Runtime integrity validation of executable C binaries using trusted platform module
Software developers working under pressure and tight deadlines frequently fail to implement secure programming practices during software development stages. Both constraints are one of the major contributing factors leading to the exploitation of software vulnerabilities for malicious intentions....
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/71109/1/FK%202017%2024%20-%20IR.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Software developers working under pressure and tight deadlines frequently fail to
implement secure programming practices during software development stages. Both
constraints are one of the major contributing factors leading to the exploitation of
software vulnerabilities for malicious intentions. Furthermore, commercially
developed software, owing to intellectual property protection, do not provide the
source code – finished products are only shipped in the form of executable binaries.
Unfortunately, the exploitation of executable binaries with vulnerabilities, especially
those coded with the C programming language leads to malicious, undesirable
effects such as buffer overflows, privilege escalation (spawning an attackers’ shell)
or premature termination of an executing binary (the C language possesses powerful
memory manipulation features i.e. pointers). The following gaps were identified in
these three related past efforts into the integrity validation of executables: CBones,
Dytan and RTC. First, in CBones, these limitations were identified: a memory
debugging tool called Valgrind is required for validation, does not mitigate the
vulnerable executable and reports high overheads (Normalized Performance of 0.87).
Second, in Dytan, these limitations were identified: requires the use of a dynamic
binary instrumentation tool called PINTOOLS for validation, does not mitigate the
vulnerable executable and reports high overheads (Normalized Performance of 0.85).
Lastly, in RTC, these limitations were identified the executable source code is
required for validation and heavy use of static analysis leading to high overheads
(Normalized Performance of 1.10). In this thesis, we propose our framework for the
runtime integrity validation of executable binaries: Runtime Integrity Validation of
Executable Binaries or RIBS. Our framework merges both static (for offline
profiling) and dynamic (for runtime validation) analysis techniques for the runtime
validation of the integrity of executables compiled with the C programming
language. The integrity validation metadata of a trusted, origin executable is stored
in a Trusted Platform Module (TPM) hardware register to prevent tampering. Such
ensures that the executable binary integrity validation metadata can be totally
trusted. In the security evaluation of RIBS, we had subjected RIBS to mitigate 10
categories of buffer overflow attack patterns in the Wilander and Kamkar testsuite (encompassing the stack, heap and data/bss executable userspace memory areas), 5
real world shellcodes and 3 real world applications with buffer overflow
vulnerability. RIBS is successful in the detection and termination of all 18 attacks
patterns deployed. In terms of performance evaluations, overhead was measured in
terms of CPU execution time [via GNU clock()]. We measured the CPU execution
time of RIBS and compared the results with the CPU execution time of two major
categories of attack mitigation mechanism deployed in the testbed Fedora Core 20
Linux OS: Address Space Layout Randomization (ALSR) and 5 other attack
mitigation mechanisms implemented via the gcc compiler. Performance evaluations
reveal that RIBS reported highest Normalized Performance (NP) of 0.68, which is
the lowest as compared to CBones (0.87), Dytan (0.85) and RTC (1.10).
Conclusively, RIBS performs marginally better as compared to all three efforts
(CBones, Dytan and RTC) which requires the use of memory debugging tools for
integrity validation of executable binaries. RIBS does not require the use of any
tools. RIBS is able to detect integrity violations caused by these categories of
violations: all forms of buffer overflow attacks mounted via the Wilander and
Kamkar testsuite and real world privilege escalation attack shellcodes. Furthermore,
as a last line of defence, RIBS is able mitigate integrity violations in executables via
the runtime termination of the offending executable. This feature not available in
CBones, Dytan and RTC. |
|---|