Embedded System Security
|
|
- Marilynn Rodgers
- 6 years ago
- Views:
Transcription
1 Assignments for the Course Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi Last updated: May 10, 2012 Authors: Sven Bugiel Based on ETISS 10 MobileLab of Kurt Dietrich (TU Graz) and Jan-Erik Ekberg (Nokia Research Center)
2
3 3 Exercise (30 points): Mobile Trusted Platform (MTM) Contents 3.1 Theoretical Assignments (30 Points) Practical Assignments Initialization of the SD card image Secure Boot RIM Certificates Compromised Boot Image Monotonic Counter Binding The Stakeholder Model Motivation and goals: Goal of this exercise is to give you basic practical skills for working with the Mobile Trusted Module (MTM). In particular, the purpose and usage of RIM certificates in the context of secure boot and the MTM stakeholder model is explained. Procedure: The exercise is split into two parts: theoretical and practical. The theoretical exercises have to be solved until Friday, 24 May 2012, and be handed in at that date (either during the lecture or via to sven.bugiel@trust.cased.de). The practical exercises will take place in the System Security Lab at CASED (Room ). You will do practical exercises under supervision and questions will be solved together. Note that the questions discussed in the practical exercises are also relevant for the exam! 1
4 3.1 Theoretical Assignments (30 Points) Differences between TPM and MTM (9 Points) 1. Name three major differences between the design of the Trusted Platform Module (TPM) and the Mobile Trusted Module (MTM). For each explain briefly the motivation for this difference. Stakeholder Model and Trusted Engines (13Points) 1. What are the two defined profiles for an MTM? Explain briefly their differences. 2. List the principle stakeholders on a mobile platform, the domain of their engine and the MTM profile their engine must have. 3. Illustrate how the Trusted Engines of the different stakeholders relate to each other and how the services/mtm within each domain build on each other. 4. What is the difference between an trusted and a measured resource? How can they be used to build allocated and dedicated Roots-of-Trust? RIM Certificates and Secure Boot (8 Points) 1. List the contents of a RIM certificate and explain very briefly their respective purpose. 2. How can RIM certificates be used to implement a secure boot with MTM? (Hint: An illustration suffices) 3. Explain briefly why for certain stakeholders a secure boot is mandatory and an authenticated boot is not permitted. 2
5 3.2 Practical Assignments This practical assignment is based on the ETISS 2010 Mobile Trusted Platform Lab by Kurt Dietrich and Johannes Winter (TU Graz) and Jan-Erik Ekberg (Nokia Resaerch Center) Initialization of the SD card image In this task you will become familiar with the environment, the tools and the basic knowledge for starting the emulation. Moreover, you will see how the secure boot concepts works. First, configure your shell to provide the required commands. Remember to first perform these two commands in all new shells you need during this lab! $ cd mobilelab $ source s e t t i n g s. sh Before starting with the lab exercises you need to create the SD card image used to hold the root filesystem of the simulated mobile platform: $ mobilelab buildimage Secure Boot 1. Get familiar with the environment. All tasks are performed in the mobilelab directory. This directory contains the following subdirectories that are relevant for the exercise: /images/ /base/ contains the boot images (u-boot.signed, u-boot.unsigned) /hello/ contains demo application (hello) /stake/ contains demo applications (app-a,..., app-c) /keys/ contains the system keys (base.priv.pem, incbootstrap.priv.pem, etc.) /rims/ contains the increment bootstrap counter certificates /settings.sh contains the environment variables setup 2. Start the image provided and see what s happening during the secure boot. First, start the MTM emulation via $ cd mobilelab && s ource s e t t i n g s. sh $ mtm s t a r t d The bootup can take some time and may sometimes seem to be hanging, so please be patient and don t abort prematurely! 3
6 Second, open a second shell and start the image. We assume to boot the mobile platform from an SD card. The boot image can be found in the file sdcard.bin, so use $ source s e t t i n g s. sh $ qemu s t a r t sd sdcard. bin to start the image. 3. What can be observed in the MTM emulator output during bootup of the image? 4. Login ( root, no password). 5. Shutdown the image ( halt, wait for System halted message) and the emulation (Ctrl+a c. enter quit into the qemu console). Note that is is required to restart the MTM emulator before every new task, thus manually resetting the MTM state as would have been done by hardware/software for a real MTM RIM Certificates The boot images in this exercise are delivered together with a Reference Integrity Metric (RIM) certificate. In the section previous, we have seen how this certificates are used for secure boot. In this section, you will learn how to create your own RIM certificate, thereby signing a specific boot image. 1. Launch the image as described in Task (Do not forget to restart the MTM emulator before starting the image!) 2. Open new a shell and copy the hello application to the mobile platform via logging into the running platform (execute the following in the mobilelab directory don t forget source settings.sh) $ s f t p qemu and then executing $ put images / h e l l o / h e l l o in order to upload the application to the platform. 3. Log into the mobile platform and try to start the hello application located in the /home/root directory. What is the result and why? 4. Create a new RIM certificate for the application (use the system s base key located in /keys/base.priv.prm for the signature on the certificate). Open a new shell on the PC (remember to run source settings.sh) and create the certificate by using the RIM tool: 4
7 $ r i m t o o l r i m c r e a t e o myhello. rim k keys / base. p r i v. pem t \ images / h e l l o / h e l l o p 1 5. Copy the RIM certificate to the mobile platform (with sftp-qemu). Execute./hello in order to find out the correct name for the RIM file (i.e., the hash value of the binary) and copy the myhello.rim file to the /rim/certs/ while renaming it to the correct name. $ cp myhello. rim /rim/ c e r t s / c3c f 3 6. Launch./hello again and test if the certificate and binary are validated correctly Compromised Boot Image In this task, the effects on the boot process are demonstrated, when one of the boot images is (maliciously) modified. 1. Shutdown the emulation, restart the MTM daemon and make a copy of the boot image. Execute $ cp images / base /u boot. s i gned. to copy the boot image to the current location. Also, restart the MTM emulator. 2. Modify the boot image to simulate a malicious boot image. Execute $ ghex2 u boot. s igned and alter some bytes from the bootloader and $ mcopy u boot. s igned a : u boot. bin to copy the modified bootloader to the SD card image (press o to overwrite the old loader). 3. Reboot the image. What is the result of the boot and why? 4. Install a new good bootloader and create a RIM certificate for this bootloader. Moreover, the bootloader should print out a customized message to show that it is your bootloader that is running. Execute $ cp images / base /u boot. unsigned. to copy the bootimage to the current location and edit it with $ ghex2 u boot. unsigned 5
8 Go to line 0x00027AAx and modify the content. You can modify all characters fo the following line U-Boot rc1-drty (Aug :14:26 (see man ascii for character hex codes). Do not delete any characters! If you did so, run this step again! 5. Create a new RIM certifcate and embed it in the bootloader. Execute $ r i m t o o l r i m c r e a t e o u boot. rim k keys / base. p r i v. pem t \ u boot. unsigned p 1 x u boot. unsigned to create the certificate using the system s base key. Embed the certificate in the image via $ embedrim i u boot. unsigned o u boot. bin r u boot. rim v \ keys / base. vkey What is the MTM key type of base.vkey? (Hint: Use the help message of the embedrim command) 6. Install the new bootloader in sdcard.bin via $ mcopy u boot. bin a : u boot. bin and boot the image. Confirm that you see your new boot message! It should be at the beginning of the output, just before the OMAP messages. Then shutdown the mobile platform and restart the MTM emulator Monotonic Counter Binding The binding of RIM certificates to monotonic counters provides an elegant way to revoke RIM certificates and with them specific software images. In this task you learn how to create RIM certificates that are bound to such a counter and see what happens if this counter is increased. 1. Issue a new RIM certificate for hello including counter binding. Use $ r i m t o o l r i m c r e a t e o h e l l o. rim k keys / base. p r i v. pem t \ images / h e l l o / h e l l o p 1 s 1 c 1 to create a certificate. What is the name of the bound counter and which value must this counter have at most? (Hint: Use the help message of the rimtool command) 2. Upload the RIM certificate, the increment-counter-certificate-verification-key, and the increment-counter-certificate on the platform (with sftp-qemu): $ put h e l l o. rim $ put keys / i n c b o o t s t r a p. vkey $ put rims / i n c b o o t s t r a p 2. rim 6
9 Start the MTM software stack on the mobile platform (login as root and run the command), so that user applications can access the MTM. $ tcsd 3. Load the verification key for the RIM certificate that is bound to the counter. Copy the new RIM certificate over the old certificate in /rim/certs $ cp h e l l o. rim /rim/ c e r t s / c3c f 3 Clear the RIM cache of the system via $ echo 1 > / sys / k e r n e l /mtm/ drop rim cache Load the verification key for the increase counter RIM certificate: $ mtmtool loadvkey k i n c b o o t s t r a p. vkey 4. Execute hello to check if it still works and the increase the counter: $ mtmtool i n c r p 3 i i n c b o o t s t r a p 2. rim 5. Execute hello once more to confirm that it fails. 6. Shutdown the mobile platform and restart the MTM emulator The Stakeholder Model In this task you will focus on the stakeholder model. Different parties might want to install images on the platform. These images might depend on each other or they might exclude each other, meaning that a certain image from one vendor will not boot if a certain image from another vendor was loaded. 1. Create RIM certificates for app-a, app-b, app-b-star, app-c try to find a solution so that app-c requires app-a and app-b to be started first. Use $ r i m t o o l rimc o app a. rim k keys / base. p r i v. pem p 0 x i 1 \ m 0 xabe4fe5b20ce385fe b50fc9e7de222df x \ images / s t a k e / app a 1 : 0 x to create a new certificate that requires PCR1 to have 0x (40 zeros!) so that app-a can be launched. Next, create a RIM certificate for app-b: $ r i m t o o l rimc o app b. rim k keys / base. p r i v. pem p 0 x i 2 \ m 0 xbfdab9f1d39aaef4bb40fdb23ba ad703 x \ images / stake /app b \ 1 : 0 x8dd840f ee93f3dfeba247f c293 \ 2 : 0 x
10 that requires PCR1 to have the content of SHA-1( app-a ) and PCR2 to have the content 0x Once again for app-c: $ r i m t o o l rimc o app c. rim k keys / base. p r i v. pem p 0 x i 5 \ t images / stake /app c \ 1 : 0 x8dd840f ee93f3dfeba247f c293 \ 2 : 0 x1e0c4a5d2ccec f2b Copy the key, the binaries from images/stake/ and certificates to the platform. Copy the RIM certificates to /rim/certs/ with the appropriate file name, i.e., hash of the corresponding binary, e.g. $ cp app a. rim / rim/ c e r t s / cb feead 3. Execute app-a, app-b, app-c in this sequence. Afterwards, how many times can you execute app-a, app-b, app-c again? 4. Reboot the mobile platform and restart the MTM emulator and try to execute the three apps in arbitrary order. (Don t forget the tcsd!) Does it work and why/why not? 5. Create a new stakeholder key: $ o p e n s s l genrsa out stake. p r i v. pem 2048 $ r i m t o o l vkeyc o stake. vkey p keys / boot. p r i v. pem a 0 x \ u 0x01 i 0 x0000cafe k stake. p r i v. pem 6. Sign app-b-star with this new key $ r i m t o o l rimc o app b s t a r. rim k stake. p r i v. pem p 0 x0000cafe i 2 \ m 0 xbfdab9f1d39aaef4bb40fdb23ba ad703 x \ images / stake /app b s t a r \ 1 : 0 x8dd840f ee93f3dfeba247f c293 \ 2 : 0 x Copy app-b-star.rim to /rim/certs/ on the mobile platform as done before (remember: name of the file is the hash of app-b-star!) 8. Start the MTM software stack (tcsd) and then load the stakehoder s verification key $ mtmtool loadvkey k stake. vkey Execute app-a, app-b-star, app-c exactly in this sequence. Can you still run app-b and why/why not? (Compare the RIM certs of app-b and app-b-star) 8
Secure, Trusted and Trustworthy Computing
http://www.trust.cased.de Assignments for the Course Secure, Trusted and Trustworthy Computing WS 2011/2012 Prof. Dr.-Ing. Ahmad-Reza Sadeghi Authors: Sven Bugiel Based on work by: B.Cubaleska, L. Davi,
More informationAuditing TPM Commands
Chapter 16 Auditing TPM Commands As used in the TPM, audit is the process of logging TPM command and response parameters that pass between the host and the TPM. The host is responsible for maintaining
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Roadmap: TPM
More informationTable of Contents 1 FTP and SFTP Configuration TFTP Configuration 2-1
Table of Contents 1 FTP and SFTP Configuration 1-1 Introduction to FTP and SFTP 1-1 Introduction to FTP 1-1 Introduction to SFTP 1-1 FTP Configuration 1-2 FTP Configuration: A Switch Operating as an FTP
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2017/18 Roadmap: TPM
More informationMobile Platform Security Architectures A perspective on their evolution
Mobile Platform Security Architectures A perspective on their evolution N. Asokan CARDIS 2012 Graz, Austria November 29, 2012 1 NA, KKo, JEE, Nokia Resarch Center 2011-2012 Introduction Recent interest
More informationTrusted Mobile Platform Technology for Secure Terminals
Trusted Mobile Platform Technology for Secure Terminals Yu Inamura, Takehiro Nakayama and Atsushi Takeshita Trusted Mobile Platform is a key technology for increasing the trust of mobile terminals such
More informationLinux Operating System Environment Computadors Grau en Ciència i Enginyeria de Dades Q2
Linux Operating System Environment Computadors Grau en Ciència i Enginyeria de Dades 2017-2018 Q2 Facultat d Informàtica de Barcelona This first lab session is focused on getting experience in working
More informationIntelligent Terminal System Based on Trusted Platform Module
American Journal of Mobile Systems, Applications and Services Vol. 4, No. 3, 2018, pp. 13-18 http://www.aiscience.org/journal/ajmsas ISSN: 2471-7282 (Print); ISSN: 2471-7290 (Online) Intelligent Terminal
More informationWelcome to getting started with Ubuntu Server. This System Administrator Manual. guide to be simple to follow, with step by step instructions
Welcome to getting started with Ubuntu 12.04 Server. This System Administrator Manual guide to be simple to follow, with step by step instructions with screenshots INDEX 1.Installation of Ubuntu 12.04
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017 Roadmap: Trusted Computing Motivation
More informationPengwyn Documentation
Pengwyn Documentation Release 1.0 Silica October 03, 2016 Contents 1 Introduction 3 1.1 Platforms................................................. 3 1.2 Hardware requirements.........................................
More informationMAGNUM-SDVN Security Administration Manual
MAGNUM-SDVN Security Administration Manual Revision 19: November 21, 2017 Contents Overview... 3 Administrative Access... 4 Logging Into Terminal Locally... 4 Logging Out Of Local Terminal... 4 Logging
More informationSirrix AG security technologies. TPM Laboratory I. Marcel Selhorst etiss 2007 Bochum Sirrix AG
TPM Laboratory I Marcel Selhorst m.selhorst@sirrix.com etiss 2007 Bochum What's this? 00 00 DC 76 4A 0B 1E 53 2F FF 81 13 92 5D A8 33 E4 2 C4 00 FC 8E 81 E1 24 6F 09 79 EA 84 32 9B 67 C8 76 00 0C C6 FD
More informationOld, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures
Old, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures N. Asokan ACM CODASPY 11 Joint work with Kari Kostiainen, Elena Reshetova, Jan-Erik Ekberg Feb 22, 2011
More informationCIS 4360 Secure Computer Systems Secured System Boot
CIS 4360 Secure Computer Systems Secured System Boot Professor Qiang Zeng Spring 2017 Previous Class Attacks against System Boot Bootkit Evil Maid Attack Bios-kit Attacks against RAM DMA Attack Cold Boot
More informationApplications of Attestation:
Lecture Secure, Trusted and Trustworthy Computing : IMA and TNC Prof. Dr. Ing. Ahmad Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2011/2012 1 Roadmap: TC
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2016 Acknowledgement This slide set is based on slides provided by
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Mobile Hardware Platform Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2017 Acknowledgement This slide set
More informationUNIX / LINUX - GETTING STARTED
UNIX / LINUX - GETTING STARTED http://www.tutorialspoint.com/unix/unix-getting-started.htm Copyright tutorialspoint.com Advertisements What is Unix? The Unix operating system is a set of programs that
More informationPassthrough in QEMU/KVM on Linux
Passthrough in QEMU/KVM on Linux G. Lettieri 2 Nov. 2017 Let see how hardware passthrough can be used in practice, using the QEMU hypervisor with the KVM API on Linux. We assume Intel hardware throughout
More informationThe UNIX operating system is a set of programs that act as a link between the computer and the user.
Chapter 1: Introduction to Unix 1 INRODUCTION TO UNIX What is Unix? The UNIX operating system is a set of programs that act as a link between the computer and the user. The computer programs that allocate
More informationOperation Manual System Management. Table of Contents
Table of Contents Table of Contents Chapter 1 File System Management... 1-1 1.1 File System Configuration... 1-1 1.1.1 File System Overview... 1-1 1.1.2 Directory... 1-1 1.1.3 File... 1-2 1.1.4 Storage
More informationLecture Embedded System Security Trusted Platform Module
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2015 Roadmap: TPM Introduction to TPM TPM architecture
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 3: UNIX Operating System Organization Tian Guo CICS, Umass Amherst 1 Reminders Assignment 2 is due THURSDAY 09/24 at 3:45 pm Directions are on the website
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationThis lab exercise is to be submitted at the end of the lab session! passwd [That is the command to change your current password to a new one]
Data and Computer Security (CMPD414) Lab II Topics: secure login, moving into HOME-directory, navigation on Unix, basic commands for vi, Message Digest This lab exercise is to be submitted at the end of
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationLinux & Shell Programming 2014
Unit -1: Introduction to UNIX/LINUX Operating System Practical Practice Questions: Find errors (if any) otherwise write output or interpretation of following commands. (Consider default shell is bash shell.)
More informationLinux+ Guide to Linux Certification, Third Edition. Chapter 2 Linux Installation and Usage
Linux+ Guide to Linux Certification, Third Edition Chapter 2 Linux Installation and Usage Objectives Install Red Hat Fedora Linux using good practices Outline the structure of the Linux interface Enter
More informationTRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE
SESSION ID: TECH-F03 TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE Tom Dodson Supply Chain Security Architect Intel Corporation/Business Client Products Monty Wiseman Security
More informationUnicorn: Two- Factor Attestation for Data Security
ACM CCS - Oct. 18, 2011 Unicorn: Two- Factor Attestation for Data Security M. Mannan Concordia University, Canada B. Kim, A. Ganjali & D. Lie University of Toronto, Canada 1 Unicorn target systems q High
More informationHow many of you have never built a NetBSD kernel?
A Smart Port Card Tutorial - The Exercises John DeHart Washington University jdd@arl.wustl.edu http://www.arl.wustl.edu/~jdd 1 Question? How many of you have never built a NetBSD kernel? 2 page 1 Exercises
More informationInstructions PLEASE READ (notice bold and underlined phrases)
Lab Exercises wk02 Lab Basics First Lab of the course Required Reading Java Foundations - Section 1.1 - The Java Programming Language Instructions PLEASE READ (notice bold and underlined phrases) Lab Exercise
More informationOperating systems fundamentals - B02
Operating systems fundamentals - B02 David Kendall Northumbria University David Kendall (Northumbria University) Operating systems fundamentals - B02 1 / 1 Introduction Getting started with Linux How the
More informationLecture Secure, Trusted and Trustworthy Computing Introduction to SGX
Lecture Secure, and Trustworthy Computing Introduction to Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Intel Software Guard Extensions
More informationLabs instructions for Enabling BeagleBone with TI SDK 5.x
Labs instructions for Enabling BeagleBone with TI SDK 5.x 5V power supply µsd ethernet cable ethernet cable USB cable Throughout this document there will be commands spelled out to execute. Some are to
More informationIf you prefer to use your own SSH client, configure NG Admin with the path to the executable:
Each Barracuda NG Firewall system is routinely equipped with an SSH daemon listening on TCP port 22 on all administrative IP addresses (the primary box IP address and all other IP addresses that administrative
More informationFaculty of Computer Science Institute for System Architecture, Operating Systems Group. Complex Lab Operating Systems 2016 Winter Term.
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Complex Lab Operating Systems 2016 Winter Term Introduction Requirements Basic Operating Systems Know-How Virtual
More informationThe most common type of certificates are public key certificates. Such server has a certificate is a common shorthand for: there exists a certificate
1 2 The most common type of certificates are public key certificates. Such server has a certificate is a common shorthand for: there exists a certificate signed by some certification authority, which certifies
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationCS 2400 Laboratory Assignment #1: Exercises in Compilation and the UNIX Programming Environment (100 pts.)
1 Introduction 1 CS 2400 Laboratory Assignment #1: Exercises in Compilation and the UNIX Programming Environment (100 pts.) This laboratory is intended to give you some brief experience using the editing/compiling/file
More informationPXM45 Backup Boot Procedures
APPENDIX B 2 When a PXM45 card starts up, it first loads the boot software on the card. If the PXM45 cannot load the runtime firmware, the card continues to run the boot software in what is called backup
More information21.1 FTP. Connections
21.1 FTP File Transfer Protocol (FTP) is the standard mechanism provided by TCP/IP for copying a file from one host to another. Although transferring files from one system to another seems simple and straightforward,
More informationDigSig novelties. Libre Software Meeting 2005 Security Topic July 2005
DigSig novelties Libre Software Meeting 2005 Security Topic July 2005 DigSig Team: Axelle Apvrille, David Gordon, Serge Hallyn, Makan Pourzandi, Vincent Roy Outline Introduction: why and what for? How:
More informationIPMI Configuration Guide
IPMI Configuration Guide 1. Introduction of IPMI Server Manager... 2 2. IPMI Server Manager GUI Overview... 3 1 1. Introduction of IPMI Server Manager IPMI Server Manager allows remote access of computers
More informationProject #1 Exceptions and Simple System Calls
Project #1 Exceptions and Simple System Calls Introduction to Operating Systems Assigned: January 21, 2004 CSE421 Due: February 17, 2004 11:59:59 PM The first project is designed to further your understanding
More information202 Lab Introduction Connecting to the Lab Environment
202 Lab Introduction Connecting to the Lab Environment Objectives During this v7.1 Deployment lab, each student (from the Blue group or Green group) must verify access (and permissions) to their assigned
More informationSession 1: Accessing MUGrid and Command Line Basics
Session 1: Accessing MUGrid and Command Line Basics Craig A. Struble, Ph.D. July 14, 2010 1 Introduction The Marquette University Grid (MUGrid) is a collection of dedicated and opportunistic resources
More informationLecture 3 MOBILE PLATFORM SECURITY
Lecture 3 MOBILE PLATFORM SECURITY You will be learning: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common
More informationMaintaining the MGX RPM-PR
APPENDIX A This appendix describes maintenance procedures you might need to perform as your internetworking needs change. It contains the following sections: Reading Front Panel LEDs Recovering a Lost
More informationUsing a secondary bootloader on the EMSK
Using a secondary bootloader on the EMSK Overview embarc is an open software platform designed to help accelerate the development and production of embedded systems based on DesignWare ARC processors.
More informationLab 3a Using the vi editor
Lab 3a Using the vi editor Objectives: Become familiar with the vi Editor Review the three vi Modes Review keystrokes to move between vi modes Create a new file with vi Editor Invoke vi with show mode
More informationReset the Admin Password with the ExtraHop Rescue CD
Reset the Admin Password with the ExtraHop Rescue CD Published: 2018-01-19 This guide explains how to reset the administration password on physical and virtual ExtraHop appliances with the ExtraHop Rescue
More informationSAMA5D3x-CM Instruction to program images with PEEDI
SAMA5D3x-CM Instruction to program images with PEEDI 1) To begin programing with PEEDI you need to prepare some cables and install a terminal emulation software 1.1 First ensure that you have installed
More informationECE 471 Embedded Systems Lecture 16
ECE 471 Embedded Systems Lecture 16 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 15 October 2018 Announcements Midterm is graded Don t forget HW#5 No class Wednesday, Career
More informationM2351 Trusted Boot. Application Note for 32-bit NuMicro Family
M2351 Trusted Boot Application Note for 32-bit NuMicro Family Document Information Abstract Apply to Introduce the M2351 Secure Bootloader, Secure Boot verification mechanism, and how it works to perform
More informationML410 VxWorks BSP and System Image Creation for the BSB Design Using EDK 8.2i SP1. April
ML410 VxWorks BSP and System Image Creation for the BSB Design Using EDK 8.2i SP1 April 2007 Overview Hardware Setup Software Setup & Requirements Generate VxWorks BSP Create VxWorks Project Create VxWorks
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Fall 2016 Lecture 5 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 User Operating System Interface - CLI CLI
More informationINFORMATION SECURITY - PRACTICAL ASSESSMENT - BASICS IN BUFFER EXPLOITATION
INFORMATION SECURITY - PRACTICAL ASSESSMENT - BASICS IN BUFFER EXPLOITATION GRENOBLE INP ENSIMAG http://www.ensimag.fr COMPUTER SCIENCE 3RD YEAR IF-MMIS - 1ST SEMESTER, 2011 Lecturers: Fabien Duchene -
More informationUpgrade Cisco Interface Module for LoRaWAN IXM using the Console
Upgrade Cisco Interface Module for LoRaWAN IXM using the Console Contents Introduction Prerequisites Requirements Components Used Background Information Configure Step 1. Prepare the firmware images (and
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationUser Guide Linux for AT91CAP9-STK Version 1.1. User Guide LINUX FOR AT91CAP9-STK VERSION: 1.1 1/11
User Guide LINUX FOR AT91CAP9-STK VERSION: 1.1 1/11 History of Changes Revision Issue Date Descripion Author Ver 1.0 2009-04-24 First version of the document Olivier Arnal Ver 1.1 2009-04-27 Minor modification
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationOperating Systems 2014 Assignment 4: File Systems
Operating Systems 2014 Assignment 4: File Systems Deadline: Sunday, May 25 before 23:59 hours. 1 Introduction A disk can be accessed as an array of disk blocks, often each block is 512 bytes in length.
More informationLab 1 Introduction to UNIX and C
Name: Lab 1 Introduction to UNIX and C This first lab is meant to be an introduction to computer environments we will be using this term. You must have a Pitt username to complete this lab. The doc is
More informationWHITE PAPER. Authentication and Encryption Design
WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More informationWASABI SYSTEMS INC. Wasabi Storage Builder for NAS Quick Start Guide
WASABI SYSTEMS INC. Wasabi Storage Builder for NAS Quick Start Guide Release v1.1 December 2006 How to Contact Wasabi Wasabi Systems Inc. 500 E. Main Street, Suite 1520 Norfolk, VA 23510 USA EMAIL: info@wasabisystems.com
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationConfiguring Switch Security
CHAPTER 9 The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a switch. The Cisco MDS 9020 Fabric Switch
More informationNewsreader virtual machines Technical Report NWR
Newsreader virtual machines Technical Report NWR-2014-4 Version FINAL Aitor Soroa 1, Enrique Fernández 2 1 University of Basque Country Donostia, Basque Country a.soroa@ehu.es 2 University of Basque Country
More informationLinux Home Lab Environment
Environment Introduction Welcome! The best way to learn for most IT people is to actually do it, so that s the goal of this selfpaced lab workbook. The skills outlined here will begin to prepare you for
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationCommands are in black
Starting From the Shell Prompt (Terminal) Commands are in black / +--------+---------+-------+---------+---------+------ +------ +------ +------ +------ +------ +-- Bin boot dev etc home media sbin bin
More information400AP Application Note Uploading Firmware Images to 400AP NAND Flash Models
June 2014 400AP Application Note Uploading Firmware Images to 400AP NAND Flash Models Author: Thomas W. Heck, Sr. Design Engineer Janus Remote Communications Table of Contents Overview..................................................................................
More informationXinu on Intel Galileo User Manual
Xinu on Intel Galileo User Manual Table of Contents Page 1.0 Firmware Update for the Intel Galileo board 2 2.0 Console connection on the Intel Galileo 2 2.1 Background 2 2.2 Serial cable setup for the
More informationJRA1 Telescope: NI Flex RIO DAQ Labview Telescope DAQ demonstration software overview
JRA1 Telescope: NI Flex RIO DAQ Labview Telescope DAQ demonstration software overview G. Claus 1, Mathieu Goffe 1, Kimmo Jaaskelainen 1, Cayetano Santos 1, Matthieu Specht 1 January 17, 2011 Abstract The
More informationBooting a Galaxy Instance
Booting a Galaxy Instance Create Security Groups First time Only Create Security Group for Galaxy Name the group galaxy Click Manage Rules for galaxy Click Add Rule Choose HTTPS and Click Add Repeat Security
More informationThe Unix Environment for Programming (COMP433)
The Unix Environment for Programming (COMP433) Student's Practical Manual Dr. Mohamed Ben Laroussi Aissa m.issa@unizwa.edu.om Room 11 I- 13 Spring 2017 1 Textbook Topic # Topic Page 1 Introduction 2 3
More informationCS 642 Homework #4. Due Date: 11:59 p.m. on Tuesday, May 1, Warning!
CS 642 Homework #4 Due Date: 11:59 p.m. on Tuesday, May 1, 2007 Warning! In this assignment, you will construct and launch attacks against a vulnerable computer on the CS network. The network administrators
More informationArrayent DevKit Sample Application Quick Start Guide For TI CC3220
Arrayent DevKit Sample Application Quick Start Guide For TI CC3220 28 March 2017 TABLE OF CONTENTS Chapter 1. Overview Audience and Scope Prerequisites Supported Software and Hardware Platforms TI CC3220
More informationClientNet. Portal Admin Guide
ClientNet Portal Admin Guide Document Revision Date: June 5, 2013 ClientNet Portal Admin Guide i Contents Introduction to the Portal... 1 About the Portal... 1 Logging On and Off the Portal... 1 Language
More informationThe blob bootloader. The blob bootloader. Thomas Petazzoni Free Electrons
The blob bootloader The blob bootloader Thomas Petazzoni Free Electrons 1 Rights to copy Copyright 2008 2009, Free Electrons feedback@free electrons.com Document sources, updates and translations: http://free
More informationPlatform Configuration Registers
Chapter 12 Platform Configuration Registers Platform Configuration Registers (PCRs) are one of the essential features of a TPM. Their prime use case is to provide a method to cryptographically record (measure)
More informationUser can upgrade the firmware directly using the Web or Console.
17. Firmware Upgrade User can upgrade the firmware directly using the Web or Console. Firmware name (current) and applied model: V3K31257_en.all:Vigor 3300B+ 2.5.7 English version. V3K31257_cn.all:Vigor
More information1. What statistic did the wc -l command show? (do man wc to get the answer) A. The number of bytes B. The number of lines C. The number of words
More Linux Commands 1 wc The Linux command for acquiring size statistics on a file is wc. This command provides the line count, word count and number of bytes in a file. Open up a terminal, make sure you
More informationDefault Security Setup
This section provides information about the default security setup. Default Security Features, page 1 Trust Verification Service, page 2 Initial Trust List, page 2 Update ITL File for IP Phones, page 4
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationProgramming the CME11E9-EVBU, Keypad, and LCD
EE3306 Programming the CME11E9-EVBU, Keypad, and LCD The purpose of this lab is to become familiar with the Motorola 68HC11 Lab Trainer kit, related software (Buffalo monitor, TExaS simulator) and learn
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationµtasker Boot-loader support
Introduction µtasker is an operating system designed especially for embedded applications where a tight control over resources is desired along with a high level of user comfort to produce efficient and
More informationProgramming the CME11E9-EVBU, Keypad, and LCD
EE-3306 Programming the CME11E9-EVBU, Keypad, and LCD The purpose of this lab is to become familiar with the Motorola 68HC11 Lab Trainer kit, related software (Buffalo monitor, TExaS simulator) and learn
More informationQEMU Basic. Create the Hardware System
QEMU Basic In this simple Demo we shall be creating a simple Zynq HW project in 2016.2, exporting to SDK to create the HDF file. This HDF file will be used as the base to create the Linux image in Petalinux.
More informationHow to Enable Client Certificate Authentication on Avi
Page 1 of 11 How to Enable Client Certificate Authentication on Avi Vantage view online Overview This article explains how to enable client certificate authentication on an Avi Vantage. When client certificate
More informationThe build2 Toolchain Installation and Upgrade
The build2 Toolchain Installation and Upgrade Copyright 2014-2019 Code Synthesis Ltd Permission is granted to copy, distribute and/or modify this document under the terms of the MIT License This revision
More informationMarkLogic Server. Information Studio Developer s Guide. MarkLogic 8 February, Copyright 2015 MarkLogic Corporation. All rights reserved.
Information Studio Developer s Guide 1 MarkLogic 8 February, 2015 Last Revised: 8.0-1, February, 2015 Copyright 2015 MarkLogic Corporation. All rights reserved. Table of Contents Table of Contents Information
More informationCSE 265: System and Network Administration
CSE 265: System and Network Administration System startup and shutdown Bootstrapping Booting PCs Boot loaders Booting into single user mode Startup scripts Rebooting and shutting down Bootstrapping i.e.,
More information