Justifying Integrity Using a Virtual Machine Verifier

Similar documents
Justifying Integrity Using a Virtual Machine Verifier

Advanced Systems Security: Integrity

Operating System Security: Building Secure Distributed Systems

Advanced Systems Security: Integrity

Advanced Systems Security: Integrity

Chapter 6: Integrity Policies

Toward Automated Information-Flow Integrity Verification for Security-Critical Applications

Systems Security Research in SIIS Lab

PRIMA: Policy-Reduced Integrity Measurement Architecture

Advanced Systems Security: Principles

Integrity Policies. Murat Kantarcioglu

Establishing and Sustaining System Integrity via Root of Trust Installation

May 1: Integrity Models

Practical Verification of System Integrity in Cloud Computing Environments

Verifying System Integrity by Proxy

IBM Research Report. PRIMA: Policy-Reduced Integrity Measurement Architecture. Trent Jaeger Pennsylvania State University

Transforming Commodity Security Policies to Enforce Clark-Wilson Integrity

Seeding Clouds with Trust Anchors

Advanced Systems Security: Ordinary Operating Systems

CIS433/533 - Introduction to Computer and Network Security. Access Control

Advanced Systems Security: Principles

Advanced Systems Security: Principles

Establishing and Sustaining System Integrity via Root of Trust Installation

Configuring Cloud Deployments for Integrity

Topics in Systems and Program Security

Advanced Systems Security: Putting It Together Systems

Module: Cloud Computing Security

CSE509: (Intro to) Systems Security

SELinux Protected Paths Revisited

Module: Operating System Security. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Verifiable Security Goals

STING: Finding Name Resolution Vulnerabilities in Programs

Technical Brief Distributed Trusted Computing

CSE Computer Security

Advanced Systems Security: Securing Commercial Systems

P a g e 1. Teknologisk Institut. Online kursus k SysAdmin & DevOps Collection

Advanced Systems Security: Cloud Computing Security

CCM Lecture 14. Security Models 2: Biba, Chinese Wall, Clark Wilson

Trustworthy Whole-System Provenance for the Linux Kernel

OS Security IV: Virtualization and Trusted Computing

Advanced Systems Security: Ordinary Operating Systems

The Evolution of Secure Operating Systems

Advanced Systems Security: Virtual Machine Systems

VIAF: Verification-based Integrity Assurance Framework for MapReduce. YongzhiWang, JinpengWei

Operating System Security

Security and Privacy in Cloud Computing

Security Namespace: Making Linux Security Frameworks Available to Containers

Advanced Systems Security: Security-Enhanced Linux

Enforcing Trust in Pervasive Computing. Trusted Computing Technology.

TUX : Trust Update on Linux Kernel

Creating a Practical Security Architecture Based on sel4

Lecture 15 Designing Trusted Operating Systems

Red Hat Certified System Administrator (RHCSA) RHCSA 7 Requirements and Syllabus

CSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger

CSE543 - Computer and Network Security Module: Virtualization

Advanced Systems Security: Future

PREVENTING EXPLOITS WITH SECURITY ENHANCED LINUX

Security Enhanced Linux

Advanced Systems Security: Virtual Machine Systems

Systems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees

Intelligent Terminal System Based on Trusted Platform Module

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

The Evolution of Secure Operating Systems

Virtual Machine Security

IBM Research Report. Bridging Mandatory Access Control Across Machines

CMPSC 497: Static Analysis

Security context. Technology. Solution highlights

IBM Research Report. Design and Implementation of a TCG-Based Integrity Measurement Architecture

The trust problem in modern network infrastructures

Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services

Surviving in the wilderness integrity protection and system update. Patrick Ohly, Intel Open Source Technology Center Preliminary version

Topics in Systems and Program Security

CSE543 - Computer and Network Security Module: Virtualization

CSE 544 Advanced Systems Security

The Road to a Secure, Compliant Cloud

, Inc

2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions

Combining program verification with component-based architectures. Alexander Senier BOB 2018 Berlin, February 23rd, 2018

Security: The Key to Affordable Unmanned Aircraft Systems

Container Deployment and Security Best Practices

Framework for Prevention of Insider attacks in Cloud Infrastructure through Hardware Security

Lecture Embedded System Security Introduction to Trusted Computing

Trusted Network Access Control Experiences from Adoption

Introduction to Assurance

CSE543 - Computer and Network Security Module: Trusted Computing

Politecnico di Torino. Porto Institutional Repository

OVAL + The Trusted Platform Module

Certification Report

Module: Future of Secure Programming

SCALABLE WEB CONTENT ATTESTATION

IBM Research Report. shype: Secure Hypervisor Approach to Trusted Virtualized Systems

A new Distributed Security Model for Linux Clusters

Protecting Information Assets - Unit #14 - Computer Application Security. MIS 5206 Protecting Information Assets

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

The Case for Security Enhanced (SE) Android. Stephen Smalley Trusted Systems Research National Security Agency

Bromium: Virtualization-Based Security

Unify DevOps and SecOps: Security Without Friction

Advanced Systems Security: Multics

Lecture Embedded System Security Introduction to Trusted Computing

Advanced Systems Security: Confused Deputy

Transcription:

Justifying Integrity Using a Virtual Machine Verifier Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, and Patrick McDaniel ACSAC 09 1 1

Cloudy Horizons Utility-based cloud computing is attracting small businesses and developers Clouds offer an on-demand virtualization infrastructure to run distributed applications How can we verify that application components are behaving as expected? 2 2

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Distributed Compilation Cloud Infrastructure Package Archive Build Controller 3 3

Threat Model Build Controller 4 4

Threat Model Build Controller Build controller depends on input from other VMs 4 4

Threat Model Build Controller Build controller depends on input from other VMs Cloud VMs / hosts can be misconfigured or compromised 4 4

Threat Model Build Controller Build controller depends on input from other VMs Cloud VMs / hosts can be misconfigured or compromised 4 4

Threat Model Build Controller Build controller depends on input from other VMs Cloud VMs / hosts can be misconfigured or compromised May generate malicious results 4 4

Threat Model Build Controller Build controller depends on input from other VMs Cloud VMs / hosts can be misconfigured or compromised May generate malicious results 4 4

Threat Model Build Controller Build controller depends on input from other VMs Cloud VMs / hosts can be misconfigured or compromised May generate malicious results 4 4

Threat Model Build Controller Build controller depends on input from other VMs Cloud VMs / hosts can be misconfigured or compromised May generate malicious results 4 4

Threat Model Build Controller Build controller depends on input from other VMs Cloud VMs / hosts can be misconfigured or compromised May generate malicious results Other cloud instances may affect vulnerable systems 4 4

Threat Model Build Controller Build controller depends on input from other VMs Cloud VMs / hosts can be misconfigured or compromised May generate malicious results Other cloud instances may affect vulnerable systems 4 4

Threat Model Build Controller Build controller depends on input from other VMs Cloud VMs / hosts can be misconfigured or compromised May generate malicious results Other cloud instances may affect vulnerable systems How can we verify that the cloud VMs are correct and provide trustworthy inputs? 4 4

Information-flow Integrity Goal: measure against classical integrity models Current approaches are incomplete Clark-Wilson aims to protect high integrity data from low integrity input and processes Unconstrained Data Items (UDI): low integrity data Constrained Data Items (CDI): high integrity data Verified by Integrity Verification Procedures (IVPs) Transformation Procedures (TP) modify CDIs TPs must be formally assured to behave correctly All interfaces discard or upgrade UDIs 5 5

Practical Integrity Practical integrity models are less heavyweight CW-Lite [Shankar 06], UMIP [Li 07], PPI [Sun 08] We focus on verifying CW-Lite integrity Requires identification of trusted code in TPs Only interfaces that receive UDIs are filtered Build controller must verify for each VM CDIs pass an IVP TP are trustworthy UDIs only enter through filtering interfaces 6 6

Integrity Measurement Measure integrity-relevant operations sufficient to prove CW-Lite for Build VMs BIND: measure integrity data based on generating code Satem: enforce execution of specified code PRIMA: ensure that high integrity data is modified by only trusted processes Enable attestation of integrity to a remote party 7 7

Integrity Measurement Measure integrity-relevant operations necessary to prove CW-Lite for Build VMs BIND: measure integrity data based on generating code IVP for verifying CDIs integrity Satem: enforce execution of specified code Ensure use of only certified TPs PRIMA: ensure that high integrity data is modified by only trusted processes Ensure that only TPs modify CDIs and handle UDIs securely Each are incomplete and still missing some function necessary to build CW-Lite proofs 8 8

Our Solution 9 9

Our Solution We enforce and enable verification of CW-Lite on a VM system for a particular application policy 9 9

Our Solution We enforce and enable verification of CW-Lite on a VM system for a particular application policy Simple to verify host with a VM Verifier (VMV) 9 9

Our Solution We enforce and enable verification of CW-Lite on a VM system for a particular application policy Simple to verify host with a VM Verifier (VMV) Verify initial integrity of an application VM. 9 9

Our Solution We enforce and enable verification of CW-Lite on a VM system for a particular application policy Simple to verify host with a VM Verifier (VMV) Verify initial integrity of an application VM. Local enforcement mediates integrity-relevant events 9 9

Our Solution We enforce and enable verification of CW-Lite on a VM system for a particular application policy Simple to verify host with a VM Verifier (VMV) Verify initial integrity of an application VM. Local enforcement mediates integrity-relevant events Attestation service handles VM attestation requests. 9 9

Assessing CW-Lite on VMs Initial Integrity: VM IVP must verify VM data integrity Root of trust for deploying Build VMs that satisfy CW-Lite Validate Build VM integrity by inspecting an attestation of previous host system Enforcement: Ensuring only trusted code modifies Build VM data Root of trust bootstraps secure execution runtime with CW-Lite policy Kernel and services to enforce CW-Lite policy over Build VM execution Attestation: Build integrity proof that enables validation of CW-Lite enforcement by verifier (Build Controller) 10 10

Assessing CW-Lite on VMs Initial Integrity: VM IVP must verify VM data integrity Root of trust for deploying Build VMs that satisfy CW-Lite Validate Build VM integrity by inspecting an attestation of previous host system Enforcement: Ensuring only trusted code modifies Build VM data Root of trust bootstraps secure execution runtime with CW-Lite policy Kernel and services to enforce CW-Lite policy over Build VM execution Attestation: Build integrity proof that enables validation of CW-Lite enforcement by verifier (Build Controller) 11 11

Establishing a Root of Trust Verification of a VM requires trust in the host Rely on proper operation to protect VM integrity Lack of physical hardware hampers integrity measurement Must measure all code and data on the host Code measurement is simple to verify Data is more system specific and varied 12 12

Root of Trust for Installation Root of Trust for Installation (ROTI) [ACSAC 07] Binds the installed filesystem to a known installer Verifier can detect changes from known good state Host then downloads VM and verifies its integrity 13 13

Root of Trust for Installation Root of Trust for Installation (ROTI) [ACSAC 07] Binds the installed filesystem to a known installer Verifier can detect changes from known good state Host then downloads VM and verifies its integrity 13 13

Root of Trust for Installation Root of Trust for Installation (ROTI) [ACSAC 07] Binds the installed filesystem to a known installer Verifier can detect changes from known good state Host Disk Host then downloads VM and verifies its integrity 13 13

Root of Trust for Installation Root of Trust for Installation (ROTI) [ACSAC 07] Binds the installed filesystem to a known installer Verifier can detect changes from known good state Host Disk ROTI Proof Host then downloads VM and verifies its integrity 13 13

Root of Trust for Installation Root of Trust for Installation (ROTI) [ACSAC 07] Binds the installed filesystem to a known installer Verifier can detect changes from known good state Host Disk ROTI Proof Host then downloads VM and verifies its integrity 13 13

Root of Trust for Installation Root of Trust for Installation (ROTI) [ACSAC 07] Binds the installed filesystem to a known installer Verifier can detect changes from known good state Host Disk ROTI Proof Host then downloads VM and verifies its integrity 13 13

Root of Trust for Installation Root of Trust for Installation (ROTI) [ACSAC 07] Binds the installed filesystem to a known installer Verifier can detect changes from known good state Host Disk ROTI Proof Host then downloads VM and verifies its integrity 13 13

Root of Trust for Installation Root of Trust for Installation (ROTI) [ACSAC 07] Binds the installed filesystem to a known installer Verifier can detect changes from known good state Host Disk ROTI Proof Host then downloads VM and verifies its integrity 13 13

Bootstrap Secure Execution Load runtime that enforces CW-Lite integrity Run only certified code (TPs) Mediate loading of all executables Ensure that only TPs modify high integrity data (CDIs) and handle UDIs securely MAC limits permissions of programs to modify CDIs Interaction with remote parties must be authorized Two runtime components: PRIMA Enforcement Kernel and Port Authority 14 14

PRIMA Enforcement Kernel 15 15

PRIMA Enforcement Kernel We build a PRIMA enforcing kernel to mediate code loading on the VM Policy defines subject labels for TPs and trusted code measurements Code executed under a trusted subject label is checked before executed or mmapped for execution We deny execution if code doesn t match policy database 15 15

PRIMA Enforcement Kernel We build a PRIMA enforcing kernel to mediate code loading on the VM Policy defines subject labels for TPs and trusted code measurements Code executed under a trusted subject label is checked before executed or mmapped for execution We deny execution if code doesn t match policy database Now we have TPs with correct code 15 15

PRIMA Enforcement Kernel We build a PRIMA enforcing kernel to mediate code loading on the VM Policy defines subject labels for TPs and trusted code measurements Code executed under a trusted subject label is checked before executed or mmapped for execution We deny execution if code doesn t match policy database Now we have TPs with correct code Next we must handle processing data items 15 15

Filtering UDI Inputs We can rely on local MAC enforcement to constrain UDIs through filtering interfaces External data is generally considered untrusted VMV installs PortAuthority in the VM Only permits untrusted network data through services trusted to filter 16 16

Filtering UDI Inputs We can rely on local MAC enforcement to constrain UDIs through filtering interfaces External data is generally considered untrusted VMV installs PortAuthority in the VM Only permits untrusted network data through services trusted to filter Remote Host TP Other 16 16

Filtering UDI Inputs We can rely on local MAC enforcement to constrain UDIs through filtering interfaces External data is generally considered untrusted VMV installs PortAuthority in the VM Only permits untrusted network data through services trusted to filter Remote Host TP Other 16 16

Filtering UDI Inputs We can rely on local MAC enforcement to constrain UDIs through filtering interfaces External data is generally considered untrusted VMV installs PortAuthority in the VM Only permits untrusted network data through services trusted to filter Remote Host TP Other 16 16

Filtering UDI Inputs We can rely on local MAC enforcement to constrain UDIs through filtering interfaces External data is generally considered untrusted VMV installs PortAuthority in the VM Only permits untrusted network data through services trusted to filter Remote Host Verify TP Other 16 16

Filtering UDI Inputs We can rely on local MAC enforcement to constrain UDIs through filtering interfaces External data is generally considered untrusted VMV installs PortAuthority in the VM Only permits untrusted network data through services trusted to filter Remote Host Verify TP Other 16 16

Attesting VM Integrity High integrity host (ROTI) vouches for VM integrity Attestation includes proof of host and application policy We bind the VM proof to the host platform Host generates fresh public key pair for VM Host TPM signs the VM s public key part The remote verifier uses key to establish connection 17 17

Attesting VM Integrity High integrity host (ROTI) vouches for VM integrity Attestation includes proof of host and application policy We bind the VM proof to the host platform Host generates fresh public key pair for VM Host TPM signs the VM s public key part The remote verifier uses key to establish connection Verifier 17 17

Attesting VM Integrity High integrity host (ROTI) vouches for VM integrity Attestation includes proof of host and application policy We bind the VM proof to the host platform Host generates fresh public key pair for VM Host TPM signs the VM s public key part The remote verifier uses key to establish connection Verifier Nonce N 17 17

Attesting VM Integrity High integrity host (ROTI) vouches for VM integrity Attestation includes proof of host and application policy We bind the VM proof to the host platform Host generates fresh public key pair for VM Host TPM signs the VM s public key part The remote verifier uses key to establish connection Verifier Nonce N 17 17

Attesting VM Integrity High integrity host (ROTI) vouches for VM integrity Attestation includes proof of host and application policy We bind the VM proof to the host platform Host generates fresh public key pair for VM Host TPM signs the VM s public key part The remote verifier uses key to establish connection Verifier Nonce N 17 17

Attesting VM Integrity High integrity host (ROTI) vouches for VM integrity Attestation includes proof of host and application policy We bind the VM proof to the host platform Host generates fresh public key pair for VM Host TPM signs the VM s public key part The remote verifier uses key to establish connection Verifier Nonce N Att(Host) + Policy + K - vm 17 17

Implementation We implemented our design on a distcc cluster 4 3.2 host systems running 10 Ubuntu 8.04 VMs each Application policy Ubuntu s package repository for trusted code SELinux strict policy + distcc policy module Compiled several code bases Found about a 4% overhead in compilation time Task Time (mins.) Unattested Attested % diff. Lines of Code Linux Kernel 7:01.84 7:17.24 3.65% 6,450,761 OpenSSH 0:22.67 0:23.74 3.98% 68,626 18 18

Considerations 19 19

Considerations Runtime code integrity checks Associating proofs with the application results Transitivity among components 19 19

Considerations Runtime code integrity checks Associating proofs with the application results Transitivity among components B A C 19 19

Considerations Runtime code integrity checks Associating proofs with the application results Transitivity among components B A C 19 19

Considerations Runtime code integrity checks Associating proofs with the application results Transitivity among components B A C 19 19

Considerations Runtime code integrity checks Associating proofs with the application results Transitivity among components B A C 19 19

Considerations Runtime code integrity checks Associating proofs with the application results Transitivity among components B A C 19 19

Considerations Runtime code integrity checks Associating proofs with the application results Transitivity among components B A C 19 19

Conclusion Our approach supports comprehensive system integrity enforcement and verification on VM-based distributed computing nodes Pull together various integrity measurement ideas Into a complete architecture for high integrity execution Introduces only a minimal overhead on our proof of concept distributed compilation cluster Extensible to various integrity policies and enforcement mechanisms 20 20

Questions? Joshua Schiffman (jschiffm@cse.psu.edu) http://www.joshschiffman.org/ SIIS Laboratory (http://siis.cse.psu.edu) 21 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback