Evil Module 1 Module 3 OS OS Module 2 Module 4 Safe? Safe? - - PDF document

SLIDE 1

5/23/10 1

Bryan Parno, Jonathan McCune, Adrian Perrig

1

Carnegie Mellon University

2

A Travel Story Trust is CriAcal

3

Will I regret having done this?

4

F

XAlice YAlice YOther XOther

Is F what the programmer intended? Does program P compute F?

Bootstrapping Trust is Hard!

5

OS

App 1 App 2 App 3 App 4 App N

Module 1 Module 3 Module 2 Module 4

App 5 Challenges:

• Hardware assurance
• Ephemeral soRware
• User InteracAon

Safe? Yes!

Evil App

Evil OS

Bootstrapping Trust is Hard!

6

Challenges:

• Hardware assurance
• Ephemeral soRware
• User InteracAon

Safe? Yes!

SLIDE 2

5/23/10 2

In the paper…

7

• Bootstrapping foundaAons
• TransmiXng bootstrap data
• InterpretaAon
• ValidaAon
• ApplicaAons
• Human factors
• LimitaAons
• Future direcAons
• … and much more!

1) Establish Trust in Hardware

• Hardware is durable
• Establish trust via:

– Trust in the manufacturer – Physical security

8

2) Establish Trust in SoRware

9

OS

App 1 App N

…

• SoRware is ephemeral
• We care about the soRware

currently in control

• Many properAes ma`er:

– Proper control flow – Type safety – Correct informaAon flow

… A Simple Thought Experiment

• Imagine a perfect algorithm for analyzing control flow

– Guarantees a program always follows intended control flow

• Does this suffice to bootstrap trust?

10

No!

P

Respects control flow Type Safe

What is Code IdenAty?

• An a`empt to capture the behavior of a program
• Current state of the art is the collecAon of:

– Program binary – Program libraries – Program configuraAon files – IniAal inputs

• ORen condensed into a hash of the above

11

FuncAon f Inputs to f

Code IdenAty as Trust FoundaAon

• From code idenAty, you may be able to infer:

– Proper control flow – Type safety – Correct informaAon flow

…

• Reverse is not true!

12

SLIDE 3

5/23/10 3 What Can Code IdenAty Do For You?

13

• Research applicaAons
• Commercial applicaAons
• Thwart insider a`acks
• Protect passwords
• Create a Trusted Third Party
• Secure the boot process
• Count‐limit objects
• Improve security of

network protocols

• Secure disk encrypAon (e.g., Bitlocker)
• Improve network access control
• Secure boot on mobile phones
• Validate cloud compuAng plamorms

14

Establishing Code IdenAty

[Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],…

F

XAlice XOther YAlice YOther

15

Establishing Code IdenAty

[Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],…

XAlice XOther

f1 f2 fN

YAlice YOther

…

SoRware N SoRware N‐1 SoRware 1

Establishing Code IdenAty

16

. . .

?

Root of Trust Chain of Trust

[Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],…

SoRware N SoRware N‐1 SoRware 1

Trusted Boot: Recording Code IdenAty

17

. . .

Root of Trust

SW 1 SW N SW N‐1 SW 2

[Gasser et al. ’89], [England et al. ‘03], [Sailer et al. ‘04],…

A`estaAon: Conveying Records to an External EnAty

18

SoRware N SoRware N‐1 SoRware 1

. . .

SW 1 SW N SW N‐1 SW 2

[Gasser et al. ‘89], [Arbaugh et al. ‘97], [England et al. ‘03], [Sailer et al. ’04]…

random #

Sign (

)

Kpriv

random #

SW 1 SW 2 SW N‐1 SW N

Controls Kpriv

SLIDE 4

5/23/10 4

InterpreAng Code IdenAty

19

BIOS Bootloader Drivers 1…N App 1…N

OS

OpAon ROMs

[Gasser et al. ‘89], [Sailer et al. ‘04]

TradiAonal

[Marchesini et al. ‘04], [Jaeger et al. ’06]

Policy Enforcement

InterpreAng Code IdenAty

20

BIOS Bootloader

Virtual Machine Monitor

OpAon ROMs

Virtual Machine

TradiAonal

[Marchesini et al. ‘04], [Jaeger et al. ’06]

Policy Enforcement

[England et al. ‘03], [Garfinkel et al. ‘03]

VirtualizaAon

[Gasser et al. ‘89], [Sailer et al. ‘04]

InterpreAng Code IdenAty

21

BIOS Bootloader

Virtual Machine Monitor

OpAon ROMs

OS

VMM

Virtual Machine

TradiAonal

[Marchesini et al. ‘04], [Jaeger et al. ’06]

Policy Enforcement

[England et al. ‘03], [Garfinkel et al. ‘03]

VirtualizaAon Late Launch

[Kauer et al. ‘07], [Grawrock ‘08] [Gasser et al. ‘89], [Sailer et al. ‘04]

InterpreAng Code IdenAty

22

TradiAonal

[Marchesini et al. ‘04], [Jaeger et al. ’06]

Policy Enforcement

[England et al. ‘03], [Garfinkel et al. ‘03]

VirtualizaAon Late Launch

[Kauer et al. ‘07], [Grawrock ‘08]

Targeted Late Launch

[McCune et al. ‘07]

OS

Flicker

Flicker

S A`ested

[Gasser et al. ‘89], [Sailer et al. ‘04]

InterpreAng Code IdenAty

23

BIOS Bootloader Drivers 1…N App 1…N

OS

OpAon ROMs

Flicker

S

Load‐Time vs. Run‐Time ProperAes

• Code idenAty provides load‐Ame guarantees
• What about run Ame?
• Approach #1: StaAc transformaAon

24

Code

Run‐Time Policy

Code’

A`ested

[Erlingsson et al. ‘06]

SLIDE 5

5/23/10 5

Load‐Time vs Run‐Time ProperAes

• Code idenAty provides load‐Ame guarantees
• What about run Ame?
• Approach #1: StaAc transformaAon
• Approach #2: Run‐Time Enforcement layer

25

Code Enforcer

A`ested Run Time Load Time

[Erlingsson et al. ‘06] [Haldar et al. ‘04], [Kil et al. ‘09]

Roots of Trust

26

0 0 4 2

• General

purpose

• Tamper

responding

• General

purpose

• No physical

defenses

• Special

purpose

• Timing‐based

a`estaAon

• Require

detailed HW knowledge

[Chun et al. ‘07] [Levin et al. ‘09] [Spinellis et al. ‘00] [Seshadri et al. ‘05]

…

[ARM TrustZone ‘04] [TCG ‘04] [Zhuang et al. ‘04]

…

[Weingart ‘87] [White et al. ‘91] [Yee ‘94] [Smith et al. ‘99]

…

Cheaper

Human Factors

27

SW 1 SW 2 SW N‐1 SW N

SW 1 SW 2 SW N‐1 SW N

Conclusions

• Code iden>ty is criAcal to bootstrapping trust
• Assorted hardware roots of trust available
• Many open ques>ons remain!

28