Implementing an Untrusted Operating System on Trusted Hardware

Similar documents
ARCHITECTURAL SUPPORT FOR COPY AND TAMPER-RESISTANT SOFTWARE

Certifying Program Execution with Secure Processors

Table 1. User Instructions

The Reduced Address Space (RAS) for Application Memory Authentication

Operating System Impact on SMT Architecture

Trusted Platforms for Homeland Security

An Implementation Of Multiprocessor Linux

ELEC 377. Operating Systems. Week 1 Class 3

Making Multicore Work and Measuring its Benefits. Markus Levy, president EEMBC and Multicore Association

ERserver. iseries. Secure Sockets Layer (SSL)

Secure Network Communications FIPS Non Proprietary Security Policy

ERserver. iseries. Securing applications with SSL

FileCloud Security FAQ

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Networking Operating Systems (CO32010)

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

SQL Server Encryption Overview. September 2, 2015

CRYPTOGRAPHY AS A SERVICE

Ciphire Mail. Abstract

Full and Para Virtualization

Secure data storage. André Zúquete Security 1

Secure Cloud Storage and Computing Using Reconfigurable Hardware

HOW ENCRYPTION WORKS. Introduction to BackupEDGE Data Encryption. Technology Overview. Strong Encryption BackupEDGE

SecureME: A Hardware-Software Approach to Full System Security

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study

12. Introduction to Virtual Machines

File System Encryption with Integrated User Management

Thread level parallelism

Signal Customized Helpdesk Course

Offline HW/SW Authentication for Reconfigurable Platforms

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

SAN Data Encryption System on iscsi

1. Computer System Structure and Components

OPTIMIZE DMA CONFIGURATION IN ENCRYPTION USE CASE. Guillène Ribière, CEO, System Architect

Secure Storage. Lost Laptops

Vormetric and SanDisk : Encryption-at-Rest for Active Data Sets

Operating Systems. Lecture 03. February 11, 2013

Encrypt-FS: A Versatile Cryptographic File System for Linux

COMPUTER ORGANIZATION ARCHITECTURES FOR EMBEDDED COMPUTING

Oracle Database 11g: Security

GostCrypt User Guide. Laboratoire de Cryptologie et de Virologie Opérationnelles - France

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

BroadSAFE Enhanced IP Phone Networks

Advanced Encryption Standard (AES) User's Guide

IoT Security Platform

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

Real Time Programming: Concepts

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

tcpcrypt Andrea Bittau, Dan Boneh, Mike Hamburg, Mark Handley, David Mazières, Quinn Slack Stanford, UCL

CPS221 Lecture: Operating System Structure; Virtual Machines

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

IoT Security Concerns and Renesas Synergy Solutions

How To Secure My Data

KeyStone Architecture Security Accelerator (SA) User Guide

Oracle Database 11g: Security. What you will learn:

USB Portable Storage Device: Security Problem Definition Summary

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

The Benefits of POWER7+ and PowerVM over Intel and an x86 Hypervisor

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Carlos Villavieja, Nacho Navarro Arati Baliga, Liviu Iftode

System Virtual Machines

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

A Powerful solution for next generation Pcs

Lab 7. Answer. Figure 1

Oracle Database 11g: Security

Embedded Parallel Computing

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

EMC DATA DOMAIN ENCRYPTION A Detailed Review

Hardware accelerated Virtualization in the ARM Cortex Processors

A Comparative Study of Applying Real- Time Encryption in Cloud Computing Environments

Intel Software Guard Extensions(Intel SGX) Carlos Rozas Intel Labs November 6, 2013

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

The Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology

Sync Security and Privacy Brief

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

TABLE OF CONTENTS. pg. 02 pg. 02 pg. 02 pg. 03 pg. 03 pg. 04 pg. 04 pg. 05 pg pg. 10. Feature-Benefit Summary How It Works. 1

Lecture 12: Software protection techniques. Software piracy protection Protection against reverse engineering of software

Network Attached Storage. Jinfeng Yang Oct/19/2015

Snow Agent System Pilot Deployment version

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

NotifyLink Enterprise Edition GroupWise Version White Paper

Analyzing the Security Schemes of Various Cloud Storage Services

Using Synology SSD Technology to Enhance System Performance Synology Inc.

Stratusphere. Architecture Overview

Why your next Phone System should be software based and running on a mainstream operating system

Technical Bulletin. Enabling Arista Advanced Monitoring. Overview

Encrypted File Systems. Don Porter CSE 506

Security Policy for FIPS Validation

Chapter 1 Computer System Overview

TRACE PERFORMANCE TESTING APPROACH. Overview. Approach. Flow. Attributes

SecureDoc Disk Encryption Cryptographic Engine

FIPS Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Managed Portable Security Devices

Secure web transactions system

Transcription:

Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research, and Stanford University 1

Protection in Systems: Hardware Approach Many platforms exist where trust is placed in hardware: Trust Computing Platform Alliance (TCPA) Microsoft s Palladium (NGSCB) Intel LaGrande Architecture Advantages of hardware approach Better tamper-resistance Less dependent on OS correctness for security Trust in hardware means less trust (or no) in OS We need to rethink operating system design 2

Rethinking the Role of the OS A traditional OS performs both resource management and protection for applications But now applications and OS are mutually suspicious But applications don t trust OS to access their code and data OS must be able to interrupt applications Use XOM (execute Only Memory) as an example platform New operating system is called XOMOS XOMOS is UNIX-like, port of IRIX 6.5 Should support most standard UNIX applications 3

XOM Hardware Architecture XOM is implemented as a set of ISA extensions XOM Processor implements compartments for protection Each compartment has a unique XOM ID Architectural tags to control access to data on-chip Cryptographic mechanisms protect data off-chip XOM Processor executes encrypted code Combination of asymmetric/symmetric ciphers Private key embedded on-chip hardware 4

Entering Secure Execution Applications Enter and Exit secure execution via instructions Unencrypted Code Encrypted Code (sym) Encrypted Symmetric Key Asymmetric Decryption Module Symmetric Decryption Module Executable Code Currently executing XOM ID and Key Main Memory Private Key XOM Processor XOM Key Table Enter Exit XOM 5

Implementing Compartments Program OS Register 1 Data Register 3 Tag! Register 3 Data Tag??? Data Tag XOM Processor Problem: How does OS save registers during a trap or interrupt? 6

XOMOS Overview Implement XOM CPU in SimOS hardware simulator MIPS-based architecture with XOM ISA extensions Ported the IRIX 6.5 Operating System to run on XOM processor Main areas that need modification: Resource management of secure data Saving Registers on Interrupt, Memory Management Need support for XOM Key Table Loading/Unloading, Management Compatibility with original system Fork, Signal Handling, Shared Libraries/System Calls 7

Saving Registers OS uses save register instruction Data Look up program key based on Tag Tag Hash Data Encrypt Data OS XOM ID Store encrypted data and hash to memory XOM Key Table Enlarge the exception frame to store hash and XOM ID 8

Protecting and Managing Memory Applications use secure store instruction Registers Caches Memory Hash Data Tag Data Tag Data Secure Store: Tag is copied from register to cache Writeback: Look up Tag, Encrypt and Hash XOM Key Table Relocate data and hashes together 9

Replay Attacks and Fork An OS Fork must be differentiated from a Replay Attack Replay Attack: OS duplicates registers and replays them Fork: OS must duplicate register set and restore them Time 1 Reg A Reg A Reg A Reg A (Same Register) OS saves registers OS restores registers Replay register value Time 2 Reg B Reg B Reg A Reg A Revoke and regenerate register keys on every interrupt This hardware defense breaks traditional fork code 10

Naïve Fork Implementation Parent and Child are exactly the same, have the same XOM ID Problem: Both threads use the same register key Fork Child Process Parent Parent! Register Key Parent XOM Processor 11

Fork Solution OS must allocate a new XOM ID for child process Child has a separate XOM ID and register key Child XOM ID Process XOM ID Pre-fork: Allocate a new XOM Key Table Entry XOM ID Process XOM ID Fork: Child uses one XOM ID, the Parent uses other Parent XOM ID 12

XOM Performance Simulation The SimOS Simulator: Performance modeling processor, caches, memory and disk Simulation Parameters Memory latency increases 10% due to encryption Based on AES (Rijndael) cipher implementation Public key decryption: 400,000 cycles Once per process creation 13

Operating System Overhead Total Cycles Cache Misses IRIX XOM OV IRIX XOM OV System Call 5.7K 6.3K 11% 4.2 5.6 33% Signal Handling 31K 40K 27% 38.4 48.3 26% Fork 138K 126K -9% 1035 1058 2% OS overhead due to poor cache behavior: More cache misses due to bigger code/data footprint Should check to see if OS needs to do extra work Work is only needed if application is in compartment 14

End-to-end Application Overhead Applications use Enter/Exit XOM to execute sections securely How large to make secure sections? Executing in compartment has memory access overhead Entering/leaving compartment can cause cache misses Different compartment sizes: granularities 3 levels: Coarse, Fine, Super-Fine Applications are MPEG Decode and RSA Encryption 15

Application Overhead Turns out that granularity has little impact on performance overhead! Overheads for most applications turn out to be less than 5% If cache behavior is similar Coarse application has smallest effect on cache behavior 16

Conclusions Possible to construct an Untrusted Operating System Modest modifications Port required 1900 lines of low level code Modifications limited to low level interface to the hardware Able to support most traditional OS mechanisms Performance hit is modest (< 5%) Can run applications completely inside compartment As long as cache behavior is unaffected This is because of hardware acceleration 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information