Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK

1. Introduction

CryptoMPK is a source code analysis and transformation system to implement a domain-based memory isolation, which makes the protection of cryptographic confidential data practical.

High level workflow of CryptoMPK:

1. Automatically tracking and labeling all sensitive memory buffers and operations in source code related to crypto keys with a context-sensitive, crypto-aware information flow analysis.
2. Partitioning the source code into crypto and non-crypto domains with a context-dependent privilege switch instrumentation.
3. Utilizing Intel Memory Protection Keys (MPK) feature to generate executables with efficient domain switching, and protects the generated binary code against typical memory disclosure vulnerabilities such as arbitrary memory read.

2. Source code

We have implemented a prototype of paper. The source code of our prototype is available at here.

source code structure

• src/ and include/ : Main passes of CryptoMPK for crypto buffer labeling, crypto operation identification, and code transoformation as our paper details.
• runtime/ : A customized dynamic memory allocator based on Jemaloc for secure memory allocation.

Building Prerequisites

In order to build the CryptoMPK toolchain, you will need:

• LLVM 10.0.1 compiler
• CMake 3.1 or higher

Building Instructions

1. Switching to the root directory of source code.
2. mkdir build; cd build; cmake ..; make
3. a dynamic library (build/cryptompk.so) is generated, which is the main pass of CryptoMPK in form of an LLVM plugin.

3. Prebuilt binaries

We also provided a set of prebuilt binaries of CryptoMPK including:

• cryptompk/cryptompk.so : the main LLVM pass plugin.
• libjemalloc/libjemalloc.so.2 : customized dynmaic memory allocator used by CryptoMPK.
• dyn_analyzer/ : a C program to implement runtime checks and capture all runtime segment faults caused by MPK privilege violation.
• log_analyzer/ : a series of python scripts to analyze the log created by transformation pass.
• llvmutils : a set of analysis and transformation utilities implemented on LLVM.
• perf_profiling : a profiler to discover hotspot functions.

The prebuilt binaries are available at here.

4. Experiments Dataset

The dataset of our experiments is available at here. It covers the follwing application scnearios:

• File encryption with the ccrypt utility
• Authenticated encryption and Signing/Verifying with libhydrogen
• Authenticated encryption with libsodium
• HTTPS communication with Apache+OpenSSL
• HTTPS communication with Nginx+OpenSSL
• Password hasing with OpenSMTPD+libcrypt
• Password hasing with vsftpd+libcrypt

For each case, we provided the following data:

• Detailed instructions of how to execute the test cases.
• Scripts used for building relevant crypto libraries and programs in CryptoMPK code analysis and generation processes.
• The generated (and protected) binaries, which can be directly executed on a 64-bit Ubuntu 18.04 server using an MPK-enabled processor (e.g., Intel Xeon Gold 5122 Processor).
• Scripts for automatically testing those protected binaries.

5. Publication

Please see more details in our IEEE S&P 2022 paper: PDF slides

© 2022 G.O.S.S.I.P / Email: [contact at securitygossip dot com] or [romangol at securitygossip dot com]