Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Ten –

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Ten –"— Presentation transcript:

1 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Ten – Protecting the Platform March 28, 2007 Dr. Clifford Neuman University of Southern California Information Sciences Institute

2 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Friday’s Lecture Friday’s lecture will be used for discussion of student projects. I will provide feedback on all of your proposals by this evening. For Friday’s lecture, each of you should prepare to speak for 8 minutes describing your projects. The class will provide feedback. If you wish to use slides (not required) please send them to me by Noon Friday.

3 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Today’s lecture Intended to promote discussion. Think about what other issues are relevant to protecting the platform. We can discuss these questions during lecture – when we discuss related issues, or we can discuss other questions / issues at the end of lecture.

4 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE What is Platform Protection Attesting to the code that runs Mitigating effect of malicious code Preventing modification of system code Providing a sandboxed environment Containing effects of even “trusted” code

5 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Code Attestation How to ensure that the code that is running has not been maliciously modified. –Problem: What is legitimate code. –Easy, but problematic solution: Check the PCR’s against a list of valid code.

6 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE A Policy Problem The base TC policies work: –i.e. making sure that the PCR’s reflect the real code that runs. The higher level policy is more difficult. –Which code can we run –Which versions. –What if customizations present.

7 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Solutions Exhaustive list of valid PCR values. –Impractical or limits flexibility. Solve the Halting Problem –Then determine if the code that is present is safe (uncomputable) List valid modifications –Provide list that is present and calculate if PCR’s match

8 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Limits on Unknown Modifications Still need to know what each of the modifications does, and how it affects security. Question: Can we allow legitimate mods, yet with sufficient constraints that certain unknown mods are still sandboxed in terms of which properties they may violate.

9 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Examples Browser plug-ins –These are often used by malicious code. –Perhaps limit effect of installed plug-ins to specific virtual systems. –How does this relate to securing today’s systems/browsers.

10 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Mitigating Effect of Malicious Code Limiting parts of the system that can be modified. –E.g. plug-ins to browsers only effect: ▪Current session ▪Current Virtual System ▪Current user ▪Vs. whole system

11 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Preventing Modification Limiting parts of the system that can be modified. –Constraints on file access ▪Write as well as read –Copy on write for new sandboxed virtual system ▪Question is when to discard ▪How to tag objects that move out of sandboxed system. Detecting Modification through PCRs –But what about changes to code already running

12 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Sandboxed Environments Limits on reads and writes Limits on ability to communicate –But might be needed by application –Might want to list which communication is acceptable Limits on resource consumption Clear user interface deliniation

13 Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Containing Trusted Code Explicit authorization vs explicit denial of access. –Sandboxes –E.g. use virtual systems to limit the resources which can be accessed, not just the processes that can access protected resources. Firewalls and other defenses

Download ppt "Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Ten –"

Similar presentations

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.

CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing -Lecture Twelve.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing -Lecture Twelve.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)

CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1 Security Systems Lecture notes Drs.

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Drs.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1 Security Systems Lecture notes Dr.

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr.
SERC Security Systems Engineering Initiative Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University.

SERC Security Systems Engineering Initiative Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University.

Similar presentations

Ads by Google