PPTX

Report
Bootstrapping Trust in
Commodity Computers
Bryan Parno, Jonathan McCune, Adrian Perrig
Carnegie Mellon University
1
A Travel Story
2
Trust is Critical
Will I regret
having done this?
3
Does program P compute F?
Is F what the programmer intended?
Bootstrapping Trust
What F will this machine compute?
XOther
YOther
F
XAlice
YAlice
4
Bootstrapping Trust is Hard!
Challenges:
• Hardware assurance
• Ephemeral software
App
AppApp
App
App
App
1 4 5 N23
• User Interaction
Module
1
Module
3
OS
Safe?
Yes!
S15
(
(
)
)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Module
Module
2
4
^
H( )
5
Bootstrapping Trust is Hard!
Challenges:
• Hardware assurance
• Ephemeral software
• User Interaction
Safe?
Evil
App
Evil
OS
Yes!
6
In the paper…
• Bootstrapping foundations
• Transmitting bootstrap data
• Interpretation
• Validation
• Applications
• Human factors
• Limitations
• Future directions
• … and much more!
7
1) Establish Trust in Hardware
• Hardware is durable
• Establish trust via:
– Trust
in the manufacturer
Open
Question:
Can we do better?
– Physical security
8
2) Establish Trust in Software
• Software is ephemeral
• We care about the software
currently in control
• Many properties matter:
– Proper control flow
– Type safety
– Correct information flow
App
1
…
App
N
OS
Which property matters most?
…
9
A Simple Thought Experiment
• Imagine a perfect algorithm for analyzing control flow
– Guarantees a program always follows intended control flow
• Does this suffice to bootstrap trust?
Respects
Type Safe
control flow
No!
We want code identity
P
10
What is Code Identity?
• An attempt to capture the behavior of a program
• Current state of the art is the collection of:
–
–
–
–
Program binary
Function f
Program libraries
Program configuration files
Inputs to f
Initial inputs
• Often condensed into a hash of the above
11
Code Identity as Trust Foundation
• From code identity, you may be able to infer:
– Proper control flow
– Type safety
– Correct information flow
…
• Reverse is not true!
12
What Can Code Identity Do For You?
• Research applications
• Secure the boot process
• Count-limit objects
• Improve security of
network protocols
• Thwart insider attacks
• Protect passwords
• Create a Trusted Third Party
• Commercial applications
•
•
•
•
Secure disk encryption (e.g., Bitlocker)
Improve network access control
Secure boot on mobile phones
Validate cloud computing platforms
13
Establishing Code Identity
[Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],…
YOther
XOther
F
XAlice
YAlice
14
Establishing Code Identity
[Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],…
YOther
XOther
f1
XAlice
f2
…
fN
YAlice
15
Establishing Code Identity
[Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],…
Chain of Trust
Root of
Trust
?
Software
1
...
Software
N-1
Software
N
16
Trusted Boot: Recording Code Identity
Root of
Trust
[Gasser et al. ’89], [England et al. ‘03], [Sailer et al. ‘04],…
Software
1
SW
1
...
SW
2
Software
N-1
SW
N-1
Software
N
SW
N
17
Attestation:
Conveying Records to an External Entity
[Gasser et al. ‘89], [Arbaugh et al. ‘97], [England et al. ‘03], [Sailer et al. ’04]…
Software
Software
random #
N-1
1
...
(
K
Sign
SW
1
SW SW SW SW
1 2 N-1 N
#
priv SW randomSW
2
Software
N
)
N-1
SW
N
Controls Kpriv
18
Interpreting Code Identity
App 1…N
Drivers 1…N
Traditional
[Gasser et al. ‘89], [Sailer et al. ‘04]
Policy Enforcement
[Marchesini et al. ‘04], [Jaeger et al. ’06]
OS
Bootloader
Option ROMs
BIOS
19
Interpreting Code Identity
Traditional
[Gasser et al. ‘89], [Sailer et al. ‘04]
Virtual
Machine
Policy Enforcement
[Marchesini et al. ‘04], [Jaeger et al. ’06]
Virtualization
[England et al. ‘03], [Garfinkel et al. ‘03]
Virtual Machine Monitor
Bootloader
Option ROMs
BIOS
20
Interpreting Code Identity
Traditional
[Gasser et al. ‘89], [Sailer et al. ‘04]
VMM
Virtual
Machine
OS
Virtual Machine Monitor
Policy Enforcement
[Marchesini et al. ‘04], [Jaeger et al. ’06]
Virtualization
[England et al. ‘03], [Garfinkel et al. ‘03]
Late Launch
[Kauer et al. ‘07], [Grawrock ‘08]
Bootloader
Option ROMs
BIOS
21
Interpreting Code Identity
Traditional
[Gasser et al. ‘89], [Sailer et al. ‘04]
Flicker
Policy Enforcement
[Marchesini et al. ‘04], [Jaeger et al. ’06]
OS
S
Virtualization
[England et al. ‘03], [Garfinkel et al. ‘03]
Late Launch
[Kauer et al. ‘07], [Grawrock ‘08]
Flicker
Targeted Late Launch
[McCune et al. ‘07]
Attested
22
Interpreting Code Identity
App 1…N
Drivers 1…N
OS
S
Flicker
Bootloader
Option ROMs
BIOS
23
Load-Time vs. Run-Time Properties
• Code identity provides load-time guarantees
• What about run time?
• Approach #1: Static transformation [Erlingsson et al. ‘06]
Run-Time Policy
Code
Compiler
Attested
Code’
24
Load-Time vs Run-Time Properties
• Code identity provides load-time guarantees
• What about run time?
• Approach #1: Static transformation [Erlingsson et al. ‘06]
Open Question:
• Approach #2: Run-Time Enforcement layer
How can we get complete run-time
[Haldar et al. ‘04],properties?
[Kil et al. ‘09]
Attested
Code
Enforcer
Run Time
Load Time
25
Roots of Trust
Cheaper
0 0 4 2
• General
• General
• Special
• Timing-based
purpose
purpose
purpose
attestation
Open Question:
• Tamper
• No physical
• Require
What functionality
do we need in hardware?
responding
defenses
detailed HW
knowledge
[Weingart ‘87]
[White et al. ‘91]
[Yee ‘94]
[Smith et al. ‘99]
…
[ARM TrustZone ‘04]
[TCG ‘04]
[Zhuang et al. ‘04]
…
[Chun et al. ‘07]
[Levin et al. ‘09]
[Spinellis et al. ‘00]
[Seshadri et al. ‘05]
…
26
Human Factors
SW SW SW SW
1 2 N-1 N
Open Questions:
SW SW
How should SW1 SW2 N-1
be communicated to Alice?
N
What does Alice do with a failed attestation?
How can Alice trust her device?
27
Conclusions
• Code identity is critical to bootstrapping trust
• Assorted hardware roots of trust available
• Many open questions remain!
Thank you!
[email protected]
28

similar documents