Presentation on theme: "Hardware-Assisted Isolated Computing Environments"— Presentation transcript:
1 Hardware-Assisted Isolated Computing Environments Instructor: Kun Sun, Ph.D.
2 Outline Introduction Related Work Our Work on Hardware-assisted ICE x86 platformSecureSwitch: OS level isolation [NDSS12]ARM platformTrustICE: Flexible ICE [under submission]Summary
3 Why Isolated Computing Environment? Bring your own device (BYOD)Risk of data breachesRequire an ICE to separate sensitive code and dataSuspicious code or dataTrojan, e.g., BitCoinMiner, KeyloggerRun the code in an ICE to protect the host environmentMalware analysisRootkits compromises OSProtect the analysis tools in an ICE
4 Lampson Red/Green System Model Red/Green system: Policy + Isolation + Accountability +Freedom* Butler Lampson, Accountability and Freedom Slides, Microsoft, Sept.,2005
5 Outline Introduction Related Work Our Work on Hardware-assisted ICE x86 platformSecureSwitch: OS level isolation [NDSS12]ARM platformTrustICE: Flexible ICE [under submission]Summary
8 Outline Introduction Related Work Our Work on Hardware-assisted ICE x86 platformSecureSwitch: OS level isolation [NDSS12]ARM platformTrustICE: Flexible ICE [under submission]Summary
9 SecureSwitch Architecture BIOS-assistant OS Level Isolationno data leakage between two OS environmentswithout using any mutable software layer (e.g., hypervisor)no changes of the OS source codefast switching time, around 6 secondsTrusted Computing Base (TCB) only contains the BIOS.
10 BIOS, UEFI, and Coreboot Basic Input/Output System (BIOS) Initializing hardware components.Stored in non-volatile ROM chips.Unified Extensible Firmware Interface (UEFI)A new software interface between OS and firmware.Partially open sourceCoreboot (formerly as LinuxBIOS)Similar functionality as UEFIOpen source
11 ACPI Sleeping StatesAdvanced Configuration and Power Interface (ACPI)OS-directed configuration; Power/thermal managementGlobal System StatesG0 --- Working (System Operational)G1---Sleeping (CPU stopped)G2 ---Soft OffG3 ---Mechanical off (Physical off switch)Sleeping States in G1: S0 – S5S3: also called Standby, Suspend to RAMDRAM still maintainedS4: also called Hibernation or Suspend to DiskDRAM not maintainedDevice Power States: D0 – D3D0 - Fully-OnD3 -- Power off to device
12 Attack Model Assumption Attacks from the untrusted OS Out of the scope BIOS and option ROM on devices can be trusted.No physical access to the protected machineAttacks from the untrusted OSSpoofing Trusted OS attacks: faking trusted OSData exfiltration attacks: stealing sensitive dataCache-based side channel attacks: extracting sensitive dataOut of the scopeDenial of Service attacksNetwork attacks on trusted OS
14 Trusted PathProtect against Spoofing trusted OS attacks by assuring users that they are working with the OS they intend to use.Protecting system variablesOS_Flag: records which OS should be woken nextWhere to save it?Untrusted OS should be truly suspended.hardware controlled power LED lights up when system is powered on, and blinks in the sleep mode.BIOS should be entered.Press the power button.OS_Flag: physical jumper, e.g., Parallel port connector
16 System Isolation CPU Isolation: two OSes never run concurrently. Memory Isolation: physical-level isolationHard disk isolation: encrypted hard disk, RAM diskOther I/O isolation: clean the buffers/states in devices.CPUMemoryHard DiskVGANICACPI S3BIOS
17 DIMM Mask and DQS Setting Memory IsolationA motherboard may have more than one dual in-line memory module (DIMM) slot.DIMM Mask and DQS SettingBIOS uses “DIMM_MASK”variable to control which DIMMs to be enabled.BIOS sets “data strobes”(DQS) parameters to enable DDR RAM memory access.
18 Memory Isolation Physical-level memory isolation ensured by BIOS Two OS environments run in separate DIMMS.BIOS only enables one DIMM for each OS.Two DQS settings for two OSes“DIMM_MASK” controlled by the physical jumper.System software, except the BIOS, cannot initialize or enable DIMMs after the system boots upTransient state of DQS settingIf “DIMM_MASK”has conflicts with DQS setting, system crashes
19 Hard Drive Isolation Hard disk encryption RAM disk Two hard disks, one for each OSDisk lock in ATA specificationNeed TPM to save the encryption keyRAM diskFor browser-based application, save a small amount of temporary data in the RAM
20 Prototype Hardware Motherboard: ASUS M2V-MX_SE CPU: AMD Sempron 64 LE-1300DDR2: Kingston HyperX 1GBHDD: Seagate 500GBSoftwareBIOS: Coreboot + SeaBIOSTrusted OS: Linux (Centos 5.5)Untrusted OS: Windows XP
22 Linux Suspend Time Breakdown User Space : msKernel Space: ms
23 Linux Wakeup Time Breakdown Kernel Space: msUser Space: ms
24 Outline Introduction Related Work Our Work on Hardware-assisted ICE x86 platformSecureSwitch: OS level isolation [NDSS12]ARM platformTrustICE: Flexible ICE [under submission]Summary
25 Traditional Solutions ARM TrustZoneTwo isolated domainsSecure/un-secure CPU StatesVirtual MMU/Secure MemoryTrustZone-Aware interrupt controllerTraditional solutionsRich OS and un-secure apps in normal domainSecure OS and secure apps in secure domainLimitationsTrusted Computing Base (TCB) is largeNo flexibleNo isolation between secure Apps.No protection on non-secure Apps.Traditional Solutions
26 TrustICE: Flexible ICEs Basic Idea: Create ICEs in normal domain, instead of secure domainA Trusted Domain Controller (TDC) enforces the isolation and secures the switchingBenefits:Small TCB: TDC + Secure bootMultiple ICEsSelf-contained codeMicrokenel with necessary modulesfull-featured OSFlexibleEasy to deploy third-party softwareVendor Apps still in secure domain
27 Outline Introduction Related Work Our Work on Hardware-assisted ICE x86 platformSecureSwitch: OS level isolation [NDSS12]ARM platformTrustICE: Flexible ICE [under submission]Summary
28 Our Work on Hardware-assisted ICE SummaryOur Work on Hardware-assisted ICESecureSwitch: BIOS-based ICE on x86 platformOS level isolation with small TCBSmall switching timeTrustICE: TrustZone-based ICE on arm platformFlexible multiple ICEsSmall TCB
29 ReferencesP. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In SOSP ’03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 164–177, New York, NY, USA, ACM Press.J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pages 315–328. ACM, 2008.J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the IEEE Symposium on Security and Privacy, 2010.Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, Adrian Perrig. Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms. TRUST 2012.Ahmed Azab, Peng Ning, Xiaolan Zhang, SICE: A Hardware-Level Strongly Isolated Computing Environment for x86 Multi-core Platforms, in Proceedings of 18th ACM Conference on Computer and Communications Security (CCS11), October 2011.Fengwei Zhang, Jiang Wang, Kun Sun, Angelos Stavrou, "HyperCheck: A Hardware-Assisted Integrity Monitor," IEEE Transactions on Dependable and Secure Computing, 17 Dec IEEE computer Society Digital Library.Kun Sun, Jiang Wang, Fengwei Zhang, and Angelos Stavrou, SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes. In the Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS), San Diego, California, 5-8 February 2012.Y. Fu and Z. Lin. Space Traveling across VM: Automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, 2012.X. Jiang, X. Wang, and D. Xu. Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction. In Proceedings of the 14th ACM conference on CCS, 2007.T. Leek, M. Zhivich, J. Gin, and W. Lee. Virtuoso: Narrowing the semantic gap in virtual machine introspection. In Proceedings of the 32nd IEEE Symposium on Security and Privacy, 2011.