Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

Similar documents
Intel Software Guard Extensions

Architectural Support for Copy and Tamper Resistant Software

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Scalable Architectural Support for Trusted Software

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

Security Fundamentals

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Flicker: An Execution Infrastructure for TCB Minimization

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

OVAL + The Trusted Platform Module

6.857 L17. Secure Processors. Srini Devadas

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

CSAIL. Computer Science and Artificial Intelligence Laboratory. Massachusetts Institute of Technology

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Software Vulnerability Assessment & Secure Storage

Crypto Background & Concepts SGX Software Attestation

Firmware Updates for Internet of Things Devices

Hypervisor Security First Published On: Last Updated On:

SSH and keys. Network Startup Resource Center

Unicorn: Two- Factor Attestation for Data Security

TPM v.s. Embedded Board. James Y

Efficient Memory Integrity Verification and Encryption for Secure Processors

COS 318: Operating Systems

Lecture Embedded System Security Trusted Platform Module

The Early System Start-Up Process. Group Presentation by: Tianyuan Liu, Caiwei He, Krishna Parasuram Srinivasan, Wenbin Xu

0x1A Great Papers in Computer Security

Security in NVMe Enterprise SSDs

Systems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees

Designing Security & Trust into Connected Devices

Operating systems and security - Overview

Operating systems and security - Overview

Putting It (almost) all Together: ios Security. Konstantin Beznosov

Connecting Securely to the Cloud

AEGIS Secure Processor

COS 318: Operating Systems. Overview. Andy Bavier Computer Science Department Princeton University

Towards Application Security on Untrusted Operating Systems

Trusted Mobile Keyboard Controller Architecture

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

CIS 4360 Secure Computer Systems SGX

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Dawn Song

CPS 510 final exam, 4/27/2015

OS Security IV: Virtualization and Trusted Computing

CPSC 467b: Cryptography and Computer Security

Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017

Offline dictionary attack on TCG TPM authorisation data

Trusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept TCG Track: SEC 502 1

File Encryption. Steven M. Bellovin

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

CIS 4360 Secure Computer Systems Secured System Boot

Provisioning secure Identity for Microcontroller based IoT Devices

Operating system hardening

UNIT - IV Cryptographic Hash Function 31.1

Sanctum: Minimal HW Extensions for Strong SW Isolation

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Access Control. Tom Chothia Computer Security, Lecture 5

Designing Security & Trust into Connected Devices

Security and Privacy in Cloud Computing

Influential OS Research Security. Michael Raitza

Deploying Secure Boot: Key Creation and Management

Creating Trust in a Highly Mobile World

CPSC 467: Cryptography and Computer Security

User Authentication. Modified By: Dr. Ramzi Saifan

Trusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci

Proving who you are. Passwords and TLS


ObfusMem: A Low-Overhead Access Obfuscation for Trusted Memories

Expert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.

Trusted Platform Module explained

MU2b Authentication, Authorization and Accounting Questions Set 2

SE420 Software Quality Assurance

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

Refresher: Applied Cryptography

CS 111. Operating Systems Peter Reiher

Trusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

Authentication. Steven M. Bellovin September 26,

SecureDoc Disk Encryption Cryptographic Engine

Information Security: Principles and Practice Second Edition. Mark Stamp

User Authentication. Modified By: Dr. Ramzi Saifan

More Attacks on Cryptography 3/12/2010

Authentication Part IV NOTE: Part IV includes all of Part III!

Overview of Authentication Systems

Storage and File System

Google 2 factor authentication User Guide

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

18-642: Security Vulnerabilities

COS 318: Operating Systems

SSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions

Forensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

Transcription:

Certifying Program Execution with Secure Processors Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

Motivation All PCs may soon include trusted computing HW Potential impact far greater than copy-protection! Goal: explore appropriate hardware and software design

Secure Remote Login Alice @ Internet Cafe Login session Trusted server Is anyone monitoring my keystrokes?

Partial Solutions Alice @ Internet Cafe Trusted server Attack Network sniffing Fake login prompt Sniffing login password Solution Encrypt session (e.g. ssh) One-time phrase from server One-time password; Personal smart-cards

We Won t Try To Solve Alice @ Internet Cafe Trusted server Modified keyboard or display To steal keystrokes and data A camera can spy even personal laptops

Hard-to-Prevent Attacks Alice @ Internet Cafe Trusted server Attacks by owner of the terminal Install bad ssh software Install bad operating system/device driver Even w/ trusted OS, can snoop memory with DMA

Can Trusted Computing Help?

Microsoft Palladium (NGSCB) Win App Win App Windows Security boundary Secure App Secure App Nexus Kernel CPU Secure Chip Secure boot Keep fingerprints of BIOS, B/L, Nexus in secure chip Attestation Nexus computes fingerprint of secure app Secure chip signs all fingerprints Keyboard driver in Nexus Modified HW guides DMA

Remote Login w/ Palladium Alice @ Internet Cafe Nonce Trusted server Attestation certificate One-time phrase Server looks for trusted Chip, BIOS, boot loader, Nexus, ssh Is the terminal s HW/SW trusted?

Palladium Pros Pros Detect un-trusted chip, BIOS, boot loader Detect un-trusted Nexus and ssh Prevent DMA of memory of trusted apps

Palladium Pros and Cons Pros Detect un-trusted chip, BIOS, boot loader Detect un-trusted Nexus and ssh Prevent DMA of memory of trusted apps Cons Can you keep the Nexus small?

Palladium Pros and Cons Pros Detect un-trusted chip, BIOS, boot loader Detect un-trusted Nexus and ssh Prevent DMA of memory of trusted apps Cons Can you keep the Nexus small? Can you verify Windows services?

Palladium Pros and Cons Pros Detect un-trusted chip, BIOS, boot loader Detect un-trusted Nexus and ssh Prevent DMA of memory of trusted apps Cons Can you keep the Nexus small? Can you verify Windows services? Non-DMA attacks on memory

How Can We Improve Palladium s Security and Verifiability?

Use Small m-kernel Keyboard driver Pager Network stack ssh User fingerprint fingerprint fingerprint m-kernel fingerprint Kernel m-kernel allows attestation of all OS modules

Flexible Security Boundary Secure Remote Login s security boundary ssh program m-kernel keyboard driver BIOS, B/L, secure chip Some apps need more, some less E.g. pager, network stack

m-kernel Challenges Can we maintain a modular system? Small kernel & OS modules - verifiability

m-kernel Challenges Can we maintain a modular system? Small kernel & OS modules - verifiability What about performance? Careful engineering & SMT?

m-kernel Challenges Can we maintain a modular system? Small kernel & OS modules - verifiability What about performance? Careful engineering & SMT? What about popular apps?

Un-trusted Apps Run In VM Keyboard driver Pager ssh Windows in VM User fingerprint fingerprint fingerprint m-kernel fingerprint Kernel

XOM (Lie et al 00) Prevents DRAM Attacks Security boundary Plaintext Encrypted Cache App DRAM CPU OS Processor decrypts copy-protected program HW/FW implements crypto-paging (Yee 94) Cannot easily find out what OS is running

Borrow Crypto-Paging Use tamper-resistant processor Cache is trusted and safe Run m-kernel in secure processor m-kernel authenticates data to/from DRAM

Memory Authentication Merkle tree Tree of hashes Parent authenticates children Leaves authenticate physical memory Secure processor stores root Trap handler uses/updates tree when loading or evicting cached data

m-kernel Cerium Plaintext Authenticated App Cache Keyboard driver Network stack DRAM CPU Security boundary

Secure Remote Login w/ Cerium Alice @ Internet Cafe Nonce Trusted server

Secure Remote Login w/ Cerium Alice @ Internet Cafe Nonce Trusted server Signed certificate Certificate contains: nonce and fingerprints of BIOS, B/L, m-kernel, userlevel keyboard driver, ssh

Secure Remote Login w/ Cerium Alice @ Internet Cafe Nonce Trusted server Signed certificate One-time phrase

Cerium Enables Many Apps User can find out if a computer executed the user s program faithfully! Many useful applications Secure remote execution (e.g. SETI@home) Secure P2P network

Conclusion Trusted computing HW enables new apps Cerium supports Secure Remote Login Merges good ideas from Palladium & XOM Provides security and verifiability We should explore how to use trusted computing HW to build cool systems!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback