Cutting the security tradeoff: On demand rerandomization
May 20, 2019
There's always a tradeoff between security and efficiency. The goal of security research is to make that tradeoff as small as possible, so that security can be integrated easily into every at-risk device, from server farms to household appliances to smart sensors.
In these endeavors, ECE researchers often find that they can concurrently make significant improvements to the efficiency of the system at the same time—making security overhead negligible, or even arriving at a net gain in efficiency.
On demand rerandomization
Is your software under attack? Consider moving it.
This deceptively simple answer to certain malicious attacks holds both potential and challenges for realistic security, says Changwoo Min, ECE assistant professor.
An insidious method of attacking software is to take existing lines of code and execute them in a different order, to do something not intended by the software developer, explains Min. This technique, known as code reuse, is one of the attacks Min and his team are defending against.
To make it even harder to defend, an attacker doesn’t necessarily need to be able to read the code in order to attack in this way. “An attacker can infer the code based on how the system is reacting,” says Min. This can happen when the attacker does something to the code or system, then figures out what code is running based on how the system responds—for example, by watching the power use or timing.
The good news is that this kind of attack is time consuming, and if you change where the code lives in memory, a method called rerandomization, the attacker has to start from scratch each time.
A simple solution is continuous rerandomization, where the code is constantly shifting locations. Doing this, however, requires many CPU cycles of overhead to keep the code moving.
Min and his team are developing an equally secure system that addresses this challenge by only moving the code when it’s under attack.
The first step is to know when the system is under attack—which is not straight-forward when an attacker is just listening. The system always has an expected response time, explains Min, and that time will be longer when the system is under attack, or the system will crash entirely. “Then,” says Min, “we completely change the location of the code.”
With low system overhead, this technique will not only save resources on large systems, but also is suitable for embedded systems and internet of things applications—which are major security concerns as our devices become increasingly connected.