University of Illinois Urbana-Champaign

Design and evaluation of information flow signature for secure computation of applications

Patel, Prateek

Content Files
Patel_Prateek.pdf

Permalink

https://hdl.handle.net/2142/34511

Description

Title
Design and evaluation of information flow signature for secure computation of applications
Author(s)
Patel, Prateek
Issue Date
2012-09-18T21:20:48Z
Director of Research (if dissertation) or Advisor (if thesis)
  • Iyer, Ravishankar K.
  • Kalbarczyk, Zbigniew T.
Department of Study
Electrical & Computer Eng
Discipline
Electrical & Computer Engr
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Date of Ingest
2012-09-18T21:20:48Z
Keyword(s)
Information Flow Signature (IFS)
Abstract
This thesis presents an architectural solution that provides secure and reliable execution of an application that computes critical data, in spite of potential hardware and software vulnerabilities. The technique does not require source code of or specifications about the malicious library function(s) called during execution of an application. The solution is based on the concept of Information Flow Signatures (IFS). The technique uses both a model-checker-based symbolic fault injection analysis tool called SymPLFIED to generate an IFS for an application or operating system, and runtime signature checking at the level of hardware to protect the integrity of critical data. The runtime checking is implemented in the IFS module. Reliable computation of data is ensured by the critical value re-computation (CVR) module. Prototype implementation of the signature checking and reliability module on a soft processor within an FPGA incurs no performance overhead and about 12% chip area overhead. The security module itself incurs about 7.5% chip area overhead. Performance evaluations indicate that the IFS module incurs as little as 3-4% overhead compared to 88-100% overhead when the runtime checking is implemented as a part of software. Preliminary testing indicates that the technique can provide 100% coverage for insider attacks that manifest as memory corruption and change the architectural state of the processor. Hence the IFS and CVR implementation offers a flexible, low-overhead, high-coverage method for ensuring reliable and secure computing.
Graduation Semester
2012-08
Permalink
http://hdl.handle.net/2142/34511
Copyright and License Information
Copyright 2012 Prateek Patel

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois
Dissertations and Theses - Electrical and Computer Engineering
Dissertations and Theses in Electrical and Computer Engineering