64 MB 32 MB
DDRMemory
(used by Linux OS)Tag
dependenciesTag space
32 MB
Heap and Stack (DIFT coproc.)
17
DIFT example: Data Leakage Prevention (DLP)
char buffer[20];
FILE *fs;
if(geteuid() != 0){ // user
fs = fopen("welcome", "r"); //public
if(!fs) exit (1);
} else { // root
fs = fopen("passwd", "r"); //secret
if(!fs) exit(1);
}
fread(buffer, 1, sizeof(buffer), fs);
fclose(fs);
printf("Buffer Value: %s \n", buffer);
18
DIFT example
1 root@zedboard−h a r d b l a r e : ca t welcome
2 WELCOME
3 root@zedboard−h a r d b l a r e : ca t passwd
4 MDP
5 root@zedboard−h a r d b l a r e : . / u s e c a s e
6 Bu f f e r Value : MDP
7 root@zedboard−h a r d b l a r e : sudo −u no rma l u s e r . / u s e c a s e
8 Bu f f e r Value : WELCOME
19
DIFT example
1 root@zedboard−h a r d b l a r e : ca t welcome
2 WELCOME
3 root@zedboard−h a r d b l a r e : ca t passwd
4 MDP
5 root@zedboard−h a r d b l a r e : . / u s e c a s e
6 Bu f f e r Value : MDP
7 root@zedboard−h a r d b l a r e : sudo −u no rma l u s e r . / u s e c a s e
8 Bu f f e r Value : WELCOME
19
DIFT example
1 root@zedboard−h a r d b l a r e : ca t welcome
2 WELCOME
3 root@zedboard−h a r d b l a r e : ca t passwd
4 MDP
5 root@zedboard−h a r d b l a r e : . / u s e c a s e
6 Bu f f e r Value : MDP
7 root@zedboard−h a r d b l a r e : sudo −u no rma l u s e r . / u s e c a s e
8 Bu f f e r Value : WELCOME
19
DIFT example
1 root@zedboard−h a r d b l a r e : . / r e c o v e r t r a c e
2 CPU1 : shutdown
3 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU enab l ed
4 c o r e s i g h t−r e p l i c a t o r : REPLICATOR enab l ed
5 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 enab l ed
6 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g enab l ed
7 Bu f f e r Value : MDP
8 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g d i s a b l e d
9 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 d i s a b l e d
10 c o r e s i g h t−r e p l i c a t o r : REPLICATOR d i s a b l e d
11 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU d i s a b l e d
20
DIFT example
1 root@zedboard−h a r d b l a r e : . / r e c o v e r t r a c e
2 CPU1 : shutdown
3 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU enab l ed
4 c o r e s i g h t−r e p l i c a t o r : REPLICATOR enab l ed
5 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 enab l ed
6 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g enab l ed
7 Bu f f e r Value : MDP
8 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g d i s a b l e d
9 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 d i s a b l e d
10 c o r e s i g h t−r e p l i c a t o r : REPLICATOR d i s a b l e d
11 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU d i s a b l e d
20
DIFT example
1 root@zedboard−h a r d b l a r e : . / r e c o v e r t r a c e
2 CPU1 : shutdown
3 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU enab l ed
4 c o r e s i g h t−r e p l i c a t o r : REPLICATOR enab l ed
5 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 enab l ed
6 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g enab l ed
7 Bu f f e r Value : MDP
8 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g d i s a b l e d
9 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 d i s a b l e d
10 c o r e s i g h t−r e p l i c a t o r : REPLICATOR d i s a b l e d
11 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU d i s a b l e d
20
DIFT example
1 root@zedboard−h a r d b l a r e : . / r e c o v e r t r a c e
2 CPU1 : shutdown
3 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU enab l ed
4 c o r e s i g h t−r e p l i c a t o r : REPLICATOR enab l ed
5 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 enab l ed
6 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g enab l ed
7 Bu f f e r Value : MDP
8 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g d i s a b l e d
9 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 d i s a b l e d
10 c o r e s i g h t−r e p l i c a t o r : REPLICATOR d i s a b l e d
11 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU d i s a b l e d
20
DIFT example
1 root@zedboard−h a r d b l a r e : . / r e c o v e r t r a c e
2 CPU1 : shutdown
3 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU enab l ed
4 c o r e s i g h t−r e p l i c a t o r : REPLICATOR enab l ed
5 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 enab l ed
6 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g enab l ed
7 Bu f f e r Value : MDP
8 c o r e s i g h t−etm3x f889c000 . ptm : ETM t r a c i n g d i s a b l e d
9 c o r e s i g h t−f u n n e l : FUNNEL i n p o r t 0 d i s a b l e d
10 c o r e s i g h t−r e p l i c a t o r : REPLICATOR d i s a b l e d
11 c o r e s i g h t−t p i u f8803000 . t p i u : TPIU d i s a b l e d
20
DIFT example
1 /dev/mem opened .
2 Memory mapped at add r e s s 0 xb6 f f c 000 .
3 10508 1038 c 10520 10554 10560 10578 1057 c 10398 10594
105 a4
21
DIFT example
ARM Cortex-A9
CPU 0
CoreSight Components PFT Decoder AXI BRAM
DIFT Coprocessor
Processing System (PS) Programmable Logic (PL)EMIOinterface
TRF
Config
interrupt
AXI GP
64 MB 32 MB
DDRMemory
(used by Linux OS)Tag
dependenciesTag space
32 MB
Heap and Stack (DIFT coproc.)
22
DIFT example
1 root@zedboard−h a r d b l a r e :
2 t r a c e = 10508
3 t r a c e = 10554
4 t r a c e = 10578
5 t r a c e = 1057 c
6 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗7 tag ( r0 ) = 0
8 tag ( r1 ) = 1
9 tag ( r2 ) = 0
10 tag ( r3 ) = 1
11 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗
23
DIFT example
1 root@zedboard−h a r d b l a r e :
2 t r a c e = 10508
3 t r a c e = 10554
4 t r a c e = 10578
5 t r a c e = 1057 c
6 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗7 tag ( r0 ) = 0
8 tag ( r1 ) = 1
9 tag ( r2 ) = 0
10 tag ( r3 ) = 1
11 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗
23
DIFT example
1 root@zedboard−h a r d b l a r e :
2 t r a c e = 10508
3 t r a c e = 10554
4 t r a c e = 10578
5 t r a c e = 1057 c
6 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗7 tag ( r0 ) = 0
8 tag ( r1 ) = 1
9 tag ( r2 ) = 0
10 tag ( r3 ) = 1
11 ∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗∗
23
Preventing ROP attacks2
• On each function call,
copy the return address
into a special stack (called
shadow stack)
• On each function return,
compare LR register value
with one stored in shadow
stack
• Obtained with decoded
trace
• Dedicated component on
FPGA
2Yongje Lee et al. “Towards a Practical Solution to Detect Code Reuse
Attacks on ARM Mobile Devices”. In: HASP ’15. 2015.
24
Preventing ROP attacks2
• On each function call,
copy the return address
into a special stack (called
shadow stack)
• On each function return,
compare LR register value
with one stored in shadow
stack
• Obtained with decoded
trace
• Dedicated component on
FPGA
2Yongje Lee et al. “Towards a Practical Solution to Detect Code Reuse
Attacks on ARM Mobile Devices”. In: HASP ’15. 2015.
24
Software security - Summary
Brief overview
• Dynamic InformationFlow Tracking (DIFT)
• Overflows
• Data Leakage
Prevention
• SQL injection
• Code Reuse Attacks
• ROP
• JOP
25
Software security - Summary
Brief overview
• Dynamic InformationFlow Tracking (DIFT)
• Overflows
• Data Leakage
Prevention
• SQL injection
• Code Reuse Attacks
• ROP
• JOP
25
Conclusion
Conclusion
Take away
• CoreSight PTM allows to obtain runtime information
(Program Flow)
• Non-intrusive tracing → Negligible performance overhead
• Improve software security
Future perspectives
• Possible to take use of other debug components for security
• Intel Processor Trace
• STM (TI)
26
Conclusion
Take away
• CoreSight PTM allows to obtain runtime information
(Program Flow)
• Non-intrusive tracing → Negligible performance overhead
• Improve software security
Future perspectives
• Possible to take use of other debug components for security
• Intel Processor Trace
• STM (TI)
26
Acknowledgments
Thanks to
• CominLabs3 and Brittany Region
• Pascal COTRET
• Mounir NASR ALLAH
• My PhD supervisors
3http://www.cominlabs.ueb.eu/
27
Thank you !
Any questions ?
27
Bibliography
2004 2006 2008 2010 2012 2014 2016
Secure
Progr
amExe
cutio
nvia
DIF
T, Suhet
Al.
RAKSHA, Dal
ton
etAl.
FlexiT
aint,
Venka
tara
man
i etAl.
Off-c
ore
RAKSHA, Kannan
etAl.
FlexCor
e,D
eng
etAl.
HARMO
NI,D
eng
etAl.
PAU, Heoet
Al.