Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Size: px
Start display at page:

Download "Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution"

Transcription

1 1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014

2 Dynamic Root of Trust Problem of legacy Incompatible or sloppy BIOS Chain of trust is too long, too static AMD/Intel introduce Dynamic RTM (DRTM) CPU resets into clean state to load OS/App Essentially starting a new Chain of Trust Slide Nr. 2, Lecture Embedded System Security, SS 2014

3 Chain of Trust Chain of Trust Dynamic Root of Trust Reset Chain of Trust, cut out BIOS and boot loader Boots clean OS out of compromised system (!) App X App Y Operating System Operating System Boot Loader BIOS Authenticated Code (AC) CRTM CPU, Chipset, TPM Slide Nr. 4, Lecture Embedded System Security, SS 2014

4 TXT Reinitialization Process SENTER CPU instruction issues the process Resets CPU and Chipset Resets TPM PCRs CPU executes Authenticated Code module (AC mod) AC mod is signed by vendor (Intel) AC mod is measured into PCR 17 AC mod reinitializes CPU and Chipset Payload is measured by AC mod Payload measurement stored in PCR 18 Slide Nr. 5, Lecture Embedded System Security, SS 2014

5 DRTM Security (1) System Management Mode (SMM, Ring -2 ) Runtime, low-level hardware management Arbitrary code execution while OS is suspended BIOS is expected to initialize SMM and then lock access Active Management Technology (AMT, Ring -3 ) RISC CPU inside the mainboard chipset Dedicated link to your RAM and network card Arbitrary code execution while OS is running Even if disabled in BIOS Slide Nr. 7, Lecture Embedded System Security, SS 2014

6 DRTM Security (2) SMM and AMT are not validated/supervised by TXT BIOS is supposed to secure access and lock registers App X App Y Operating System Boot Loader App A App B Operating System Compromised SMM or AMT can manipulate AC or TXT payload As of 2006, BIOS locks access to SM-RAM System Management Mode (SMM) Authenticated Code (AC) TXT needs secure BIOS! DRTM needs SRTM!? BIOS CRTM CPU, Chipset, TPM AMT Slide Nr. 8, Lecture Embedded System Security, SS 2014

7 TXT Example: GRUB GRUB Root of Trust is the CPU reset to TXT mode Chain of Trust: CPU GRUB boot loader (Hypervisor) Operating System... Simlilar problems as with Static Root of Trust Long chain of trust Slide Nr. 9, Lecture Embedded System Security, SS 2014

8 Flicker: Execution Environment Execution Environment (TEE) at runtime Run only a small part in the TEE Leads to small TCB Must be isolated from other software Flicker Suspend operating system Switch to TXT mode Measure and execute code Resume operating system Slide Nr. 10, Lecture Embedded System Security, SS 2014

9 Chain of Trust Transaction Security (Flicker) (Flicker: McCune, Parno, Perrig, Reiter, Isozaki. An Execution Infrastructure for TCB Minimization, EuroSys 2008 Use TXT only for small critical functions like signature Output can be signed or otherwise bound to TPM App X App Y Operating System Boot Loader BIOS CRTM Secure App ret = func(input) Authenticated Code Strong isolation for legacy OS without virtualization overhead Simple and stable apps Integrity = Security CPU & Chipset PC-Hardware Slide Nr. 11, Lecture Embedded System Security, SS 2014

10 Transaction Security (Flicker) Flicker framework is available for Intel TXT, AMD SVM, Windows, Linux First prototype apps: Transaction confirmation, e.g., in online shopping Software-Smartcard Cryptographic operations executed in TXT-mode PKCS#11 Interface Usable with legacy software E.g., Mail signing with Thunderbird Slide Nr. 12, Lecture Embedded System Security, SS 2014

11 Disadvantages of TXT/SVM DRTM with TXT/SVM still contains huge software stack How to verify measuments Multiple open problems in cloud scenario Privider doesn t want to reveal software configuration Host machine identification through TPM keys Isolating only the security critical part is desirable Flicker never evolved to a practical solution Substantial modification of the OS required Switch to and from TXT/SVM is time consuming Execution stalls entire system (interrupts disabled) Slide Nr. 14, Lecture Embedded System Security, SS 2014

12 Intel Software Guard Extensions () [McKeen et al, Hoekstra et al., Anati et al., HASP 13] Security critical code isolated in enclave Only CPU is trusted Transparent memory encryption 17 new instructions Enclaves cannot harm the system Only unprivileged code (CPU ring3) Memory protection Designed for Multi-Core systems Multi-threaded execution of enclaves Parallel execution of enclaves and untrusted code Enclaves are interruptible Programming Reference available APP1 APP2 Enclave Security Service Operating System CPU Hardware Slide Nr. 15, Lecture Embedded System Security, SS 2014

13 Create Enclave Loader Enclave 5 User space Client driver Operating system SK/PK Hardware 1. Create App 2. Create app certificate (includes HASH(App) and Client PK) 3. Upload App to Loader Slide Nr. 17, Lecture Embedded System Security, SS 2014

14 Create Enclave Loader Enclave 5 User space Client driver 5 Operating system SK/PK 7 Hardware 1. Create App 2. Create app certificate (includes HASH(App) and Client PK) 3. Upload App to Loader 4. Create enclave 5. Allocate enclave pages Slide Nr. 18, Lecture Embedded System Security, SS 2014

15 Create Enclave Loader Enclave 5 User space Client driver 5 Operating system SK/PK 7 Hardware 1. Create App 2. Create app certificate (includes HASH(App) and Client PK) 3. Upload App to Loader 4. Create enclave 5. Allocate enclave pages 6. Load & Measure App 7. Validate certificate and enclave integrity Slide Nr. 19, Lecture Embedded System Security, SS 2014

16 Create Enclave Loader Enclave 5 User space Client driver 5 Operating system SK/PK 7 K 8 Hardware 1. Create App 2. Create app certificate (includes HASH(App) and Client PK) 3. Upload App to Loader 4. Create enclave 8. Generate enclave K key 5. Allocate enclave pages 6. Load & Measure App 7. Validate certificate and enclave integrity 9. Protect enclave Slide Nr. 20, Lecture Embedded System Security, SS 2014

17 SECS Enclave Enclave Creation Details Application 2a. ECREATE(SECS) 3a. EADD(*src, *dest) 3b. copy Encl. 4a. EEXTEND(*src) Code 5a. EINT 1b. Allocate EP to App 1a. Request Enclave Pages EPC list 4b. Hardware measures OS EPCM EPC 5b. Update HASH RAM M M U MEE CPU # Key ID n n+1 K PK 2b. Init SECS EPC: Enclave Page Cache EPCM: EPC Map MEE: Memory Encryption Engine MMU: Memory Management Unit SECS: Enclave Control Structure Slide Nr. 21, Lecture Embedded System Security, SS 2014

18 TCS Enclave Enclave Entry and Exit Details Application 1. EENTER(TCS, AEP) Stack AEP ISR EPC list OS M M U CPU EPCM EPC RAM MEE 2. Lock TCS, start Enclave AEP: Async Exit Point EPC: Encl. Page Cache EPCM: EPC Map ISR: Int. Service Routine MEE: Mem. Enc. Engine TCS: Thread Control Structure Slide Nr. 22, Lecture Embedded System Security, SS 2014

19 TCS Enclave Enclave Entry and Exit Details Application Stack AEP 1. EEXIT EPC list ISR OS 2. M M U CPU EPCM EPC RAM MEE AEP: Async Exit Point EPC: Encl. Page Cache EPCM: EPC Map ISR: Int. Service Routine MEE: Mem. Enc. Engine TCS: Thread Control Structure Slide Nr. 23, Lecture Embedded System Security, SS 2014

20 TCS Enclave Enclave Entry and Exit Details Application Stack AEP ISR 3. Switch to OS EPC list OS 1. Interrupt M M U CPU EPCM EPC RAM 2. Save context in Enclave MEE AEP: Async Exit Point EPC: Encl. Page Cache EPCM: EPC Map ISR: Int. Service Routine MEE: Mem. Enc. Engine TCS: Thread Control Structure Slide Nr. 24, Lecture Embedded System Security, SS 2014

21 TCS Enclave Enclave Entry and Exit Details Application Stack AEP 2. ERESUME 1. Return from Interrupt ISR EPC list OS M M U CPU EPCM EPC RAM MEE Slide Nr. 25, Lecture Embedded System Security, SS Resume Enclave AEP: Async Exit Point EPC: Encl. Page Cache EPCM: EPC Map ISR: Int. Service Routine MEE: Mem. Enc. Engine TCS: Thread Control Structure

22 Create Enclave Secure Channel 1 Shared memory Enclave1 Enclave2 User space 2 Operating system 3 1. Generate DH params 2. Request Report 3. Generate Report = (HASH(Enclave1), ID-Enclave2, DH-params) Slide Nr. 27, Lecture Embedded System Security, SS 2014

23 Create Enclave Secure Channel 1 Shared memory 5 Enclave1 Enclave2 User space 2 Operating system 3 1. Generate DH params 4. Authenticate Report using MAC with target enclave s shared key 6. Get enclave s share key 2. Request Report 3. Generate Report = (HASH(Enclave1), ID-Enclave2, DH-params) 7. Validate report 8. Repeat for other direction Slide Nr. 28, Lecture Embedded System Security, SS Pass Report (shared memory)

24 Create Enclave Secure Channel 1 Shared memory 5 7 Enclave1 Enclave2 User space 2 Operating system 3 1. Generate DH params 4. Authenticate Report using MAC with target enclave s shared key 6. Get enclave s share key 2. Request Report 3. Generate Report = (HASH(Enclave1), ID-Enclave2, DH-params) 7. Validate report Slide Nr. 29, Lecture Embedded System Security, SS Pass Report (shared memory)

25 Create Enclave Secure Channel 1 Shared memory 5 7 Enclave1 Enclave2 User space 2 Operating system 3 1. Generate DH params 4. Authenticate Report using MAC with target enclave s shared key 6. Get enclave s share key 2. Request Report 3. Generate Report = (HASH(Enclave1), ID-Enclave2, DH-params) 7. Validate report 8. Repeat for other direction Slide Nr. 30, Lecture Embedded System Security, SS Pass Report (shared memory)

26 Remote Attestation 1 nonce Enclave1 Quoting Enclave User space 2 Operating system 1. Verifier sends nonce 2. Generate Report = (HASH(Enclave1), ID-QuotingEnclave, nonce) Slide Nr. 31, Lecture Embedded System Security, SS 2014

27 Remote Attestation 1 nonce 3 Enclave1 Quoting Enclave User space 2 Operating system 1. Verifier sends nonce 3. Pass Report to Quoting Enclave 2. Generate Report = (HASH(Enclave1), ID-QuotingEnclave, nonce) Slide Nr. 32, Lecture Embedded System Security, SS 2014

28 Remote Attestation 1 nonce 3 4/5 Enclave1 Quoting Enclave User space 2 Operating system 1. Verifier sends nonce 3. Pass Report to Quoting Enclave 6. Signed Report is send to verifier 2. Generate Report = (HASH(Enclave1), ID-QuotingEnclave, nonce) 4. Quoting Enclave verifies Report 5. Signs Report with Platform Key Slide Nr. 33, Lecture Embedded System Security, SS 2014

29 Remote Attestation 6 1 nonce 3 4/5 Enclave1 Quoting Enclave User space 2 Operating system 1. Verifier sends nonce 3. Pass Report to Quoting Enclave 6. Signed Report is send to verifier 2. Generate Report = (HASH(Enclave1), ID-QuotingEnclave, nonce) 4. Quoting Enclave verifies Report 5. Signs Report with Platform Key Slide Nr. 34, Lecture Embedded System Security, SS 2014

30 Embedded Computing TC appears very suitable for embedded systems Less problems with legacy platforms No SMM and AMT, less complex BIOS Less bugs in Root of Trust Reduced code complexity and flexibility Special-purpose devices and use-cases Well-known code-base, longer release cycles Attestation of software stack becomes meaningful Slide Nr. 35, Lecture Embedded System Security, SS 2014

31 Embedded Infrastructures? Smart Grid Network relies on accurate measurements No real security concepts yet Vehicular Networks Components increasingly controlled by software, with desire for firmware updates How to trust tire pressure reports via WiFi? TPM & TXT everywhere? Slide Nr. 36, Lecture Embedded System Security, SS 2014

32 Software-based Attestation See, e.g., SWATT by Seshadri et al. (2004) or Pioneer by Seshadri et al. (2005) Exploits computational constraints of prover Only memory checksum can produce desired result in time! No security hardware or root of trust Prover (e.g., embedded device) Is the device in a trustworthy SW state? Remote Verifier Random challenge Memory Checksum Software Fingerprint (checksum of memory content)? = Reference Fingerprint Did device respond in expected time? Database

33 Software Attestation Problems Authentic channel between prover and verifier No cryptographic authentication due to compromise! No hardware security module available No actual remote attestation Hardware manipulation Simple overclocking or memory upgrades can enable prover to forge checksum Collusion attacks to forge checksum Prover can ask adversary to help computing the checksum

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

Uni-directional Trusted Path: Transaction Confirmation on Just One Device Uni-directional Trusted Path: Transaction Confirmation on Just One Device Atanas Filyanov 1, Jonathan M. McCune 2, Ahmad-Reza Sadeghi 3, Marcel Winandy 1 1 Ruhr-University Bochum, Germany 2 Carnegie Mellon

More information

Property Based TPM Virtualization

Property Based TPM Virtualization Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes!

SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes! SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes! Kun Sun, Jiang Wang, Fengwei Zhang, Angelos Stavrou! Center for Secure Information Systems! George Mason University!

More information

Building Blocks Towards a Trustworthy NFV Infrastructure

Building Blocks Towards a Trustworthy NFV Infrastructure Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical

More information

Intel Software Guard Extensions(Intel SGX) Carlos Rozas Intel Labs November 6, 2013

Intel Software Guard Extensions(Intel SGX) Carlos Rozas Intel Labs November 6, 2013 Intel Software Guard Extensions(Intel SGX) Carlos Rozas Intel Labs November 6, 2013 Legal Disclaimers INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR

More information

The TCG Dynamic Root for Trusted Measurement

The TCG Dynamic Root for Trusted Measurement Copyright Trusted Computing Group 1 The TCG Dynamic Root for Trusted Measurement Author: Lee Wilson TCG D-RTM Subgroup Chair PureFlex Security Architect, IBM Corporation BASIC CONCEPTS Copyright 2013 Trusted

More information

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 April 12th, 2006 1 Synopsis Background Trusted boot Security enhancements to boot loader Necessary code U-Boot Kernel

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

Introduction to Trusted Execution Environments (TEE) IY5606

Introduction to Trusted Execution Environments (TEE) IY5606 Introduction to Trusted Execution Environments (TEE) IY5606 Steven J. Murdoch Computer Laboratory Learning objectives Trusted Execution Environment (TEE) Understand what a TEE is and why it is of interest

More information

Trusted Virtual Machine Management for Virtualization in Critical Environments

Trusted Virtual Machine Management for Virtualization in Critical Environments Trusted Virtual Machine Management for Virtualization in Critical Environments Khan Ferdous Wahid Fraunhofer SIT Rheinstraße 75 64295 Darmstadt Germany www.sit.fraunhofer.de khan.wahid@sit.fraunhofer.de

More information

Acronym Term Description

Acronym Term Description This glossary contains definitions of terms created by TCG, or terms that have a particular meaning in trusted computing, or terms that cause particular confusion in trusted computing. Acronym Term Description

More information

Software Execution Protection in the Cloud

Software Execution Protection in the Cloud Software Execution Protection in the Cloud Miguel Correia 1st European Workshop on Dependable Cloud Computing Sibiu, Romania, May 8 th 2012 Motivation clouds fail 2 1 Motivation accidental arbitrary faults

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

Embedded Trusted Computing on ARM-based systems

Embedded Trusted Computing on ARM-based systems 1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate

More information

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011

More information

Position Paper: Can the Web Really Use Secure Hardware?

Position Paper: Can the Web Really Use Secure Hardware? Position Paper: Can the Web Really Use Secure Hardware? Justin King-Lacroix 1 Department of Computer Science, University of Oxford justin.king-lacroix@cs.ox.ac.uk Abstract. The Web has become the platform

More information

Secure Data Management in Trusted Computing

Secure Data Management in Trusted Computing 1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU

More information

Secure Containers. Jan 2015 www.imgtec.com. Imagination Technologies HGI Dec, 2014 p1

Secure Containers. Jan 2015 www.imgtec.com. Imagination Technologies HGI Dec, 2014 p1 Secure Containers Jan 2015 www.imgtec.com Imagination Technologies HGI Dec, 2014 p1 What are we protecting? Sensitive assets belonging to the user and the service provider Network Monitor unauthorized

More information

Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems

Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems Lorenzo Martignoni, Pongsin Poosankam, y Matei Zaharia, Jun Han, y Stephen McCamant, Dawn Song, Vern Paxson, Adrian Perrig,

More information

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis

More information

Abstract. 1 Introduction

Abstract. 1 Introduction Credo: Trusted Computing for s with a Commodity Hypervisor Himanshu Raj, David Robinson, Talha Bin Tariq, Paul England, Stefan Saroiu, Alec Wolman Microsoft Research Abstract This paper presents the Credo

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

Digital Rights Management Demonstrator

Digital Rights Management Demonstrator Digital Rights Management Demonstrator Requirements, Analysis, and Design Authors: Andre Osterhues, Marko Wolf Institute: Ruhr-University Bochum Date: March 2, 2007 Abstract: This document describes a

More information

Trustworthy Identity Management for Web Authentication

Trustworthy Identity Management for Web Authentication Trustworthy Identity Management for Web Authentication Ramasivakarthik Mallavarapu Aalto University, School of Science and Technology kmallava@tkk.fi Abstract Identity theft today is one of the major security

More information

Lecture Overview. INF3510 Information Security Spring 2015. Lecture 4 Computer Security. Meaningless transport defences when endpoints are insecure

Lecture Overview. INF3510 Information Security Spring 2015. Lecture 4 Computer Security. Meaningless transport defences when endpoints are insecure Lecture Overview INF3510 Information Security Spring 2015 Fundamental computer security concepts CPU and OS kernel security mechanisms Virtualization Memory Protection Trusted computing and TPM Lecture

More information

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey February 26, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey

More information

Hi and welcome to the Microsoft Virtual Academy and

Hi and welcome to the Microsoft Virtual Academy and Hi and welcome to the Microsoft Virtual Academy and 2012 Microsoft Corporation 1 the start of the Windows 8 Security Insights training. My name is Milad Aslaner I m part of the Premier Field Engineering

More information

vtpm: Virtualizing the Trusted Platform Module

vtpm: Virtualizing the Trusted Platform Module vtpm: Virtualizing the Trusted Platform Module Stefan Berger Ramón Cáceres Kenneth A. Goldman Ronald Perez Reiner Sailer Leendert van Doorn {stefanb, caceres, kgoldman, ronpz, sailer, leendert}@us.ibm.com

More information

OVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011

OVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011 OVAL+TPM A Case Study in Enterprise Trusted Computing Ariel Segall June 21, 2011 Approved for Public Release: 11-0144. Distribution Unlimited. c 2011. All Rights Reserved. (1/15) Motivation Goal: Demonstrate

More information

OSes. Arvind Seshadri Mark Luk Ning Qu Adrian Perrig SOSP2007. CyLab of CMU. SecVisor: A Tiny Hypervisor to Provide

OSes. Arvind Seshadri Mark Luk Ning Qu Adrian Perrig SOSP2007. CyLab of CMU. SecVisor: A Tiny Hypervisor to Provide SecVisor: A Seshadri Mark Luk Ning Qu CyLab of CMU SOSP2007 Outline Introduction Assumption SVM Background Design Problems Implementation Kernel Porting Evaluation Limitation Introducion Why? Only approved

More information

Using the TPM: Authentication and Attestation

Using the TPM: Authentication and Attestation Using the TPM: Machine Ariel Segall ariels@alum.mit.edu Day 2 Approved for Public Release: 12-2749. Distribution unlimited License All materials are licensed under a Creative Commons Share Alike license.

More information

Trustworthy Computing

Trustworthy Computing Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with

More information

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013 Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin DefCon 2013 Time-Bound Keys Announcements New tool: TimedKey.exe New whitepaper: Trusted Tamperproof Time on Mobile

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems Using the to Solve Today s Most Urgent Cybersecurity Problems May 20, 2014 10:00AM PDT 2 Stacy Cannady, Technical Marketing Trustworthy Computing, Cisco Stacy Cannady, CISSP, is technical marketing - Trustworthy

More information

On the security of Virtual Machine migration and related topics

On the security of Virtual Machine migration and related topics Master thesis On the security of Virtual Machine migration and related topics Ramya Jayaram Masti Submitted in fulfillment of the requirements of Master of Science in Computer Science Department of Computer

More information

Embedding Trust into Cars Secure Software Delivery and Installation

Embedding Trust into Cars Secure Software Delivery and Installation Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop

More information

TPM Key Backup and Recovery. For Trusted Platforms

TPM Key Backup and Recovery. For Trusted Platforms TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents

More information

Example of Standard API

Example of Standard API 16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface

More information

Assertion Framework for BYOD. Chris Daly General Dynamics C4 Systems Chris.daly@gdc4s.com

Assertion Framework for BYOD. Chris Daly General Dynamics C4 Systems Chris.daly@gdc4s.com Assertion Framework for BYOD Chris Daly General Dynamics C4 Systems Chris.daly@gdc4s.com Overview BYOD Problems, Requirements, and Scenarios What is an assertion? Why trust assertions for BYOD? Keys to

More information

Secure Wireless Application Platform

Secure Wireless Application Platform Texas Instruments SW@P Secure Wireless Application Platform New Challenges for Wireless Handsets Open Environment Multi-application, Interoperability Multiple Access Data Paths GSM/GPRS, EDGE, 802.11,

More information

Frontiers in Cyber Security: Beyond the OS

Frontiers in Cyber Security: Beyond the OS 2013 DHS S&T/DoD ASD (R&E) CYBER SECURITY SBIR WORKSHOP Frontiers in Cyber Security: Beyond the OS Clear Hat Consulting, Inc. Sherri Sparks 7/23/13 Company Profile CHC was founded in 2007 by S. Sparks

More information

Penetration Testing Windows Vista TM BitLocker TM

Penetration Testing Windows Vista TM BitLocker TM Penetration Testing BitLocker TM Drive Encryption Douglas MacIver Penetration Engineer System Integrity Group, Corporation Hack In The Box 2006/09/21 2006 Corporation. All rights reserved. Trustworthy

More information

Hardware Security for Device Authentication in the Smart Grid

Hardware Security for Device Authentication in the Smart Grid Hardware Security for Device Authentication in the Smart Grid Andrew J. Paverd and Andrew P. Martin Department of Computer Science, University of Oxford, UK {andrew.paverd,andrew.martin}@cs.ox.ac.uk Abstract.

More information

TCG PC Client Specific Implementation Specification for Conventional BIOS

TCG PC Client Specific Implementation Specification for Conventional BIOS TCG PC Client Specific Implementation Specification for Conventional BIOS Specification Version 1.21 Errata Revision 1.00 February 24 th, 2012 For TPM Family 1.2; Level 2 Contact: admin@trustedcomputinggroup.org

More information

HP Compaq dc7800p Business PC with Intel vpro Processor Technology and Virtual Appliances

HP Compaq dc7800p Business PC with Intel vpro Processor Technology and Virtual Appliances HP Compaq dc7800p Business PC with Intel vpro Processor Technology and Virtual Appliances Introduction............................................................ 2 What is Virtualization?....................................................2

More information

Attacking Hypervisors via Firmware and Hardware

Attacking Hypervisors via Firmware and Hardware Attacking Hypervisors via Firmware and Hardware Alex Matrosov (@matrosov), Mikhail Gorobets, Oleksandr Bazhaniuk (@ABazhaniuk), Andrew Furtak, Yuriy Bulygin (@c7zero) Advanced Threat Research Agenda Hypervisor

More information

Windows Server Virtualization & The Windows Hypervisor

Windows Server Virtualization & The Windows Hypervisor Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick

More information

Virtualization. Dr. Yingwu Zhu

Virtualization. Dr. Yingwu Zhu Virtualization Dr. Yingwu Zhu What is virtualization? Virtualization allows one computer to do the job of multiple computers. Virtual environments let one computer host multiple operating systems at the

More information

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014) Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014) ManolisMarazakis (maraz@ics.forth.gr) Institute of Computer Science (ICS) Foundation

More information

Leveraging Thin Hypervisors for Security on Embedded Systems

Leveraging Thin Hypervisors for Security on Embedded Systems Leveraging Thin Hypervisors for Security on Embedded Systems Christian Gehrmann A part of Swedish ICT What is virtualization? Separation of a resource or request for a service from the underlying physical

More information

Too Young to be Secure: Analysis of UEFI Threats and Vulnerabilities

Too Young to be Secure: Analysis of UEFI Threats and Vulnerabilities St. Petersburg State University of Aerospace Instrumentation Department of Information Systems Security Too Young to be Secure: Analysis of UEFI Threats and Vulnerabilities Anton Sergeev Vladimir Bashun

More information

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker

More information

Optimizing ARM Cortex-A9 support in Windows Embedded Compact

Optimizing ARM Cortex-A9 support in Windows Embedded Compact Optimizing ARM Cortex-A9 support in Windows Embedded Compact A DISCUSSION OF RANDOM HANGS AND OTHER ISSUES USING WINDOWS EMBEDDED COMPACT ON FREESCALE I.MX6 APPLICATION PROCESSOR AND HOW THEY WERE SOLVED

More information

WIND RIVER SECURE ANDROID CAPABILITY

WIND RIVER SECURE ANDROID CAPABILITY WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion

More information

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone Comprehensive Security for Internet-of-Things Devices With ARM TrustZone Howard Williams mentor.com/embedded Internet-of-Things Trends The world is more connected IoT devices are smarter and more complex

More information

TECHNISCHE UNIVERSITÄT MÜNCHEN. Lehrstuhl für Datenverarbeitung. Runtime integrity framework based on trusted computing.

TECHNISCHE UNIVERSITÄT MÜNCHEN. Lehrstuhl für Datenverarbeitung. Runtime integrity framework based on trusted computing. TECHNISCHE UNIVERSITÄT MÜNCHEN Lehrstuhl für Datenverarbeitung Runtime integrity framework based on trusted computing Chun Hui Suen Vollständiger Abdruck der von der Fakultät für Elektrotechnik und Informationstechnik

More information

Unicorn: Two-Factor Attestation for Data Security

Unicorn: Two-Factor Attestation for Data Security Unicorn: Two-Factor Attestation for Data Security Mohammad Mannan Concordia Institute for Information Systems Engineering Concordia University Montreal, Canada Beom Heyn Kim Computer Science University

More information

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot presented by Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot UEFI Spring Plugfest May 18-22, 2015 Gabe Stocco, Scott Anderson, Suhas Manangi Updated 2011-06-01 UEFI Plugfest May 2015 www.uefi.org

More information

Virtualization as an Enabler for Security in Mobile Devices

Virtualization as an Enabler for Security in Mobile Devices Virtualization as an Enabler for Security in Mobile Devices Jörg Brakensiek, Nokia Research Center Palo Alto Axel Dröge, Martin Botteck, Nokia Research Center Bochum Hermann Härtig, Adam Lackorzynski,

More information

Agenda. BitLocker Drive. BitLocker Drive Encryption Hardware Enhanced Data Protection. BitLocker And TPM Features

Agenda. BitLocker Drive. BitLocker Drive Encryption Hardware Enhanced Data Protection. BitLocker And TPM Features BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker

More information

Attestation and Authentication Protocols Using the TPM

Attestation and Authentication Protocols Using the TPM Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all

More information

Intel Trusted Execution Technology

Intel Trusted Execution Technology white paper Intel Trusted Execution Technology Intel Trusted Execution Technology Hardware-based Technology for Enhancing Server Platform Security Executive Summary A building is only as good as its foundation.

More information

Trusted Virtual Datacenter Radically simplified security management

Trusted Virtual Datacenter Radically simplified security management IBM T. J. Watson Research Center Trusted Virtual Datacenter Radically simplified security management Stefan Berger, Ramón Cáceres, Dimitrios Pendarakis, Reiner Sailer, Ray Valdez Secure Systems Department,

More information

Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture

Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture Amit Vasudevan 1, Jonathan M. McCune 1, Ning Qu 2, Leendert van Doorn 3, and Adrian Perrig 1 1 CyLab, Carnegie

More information

Making Bitcoin Exchanges Transparent

Making Bitcoin Exchanges Transparent Making Bitcoin Exchanges Transparent Christian Decker, James Guthrie, Jochen Seidel, and Roger Wattenhofer Distributed Computing Group, ETH Zurich, Switzerland {cdecker,guthriej,seidelj,wattenhofer}@ethz.ch

More information

Delivering Quality in Software Performance and Scalability Testing

Delivering Quality in Software Performance and Scalability Testing Delivering Quality in Software Performance and Scalability Testing Abstract Khun Ban, Robert Scott, Kingsum Chow, and Huijun Yan Software and Services Group, Intel Corporation {khun.ban, robert.l.scott,

More information

Improving End-user Security and Trustworthiness of TCG-Platforms

Improving End-user Security and Trustworthiness of TCG-Platforms Improving End-user Security and Trustworthiness of TCG-Platforms Klaus Kursawe, kursawe@acm.org Christian Stüble Saarland University, Germany stueble@acm.org September 29, 2003 Abstract Over the last two

More information

Full and Para Virtualization

Full and Para Virtualization Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels

More information

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber

More information

Virtualization. Michael Tsai 2015/06/08

Virtualization. Michael Tsai 2015/06/08 Virtualization Michael Tsai 2015/06/08 What is virtualization? Let s first look at a video from VMware http://bcove.me/x9zhalcl Problems? Low utilization Different needs DNS DHCP Web mail 5% 5% 15% 8%

More information

Secure data processing: Blind Hypervision

Secure data processing: Blind Hypervision Secure data processing: Blind Hypervision P. Dubrulle, R. Sirdey, E. Ohayon, P. Dore and M. Aichouch CEA LIST Contact : paul.dubrulle@cea.fr www.cea.fr Cliquez pour modifier le style Introduction titre

More information

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool Outline CS 6V81-05: System Security and Malicious Code Analysis Overview of System ization: The most powerful platform for program analysis and system security Zhiqiang Lin Department of Computer Science

More information

The Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology

The Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology 3. The Lagopus SDN Software Switch Here we explain the capabilities of the new Lagopus software switch in detail, starting with the basics of SDN and OpenFlow. 3.1 SDN and OpenFlow Those engaged in network-related

More information

Multi-core Curriculum Development at Georgia Tech: Experience and Future Steps

Multi-core Curriculum Development at Georgia Tech: Experience and Future Steps Multi-core Curriculum Development at Georgia Tech: Experience and Future Steps Ada Gavrilovska, Hsien-Hsin-Lee, Karsten Schwan, Sudha Yalamanchili, Matt Wolf CERCS Georgia Institute of Technology Background

More information

Virtualization. Types of Interfaces

Virtualization. Types of Interfaces Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity

More information

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study CS 377: Operating Systems Lecture 25 - Linux Case Study Guest Lecturer: Tim Wood Outline Linux History Design Principles System Overview Process Scheduling Memory Management File Systems A review of what

More information

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Cautions When Using BitLocker Drive Encryption on PRIMERGY Cautions When Using BitLocker Drive Encryption on PRIMERGY July 2008 Fujitsu Limited Table of Contents Preface...3 1 Recovery mode...4 2 Changes in hardware configurations...5 3 Prior to hardware maintenance

More information

Trusted VM Snapshots in Untrusted Cloud Infrastructures

Trusted VM Snapshots in Untrusted Cloud Infrastructures Trusted VM Snapshots in Untrusted Cloud Infrastructures Abhinav Srivastava 1, Himanshu Raj 2, Jonathon Giffin 3, Paul England 2 1 AT&T Labs Research 2 Microsoft Research 3 School of Computer Science, Georgia

More information

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber

More information

Floodgate Security Framework

Floodgate Security Framework Floodgate Security Framework Security Framework for Embedded Devices As cybercriminals are now targeting non -conventional electronic appliances such as battery chargers, mobile phones, smart meters and

More information

Trusted Virtual Platforms: A Key Enabler for Converged Client Devices

Trusted Virtual Platforms: A Key Enabler for Converged Client Devices Trusted Virtual Platforms: A Key Enabler for Converged Client Devices Chris I Dalton, David Plaquin, Wolfgang Weidner, Dirk Kuhlmann, Boris Balacheff, Richard Brown HP Laboratories, Filton Road, Bristol

More information

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed

More information

A Perspective on the Evolution of Mobile Platform Security Architectures

A Perspective on the Evolution of Mobile Platform Security Architectures A Perspective on the Evolution of Mobile Platform Security Architectures N. Asokan Nokia Research Center Joint work with Kari Kostiainen, Jan-Erik Ekberg, Elena Reshetova (Intel) Padova, July 2012 1 Introduction

More information

Dell Client BIOS: Signed Firmware Update

Dell Client BIOS: Signed Firmware Update Dell Client BIOS: Signed Firmware Update An Implementation and Deployment Guide to NIST SP800-147 BIOS Protections for Dell Client BIOS Rick Martinez Dell Client BIOS This white paper is for informational

More information

COS 318: Operating Systems

COS 318: Operating Systems COS 318: Operating Systems OS Structures and System Calls Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Outline Protection mechanisms

More information

9/26/2011. What is Virtualization? What are the different types of virtualization.

9/26/2011. What is Virtualization? What are the different types of virtualization. CSE 501 Monday, September 26, 2011 Kevin Cleary kpcleary@buffalo.edu What is Virtualization? What are the different types of virtualization. Practical Uses Popular virtualization products Demo Question,

More information

Establishing and Sustaining System Integrity via Root of Trust Installation

Establishing and Sustaining System Integrity via Root of Trust Installation Establishing and Sustaining System Integrity via Root of Trust Installation Luke St.Clair, Joshua Schiffman, Trent Jaeger, Patrick McDaniel Systems and Internet Infrastructure Security Laboratory The Pennsylvania

More information

Mobile Platform Security Architectures A perspective on their evolution

Mobile Platform Security Architectures A perspective on their evolution Mobile Platform Security Architectures A perspective on their evolution N. Asokan Kari Kostiainen 1 NA, KKo, JEE, Nokia Resarch Center 2011-2012 Introduction Recent interest in smartphone security 2 NA,

More information

IOS110. Virtualization 5/27/2014 1

IOS110. Virtualization 5/27/2014 1 IOS110 Virtualization 5/27/2014 1 Agenda What is Virtualization? Types of Virtualization. Advantages and Disadvantages. Virtualization software Hyper V What is Virtualization? Virtualization Refers to

More information

AMD MEMORY ENCRYPTION

AMD MEMORY ENCRYPTION White Paper AMD MEMORY ENCRYPTION April 21, 2016 David Kaplan, Jeremy Powell, Tom Woller DISCLAIMER The information contained herein is for informational purposes only, and is subject to change without

More information

VMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D

VMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D ware and CPU Virtualization Technology Jack Lo Sr. Director, R&D This presentation may contain ware confidential information. Copyright 2005 ware, Inc. All rights reserved. All other marks and names mentioned

More information

Booting Embedded Systems

Booting Embedded Systems Booting Embedded Systems 1 Outline Overview of Boot Loader Functional Blocks of Boot Loader Introduction and Comparison of uclinux Boot Loader, Das U-Boot and RedBoot Reference 2 Overview of Boot Loader

More information

Hardware Based Virtualization Technologies. Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect

Hardware Based Virtualization Technologies. Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect Hardware Based Virtualization Technologies Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect Outline What is Virtualization? Evolution of Virtualization AMD Virtualization AMD s IO Virtualization

More information

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces Software Engineering, Lecture 4 Decomposition into suitable parts Cross cutting concerns Design patterns I will also give an example scenario that you are supposed to analyse and make synthesis from The

More information

Multi-core Programming System Overview

Multi-core Programming System Overview Multi-core Programming System Overview Based on slides from Intel Software College and Multi-Core Programming increasing performance through software multi-threading by Shameem Akhter and Jason Roberts,

More information

Computer Setup User Guide

Computer Setup User Guide Computer Setup User Guide Copyright 2008 Hewlett-Packard Development Company, L.P. Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license. Intel is a trademark

More information

CS 3530 Operating Systems. L02 OS Intro Part 1 Dr. Ken Hoganson

CS 3530 Operating Systems. L02 OS Intro Part 1 Dr. Ken Hoganson CS 3530 Operating Systems L02 OS Intro Part 1 Dr. Ken Hoganson Chapter 1 Basic Concepts of Operating Systems Computer Systems A computer system consists of two basic types of components: Hardware components,

More information