Computer Security at the Low, Hardware/Process/Memory Level Nicolas T. Courtois - University College London

Home reading Sections 6.3. – 6.5. Reading Nicolas T. Courtois, January 2009

Where Does Computer Security Come From? CompSec COMPGA01 Where Does Computer Security Come From? Nicolas T. Courtois, updated 2011

Some Things You Wanted to Know but Were Afraid To Ask… CompSec COMPGA01 More Precisely Some Things You Wanted to Know but Were Afraid To Ask… Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Do You Know… Q1. Can in Windows/Linux a process run by an administrator access the system/kernel memory? Q2. Why do we must press Ctrl+Alt+Del when we log to a PC under many versions of Windows? Q3. Why more than half of large banks in London bought PCs with a pre-installed hardware Rootkit? Nicolas T. Courtois, updated 2011

PC Software Security: bound to be bad? CompSec COMPGA01 PC Software Security: bound to be bad? Nicolas T. Courtois, updated 2011

Bottom Line Can we rely on obscurity? CompSec COMPGA01 Bottom Line Can we rely on obscurity? only for very limited time, few months. Software can hardly be protected by software. TRUE. => some hardware mechanisms are needed. Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Remark: Some industries historically cared MUCH MORE about user’s security than the Wintel guys… See Applied Cryptography (COMPGA12) module. Examples: SIM cards, bank cards, building access cards, etc… Nicolas T. Courtois, updated 2011

Key Remark Software CANNOT be protected by software. CompSec COMPGA01 Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Bottom Line – Not So Bad We don’t need to have a dedicated certified tamper-proof hardware module for everything we want to do on a PC… Good News: Actually software can be protected by software with a little bit of hardware support… => this is the objective of today’s lecture. Nicolas T. Courtois, updated 2011

Taxonomy of Threats to Software and OS CompSec COMPGA01 Taxonomy of Threats to Software and OS Nicolas T. Courtois, updated 2011

Taxonomy of Software Threats [Microsoft] CompSec COMPGA01 Taxonomy of Software Threats [Microsoft] Spoofing = pretending to be someone else Tampering = altering data or settings Repudiation = user denies it was him that did of didn’t do sth. Information disclosure = leak of personal information Denial of service = preventing normal operation Elevation of privilege = e.g. gaining the powers of root Remark: to know this by heart will NOT be on the exam, hard to remember, even for me Nicolas T. Courtois, updated 2011

Impact of Software Threats [Microsoft] CompSec COMPGA01 Impact of Software Threats [Microsoft] Damage potential - $$$ lost Reproducibility of the threat (hardness) Exploitability = expertise and resources needed for attack Affected Users = how many users Discoverability = is attack likely to be detected? Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Overview Nicolas T. Courtois, updated 2011

CompSec COMPGA01 History PCs are open source platform based on a set of industry-wide standards. => Only very recently there is an evolution towards more closed source, and more fragmentation (competing standards) 1981. Designed by a team of 12 people. Key decisions they took: Build the machine with "off-the-shelf" parts from a variety of different OEMs. Previously IBM had developed their own components. An open architecture so that other manufacturers could produce and sell compatible machines. Businesses liked this: no lock-in. They bought PCs. They knew that they wouldn’t be a slave of one vendor selling replacement parts. The DOS was developed by a small company without importance, Microsoft... IBM never made any substantial profits… Nicolas T. Courtois, updated 2011

Home Reading pages 1-12: short history of Computer Security Reading Nicolas T. Courtois, January 2009

Standard PC CompSec COMPGA01 Nicolas T. Courtois, updated 2011 except it never was multi-user       Nicolas T. Courtois, updated 2011

Bottom Line Hardware security is better than software. CompSec COMPGA01 Bottom Line Hardware security is better than software. Actually software-only security will never exist without some hardware that helps it. => in the sense that it provides some security functionality. Example: memory protection. A lot of cooperation and support on the OS side need to exist as well. A security system that Microsoft with Intel wouldn’t embrace can probably not exist. As for Linux systems, they never got into the process of industrial innovation. And never wanted to secure Hollywood studio movies… Nicolas T. Courtois, updated 2011

Least Privilege [or Limitation] Principle CompSec COMPGA01 Least Privilege [or Limitation] Principle Every “module” (such as a process, a user or a program) should be able to access only such information and resources that are necessary to its legitimate purpose. Nicolas T. Courtois, updated 2011

Main Security Goals For the OS+Hardware CompSec COMPGA01 Main Security Goals For the OS+Hardware (Goal 0.) Allowing reliable operation and business continuity. Goal 1A. Allowing multiple users securely share a computer. Goal 1B. Allowing multiple processes securely share a computer. Goal 2. Allow secure operation in a networked environment. Nicolas T. Courtois, updated 2011

Goal 1 – Means to Achieve It CompSec COMPGA01 Goal 1 – Means to Achieve It Goal 1A+B. Allowing multiple users / processes securely share a computer. memory protection (possibly memory encryption) processor modes authentication file access control and (drive/file) encryption and auth. logging & auditing Nicolas T. Courtois, updated 2011

Goal 2 – Means to Achieve It CompSec COMPGA01 Goal 2 – Means to Achieve It Goal 2. Allow secure operation in a networked environment. authentication encryption resource access control intrusion prevention, detection and recovery logging & auditing secure channels: encrypted and authenticated Nicolas T. Courtois, updated 2011

Basic Hardware Mechanisms CompSec COMPGA01 Basic Hardware Mechanisms Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Memory Protection Nicolas T. Courtois, updated 2011

Allows to implement memory access rights for processes. CompSec COMPGA01 Memory Protection Allows to implement memory access rights for processes. Goal: One process should not access other’s memory. Prerequisite: Operating system and user processes need to have different privileges Nicolas T. Courtois, updated 2011

1) Pre-history of Memory Protection CompSec COMPGA01 1) Pre-history of Memory Protection Problems: -multi-user -multi-tasking -flexibility -sharing Fence Register (OS+1 program) Base + Bound (OS + several programs) OS Fence User Runtime checks by CPU 2 registers for each program -flexibility later base+bound for each segment but still not good enough -performance Program1 Shared Nicolas T. Courtois, updated 2011

*****Evolution on 1 Slide CompSec COMPGA01 *****Evolution on 1 Slide -multi-task -multi-user -flexibility -sharing Fence: Kernel vs. 1 user Base+ Bound registers for each program Segments + rights rwx, each program different table Segments + Paging Paging only, rwx per page and per program OS Fence User Program1 Shared around 200X Modern PCs Nicolas T. Courtois, updated 2011

Memory Protection History CompSec COMPGA01 Memory Protection History In Windows 9x, user processes COULD access system memory. Though CPUs would allow the separation… capacity not used! Used in: Most UNIX and Linux systems Mac OS X [2001] Windows NT since NT3.1. Windows XP [2001] and ever since. Nicolas T. Courtois, updated 2011

*OLD OUTDATED Memory Protection Methods CompSec COMPGA01 *OLD OUTDATED Memory Protection Methods Fence Register (OS+1 program) Base + Bound (OS + several programs) Base+Bound On Per Segment Basis (enough flexibility but not efficient and not scalable) Nicolas T. Courtois, updated 2011

Fence Register @CPU Addresses Operating System Problems: -Flexibility Operating System Problems: -Flexibility -Sharing n X Fence User Program n+1 OK Can the OS access the user program? Yes, one-way barrier high

Base + Bound Registers Operating System base User Program bound A CompSec COMPGA01 Base + Bound Registers base bound A’s registers B’s registers Shared Operating System User Program A User Program B Can A & B share data? Incidentally, why might they want to do this? Nicolas T. Courtois, updated 2011

Segments + < <> > Split address into two fields 1 CompSec COMPGA01 Segments Split address into two fields <seg, offset> Each segment has a base & bound 1 Fetch <1,7> Operating System 7 + User Program A < n+8 <> n+8 Seg Base Bnd a b 1 n+1 m User Program B Error > Nicolas T. Courtois, updated 2011

Segments: Sharing & Protection CompSec COMPGA01 Segments: Sharing & Protection different table in each program Operating System Seg Base Bnd Prot a n rwx 1 n+1 m rw { User Program A { Shared } Seg Base Bnd Prot m+1 high rwx 1 n+1 m r User Program B } Nicolas T. Courtois, updated 2011

Q1: Are we inside the segment? Q2: Do we have the right to write? Working With Segments? Q1: Are we inside the segment? Q2: Do we have the right to write? checked at runtime costly checks at each memory access And how do we manage all this?

Memory Management Methods further evolved into having: A hardware memory management unit (MMU) and a lot of special circuits in the CPU and chipset. A lot of support functions done by the OS. A more abstract view where the programmer and the compiler would see a simple linear address space. Will be achieved with paging…

*Process Memory Layout CompSec COMPGA01 *Process Memory Layout 0x08048000 Text Text: loaded from exec code and read-only data size fixed at compilation Heap: runtime allocated objects, large (2 Gb) Stack: LIFO, holds function arguments and local variables, small size (256 K) Heap Grows toward high memory Grows toward low memory 0x40000000 Stack 0xC0000000 Nicolas T. Courtois, updated 2011

Modern Memory Protection Methods CompSec COMPGA01 Modern Memory Protection Methods Segmentation: used until recently, no longer used Paging: the dominant method in 2012 Capability-based addressing the closest to “least-privilege” ideal. But not used in Windows/Linux PCs. Nicolas T. Courtois, updated 2011

Capability Based Addressing CompSec COMPGA01 Capability Based Addressing Not used in commercial PCs In Java Virtual Machines Also in CapROS (open source, US DARPA-funded successor of the defunct Extremely Reliable Operating System, supports x86 and ARM) How does it work? pointers are replaced by special objects called capabilities only the kernel and special authorized processes can create these objects. other programs can only use them. Nicolas T. Courtois, updated 2011

Mechanisms Used in Modern PCs CompSec COMPGA01 Mechanisms Used in Modern PCs Segmentation Paging Work together, though totally independent. Each could (only in theory) be disabled. Nicolas T. Courtois, updated 2011

Virtual Memory History CompSec COMPGA01 Virtual Memory History This architecture exists since i386. Later CPUs added more performance and more complexity with legacy code compatibility etc… Nicolas T. Courtois, updated 2011

**Memory Segmentation CompSec COMPGA01 **Memory Segmentation Each memory address is a pair of (segment, offset) The translation is done by a [paged] memory management unit (MMU). Nicolas T. Courtois, updated 2011

Segmentation + Paging Combined CompSec COMPGA01 Segmentation + Paging Combined Before 200X segmentation + paging worked together, e.g. Intel x32+early Windows XP However until very recently (even in say 2009) there was a big loophole in cheap commercial PCs: no x protection at page level, only at segment level Nicolas T. Courtois, updated 2011

Segments - Security Each segment had permissions R/W/X. CompSec COMPGA01 Segments - Security Each segment had permissions R/W/X. If the program uses pointer such that it would jump to a segment for which has no X right it would read memory for which he has no R right the offset is outside the allowed range, all this is checked by the CPU at runtime with help of MMU = memory management unit a HARDWARE exception 0xEh is raised will be handled by OS Kernel Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Paging Virtual Memory, typically 2,3 or 4 Gbytes for a 32-bit process in Windows. Each block is mapped either somewhere into memory or there is a page fault (OS handles it) in the swap (security risk on its own!) or not used. Some security: a page not previously used, can automatically generate a page fault error. Paging is implemented in hardware+software (part of OS). Pages are typically 4K bytes. Security: each block can be marked as protected. (Kernel/OS) Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Paging Nicolas T. Courtois, updated 2011

Basic Security: Linux: Kernel pages are never swapped to disk. CompSec COMPGA01 Basic Security: Linux: Kernel pages are never swapped to disk. Windows: similar and more complex. Nicolas T. Courtois, updated 2011

General Protection Fault (GPF) CompSec COMPGA01 General Protection Fault (GPF) It is a hardware mechanism! Exception 0xD. Occurs when the program does violate the CPU security rules (they are VERY numerous). Examples: using an instruction which can ONLY be used at ring 0 by the OS Kernel… accessing special types of registers and Descriptor Tables… etc… The OS is expected to catch it and close the process: XP: XXX has encountered a problem and needs to close. We are sorry for the inconvenience. Vista/7: XXX has stopped working. If not, if GPF occurs 3 times, (exception within exception handler routine) even the OS Kernel cannot recover from it. => Must reboot CPU and OS. Nicolas T. Courtois, updated 2011

Segmentation Fault a.k.a. Bus Error CompSec COMPGA01 Segmentation Fault a.k.a. Bus Error One example program in C: char *s=“abcd”; *s=0;//change ‘a’ to ‘\0’ This will cause segmentation fault, both in Unix/Windows because compilers allocate “abcd” in a segment marked as “read only”. Software mechanism, but hardware detection by the CPU. How does this happen? In Linux typically the CPU will notify the OS, and the OS will send the SIGBUS signal. Then the OS notifies the process which caused the exception. Under windows goes through exceptions which are handled by the code itself… Nicolas T. Courtois, updated 2011

Page Protections and Permissions CompSec COMPGA01 Page Protections and Permissions Historically, in Intel 32-bit CPUs, permissions (R/W/X) exist at segment level, hard to use and wasteful. Since i386, W/R permissions exist at the page table entry level, 4 K pages typically implemented in combination of hardware / OS kernel with the “page descriptors” ONLY since Pentium 4, X (execution) can also be disabled with DEP (later about it) BTW: No problem ever with i64. R/W/X at page level. Nicolas T. Courtois, updated 2011

Vista and Encrypted Paging CompSec COMPGA01 Vista and Encrypted Paging What about memory used for operations on protected audio/video content in Vista? For example a graphics card using RAM for its real-time working data? Vista activates a special protection bit indicating that they must be encrypted before being paged out to the disk, and decrypted back again after being paged in. But Vista doesn’t provide any other page file encryption, that programmers could use to protect their credit card details or Aes keys or so… => Microsoft only cares about Hollywood studios. Nicolas T. Courtois, updated 2011

*Kernel or Memory Dumps CompSec COMPGA01 *Kernel or Memory Dumps If Windows XP crashes … it will write either a full memory dump, or just a Kernel dump into the page file (pagefile.sys). temporary. after reboot it will be copied to a separate file. Nicolas T. Courtois, updated 2011

****ASLR = Address Space Layout Randomisation CompSec COMPGA01 ****ASLR = Address Space Layout Randomisation Also covered later, see buffer overflow. SOFTWARE, not hardware. Techniques to randomize at the runtime the layout of various pieces of data in memory. Makes it much harder for the attacker to predict where the data is. Example: the attacker injects some “shellcode” in a buffer stored on the process stack and overwrites some pointers. In his exploit he expects consecutive locations. The exploit does not work anymore (or with low probability). OpenBSD (enabled by default) Linux – weak form of ASLR by default since kernel 2.6.12. (much better with the Exec Shield patch for Linux). Windows Vista and Windows Server 2008: ASLR enabled by default, although only for those executables and dynamic link libraries specifically linked to be ASLR-enabled. So only very few programs such as Internet Explorer 8 enable these protections… Nicolas T. Courtois, updated 2011

WX Page Protections – in Linux CompSec COMPGA01 WX Page Protections – in Linux What is W  X? Each page should be either writable or executable, but not both: Exclusive OR Applications: Exe part of the program space (a.k.a. text) pages: X, not W Data pages (stack, heap): mark them as W, not X Implementation of W  X in Linux: In Linux 32-bit, and with 64-bit CPU, in hardware, since Kernel 2.6.8. In other cases, mechanism can be implemented in software. In OpenBSD since version 3.3. May 2003. In Linux PaX patch (optional), for 32-bit x86 processors, Tricky way based on segment limit registers and segment R/W/X/ permissions => memory x2, really negligible performance degradation. Nicolas T. Courtois, updated 2011

Windows DEP = Data Execution Prevention CompSec COMPGA01 Windows DEP = Data Execution Prevention Old “X” idea: must allow explicitly, current OS+programs would stop working. The “NX” idea: Never Xecute = can forbid. Easier to make compatible systems. Hardware mechanism. Both Intel and AMD implement it but Intel was the last to deliver this benefit to large-public CPUs, since P4 Prescott. Windows - Since XP SP2. Not active by default. Choice dictated by legacy programs… PAE mode needed: 64-bit page tables. Bit 63 is used. Compatibility problems with older processors and old motherboards Also active in Linux, mostly only on 64-bit CPUs, but also with 32-bit Linux, in Linux kernel since release 2.6.8 of August 2004. Again can also be enforced purely in software, for example in Linux PaX patch (optional Kernel patch). Nicolas T. Courtois, updated 2011

Future: Curtained Memory CompSec COMPGA01 Future: Curtained Memory Not used (as far as I know). Expected to work with TP. Full isolation of sensitive areas of memory—for example, locations containing cryptographic keys. Even the OS does not have full access to curtained memory. Implementation: Intel's Trusted Execution Technology Nicolas T. Courtois, updated 2011

CPU Security Features CompSec COMPGA01 Nicolas T. Courtois, updated 2011

Unique Serial Number Introduced by Intel since P3. CompSec COMPGA01 Unique Serial Number Routine mechanism in most industries. Unique serial number cannot be changed (fixed by the manufacturer) Example: Oyster card, building passes block 0. Introduced by Intel since P3. can be disabled too, due to privacy advocates outcry… Nicolas T. Courtois, updated 2011

CPU Protection – Hardware Side CompSec COMPGA01 CPU Protection – Hardware Side Nicolas T. Courtois, updated 2011

Different CPU architectures define several Rings. CompSec COMPGA01 Rings – Hardware @ CPU Different CPU architectures define several Rings. Nicolas T. Courtois, updated 2011

Transition Calls (Transition Gates) CompSec COMPGA01 Transition Calls (Transition Gates) Transition only through special “system calls” transfers control to a predefined entry point in more privileged code; the more privileged code does specify and checks where it can be entered, in which prior processor state one can enter. Privileged code, from the processor state and the stack left by the less privileged code, determines what is requested and allows it or not. Implementation: “call gates” (old): calling directly a Kernel function, slow INT – hardware interruption, saves and restores the CPU state, still slow Intel and AMD now introduced special faster instructions: SYSCALL/SYSENTER, SYSRET/SYSEXIT Nicolas T. Courtois, updated 2011

How to Penetrate to Ring 0? CompSec COMPGA01 How to Penetrate to Ring 0? Whatever you do, it is always possible to get there through the boot loader. Critical and privileged access point in all PCs. Would allow to disable some hardware securities such as DEP… Could allow a virus to be so stealth that no anti-virus would detect it. Beware of boot sector viruses! Good news: most motherboards have a hardware mechanism that prevents the OS from writing the boot sector of the hard drive. No access from the O/S level. Problem: this can be disabled in BIOS. which is looking for trouble: IF this mechanism is totally usable: like it makes sounds and asks the user to press Y on the keyboard, and there is no bug/problem THEN it is a bad idea to allow people to disable it. Nicolas T. Courtois, updated 2011

How to Still Penetrate to Ring 0? CompSec COMPGA01 How to Still Penetrate to Ring 0? More HW mechanisms… Furthermore, the BIOS has a password (and usually also an admin password). But all NVM can be reset by a jumper, so it is easy to hack… Some computer motherboards designed for high security customers/applications and certified by the government will have better security… such as WORM* mechanisms = Write Once, Read Many unhackable BIOS… (more about BIOS sec later) Nicolas T. Courtois, updated 2011

Can We Defend Against Such Threats? CompSec COMPGA01 Can We Defend Against Such Threats? Yes, or partly so, through logging helped by hardware. Example 1: a motherboard can have a log of events that cannot be erased (WORM). Sandisk recently started commercializing WORM memory cards (with very large capacity) – the data can be written but cannot be erased. Example 2: Hard disk hardware can make it impossible to modify the file creation and modification dates of files. Then the virus can be detected (removal is another story). This type of technology is used for forensic purposes much more frequently than we think. We are just not informed about these extra (hidden) features. Nicolas T. Courtois, updated 2011

CPU Protection (3) Hardware + OS CompSec COMPGA01 Nicolas T. Courtois, updated 2011

CompSec COMPGA01 CPU Modes vs. Modern OS DOS: the kernel, drivers and applications typically run on ring 3, whereas only the 386 memory manager such as EMM386 run at ring 0 OS/2 used 3 rings! the Multics system had 8 rings… most current OS and Windows XP use only two rings ring 0 == kernel mode ring 3 == user mode only recently Microsoft have added some ring 1 code… there also is a SMM mode, on every PC, 16-bit powerful close to ring 0, used by the BIOS NOT the OS, prevents CPU from overheat etc.. later about it, Nicolas T. Courtois, updated 2011

CPU Modes = Processor Modes = Privilege Levels CompSec COMPGA01 CPU Modes = Processor Modes = Privilege Levels Hardware mechanisms that allow the OS to run with much more privileges than any process. System mode = privileged mode = master mode = supervisor mode = kernel mode = unrestricted mode. User mode Transition only through special “system calls” or privileged instructions or hardware interruptions which can only be executed in system mode. In theory, only highly-trusted kernel code should run in the unrestricted way. In practice… Real time code such as drivers are allowed to also run in the system mode. Nicolas T. Courtois, updated 2011

CompSec COMPGA01 system mode = privileged mode = master mode = supervisor mode = kernel mode = unrestricted mode can execute any instruction access any memory location access hardware devices can change a number of special processor features: enable/disable interrupts, special registers, descriptor tables, change privileged/not processor state, access memory management units, user mode access only the “usual” CPU resources: computations+registers access to memory is limited, cannot access MMUs cannot execute certain special instructions, cannot disable interrupts, go to privileged state, change special registers/tables, etc.. Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Virtual PCs Nicolas T. Courtois, updated 2011

Virtual PCs – VirtualBox, VMWare etc CompSec COMPGA01 Virtual PCs – VirtualBox, VMWare etc recall: most current OS: ring 0 == kernel mode ring 3 == user mode using Virtual Box in software mode Hosted OS kernel runs at ring 1 replacing 0 has a real-time code recompiler which replaces some instructions also does real-time code patching cannot run VirtualBox or VMWare inside it because cannot create virtual machines Hosted OS apps run at ring 3 but it also can do a hardware –assisted mode: ring 0 is run as ring 0 with isolated memory possible only on very recent CPUs: Nicolas T. Courtois, updated 2011

Virtualisation: Intel VT = AMD-V CompSec COMPGA01 Virtualisation: Intel VT = AMD-V Nicolas T. Courtois, updated 2011

Intel-VT, a.k.a. Vanderpool CompSec COMPGA01 Intel-VT, a.k.a. Vanderpool Main function: each virtual Machine running on the same CPU has access to all 4 privilege rings. Required and used by Windows 7 XP Mode. So for example a virtual PC+OS cannot detect it is a virtual machine by trying CPU instructions such as SYSENTER etc. Also speeds up running virtual PCs, they run much more like a real PC better CPU hardware support for paging => better memory isolation the difference between real and virtual PCs will tend to disappear in the near future… supported by most but not all current CPUs, Intel Atom Z5X0 are OK, Atom 2X0 are NOT OK in some motherboards it must be switched on in BIOS a PC compatible with Intel-VT can run Windows, Linux and Mac-OS AT THE SAME TIME as native, no need to emulate ring 0 anymore. Nicolas T. Courtois, updated 2011

BIOS and BOOT security CompSec COMPGA01 Nicolas T. Courtois, updated 2011

Firmware Def: a tiny ‘master’ program included in our PC CompSec COMPGA01 Firmware Def: a tiny ‘master’ program included in our PC runs first when you switch it on / or reset in old times stored in a ROM (Read-Only Memory), nowadays most firmware is stored in NOR flash devices can be updated Nicolas T. Courtois, updated 2011

Traditional BIOS BIOS def. = a firmware in your PC CompSec COMPGA01 Traditional BIOS BIOS def. = a firmware in your PC Basic Input/Output System, 25 years old Responsible for (picture next slide): initialization of much of the system, including important components such as video, RAM, keyboards and mice. POST = Power-On Self Test, (NOT hard drives or media) responsible for finding and loading the OS Boot from a number of different types of media, ranging from hard disks to USB and LAN devices [can load option ROMs] cooperates with the OS load further parts of the operating system before the operating system completely takes over. Nicolas T. Courtois, updated 2011

Traditional BIOS and Boot [source: NIST SP800-147] CompSec COMPGA01 Traditional BIOS and Boot [source: NIST SP800-147] 16-bit insecure mode 1st device can be needed to boot over the network SMI Handlers = Part of BIOS runs in the background Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Threats and Attacks Firmware update: if a virus does it, it can circumvent all the OS security… Pre-OS attacks = before the OS loads. Malicious updates can enter as: user-initiated from a bootable disk runtime software exploits managed BIOS updates inside a company new vectors? - self-updating BIOS rootkits? Maybe. Payload: Roll-back to old insecure version of BIOS (with attacks) Install a Firmware Rootkit Install a virtualization virus Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Firmware Rootkits Firmware Rootkit = def: uses device or platform firmware to create a persistent malware image in hardware, such as a network card hard drive, or the system BIOS. The rootkit hides in firmware, because firmware is not usually inspected for code integrity. At BlackHat 2006 Heasman demonstrated the viability of firmware rootkits in both ACPI firmware routines and in a PCI expansion card ROM. Nicolas T. Courtois, updated 2011

Virtualization Attacks on BIOS CompSec COMPGA01 Virtualization Attacks on BIOS Virtualization viruses: e.g. Blue Pill, run whole OS as a virtual machine, some physical RAM is invisible, rootkit claimed impossible to detect code released by Joanna Rutkowska c. 2010 Nicolas T. Courtois, updated 2011

SMM mode Viruses? CompSec COMPGA01 16-bit insecure mode SMI Handlers = part of BIOS runs in special System Management Mode Nicolas T. Courtois, updated 2011

SMI Handlers = part of BIOS, used for: CompSec COMPGA01 SMI Handlers SMI Handlers = part of BIOS, used for: invented to manage CPU temperature, fan control etc… also used for emulating hardware such as floppy disk Security runs in special System Management Mode (SMM) super-privileged, very similar to ring 0 16-bit yet able to access 4G of RAM can access all I/O ports and peripherals implemented through a System Management Interrupt (SMI): triggered by a physical PIN on the CPU socket transitions: next slide Nicolas T. Courtois, updated 2011

**** x86 CPU transitions w.r.t. SMI mode [Duflot et al.] CompSec COMPGA01 **** x86 CPU transitions w.r.t. SMI mode [Duflot et al.] 16-bit start-up 32-bit switched on by a PIN on the CPU socket, 386 and above Nicolas T. Courtois, updated 2011

Improved BIOS BIOS is not modular. CompSec COMPGA01 Improved BIOS BIOS is not modular. In some recent computers the BIOS has two parts: 1. BIOS boot block, cannot be updated, in ROM preferably checks the integrity of the second block 2. for this it can cooperate with special chip (Trusted Platform chip) has recovery mechanisms dual BIOS, restore last BIOS etc.. 2. Main block, can be updated in Flash memory Nicolas T. Courtois, updated 2011

CompSec COMPGA01 2006: Bill Gates / Intel If we think about boot, we're finally moving away from the old BIOS to this UEFI interface […] gives us new flexibility and capability, and it's got a rich API set to build on […] Nicolas T. Courtois, updated 2011

New Vocab EFI, = Extensible Firmware Interface, UEFI = Unified EFI CompSec COMPGA01 New Vocab EFI, = Extensible Firmware Interface, UEFI = Unified EFI An industry group (Intel, Lenovo, Microsoft etc etc) PI = Platform Initialization process and specs.. Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Key Features of EFI authenticated BIOS updates using digital signatures protections against changing the BIOS already installed modular design, with added functionality in BIOS, for example support of FAT files system in firmware through “EFI drivers” Reading: NIST BIOS protection guidelines: SP800-147 Nicolas T. Courtois, updated 2011

Improved EFI BIOS and Boot [cf. NIST] CompSec COMPGA01 Improved EFI BIOS and Boot [cf. NIST] Checks the digital signature, root of trust Nicolas T. Courtois, updated 2011

***Optional Reading: “A Tale of Two Standards” CompSec COMPGA01 ***Optional Reading: “A Tale of Two Standards” Nicolas T. Courtois, updated 2011

Enterprise Remote IT Management CompSec COMPGA01 Enterprise Remote IT Management Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Couple = AMT + vPro AMT = Active Management Technology – software part. Works with HARDWARE Intel vPro support on CPU and motherboard and the network adapter. A very impressive set of out-of-band techniques to remotely connect to PCs, even without knowledge or permission of the OS and the user that physically controls the PC. Remote power up Remote configuration, including access to BIOS Encrypted network boot Programmable hardware-based network filters and alerts Remotely limit network traffic of infected PCs Persistent logs stored in protected hardware Nicolas T. Courtois, updated 2011

Intel Anti-Theft Technology CompSec COMPGA01 Intel Anti-Theft Technology (2010) Nicolas T. Courtois, updated 2011

Statistics 10 % of all laptops are stolen during 1 year CompSec COMPGA01 Statistics 10 % of all laptops are stolen during 1 year 97 % are never found / recovered [source: FBI] Nicolas T. Courtois, updated 2011

Intel Anti-Theft Technology [2010] CompSec COMPGA01 Intel Anti-Theft Technology [2010] Tamper-resistant HARDWARE protections: Allows encryption solutions to store and manage cryptographic keys in CPU hardware. Ability to disable your PC with a local or remote poison pill if the system is lost or stolen. The poison pill can then delete essential cryptographic keys in CPU hardware. The PC will refuse to boot works even if the OS is reimaged, the boot order is changed, a new hard-drive is installed, or the laptop is disconnected from the network. supports outgoing SMS (alert) and incoming SMS (poison pill) through an optional 3G card built-in. can display a message to the thief: like laptop reported missing, 100 $ reward if you find it, call this number etc. Customize the policy to respond to events invalid login attempts failure to check-in to company network tamper detection Has a reactivation capacity: restore to normal. Secondary long pass phrase to unlock Unlock code can be transmitted by phone by the company’s IT service. Nicolas T. Courtois, updated 2011

Anti-Theft Software and Support/Server Infrastructure CompSec COMPGA01 Anti-Theft Software and Support/Server Infrastructure Nicolas T. Courtois, updated 2011

Location Tracing of a PC CompSec COMPGA01 Location Tracing of a PC Nicolas T. Courtois, updated 2011

Key Functionalities – iPad example CompSec COMPGA01 Key Functionalities – iPad example An app which can be triggered remotely by the owner Display a message+sound for the thief Remote lock Remote wipe of all the data Use the iPad Camera to collect crucial evidence Tamper-proof application. Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Remark: PC versus iPad An app which can be triggered remotely by the owner Display a message+sound for the thief Remote lock Remote wipe of all the data Use the iPad Camera to collect crucial evidence Tamper-proof application. Out of band channels / BIOS rootkits not needed (cf. PCs): Apple is in control Tamper-proof OS Nicolas T. Courtois, updated 2011

Another Example for iPad CompSec COMPGA01 Another Example for iPad an app which can be triggered remotely by the owner Nicolas T. Courtois, updated 2011

CompuTrace: Computrace® Track Locate Recover CompSec COMPGA01 CompuTrace: Computrace® Track Locate Recover embedded in laptops and some expensive Dell workstations. One needs to pay a subscription with this company. intended to trace lost/stolen PCs without the knowledge of the thief for legal reasons, apparently only available in US,UK,Canada and AUS. Nicolas T. Courtois, updated 2011

CompuTrace as a RootKit CompSec COMPGA01 CompuTrace as a RootKit also known as “a legitimate BIOS rootkit”. upon activation it will HACK/MODIFY the Windows partition: add a new service! modify several system files and the registry modify self-healing mechanisms such as Autochk.exe so it CANNOT be detected or repaired(!) can be enabled or disabled or killed in the BIOS, appears as a PCI device 1917:1234, can be enabled in theory cannot be reactivated… can be hacked/subverted, cf. Sacco-Ortega attacks, BlackHat 2009, redirection of communications… changing the URL/IP address lack of authentication of code, could be replaced by malicious code... Rootkit CAN be re-set to default settings and re-activated by software only maybe can download unauthorized code during updates? Nicolas T. Courtois, updated 2011

CompSec COMPGA01 I/O Protection Nicolas T. Courtois, updated 2011

In Both Unix and Windows NT CompSec COMPGA01 In Both Unix and Windows NT I/O devices are usually NOT accessible in user mode! protected mode user space driver I/O device IPC process kernel shared RAM Nicolas T. Courtois, updated 2011

Example: In Linux, ONLY a process with effective UID = 0 (and 0==root) CompSec COMPGA01 Example: In Linux, ONLY a process with effective UID = 0 (and 0==root) can open TCP ports with numbers <1024. Nicolas T. Courtois, updated 2011

***In Both Unix and Windows NT CompSec COMPGA01 ***In Both Unix and Windows NT There are two main methods for accessing I/O: mapping I/O to RAM, access as shared memory data written will be interpreted as commands dedicated I/O instructions, available only in the supervisor mode (!) Nicolas T. Courtois, updated 2011

***How Devices Communicate with Drivers? CompSec COMPGA01 ***How Devices Communicate with Drivers? 3 techniques: Programmed I/O == periodic polling the I/O device, such as mouse, writes periodically some information at a certain location… Interrupt-driven I/O: uses hardware interrupts to tell the CPU data is here… DMA = Direct Memory Access, independent of CPU, but it can be stalled when transfer is active CPU controls the DMA there are complications because of CPU cache! usually CPU will flush the cache manually… complicated Nicolas T. Courtois, updated 2011

CompSec COMPGA01 OS Design Nicolas T. Courtois, updated 2011

Kernel space vs. User space CompSec COMPGA01 Kernel space vs. User space Two separate “memory zones”. Kernel space: the OS kernel, some kernel extensions, some device drivers run in the most privileged CPU mode, system mode. this memory usually cannot be swapped out. User space, Userland: other parts of the OS that run as processes or services/daemons in the user mode. I/O and components manipulating the filesystem shell Windows: system processes will be running as system, so user space is a confusing name! user processes will be running as user. Depending on systems we can have system = root = super-user = administrator or all these will be distinct... Nicolas T. Courtois, updated 2011

Kernel Space vs. User Space CompSec COMPGA01 Kernel Space vs. User Space  Process 1 Process 2 Process n The Kernel Hardware (disks, network interfaces, etc.) Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Kernel Design Nicolas T. Courtois, updated 2011

Big Kernels vs. Micro Kernels CompSec COMPGA01 Big Kernels vs. Micro Kernels Nicolas T. Courtois, updated 2011

Big (Monolithic) Kernels CompSec COMPGA01 Big (Monolithic) Kernels The entire OS runs in system mode. Big kernel has all services: file system, network services, device drivers, etc. Security: all kernel code run in one address space and can directly affect each other. Example: Linux 2.6 kernel = 6 millions lines of code fast less robust, less secure Kernels with loadable kernel modules are still monolithic Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Microkernels A minimal kernel which provides only the mechanisms needed to implement OS services, Kernel provides: low-level memory space management, thread and process management, inter-process communication (IPC). Operating-system services are provided by user-mode server modules. device drivers, protocol stacks, file systems user-interface code. More secure(better achieves least privilege), more robust w.r.t. failures and bugs. Slower Nicolas T. Courtois, updated 2011

Hybrid or Mixed Mix of both worlds… CompSec COMPGA01 Nicolas T. Courtois, updated 2011

Windows NT family: (NT,XP,Vista). A hybrid kernel or a monolithic kernel structured like a microkernel

CompSec COMPGA01 Trusted Path Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Trusted Path One possible meaning: (also used in Trusted Computing = NGCB) a mechanism that provides confidence that the user is communicating with the right program/process attackers should not be able to initiate the communication process snoop on it / modify it defense against fake login programs. In other words: something close to an “unspoofable” and “incorruptible” channel (for a process in question). Nicolas T. Courtois, updated 2011

**Trusted Path and DRM The dream of Hollywood studios: CompSec COMPGA01 **Trusted Path and DRM The dream of Hollywood studios: A graphics card that decrypts video directly with AES-128, so that high-quality video cannot be captured… Implemented in Windows Vista… Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Secure Attention Key Def: a special key combination to be entered before a login screen is presented. Windows NT, XP and better: Ctrl+Alt+Del Linux: Ctrl-Alt-Pause or the SysRq-K Nicolas T. Courtois, updated 2011

WinLogon Security Security: CompSec COMPGA01 WinLogon Security Security: Remark: Users can be instructed to report login prompts that appear without having pressed this key combination. It is certainly an attack on their system! Nicolas T. Courtois, updated 2011

CompSec COMPGA01 WinLogon Security Windows NT is designed so that only the WinLogon process, a trusted system process, can receive notification of this keystroke combination. Nicolas T. Courtois, updated 2011

**How? only the WinLogon process can receive this keystroke: CompSec COMPGA01 **How? only the WinLogon process can receive this keystroke: The kernel remembers the Process ID of this process, and allows only that process to receive this notification. No software can intercept this call. Later, the WinLogon process will instruct GINA library (MSGINA.dll, Graphical Identification and Authentication) to bring the “Windows Security Dialog” It is possible to replace GINA with a third party software: one that accepts smart card or other tokens (!) See HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, a string named GinaDLL In VISTA, GINA was replaced by “Credential Providers” significantly increased flexibility in supporting multiple credential collection methods… Nicolas T. Courtois, updated 2011

Security in the User Space CompSec COMPGA01 Security in the User Space Nicolas T. Courtois, updated 2011

Security Mechanisms in the User Space CompSec COMPGA01 Security Mechanisms in the User Space User privileges (admin/not admin) Access Control Authentication Logging / Auditing Intrusion Detection … Nicolas T. Courtois, updated 2011

Logging Both normal and suspicious events, e.g. Methods CompSec COMPGA01 Logging Both normal and suspicious events, e.g. Every logon attempt Every time permissions are changed Network connection events Methods application logging, API hooking, system call interception, packet sniffing, … Again, logging can be hidden and use WORM mechanisms (forensic logging). Nicolas T. Courtois, updated 2011

Some also can and should be implemented by the OS CompSec COMPGA01 Intrusion Detection Some also can and should be implemented by the OS A lot is done in Vista, a high level of paranoia in fact… adopted here: “tilt bits” (sth. abnormal is going on, false alarms most of the time, but the diffusion “prime content” will be prevented). Nicolas T. Courtois, updated 2011

Disturbing Questions and Virusology CompSec COMPGA01 Nicolas T. Courtois, updated 2011

Disturbing Questions: CompSec COMPGA01 Disturbing Questions: The OS does have some “file locks”: It does not allow one to change system files and things such as file meta-data easily. Can this be circumvented? Maybe. Idea, through locking the volume(possible) and directly accessing the disk, and directly communicating with the resources (for this one has to implement an impressive range of things, it is like implementing the OS from the scratch, not impossible but costly… Some software, such as real-time disk defrag or real-time partition tools do need to have higher privileges than normal software. Nicolas T. Courtois, updated 2011

Disturbing Questions: CompSec COMPGA01 Disturbing Questions: The anti-virus software works in the user space? Not really (try to kill an anti_virus), but even if it has Kernel-level drivers there is a process to install it… Q: What prevents a virus from installing in the same way? With very high privileges the anti-virus needs to function? Nicolas T. Courtois, updated 2011

Hacking Anti-virus Software CompSec COMPGA01 Hacking Anti-virus Software Could one install a slightly modified anti-virus software? Defences: The process is in fact pre-approved by Microsoft, installation is usually allowed by checking digital signatures of its key component = a Kernel-level driver. But could we modify the anti-virus code on the fly during this installation process (during which some anti-virus code is promoted to a very high privilege)? Maybe… Nicolas T. Courtois, updated 2011

Jailing Anti-virus Software CompSec COMPGA01 Jailing Anti-virus Software Could we put the anti-virus software in jail? Or just alter its communications with the central servers [updates, status/virus reporting, redirection etc] Maybe. Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Browser Design Nicolas T. Courtois, updated 2011

Big (Monolithic) Browsers CompSec COMPGA01 Big (Monolithic) Browsers Legacy de facto dominant situation, since NCSA Mosaic program [1993] Monolithic architecture: initially, the browser kernel and the rendering engine were just single image (one exe file) later they became modular with dlls, plugins, JVM, etc. But from the point of view of the security nothing changed: all code executed in one single protection domain. Examples: IE7 under XP, Firefox 3, Safari 3.1. Nicolas T. Courtois, updated 2011

CompSec COMPGA01 One Single Domain Everything is run in one single protection domain at the user’s level of privilege, for example as admin. A single crash crashes everything Code that comes from the web runs locally at user’s level of privilege an un-patched vulnerability in the browser allows to run any code on the host machine, with the privilege level of the user. Nicolas T. Courtois, updated 2011

One Single Domain – But Which? CompSec COMPGA01 One Single Domain – But Which? This is very insecure if we run the browser as admin. But what is we run it from a restricted account? Is it OK? Example: Vista can run IE7 in a “protected mode” which means it is run at a low-integrity level. It implements the Biba’s principle of “no write-up”. Consequences: The browser is unable to alter the system.  BUT it can read the user’s files (spyware).  Remember: Integrity and Confidentiality are two totally independent dimensions. Nicolas T. Courtois, updated 2011

Sandboxing - Example VMWare Browser Appliance: CompSec COMPGA01 Sandboxing - Example VMWare Browser Appliance: A free Linux VM containing Firefox, that runs with the VMWare player (also free). After you use it to browse web, just delete it. And start again… How cool is that… Big drawback: complete isolation, the user is NOT able AT ALL to read any of his own files (for example to publish his photos on the web)… Nicolas T. Courtois, updated 2011

Still no protection of user’s data. CompSec COMPGA01 **IE8 Does the same as IE7, except that each tab is run as a separate virtual machine. Still no protection of user’s data. Nicolas T. Courtois, updated 2011

Google Chrome Architecture CompSec COMPGA01 Google Chrome Architecture Divides the browser application into two protection domains: Browser kernel; runs with user’s privileges, Sandboxed and isolated multiple instances of the rendering engine run at very low “web” privilege level, Chrome is open source. And highly compatible with existing web sites, unlike many other existing modular “highly secure” browsers [DarpaBrowser, Tahoma]. Nicolas T. Courtois, updated 2011

Chromium Browser Kernel CompSec COMPGA01 Chromium Browser Kernel Browser kernel: responsible for mediating file and network access, like a firewall displaying bitmaps produced by rendering engine[s] seen as black boxes. Nicolas T. Courtois, updated 2011

Chromium Browser Kernel Privileges CompSec COMPGA01 Chromium Browser Kernel Privileges run at user’s privileges. run as a medium-integrity process under Vista, several privileges explicitly removed, starts with SID=0 as a result, it can be installed without an admin account (!). Maybe because it is not as dangerous as most other browsers… Nicolas T. Courtois, updated 2011

*****Problems Problems with Chrome: CompSec COMPGA01 *****Problems Problems with Chrome: it installs patches silently… (very quick at updates, good point too) Java script cannot be disabled lack of many user and administrative controls… (like zones) poor defaults, e.g. for cookies… reveals all your passwords in seconds (nobody else allows that) embarrassments: many serious and simple exploits were found already, and patched... Nicolas T. Courtois, updated 2011

sandboxed and isolated each running with DEP and ASLR CompSec COMPGA01 Rendering Engines multiple instances sandboxed and isolated each running with DEP and ASLR all run at very low “web” privilege level, at the lowest integrity level in Vista execute error and exploit-prone tasks of web parsing, Java script, etc. Nicolas T. Courtois, updated 2011

How Does It Protect Our Files? CompSec COMPGA01 How Does It Protect Our Files? As with IE7/8 under Vista, the rendering engines run as low integrity processes. So no write up is permitted. However Chrome also attempts to prevent them from reading up. How? Nicolas T. Courtois, updated 2011

How Does It Protect Our Files! CompSec COMPGA01 How Does It Protect Our Files! An engine, accessing URLs outside, is just totally unable of accessing local files file:/// However, of course, one can open a local web page. But only in another sandboxed and isolated rendering engine (!). Nicolas T. Courtois, updated 2011

***Small Technicality CompSec COMPGA01 ***Small Technicality Memory isolation – OK. But many file system isolation features will be ineffective if the file system is FAT32, not NTFS. Not because Vista is compromised or not able to further ”police” the access (cf. reference monitor, complete mediation), but simply because of lack of support/implementation. Nicolas T. Courtois, updated 2011

Hardware Attacks on PCs CompSec COMPGA01 Hardware Attacks on PCs Nicolas T. Courtois, updated 2011

High-Level Categories CompSec COMPGA01 High-Level Categories Stealing data (removing hard drive, memory chips). Now hard drives can be encrypted. Memory still isn’t. Hardware keyboard sniffers. Optical Acoustic / mechanical vibrations EM radiations. PS/2 vs. USB (two wires=). Intercepting screen output. There are TEMPEST machines. Side channel attacks focusing on crypto. Acoustic attack on AES; traditional DPA [oscilloscope]. CPU cache attacks on crypto (AES)… Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Quiz Can in Windows/Linux a process run by an administrator access the system/kernel memory? Explain what is virtual memory and paging? How one can make a dump of kernel memory? What is DEP? Which OS has it? Explain the protected/Kernel mode and user mode for CPUs. How can the DEP and the protected/Kernel mode be circumvented or attacked? Nicolas T. Courtois, updated 2011

CompSec COMPGA01 Quiz (2) How can we at the BIOS level make it difficult to modify the boot sector? (3 things). What is a monolithic kernel and why it is the least secure design? What is the architecture of Google’s Chrome regarding the privileges to read and write files, access the network, and the screen? Nicolas T. Courtois, updated 2011