Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

Size: px

Start display at page:

Download "Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology"

Lillian Cecilia Simpson
5 years ago
Views:

1 Certifying Program Execution with Secure Processors Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

2 Motivation All PCs may soon include trusted computing HW Potential impact far greater than copy-protection! Goal: explore appropriate hardware and software design

3 Secure Remote Login Internet Cafe Login session Trusted server Is anyone monitoring my keystrokes?

Partial Solutions Alice @ Internet Cafe Trusted server Attack Network sniffing Fake login prompt Sniffing login

4 Partial Solutions Internet Cafe Trusted server Attack Network sniffing Fake login prompt Sniffing login password Solution Encrypt session (e.g. ssh) One-time phrase from server One-time password; Personal smart-cards

5 We Won t Try To Solve Internet Cafe Trusted server Modified keyboard or display To steal keystrokes and data A camera can spy even personal laptops

6 Hard-to-Prevent Attacks Internet Cafe Trusted server Attacks by owner of the terminal Install bad ssh software Install bad operating system/device driver Even w/ trusted OS, can snoop memory with DMA

7 Can Trusted Computing Help?

8 Microsoft Palladium (NGSCB) Win App Win App Windows Security boundary Secure App Secure App Nexus Kernel CPU Secure Chip Secure boot Keep fingerprints of BIOS, B/L, Nexus in secure chip Attestation Nexus computes fingerprint of secure app Secure chip signs all fingerprints Keyboard driver in Nexus Modified HW guides DMA

9 Remote Login w/ Palladium Internet Cafe Nonce Trusted server Attestation certificate One-time phrase Server looks for trusted Chip, BIOS, boot loader, Nexus, ssh Is the terminal s HW/SW trusted?

10 Palladium Pros Pros Detect un-trusted chip, BIOS, boot loader Detect un-trusted Nexus and ssh Prevent DMA of memory of trusted apps

11 Palladium Pros and Cons Pros Detect un-trusted chip, BIOS, boot loader Detect un-trusted Nexus and ssh Prevent DMA of memory of trusted apps Cons Can you keep the Nexus small?

12 Palladium Pros and Cons Pros Detect un-trusted chip, BIOS, boot loader Detect un-trusted Nexus and ssh Prevent DMA of memory of trusted apps Cons Can you keep the Nexus small? Can you verify Windows services?

13 Palladium Pros and Cons Pros Detect un-trusted chip, BIOS, boot loader Detect un-trusted Nexus and ssh Prevent DMA of memory of trusted apps Cons Can you keep the Nexus small? Can you verify Windows services? Non-DMA attacks on memory

14 How Can We Improve Palladium s Security and Verifiability?

15 Use Small m-kernel Keyboard driver Pager Network stack ssh User fingerprint fingerprint fingerprint m-kernel fingerprint Kernel m-kernel allows attestation of all OS modules

16 Flexible Security Boundary Secure Remote Login s security boundary ssh program m-kernel keyboard driver BIOS, B/L, secure chip Some apps need more, some less E.g. pager, network stack

17 m-kernel Challenges Can we maintain a modular system? Small kernel & OS modules - verifiability

18 m-kernel Challenges Can we maintain a modular system? Small kernel & OS modules - verifiability What about performance? Careful engineering & SMT?

19 m-kernel Challenges Can we maintain a modular system? Small kernel & OS modules - verifiability What about performance? Careful engineering & SMT? What about popular apps?

20 Un-trusted Apps Run In VM Keyboard driver Pager ssh Windows in VM User fingerprint fingerprint fingerprint m-kernel fingerprint Kernel

21 XOM (Lie et al 00) Prevents DRAM Attacks Security boundary Plaintext Encrypted Cache App DRAM CPU OS Processor decrypts copy-protected program HW/FW implements crypto-paging (Yee 94) Cannot easily find out what OS is running

22 Borrow Crypto-Paging Use tamper-resistant processor Cache is trusted and safe Run m-kernel in secure processor m-kernel authenticates data to/from DRAM

23 Memory Authentication Merkle tree Tree of hashes Parent authenticates children Leaves authenticate physical memory Secure processor stores root Trap handler uses/updates tree when loading or evicting cached data

24 m-kernel Cerium Plaintext Authenticated App Cache Keyboard driver Network stack DRAM CPU Security boundary

25 Secure Remote Login w/ Cerium Internet Cafe Nonce Trusted server

26 Secure Remote Login w/ Cerium Internet Cafe Nonce Trusted server Signed certificate Certificate contains: nonce and fingerprints of BIOS, B/L, m-kernel, userlevel keyboard driver, ssh

27 Secure Remote Login w/ Cerium Internet Cafe Nonce Trusted server Signed certificate One-time phrase

28 Cerium Enables Many Apps User can find out if a computer executed the user s program faithfully! Many useful applications Secure remote execution (e.g. SETI@home) Secure P2P network

29 Conclusion Trusted computing HW enables new apps Cerium supports Secure Remote Login Merges good ideas from Palladium & XOM Provides security and verifiability We should explore how to use trusted computing HW to build cool systems!

Intel Software Guard Extensions

Intel Software Guard Extensions Dr. Matthias Hahn, Intel Deutschland GmbH July 12 th 2017 cryptovision Mindshare, Gelsenkirchen Intel SGX Making Headlines Premium Content requiring Intel SGX on PC Intel