Sancus 2.0

Noorman, Job; Bulck, Jo Van; Mühlberg, Jan Tobias; Piessens, Frank; Maene, Pieter; Preneel, Bart; Verbauwhede, Ingrid; Götzfried, Johannes; Müller, Tilo; Freiling, Felix C.

doi:10.1145/3079763

Cited by 68 publications

(29 citation statements)

References 61 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, its implementation is not opensourced, so the precise impact of the DMA side channel we examine cannot be assessed. [2] extends openMSP430 with modified memory access logic and additional instructions to allow hardware-based isolation and attestation of embedded enclaves. While the original Sancus architecture was built on an older version of openMSP430 without DMA support, recent upstream Sancus cores [28] come with additional memory access control logic that allows DMA requests to unprotected memory regions during enclaved execution.…”

Section: Security Architectures On Openmsp430mentioning

confidence: 99%

“…To demonstrate the applicability of our methodology, we instantiate it for a recently described side-channel attack [23] exploiting subtle timing differences of direct memory access (DMA) requests due to contention in openMSP430 processors [25]. The open-MSP430 core is an open-source implementation of Texas Instruments' popular, low-power MSP430 [22] microcontroller, which has been the basis of several academic security architectures, such as SMART [1], Sancus [2], and the VRASED family of systems [5]- [7]. Notably, several of these security architectures [2], [5]- [7] support untrusted peripherals by explicitly limiting DMA requests to unprotected parts of the memory.…”

Section: Introductionmentioning

confidence: 99%

“…The open-MSP430 core is an open-source implementation of Texas Instruments' popular, low-power MSP430 [22] microcontroller, which has been the basis of several academic security architectures, such as SMART [1], Sancus [2], and the VRASED family of systems [5]- [7]. Notably, several of these security architectures [2], [5]- [7] support untrusted peripherals by explicitly limiting DMA requests to unprotected parts of the memory. However, it has been recently discovered that such unprivileged DMA requests can trigger contention on the shared memory bus, causing a delay in the request depending on any concurrent memory accesses by the CPU [23].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling

Bognar,

Winderix,

Van Bulck

et al. 2023

2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)

Self Cite

View full text Add to dashboard Cite

Preventing information leakage through microarchitectural side channels is notoriously challenging and, as a result, an important research question. Recent work has shown the viability of compiler-assisted instruction balancing for small, embedded processors with deterministic timing behavior. However, even in such small processors, more subtle microarchitectural side channels continue to be discovered, complicating mitigation efforts.We propose a methodology for augmenting an existing instruction set architecture (ISA) specification with instructionspecific microarchitectural leakage traces obtained through principled microarchitectural profiling. Building on this augmented ISA, it becomes possible to construct software tools to detect and mitigate certain side-channel vulnerabilities. As a case study, we instantiate our methodology on a recently uncovered microarchitectural side channel, which is based on cycle-level timing differences of direct memory access (DMA) requests on 16-bit openMSP430 processors. Using the augmented ISA obtained for this side channel through microarchitectural profiling, we develop practical attack scenarios and extend a state-of-the-art compiler-based mitigation and a binary validation tool, both of which originally targeted a coarser-grained, instruction-granular side channel. Our benchmarks show that our extended compiler mitigation, while still mitigating the instruction-granular leakage, also eliminates the cycle-accurate DMA information leakage without incurring any additional overhead. •We evaluate the security and performance of the defense and find that it incurs no additional overhead compared to the original mitigation.Our profiling toolchain, the case study attacks, our extended tools, and the benchmarks used are available at https://github.com/martonbognar/microprofiler.

show abstract

Section: Security Architectures On Openmsp430mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling

Bognar,

Winderix,

Van Bulck

et al. 2023

2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)

Self Cite

View full text Add to dashboard Cite

show abstract

“…In recent years, many types of research have been conducted with Sancus to guarantee the security of IoT devices. Furthermore, Sancus 2.0 [107] with an updated design and implementation was proposed and supports private deployment and more efficient cryptography. The authors developed and evaluated a prototype FPGA implementation to evaluate this scheme in proximal, colocated, and remote settings under surveillance, and the method was proven to defend against acoustic side-channel attacks.…”

Section: Software Securitymentioning

confidence: 99%

A Survey on Recent Advanced Research of CPS Security

et al. 2021

View full text Add to dashboard Cite

Cyber-physical systems (CPSs) are next-generation intelligent systems that integrate computing, communication, and control. Malicious attacks on CPSs can lead to both property damage and casualties. Therefore, it is worth surveying CPS security by reviewing and analyzing the latest high-quality related works. In this paper, we provide an overview of the CPS security studies from the last five years and select 142 related works from A- or B-level conferences/journals recommended by the China Computer Federation (CCF). First, we review the main contents of the selected papers and classify them into 24 topics. Then, we analyze hotspots and trends of CPS security technologies in three dimensions: (1) architecture layers (perception, network, and application); (2) application scenarios (smart grids, health care, smart transportation, smart homes, and general grids); and (3) MADC (Measure, Attack, Defense, and Control) types. Finally, we also perform a statistical analysis in terms of paper publication times, author institutes, countries, and sponsors to show the current worldwide CPS security research situation.

show abstract

“…As an example application, consider trusted execution environments such as Intel SGX [25] or Sancus [28] that provide secure enclaves in which code is executed in isolation from a potentially malicious host system. When data structures with pointers are accessed from within a secure enclave, these pointers may be abused to manipulate the enclave's execution flow.…”

Section: Introductionmentioning

confidence: 99%

Learning Data Structure Shapes from Memory Graphs

Boockmann

Gerald²

EPiC Series in Computing

View full text Add to dashboard Cite

This paper presents a novel algorithm for automatically learning recursive shape pred- icates from memory graphs, so as to formally describe the pointer-based data structures contained in a program. These predicates are expressed in separation logic and can be used, e.g., to construct efficient secure wrappers that validate the shape of data structures exchanged between trust boundaries at runtime. Our approach first decomposes memory graph(s) into sub-graphs, each of which exhibits a single data structure, and generates candidate shape predicates of increasing complexity, which are expressed as rule sets in Prolog. Under separation logic semantics, a meta-interpreter then performs a systematic search for a subset of rules that form a shape predicate that non-trivially and concisely captures the data structure. Our algorithm is implemented in the prototype tool ShaPE and evaluated on examples from the real-world and the literature. It is shown that our approach indeed learns concise predicates for many standard data structures and their implementation variations, and thus alleviates software engineers from what has been a time-consuming manual task.

show abstract

Sancus 2.0

Cited by 68 publications

References 61 publications

MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling

MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling

A Survey on Recent Advanced Research of CPS Security

Learning Data Structure Shapes from Memory Graphs

Contact Info

Product

Resources

About