Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 RE-TRUST Meeting 30 – May – 2005 Trento, Italy Outline - List of Participants - Administrative Organization - Draft WPs, Tasks, Gantt - WP components.

Similar presentations


Presentation on theme: "1 RE-TRUST Meeting 30 – May – 2005 Trento, Italy Outline - List of Participants - Administrative Organization - Draft WPs, Tasks, Gantt - WP components."— Presentation transcript:

1 1 RE-TRUST Meeting 30 – May – 2005 Trento, Italy Outline - List of Participants - Administrative Organization - Draft WPs, Tasks, Gantt - WP components - Meeting Minutes - Functional Descriptions: - Remote Entrusting - SW-based Tamper Resistance – TR - SW/HW-based Tamper Resistance - TR

2 2 RE-TRUST List of Participants – 30/5/2005  P1: UNITN - Universita' di Trento - ITALY  Yoram Ofek -  Fabio Massacci -  Harshit Shah -  P2: POLITO - Politecnico di Torino - ITALY  Mario Baldi –  Riccardo Scandariato -  Stefano Di Carlo -  P3: IBM Research – Zurich - SWITZERLAND  Matthias Schunter -  P4: GP - Gemplus - FRANCE  P5: KUL - Katholieke Universiteit Leuven - BELGIUM  Klaus Kursawe -  P6: VUA – Vrije Universiteit – The NETHERLANDS  Bruno Crispo -  P7: SPIIA - St. Petersburg Institute for Informatics and Automation - RUSSIA

3 3 List of Project Participants  P1: UNITN - Universita' di Trento - ITALY  Yoram Ofek -  Fabio Massacci -  John Mylopoulos -  P2: POLITO - Politecnico di Torino - ITALY  Paolo Prinetto -  Mario Baldi –  Riccardo Scandariato -  P3: IBM Research – Zurich - SWITZERLAND  Michael Waidner -  Matthias Schunter -  Jan Camenisch -  P4: GP - Gemplus - FRANCE  Bruno Rouchouze -  Laurent MANTEAU - (Cooperative R&D Manager Business Development Group)  David NACCACHE -  P5: KUL - Katholieke Universiteit Leuven - BELGIUM  Bart Preneel -  Karel Wouters -  Klaus kursawe-  P6: VUA - Vrije Universiteit – The NETHERLANDSVrije Universiteit  Andrew Tanenbaum -  Bruno Crispo -  Chandana Gamage -  P7: SPIIA - St. Petersburg Institute for Informatics and Automation - RUSSIA  Igor Kotenko -

4 4 Administrative Organization  Project secretary - Riccardo Scandariato  WPs editors (may change as we progress)  WP0 – UNITN  WP1 – UNITN  WP2 - POLITO  WP3 – KUL  WP4 – UVA  WP5 – IBM  WP6 – UNITN Next on the agenda: - Conference call - Trip to Brussels

5 5 Draft June 24: WPs, Tasks, Gantt (y1,y2,y3)  WP0: Coordination and Management - UNITN  WP1: Overall architecture (y1, a: initial, y3-b: final) - UNITN  T1.1: Reference Applications and Requirements (grid, chat client, mobile, …) - UNITN  T1.2: SW-app + SW-based tamper resistance (TR) - POLITO  T1.3: SW-app + SW/HW-based tamper resistance (TR) – KUL/UNITN  T1.4: Design of applications using HW/SW methods (y3) – polito  Reference architeture  WP2: SW-based TR (y1-y2); y1: design; y2: PoC - POLITO  T2.1: Replacement – POLITO  T2.2: Obfuscation - KUL  T2.3: Secure interlocking of two programs – POLITO  T2.4: Each includes sec analysis (goals, assumptions, …) – KUL/POLITO  WP3: HW/SW-based TR (y2-y3 ); y2: design; y3: PoC - KUL  T3.1: Using HW to improve SW-based TR – KUL  T3.2: Splitting program into SW/HW parts – KUL/GEMPLUS  T3.3: Security protocols for four-tier trust (entruster, app, SW-TR, HW-TR) – KUL/ ibm 6 pm  T3.4: Using PCs as extension of secure HW - GEMPLUS  T3.5: Secure downloading into OS+SC - GEMPLUS  T3.6: Each includes sec analysis (goals, assumptions, …) – VUA  WP4: Security analysis (y2: SW-based, y3: SW/HW+overall) - VUA  T4.1: Overall Security analysis of the SW-based technology - VUA  T4.2: Security analysis of the SW/HW based technology - VUA  T4.3: Comparison with security achieved by TCG – IBM w-p  T4.4: Implementability of the security assumptions – IBM w-p  WP5: Remote verification and trust management – IBM w-p 2 pp. 14pm tot.  WP6: Dissemination, etc. - UNITN

6 6 Initial Draft: WPs, Tasks, Gantt (y1,y2,y3)  WP0: Coordination and Management - UNITN  WP1: Overall architecture (y1, a: initial, y3-b: final) - UNITN  T1.1: Reference Applications and Requirements (grid, chat client, mobile, …) - UNITN  T1.2: SW-app + SW-based tamper resistance (TR) - POLITO  T1.3: SW-app + SW/HW-based tamper resistance (TR) – KUL/UNITN  T1.4: Design of applications using HW/SW methods (y3) – polito  Reference architeture  WP2: SW-based TR (y1-y2); y1: design; y2: PoC - POLITO  T2.1: Replacement – POLITO  T2.2: Obfuscation - KUL  T2.3: Secure interlocking of two programs – POLITO  T2.4: Each includes sec analysis (goals, assumptions, …) – KUL/POLITO  WP3: HW/SW-based TR (y2-y3 ); y2: design; y3: PoC - KUL  T3.1: Using HW to improve SW-based TR – KUL  T3.2: Splitting program into SW/HW parts – KUL/GEMPLUS  T3.3: Security protocols for four-tier trust (entruster, app, SW-TR, HW-TR) – KUL/ ibm 6 pm  T3.4: Using PCs as extension of secure HW - GEMPLUS  T3.5: Secure downloading into OS+SC - GEMPLUS  T3.6: Each includes sec analysis (goals, assumptions, …) – VUA  WP4: Security analysis (y2: SW-based, y3: SW/HW+overall) - VUA  T4.1: Overall Security analysis of the SW-based technology - VUA  T4.2: Security analysis of the SW/HW based technology - VUA  T4.3: Comparison with security achieved by TCG – IBM w-p  T4.4: Implementability of the security assumptions – IBM w-p  WP5: Remote verification and trust management – IBM w-p 2 pp. 14pm tot.  WP6: Dissemination, etc. - UNITN

7 7 WP Components  For each WP:  Description of research activities and their inter-relationships:  B.1 Scientific and Technological Objectives of the Project and Comparison to the State of the Art  B.2 Relevance to the Objectives of FET Open  B.3 Potential Impact [Note: selected parts will be moved to the body of the proposal]  Tasks  Deliverables  Papers, reports,  PoC – Proof of Concept – examples:  Software demonstrations  Algorithmic design with formal proofs  Complexity analysis (e.g., “de-hiding”)  … … …  Milestones  {IST Definition: Milestones are control points at which decisions are needed; for example concerning which of several technologies will be adopted as the basis for the next phase of the project.} Please use the enclosed WP template

8 8 Minutes by Riccardo – 1/6 Morning session ) Ric presentation Mathias comment: state the assumptions to prove that the approach work 2) Yoram: explains the reference model - Method 1 - Method 2 - Conditional computing might be easier than conditional playback Comments Mathias: IBM has some work on Grid stuff Can be simpler than DRM if we only care about integrity of data Interesting question: which is the minimal TCG h/w you need to build up trust on stacked (s/w) modules Bruno/Klaus: -this is the level we can push forward with all-software... but can be necessary to introduce h/w to get bullet-proof security... well, let us find the minimal h/w platform... this type of discussion must be in the proposal Yoram: TCG oblige trust to be extended to the whole platform we want something than can be tailored, e.g. to the level of a single application (all the rest is untouched) Mathias/Bruno look at connections with mobile agents security (similarities with our project) -> protecting agents

9 9 Minutes by Riccardo – 2/6 3) Stefano presentation Presented three "dependability-related" techniques, which can be applied to the security field: - invariants over application variables - variable duplication - Control flow check by regular expression Comments Mathias: concerning PROMON, there's a lot of related work in the area of behavior-based intrusion detection concerning RECCO, errors during computation are not covered (assumption: CPU is protected) comments from Bruno/Riccardo : stress of effectiveness and measures 4) Mathias presentation Mathias/Ian group working on anonymous attestation for TCG - idemix: proof of authenticity of machine without revealing any identification info Direct Anonymous Attestation (DAA) - now part of TPM chip - can be done in software SLA: proof that machine is providing a trusted implementation (e.g. of an API)... actual implementation does not care (e.g. a Win implementation vs a Lin implementation) Linux prototype: -Domain: set of corporate machine that are continuously checked by a central server, to check their configuration -After the fact: log of what happened (the approach does not prevent loading an untrusted module. Still, it will let you attest that an untrusted module has been loaded, by analyzing the logs) - You need to know in advance the correct configuration, in order to check that nothing illegal happened

10 10 Minutes by Riccardo – 3/6 5) Klaus presentation Sobenet: white box crypto, code obfuscation Interests in RE-TRUST - software security - Interface with HW (and HW/SW codesign) MS: secure compartments (microkernel) plus TPM chip used for HD encryption 6) Bruno presentation Distributed system group (50 peoples, 4 full professors) Four sub-groups: Dist Sys, Parallel programming and grid, Intelligent autonomous agents, security group Current activities and Interests for RE-TRUST Secure OS: micro kernel - Drivers - MMU Distributed enforcement: 1) Controlled information dissemination 2) local enforcement Example policies: "Read/write file x only 7 times" or "Read file x only if file y satisfies some properties" (similar to DRM) To enforce such policies, TPM plus the secure OS is not enough (we are in a distributed environment). An additional middleware layer is needed (specifically a reference monitor) - Yoram (general question) Supposing TPM is on a USB device, would it matter? Can we implement the TCG approach with the chip on a USB token? Probably yes (by adapting BIOS), but this is not TCG compliant (standard requires the TCM is bound to a particular machine)

11 11 Minutes by Riccardo – 4/6 Original plan was to resort to TC if software, or software plus soft h/w, is not enough. Probably, we can stick to soft hardware (as far this project is concerned) We can talk of "security token" or "trusted hardware" (in general) without saying whether that will be a TPM on a USB device (or smart card) or a "real" TCG-compliant TPM -> trusted hardware connected to an I/O port (without touching the motherboard) 7) Massacci presentation Enforceable security policies (Snider): Enforcer (security monitor) is outside and check the application by looking at a subset of the application I/O (and temporal dimension) Afternoon session Agreement on straw-man scheme (2 levels) -"trusted hardware" (in general) without saying whether that will be a TPM on a device connected -to an I/O port or an on-board TPM Is it possible to plug in h/w without transitive trust? I.e. application stacked on secure OS, stacked on TPM () Focus on applications or on mechanisms? -> OPEN ISSUE : IDENTIFICATION OF TARGET APPLICATIONS !!!!!

12 12 Minutes by Riccardo – 5/6 WPs + TASKS + MILESTONES + DELIVERABLES ====================================== => Overall Architecture: (y1, a: initial, y3-b: final) > -> Reference Applications and Requirements (grid, banking client, mobile) -> SW->Application + SW Based Tamper Resistance -> SW->Application + SW/HW Based Tamper Resistance -> Design of applications using HW/SW methods (Validation...) > => SW-Based Tamper Resistance (y1-y2); y1:design; y2: PoC > -> Replacement > -> Obfuscation > -> Secure interlocking of two programs -> Something else -> Each includes sec analysis (goals,assumptions) => HW/SW based TR (y2-y3); y2:design; y3:PoC > -> Using HW to improve SW-based TR > -> Splitting program into SW/HW parts > -> Security protocols for four-tier trust (entruster, app, SW-TR, HW-TR) > -> Using PCs as extension of secure HW > -> Secure downloading into OS+SC > -> Each includes sec analysis (goals,assumptions) >

13 13 Minutes by Riccardo – 6/6 => Security Analysis (y2: sw-based, y3: sw/hw+overall) > -> Overall Security analysis of the SW-based technology -> Security analysis of the SW/HW based technology > -> Comparison with security achieved by TCG -> Implementability of the security assumptions > => Remote verification and trust management > * AMSTERDAM OTHER WORKPACKAGES =================== => Coordination/Management > => Dissemination > REFERENCE MODEL: ================ Public Channel |Trusted Component |---> |APP| ----> |OBF App| > |Smart Card | | |<--- | | <---- | | < | |

14 14 Secure Tags 2nd Entrusting Machine 1st Untrusted Machine Entrusting IP Network  1 st Untrusted machine emanates Secure Tags from a code/software during execution  2 nd Entrusting Machine is ENTRUSTING the 1 st Untrusted machine by verifying the Secure Tags Functional Description: Remote Entrusting Core of Trust

15 15 Definition of Trust for Remote Entrusting A software (code/protocol) is deemed authentic/trusted if and only if its functionality has not been altered/tampered by an untrusted/unauthorized entity prior to or during execution

16 16 2 nd Entrusting Machine Application on 1 st untrusted Machine Obfuscated Tag Generator Obfuscating Compiler Code Replacement Secure tag generator Observes the application and generates tags securely Messages + Tags Functional Description: SW-based Tamper Resistance - TR Core of Trust

17 17 Obfuscated Tag Generator Obfuscating Compiler Code Replacement Secure tag generator Observes the application and generates tags securely Secure Hardware: Smart card, etc. Untrusted “public” channel: OS, etc. Functional Description: SW/HW-based - TR 2 nd Entrusting Machine Application on 1 st untrusted Machine Messages + Tags Core of Trust


Download ppt "1 RE-TRUST Meeting 30 – May – 2005 Trento, Italy Outline - List of Participants - Administrative Organization - Draft WPs, Tasks, Gantt - WP components."

Similar presentations


Ads by Google