Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Privacy Enhancing Technologies Elaine Shi Lecture 5 Trusted Computing.

Published byVivian Panther Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Privacy Enhancing Technologies Elaine Shi Lecture 5 Trusted Computing."— Presentation transcript:

1 1 Privacy Enhancing Technologies Elaine Shi Lecture 5 Trusted Computing

2 2 Roadmap Background on Trusted Computing Whole-system, load-time attestation Fine-grained, run-time attestation  or verifiable program execution

3 3 Trusted Computing & TPM

4 4 Trusted Computing Group Founded in 1999, evolved since then Core members –AMD, HP, IBM, Intel, Microsoft, Sun Who’s Who of product vendors –ARM, Dell, Phoenix, VeriSign, RSA, Texas Instruments, Maxtor, Seagate, National Semi, Toshiba, France Telecom, Fujitsu, Adaptec, Philips, Ricoh, Nvidia http://www.trustedcomputinggroup.org Adapted from V. Shmatikov

5 5 Why do we want to do this? Applications?  What code is running on a remote system?  How do you verifiably execute a program on a remote host?

6 6 To establish trust in a remote system To establish a TCB on a remote system  What code is running on a remote system?  How do you verifiably execute a program on a remote host?

7 7 SETI@HOME Enterprise network management Platform for private data Secure BGP routing Secure cryptographic setup  What code is running on a remote system?  How do you verifiably execute a program on a remote host?

8 8 Whole-system, Load-time attestation IMA [Sailer et. al.]

9 9

10 10

11 11

12 12

13 13 Pros and Cons -Hash may be difficult to verify  Heterogeneous software versions and configs  Proprietary software - System may be compromised at run-time + Load-time attestation can be used to verifiably load a small TCB  whose security can be formally verified

14 14 Fine-Grained, Run-time Attestation (a.k.a. verified execution) Flicker [McCune et. al.] TrustVisor [McCune et. al.]

15 15 Problem Overview OS App … S S DMA Devices (Ex: Network, Disk, USB) CPU, RAM, Chipset

16 16 OS App … DMA Devices (Ex: Network, Disk, USB) CPU, RAM, Chipset Run arbitrary code with maximum privileges Subvert devices Perform limited hardware attacks –E.g., Power cycle the machine –Excludes physically monitoring CPU- to-RAM communication Problem Overview S Adversary Capabilities

17 17 Previous Work: Persistent Security Layers OS App … S Security KernelVirtual Machine Monitor Hardware S [Gold et al. ‘84], [Shockley et al. ‘88], [Karger et al. ‘91], [England et al. ‘03], [Garfinkel et al. ‘03], …

18 18 Previous Work: Persistent Security Layers [Gold et al. ‘84], [Shockley et al. ‘88], [Karger et al. ‘91], [England et al. ‘03], [Garfinkel et al. ‘03], … DMA Devices (Ex: Network, Disk, USB) CPU, RAM, Chipset OS App … S Virtual Machine Monitor 1.Performance reduction 2.Increased attack exposure 3.Additional complexity Drawbacks:

19 19 Hardware OS App … OS Hardware App … Flicker S [IEEE S&P ‘07], [EuroSys ‘08], [ASPLOS ‘08] Flicker Overview: On-Demand Security

20 20 OS Full HW access Full performance Hardware App 1 App … Flicker: An On-Demand Secure Environment [IEEE S&P ‘07], [EuroSys ‘08], [ASPLOS ‘08] Insecure OS Hardware App … Flicker S Full secrecy Full isolation Minimal trust Minimal complexity Secure

21 21 CPU RAM Flicker OS Module Secure Context Switching RAM App … CPU App S Allow? S Late Launch App Module OS App … Module App CPU Late Launch S Inputs S Flicker S Outputs Module 1.Request Flicker 2.Late Launch 3.Application Code Execution 4.Resume OS Steps: ✓

22 22 OS App … Module App CPU RAM Module

23 23 Flicker Late Launch S Inputs Outputs Must be unforgeable Prevents Additions Must be tamper-proof How can we convey the log to Alice?

24 24 Hardware-Supported Logging Provides integrity for append-only logs Can digitally sign logs Equipped with a certificate of authenticity Can authenticate that a Late Launch took place Trusted Platform Module (TPM) ✓ Late Launch ✓ John Hancock Late Launch

25 25 Flicker Late Launch S Inputs Outputs

26 26 Attestation random # ✓ John Hancock John Hancock Guarantees freshness Guarantees real TPM Guarantees actual TPM logs Trustworthy!

27 27 Comparison With “Traditional” Attestation Flicker Late Launch S Input Output FlickerTraditional BIOS OS Bootloader Drivers 1…N App 1…N Key Insight: Late Launch + Fine-Grained Attestations Fine-Grained Attestations Improve Privacy Fine-Grained Attestations Simplify Verification [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04]

28 28 OS Hardware App 1 App N … Application: Verifiable Malware Scanning John Hancock Run Detector Flicker D Late Launch D Inputs Outputs John Hancock OS Hardware App 1 App N … ✓

29 29 Additional Applications Improved SSH password handling Distributed computing Protected CA keys

30 30 Pros and Cons? -Current systems only support one Flicker session at a time  TrustVisor addresses this - Flicker environment is spartan (by design!)  No system calls, no interrupts - Flicker does not guarantee availability -Flicker is vulnerable to sophisticated HW attacks -Not scalable for frequent requests

31 31 Additional reading: TrustVisor μTPM or “software virtual TPM” –Reduce number of calls to hardware TPM –Multiple applications/VMs share the same hardware TPM –Also in [vTPM] work Balance between TCB reduction and scalability

32 32 Summary After 8 years the commercial impact of TCG technology has been negligible –Need killer applications (applications in the cloud?) –Fortunately, there is a vibrant and growing TC research community

33 33 Challenges Scalability –New hardware features to reduce virtualization-related overhead –TCB on top of a distributed infrastructure, e.g., Hadoop or MapReduce? Broader goal –A security/privacy platform allowing programmers to easily develop security/privacy applications?

34 34 Limitations Physical attacks –Physical attacks are more difficult to launch, and do not scale Vulnerabilities in TCB Side-channel attacks

35 35 Discussion Other applications? Alternative approaches?

36 36 Homework What do you think are the major challenges of deploying Trusted Computing/code attestation in the cloud? What is the pros and cons of persistent trusted layer? (e.g. OS, hypervisor) What is the pros and cons of on-demand secure environment?

37 37 Reading list [McCune et. al. ] Flicker: Minimal TCB Code ExecutionFlicker: Minimal TCB Code Execution [Jonathan et. al. ] TrustVisor: Efficient TCB Reduction and Attestation.TrustVisor: Efficient TCB Reduction and Attestation. [Nuno Santos et. al. ] Policy-Sealed Data: A New Abstraction for Building Trusted Cloud ServicesPolicy-Sealed Data: A New Abstraction for Building Trusted Cloud Services [Parno et. al. ] Memoir: Practical State Continuity for Protected ModulesMemoir: Practical State Continuity for Protected Modules [Elaine Shi et. al. ] BIND: A Fine-grained Attestation Service for Secure Distributed Systems.BIND: A Fine-grained Attestation Service for Secure Distributed Systems. [Stefan Berger et.al. ] vTPM: Virtualizing the Trusted Platform Module.vTPM: Virtualizing the Trusted Platform Module. [Schiffman et. al. ] Seeding Clouds with Trust AnchorsSeeding Clouds with Trust Anchors

Download ppt "1 Privacy Enhancing Technologies Elaine Shi Lecture 5 Trusted Computing."

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Vpn-info.com.

Vpn-info.com.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Computer Science HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang North Carolina.

Computer Science HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang North Carolina.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.

Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.

1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.

Similar presentations

Ads by Google