1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

Slides:



Advertisements
Similar presentations
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Advertisements

Content Overview Virtual Disk Port to Intel platform
1 Flicker: Minimal TCB Code Execution Jonathan M. McCune Carnegie Mellon University March 27, 2008 Bryan Parno, Arvind Seshadri Adrian Perrig, Michael.
Vpn-info.com.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
1 Privacy Enhancing Technologies Elaine Shi Lecture 5 Trusted Computing.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
A Logic of Secure Systems and its Application to Trusted Computing Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar Carnegie Mellon University.
Analysis of Remote Attestation Lavina Jain, Jayesh Vyas.
Computer Science HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang North Carolina.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
Dongyan Wang GlobalPlatform Technical Program Manager
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
1 Flicker: An Execution Infrastructure for TCB Minimization April 4, 2008 Jonathan McCune 1, Bryan Parno 1, Adrian Perrig 1, Michael Reiter 2, and Hiroshi.
outline Purpose Design Implementation Market Conclusion presentation Outline.
TrustVisor: Efficient TCB Reduction and Attestation Jonathan M
Towards Application Security On Untrusted OS
1 Pioneer: Dynamic Root of Trust for Measurement and Verifiable Executable Invocation Arvind Seshadri, Mark Luk, Elaine Shi, Adrian Perrig (CMU), Leendert.
Trusted Computing Technologies for Embedded Systems and Sensor Networks Adrian Perrig Carnegie Mellon University.
Security in the industry H/W & S/W What is AMD’s ”enhanced virus protection” all about? What’s coming next? Presented by: Micha Moffie.
Ajmer Singh PGT(IP) Software Concepts. Ajmer Singh PGT(IP) Operating System It is a program which acts as an interface between a user and hardware.
Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.
Session Agenda Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Configuration.
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
PAPER PRESENTATION ON NETWORK SECURITY ISSUES BY M.D SAMEER YASMEEN SULTHANA.
Initial Tiger Team Briefing New Dells with TPM Peter Leight Richard Hammer May 2006.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Reducing Trust Domain with TXT Daniel De Graaf. TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM.
An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
0 Penn State, NSRC Industry Day, Trent Jaeger – Past Projects and Results Linux Security –Aim to Build Measurable, High Integrity Linux Systems.
Key Agreement for Heterogeneous Mobile Ad-hoc Groups (µSTR-H) Mark Manulis Horst-Görtz Institute, Bochum (Germany)
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Frederick P. Brooks, Jr. Kenan Professor & Department Founder.
1 Information Security – Theory vs. Reality , Winter Lecture 12: Trusted computing architecture (cont.), Eran Tromer Slides credit:
Computer Security module October 2008 Mark D. Ryan HP Labs, Bristol University of Birmingham Trusted Platform Module (TPM) introduction.
Computer Security module October 2009 Mark D. Ryan University of Birmingham Trusted Platform Module (TPM) introduction.
Hardware-rooted Trust for Secure Key Management & Transient Trust
Trusted Computing and the Trusted Platform Module
Trusted Computing and the Trusted Platform Module
Bastion secure processor architecture
User-mode Secret Protection (SP) architecture
CSE 451: Operating Systems Autumn 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 596 Allen Center 1.
Sai Krishna Deepak Maram, CS 6410
SCONE: Secure Linux Containers Environments with Intel SGX
Shielding applications from an untrusted cloud with Haven
CSE 451: Operating Systems Winter 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 412 Sieg Hall 1.
Bruce Maggs (with some slides from Bryan Parno)
Bruce Maggs (with some slides from Bryan Parno)
What is needed in the Next Generation Cloud trusted platform?
Presentation transcript:

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007

2 CPU, RAM TPM, Chipset CPU, RAM TPM, Chipset Trusted Computing Base (TCB) DMA Devices (Network, Disk, USB, etc.) OS App S S 1 … DMA Devices (Network, Disk, USB, etc.) OS App 1 … S S Shim

3 Contributions Isolate security-sensitive code execution from all other code and devices Attest to security-sensitive code and its arguments and nothing else Convince a remote party that security- sensitive code was protected Add < 250 LoC to the software TCB Shim S S Software TCB < 250 LoC

4 TPM Background The Trusted Platform Module (TPM) is a dedicated security chip It can provide an attestation to remote parties –Platform Configuration Registers (PCRs) summarize the computer’s software state –TPM provides a signature over PCR values TPM spec v1.2 includes dynamic PCRs –Values can be reset without a reboot

5 Late Launch Background Supported by new commodity CPUs –SVM for AMD –TXT (formerly LaGrande) for Intel Designed to launch a VMM without a reboot –Hardware-based protections ensure launch integrity New CPU instruction (SKINIT/SENTER) accepts a memory region as input and atomically: –Resets dynamic PCRs –Disables interrupts –Extends a measurement of the region into PCR 17 –Begins executing at the start of the memory region

6 Adversary Capabilities Run arbitrary code with maximum privileges Subvert any DMA- enabled device –E.g., network cards, USB devices, hard drives Perform limited hardware attacks –E.g., power cycle the machine –Excludes physically monitoring/modifying CPU- to-RAM communication CPU, RAM TPM, Chipset DMA Devices (Network, Disk, USB, etc.) OS App 1 … Shim S S

7 Architecture Overview Core technique –Pause current execution environment –Execute security-sensitive code with hardware- enforced isolation –Resume previous execution Extensions –Preserve state securely across invocations –Attest only to code execution and protection –Establish secure communication with remote parties

8 Execution Flow TPM PCRs: K … 000 CPU OS App Shim S S Module RAM OS App Module SKINIT Reset Inputs Outputs Module 0h0 0H00 Shim S S 000

9 TPM PCRs: 0 K -1 … TPM PCRs: K -1 … 000 Shim S S Inputs Outputs Attestation

10 TPM PCRs: K -1 … 000 Shim S S Inputs Outputs Attestation What code are you running? Shim S S Inputs Outputs Sign (), K -1 Sign ), K -1 … OS App S S 5 App 5 App 4 App 4 App 3 App 3 App 2 App 2 App 1 App 1 ( Versus

11 Potential Applications Server applications –Password authentication, SSL keys, Certificate Authority (CA), etc. Verifiable distributed computing distcc, etc. Client-side applications –Secure password entry

12 Ongoing Work Extracting security-sensitive code from existing applications Containing malicious or malfunctioning security-sensitive code Coping with slow security-sensitive code Creating a trusted path to the user

13 Related Work Secure coprocessors –Dyad [Yee 1994], IBM 4758 [JiSmiMi 2001] System-wide attestation –Secure Boot [ArFaSm 1997], IMA [SaZhJaDo 2004], Enforcer [MaSmWiStBa 2004] VMM-based isolation –BIND [ShPeDo2005], AppCores [SiPuHaHe 2006], Trustworthy Kiosks [GaCáBeSaDoZh 2006], Proxos [TaLiLi 2006]

14 Conclusions Explore how far an application’s TCB can be minimized Isolate security-sensitive code execution Provide fine-grained attestations Allow application writers to focus on the security of their own code

15 Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.