Dynamic Program Slicing for Hardware Isolation
Learn about TZSlicer, a security-aware dynamic program slicing tool designed for hardware isolation. Explore its motivation, challenges, TrustZone concepts, and optimization strategies to enhance system security.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
TZSlicer: Security-Aware Dynamic Program Slicing for Hardware Isolation Can Carlak, Jiwon Joung, Brandon Nguyen, Won Park
The Road Ahead... Motivation and Background Implementation of TZSlicer Optimization of TZSlicer Evaluation
Motivation Problem: Inadequate protection from malicious acts leaking confidential information modifying critical data especially in embedded systems, IoT Solution: hardware security
Challenges How to split the data and code based on their security properties? Challenging for developers who do not have security background or hardware framework Two distinct software development (secure, normal) Maintain small TCB size
TrustZone Hardware isolation Secure / Normal world concepts Architecture Context switching Tradeoffs, small/large TEE TCB
Program Slicing What is slicing? computation of set of program statements that affect values at some point of interest Types: Static Dynamic
Motivation and Background Implementation of TZSlicer Optimization of TZSlicer Evaluation
TZSlicer User specified sensitive portions Taintgrind to perform dependency analysis Three levels of granularity TZ-M : Method level TZ-B : Basic Block level TZ-L : Line level
Motivation and Background Implementation of TZSlicer Optimization of TZSlicer Evaluation
TZSlicer Optimization Naively slicing the program by putting all the meaningful code in the TEE results in a larger than necessary TCB The three tainting methods (TZ-M, TZ-B, TZ-L) increase the granularity of slices This reduces the amount of code that has to be in the TEE Falls under the category of resource optimization
TZSlicer Optimization TZ-L has the highest granularity: results in the smallest TCB Comes at the cost of more world switches Next optimization category: communication optimization Aims to reduce the number of world switches for a given amount of work TZ-L with these optimizations is dubbed TZ-L+ Two optimizations: loop unrolling and variable renaming
TZSlicer Optimization - Loop Unrolling Several restrictions Loop must be split between secure and normal worlds Loop body must have no branches Loop body must have no data dependencies If this restriction is not met but the first two are, use the next optimization to remove the dependencies
TZSlicer Optimization - Variable Renaming Can lift the dependency restriction imposed by the unrolling method Detects data dependencies (RAW, WAR, WAW) Renames variables that are subject to the dependencies Frees up the loop for unrolling
Motivation and Background Implementation of TZSlicer Optimization of TZSlicer Evaluation
Experimental Setup: Programs Adopted 7 real world C programs to evaluate Test Cases # Lines Branches Loops Functions 83 3 7 1 FFT 121 8 5 6 Sobel_Filter 26 1 3 1 Matrix_Multiplication 81 2 2 4 AES_KeyExpansion 40 1 1 1 Linear_Regression 57 8 0 2 Shift_Cipher 33 5 2 1 DAXPY
Experimental Setup: Trustzone Framework Developed bare-metal TrustZone framework targeting Xilinx Zynq platform 256 KB on-chip memory to deploy secure world and normal applications Hardware isolation enforced at physical bus level
TCB Size Evaluate security of TZSlicer by measuring size of TCB Compared to putting entire program in secure world
Test Cases Original TZ-M TZ-B TZ-L TZ-L+ (x=2) TZ-L+ (x=3) TZ-L+ (x=4) FFT 83 83 (0%) 80 (-3.6%) 60 (- 27.7%) 81 (-2.4%) 90 (+8.4%) 99 (+19.3%) Sobel_Filter 121 121 (0%) 121 (0%) 106 (- 12.4%) 131 (+8.3%) 140 (+15.7%) 149 (+23.1%) Matrix_Multiplication 26 26 (0%) 17 (-34.6%) 19 (- 26.9%) 19 (- 26.9%) 19 (- 26.9%) 19 (- 26.9%) AES_KeyExpansion 81 49 (-39.5%) 40 (-50.6%) 42 (- 48.1%) 42 (- 48.1%) 42 (- 48.1%) 42 (- 48.1%) Linear_Regression 40 40 (0%) 27 (-32.5%) 24 (-40%) 41 (+2.5%) 45 (+12.5%) 51 (+27.5%) Shift_Cipher 57 57 (0%) 15 (-73.7%) 15 (- 73.7%) 15 (- 73.7%) 15 (- 73.7%) 15 (- 73.7%) DAXPY 33 33 (0%) 17 (-48.5%) 16 (- 51.5%) 26 (- 21.2%) 29 (- 12.1%) 32 (-3.0%)
Test Cases Original TZ-M TZ-B TZ-L TZ-L+ (x=2) TZ-L+ (x=3) TZ-L+ (x=4) FFT 83 83 (0%) 80 (-3.6%) 60 (- 27.7%) 81 (-2.4%) 90 (+8.4%) 99 (+19.3%) Sobel_Filter 121 121 (0%) 121 (0%) 106 (- 12.4%) 131 (+8.3%) 140 (+15.7%) 149 (+23.1%) Matrix_Multiplication 26 26 (0%) 17 (-34.6%) 19 (- 26.9%) 19 (- 26.9%) 19 (- 26.9%) 19 (- 26.9%) AES_KeyExpansion 81 49 (-39.5%) 40 (-50.6%) 42 (- 48.1%) 42 (- 48.1%) 42 (- 48.1%) 42 (- 48.1%) Linear_Regression 40 40 (0%) 27 (-32.5%) 24 (-40%) 41 (+2.5%) 45 (+12.5%) 51 (+27.5%) Shift_Cipher 57 57 (0%) 15 (-73.7%) 15 (- 73.7%) 15 (- 73.7%) 15 (- 73.7%) 15 (- 73.7%) DAXPY 33 33 (0%) 17 (-48.5%) 16 (- 51.5%) 26 (- 21.2%) 29 (- 12.1%) 32 (-3.0%)
Test Cases Original TZ-M TZ-B TZ-L TZ-L+ (x=2) TZ-L+ (x=3) TZ-L+ (x=4) FFT 83 83 (0%) 80 (-3.6%) 60 (- 27.7%) 81 (-2.4%) 90 (+8.4%) 99 (+19.3%) Sobel_Filter 121 121 (0%) 121 (0%) 106 (- 12.4%) 131 (+8.3%) 140 (+15.7%) 149 (+23.1%) Matrix_Multiplication 26 26 (0%) 17 (-34.6%) 19 (- 26.9%) 19 (- 26.9%) 19 (- 26.9%) 19 (- 26.9%) AES_KeyExpansion 81 49 (-39.5%) 40 (-50.6%) 42 (- 48.1%) 42 (- 48.1%) 42 (- 48.1%) 42 (- 48.1%) Linear_Regression 40 40 (0%) 27 (-32.5%) 24 (-40%) 41 (+2.5%) 45 (+12.5%) 51 (+27.5%) Shift_Cipher 57 57 (0%) 15 (-73.7%) 15 (- 73.7%) 15 (- 73.7%) 15 (- 73.7%) 15 (- 73.7%) DAXPY 33 33 (0%) 17 (-48.5%) 16 (- 51.5%) 26 (- 21.2%) 29 (- 12.1%) 32 (-3.0%)
Test Cases Original TZ-M TZ-B TZ-L TZ-L+ (x=2) TZ-L+ (x=3) TZ-L+ (x=4) FFT 83 83 (0%) 80 (-3.6%) 60 (- 27.7%) 81 (-2.4%) 90 (+8.4%) 99 (+19.3%) Sobel_Filter 121 121 (0%) 121 (0%) 106 (- 12.4%) 131 (+8.3%) 140 (+15.7%) 149 (+23.1%) Matrix_Multiplication 26 26 (0%) 17 (-34.6%) 19 (- 26.9%) 19 (- 26.9%) 19 (- 26.9%) 19 (- 26.9%) AES_KeyExpansion 81 49 (-39.5%) 40 (-50.6%) 42 (- 48.1%) 42 (- 48.1%) 42 (- 48.1%) 42 (- 48.1%) Linear_Regression 40 40 (0%) 27 (-32.5%) 24 (-40%) 41 (+2.5%) 45 (+12.5%) 51 (+27.5%) Shift_Cipher 57 57 (0%) 15 (-73.7%) 15 (- 73.7%) 15 (- 73.7%) 15 (- 73.7%) 15 (- 73.7%) DAXPY 33 33 (0%) 17 (-48.5%) 16 (- 51.5%) 26 (- 21.2%) 29 (- 12.1%) 32 (-3.0%)
Performance Evaluation: World Switches Migration of partial program necessitates world switches Introduces additional timing overhead
Performance Evaluation Test Cases TZ-L (Baseline) TZ-L+(x=2) TZ-L+(x=3) TZ-L+(x=4) 73 68 (-11.7%) 71 (-7.8%) 68 (-11.7%) FFT 729 471 ( -35.4%) 351 (-51.9%) 351 (-51.9%) Sobel_Filter 0 0 (0%) 0 (0%) 0 (0%) Matrix_Multiplication 101 101 (0%) 101 (0%) 101 (0%) AES_KeyExpansion 19 10 (-47.4%) 7 (-63.2%) 10 (-47.4%) Linear_Regression 0 0 (0%) 0 (0%) 0 (0%) Shift_Cipher 20 14 (-30.0%) 8 (-60.0%) 11 (-45.0%) DAXPY
Conclusion TZSlicer: dynamic program slicing framework Automatically partitions program into secure slice and normal slice 3 levels of granularity: TZ-M, TZ-B, TZ-L Optimization using loop unrolling + variable renaming
