1 2007-03-09 T-110.7200 Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Property.

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Operating System Security

Logical Attestation: An Authorization Architecture for Trustworthy Computing Emin Gün Sirer Willem de Bruijn †, Patrick Reynolds *, Alan Shieh ‡, Kevin.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin.

Software Certification and Attestation Rajat Moona Director General, C-DAC.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

© 2004 Mobile VCE June 2004 Security – Requirements and approaches to securing future mobile services Malcolm K Payne BT.

Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Ten –

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/ October 2002.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.

An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M.

The Open Source Virtual Lab: a Case Study Authors: E. Damiani, F. Frati, D. Rebeccani, M. Anisetti, V. Bellandi and U. Raimondi University of Milan Department.

1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

Verification and Validation in the Context of Domain-Specific Modelling Janne Merilinna.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University.

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK

WISTP’08 ©LAM /05/2008 A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.

Security Vulnerabilities in A Virtual Environment

Digital Rights Management and Trusted Computing Kari Kostiainen T Special Course in Operating System Security April 13 th 2007.

The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

© Drexel University Software Engineering Research Group (SERG) 1 The OASIS SOA Reference Model Brian Mitchell.

Version 02U-1 Computer Security: Art and Science1 Correctness by Construction: Developing a Commercial Secure System by Anthony Hall Roderick Chapman.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Doc.: IEEE /0098r0 Submission July 2010 Alex Reznik, et. al. (InterDigital)Slide Security Procedures Notice: This document has been.

Manu Drijvers, Joint work with Jan Camenisch, Anja Lehmann. March 9 th, 2016 Universally Composable Direct Anonymous Attestation.

Trusted Virtual Machine Images the HEPiX Point of View Tony Cass October 21 st 2011.

Chapter 6: Securing the Cloud

Trusted Computing and the Trusted Platform Module

TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh

Assignment #7 – Solutions

Erica Burch Jesse Forrest

Presentation transcript:

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Property based and Semantic Remote Attestation T Special Course in OS Security (Dan Forsberg) Two possible steps from integrity-based remote attestation to the next level: 1.Sadeghi, Ahmad-Reza and Christian Stüble (2005 ). “Property-based attestation for computing platforms: caring about properties, not mechanisms”, Proc. of the 2004 NSP, Nova Scotia, Canada ACM Press: Vivek Haldar, Deepak Chandra, and Michael Franz, “Semantic Remote attestation: A Virtual Machine Directed Approach to Trusted Computing”, USENIX Virtual Machine Research and Technology Symposium, May 2004; Winner of Best Paper Award (also Technical Report No , School of Information and Computer Science, University of California, Irvine; October 2003) Partly using excellent slides from Haldar’s presentation of the paper (e.g. the slides within the PDF document):

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Terminology Integrity-based attestation The TCG approach.. Property-based Attestation “A property of a platform describes an aspect of the behaviour of that platform regarding certain requirements, such as security related requirements (e.g. that a platform has built-in measures in accordance to the privacy laws). Hence, different platforms with different components may have different configurations while they may all offer the same properties and consequently fulfill the same requirements”, Sadeghi and Stüble “We say that a configuration C provides the property P. Further, we say that a property P i is compatible to another property P j if P i has the same security-related behaviour as P j ”, Sadeghi and Stüble Semantic Remote Attestation (slides from Haldar et al.) “Using language based virtual machines enables the remote attestation of complex, dynamic, and high-level program properties – in a platform-independent way. We call this semantic remote attestation”, Haldar et al.

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Problems with Integrity-based Attestation Sadeghi and Stüble (property-based attestation): 1.Platform discrimination (e.g. some platforms can be excluded from business models because of too many variants to check) – leads to enforcement or isolation 2.Existing proposals allow remote attestation parties to get complete information about the hardware and software configuration 3.Data sealing for a certain configuration may be lost when the configuration is updated (upgrades, patches) 4.System backups are not available to other platforms with similar hardware configurations Halder et al. (semantic attestation): 1.Integrity based attestation says nothing about program behavior 2.It is static, inexpressive and inflexible 3.How to cope with upgrades and patches (e.g. version control)? 4.How to manage with the heterogeneity of devices/platforms? 5.Revocation of the TPM?

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Ideal Model of “Property-based Attestation” Sadeghi and Stüble

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Ideal Property-based Attestation Mechanism Reqs. 1.“Security: The ideal TC only attests certified platform configurations.” 2.“Accountability: Although the TTP has to be trusted by all participants, it is desirable to be able to detect TTP's misbehavior.” 3.“Revokeability: The TTP should be able to selectively revoke TCG versions and TCG realizations under certain circumstances, e.g., if TPM has been broken.” 4.“Non-Discrimination: Challengers should neither be able to favor selected configurations nor should they get information about the configuration of the user platform.” 5.“Unlinkability: Challengers should not be able to link two different attestation sessions.” 6.“Availability: When modifying a platform configuration without changing the provided properties, access to sealed data should be possible.” 7.“Privacy: Users should be able to control which property their platforms attest.” 8.“Reduced Complexity: Security enhancements to U should not be costly. Thus, the complexity of potentially required TCG-extensions should be low.” TTP = Trusted Third Party

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level But…. In Practice Not Possible Proof-carrying code could be one starting point or possibility… “Today, not even content providers are able to formally specify the demanded properties, as it would be necessary to use proof carrying code or formal analysis” … also how to analyze the whole operating system etc.

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level  Real World Trusted Computing (TC) Component?

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Property-based Attestation Using Certificates Procedure: 1.TPM receives: a)Demanded property: P b)A public key of TTP that is trusted by the challenger: PK TTP. c)Property certificate: cert(SK TTP, P’, S’) properties P’ are provided/present with configuration S’ d)Nonce r 2.Then TPM verifies the property certificate and whether P’ == P, respectively whether S’ == S 0 3.If positive TPM generates and returns a property based attestation certificate: cert TPM := cert(SK TPM ; P, r) Issues: Fulfills requirement 5 (unlinkability) if CA-based pseudonyms are used and if DAA protocol (Direct Anonymous Attestation) can be used to blind the signature key SK TPM. Certificate revocation becomes an issue (e.g. requirement 3, revocability) Group signatures for fulfilling more requirements… “A group signature scheme allows a group member to sign messages anonymously on behalf of the group” Public group signature key presents a property P, while appropriate private group signature keys generated by TTP represent configurations providing the same property P Fulfills requirements 4 (non-discriminatory) and 5 (unlinkability)

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level … different Sets of Property Profiles Are Possible “Privacy protecting Common Criteria” Created by end-users (?) E.g. fulfills privacy laws. Attested by government (TTP). “Content-protecting profile” Created by the content providers …

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level … advantages and disadvantages Advantages: “The trust model related to the trusted computing platform (TPM) does not change, since the TPM has to be fully trusted anyway. Thus, the requirement 1 (security), 2 (accountability), and 4 (non-discrimination) can be fulfilled.” “Since the realization of property-based attestation within a TPM does not depend on external components, changes to the platform configuration cannot lead to unavailability of sealed data (see requirement 6).” How does this relate to the configuration S 0 ? Disadvantages: “The disadvantage of this approach is the additional complexity of the TPM which makes the TPM more expensive. Nevertheless, the required complexity should be acceptable compared to the complexity of the DAA protocol [7].”

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level If TPM (e.g. hw) extension is not possible?  Extend the TCG Software using Trusted Attestation Service (TAS) Separate Trusted Third Party translates attestation requests into configurations online.. Both, TAS and the OS must be fully trusted…

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level But trusting the whole OS is not realistic…  change the OS

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level  TCB (Trusted Computing Base?) Requirements.. Assumed that TAS takes care of security policy enforcement, not the TCB.. 1.“Protected Domain: The TCB has to prevent that an attacker (e.g., the local user or a concurrent application) can access or manipulate the code or the data of the application (which is similar to overwriting S 0 ). This requirement ensures that the code and the data of the TAS are protected against attacks of concurrent processes.” 2.“Secure Path: The TCB has to provide a secure path between provider and application, e.g., it has to ensure that only the provider's application can access the unsealed content. This requirement ensures that the challenger and the TAS can communicate securely.”

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Further the Property-based attestation paper discusses about… Solutions without a trusted service software module Based on by proving possession of valid property certificate Configuration blinding.. And TCB updates without loosing the sealing property (e.g. when platform configuration changes) “Update Example: Consider an operating system configuration S 0 that provides P certified by cert TTP := cert (SK TTP ; S 0 ; P). Further, the TAS uses a secret key SK that is bound to the configuration S 0. The update function allows the user of the attestor to bind SK to another configuration S i if the user can provide a certificate that states that S i provides the same properties as S 0.”

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Semantic Remote Attestation based on trusted VM Let’s see Haldar’s slides instead …

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Different approaches? Different goals?... Integrity attestation: provides proof of running system software configuration – “enforces” system configurations Semantic attestation: provides proof of the system functionality in some level – enforces security policies – also runtime and dynamic property attestation  attests program properties Haldar’s TrustedVM still depends on the integrity attestation of the underlying system Property attestation: provides a list of properties bound to the system by a Trusted Third Party – enforces system properties Integrity attestation of small part of the system, which is trusted to force security policies and configurations The way Microsoft’s NGSCB is heading?