TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh

Slides:



Advertisements
Similar presentations
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Advertisements

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Vpn-info.com.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Towards Application Security On Untrusted OS
Virtualization for Cloud Computing
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Virtual Machines Xen and Terra Rajan Palanivel. Xen and Terra : Papers Xen and the art of virtualization. -Univ. of Cambridge Terra: A VM based platform.
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Security Vulnerabilities in A Virtual Environment
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Introduction Why are virtual machines interesting?
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
1 Information Security – Theory vs. Reality , Winter Lecture 12: Trusted computing architecture (cont.), Eran Tromer Slides credit:
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources 1.
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.
Virtualization for Cloud Computing
Web Applications Security Cryptography 1
Hardware-rooted Trust for Secure Key Management & Transient Trust
Trusted Computing and the Trusted Platform Module
Security Outline Encryption Algorithms Authentication Protocols
Virtualization Review and Discussion
Done By: Ashlee Lizarraga Ricky Usher Jacinto Roches Eli Gomez
Hardware security: The use of a Trusted Platform Module
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Trusted Computing and the Trusted Platform Module
Outline What does the OS protect? Authentication for operating systems
Hardware Cryptographic Coprocessor
Outline What does the OS protect? Authentication for operating systems
Message Digest Cryptographic checksum One-way function Relevance
Virtualization Techniques
Assignment #7 – Solutions
Sai Krishna Deepak Maram, CS 6410
SCONE: Secure Linux Containers Environments with Intel SGX
ONLINE SECURE DATA SERVICE
ONIE for QCA ARM based AP platforms
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.
Designed for powerful live monitoring of larger installations
Intel Active Management Technology
Shielding applications from an untrusted cloud with Haven
TPM, UEFI, Trusted Boot, Secure Boot
Introduction to Virtual Machines
Aimee Coughlin, Greg Cusack, Jack Wampler, Eric Keller, Eric Wustrow
Erica Burch Jesse Forrest
Introduction to Virtual Machines
Bruce Maggs (with some slides from Bryan Parno)
Bruce Maggs (with some slides from Bryan Parno)
Virtual machine monitors & Secure operation
Presentation transcript:

TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh A virtual machine-based platform for trusted computing Presented by: David Rager November 10, 2004 November 8, 2018

Why there exists a need Commodity OS too complex to build securely upon Commodity OS poorly isolate apps Only weak mechanisms for peer authentication, making secure dist. apps difficult No trusted path between users and programs (authentication) November 8, 2018

Current Solutions “Closed box” systems Good for limiting interaction but inflexible November 8, 2018

Terra Trusted Virtual Machine Monitor “Secure” applications High-assurance Tamper-resistant General-purpose platform Provide “open” or “closed-box” VMs Run existing software – highly compatible Trusted Quake to come…. November 8, 2018

Architecture November 8, 2018

Features List Isolation – multiple applications in isolation Extensibility – small vs. large OS Efficiency – virtualizable hardware costs very little Compatibility – can run many OS’s Security – relatively simple program Root Secure – cannot enter modify closed boxes Attestation – verifiable binaries Trusted Path November 8, 2018

3 Means to Attestation Certifying the Chain Private key embedded Signed by hardware vendor Hardware certifies firmware Firmware certifies bootloader Bootloader certifies TVMM TVMM certifies VMs November 8, 2018

3 Means to Attestation A component wanting to be certified: Component generates public/private key Component makes ENDORSE API call to lower level component Lower level component generates and signs certificate containing: SHA-1 hash of attestable parts of higher comp. Higher comp’s public key and application data November 8, 2018

3 Means to Attestation Certifying VM itself TVMM signs hash of all persistent data that defines the VM Includes: BIOS, executable code, constant data of the VM Does not include: temporary data This difference is application defined November 8, 2018

An Attestation Example Remote server verifies: Hardware vendor’s certificate All hashes in certificate chain in remote server’s list of authorized software Hash of VM’s attested storage is on list of authorized applications (valid version of Quicken) November 8, 2018

Concerns Vendor key revocation Privacy Interoperability of software Extracting the vendor key from tamper-resistant hardware and publishing Privacy Use Privacy Certificate Authority (PCA)? PCA translates Hardware ID into random num Group signatures (allows revocation) Interoperability of software Attestation allows software to only operate under limited conditions (monopoly power) Digital Rights Management Only play music on software that enforces limits November 8, 2018

Platform Security “root” secure Independent OS/application vulnerability Attested software !--> Secure software (duh) November 8, 2018

Storage Options Encrypted disks Integrity-checked disks Raw disks HMAC Encryption Integrity-checked disks Raw disks A disk’s hash makes up the primary ID of a VM November 8, 2018

Storage Attestation Ahead-of-Time attestation Optimistic attestation done during bootup Computations for 1 GB of data take 8 seconds on 2.4 gHz Single corrupt bit prevents booting Optimistic attestation Assumes will attest correctly Halts VM immediately on failed attestation November 8, 2018

Device Drivers Too large to be correct Protect TVMM via hardware memory protection and restricting access to sensitive interfaces Inherently insecure when outside TVMM (other OS’s could spy on comm by exploiting drivers) November 8, 2018

Hardware Support Sealed storage (key saved on disk) Can attest booted OS HW virtualization (make graphics cards and gigabit NICs fast) Secure counter (ideally a secure clock) Real-time resource management November 8, 2018

Prototype Implementation VMware GSX Server 2.0.1 w/ Debian Comm btw VMs and TVMM’s done with VMware serial device Secure storage Ahead-of-Time trivial Optimistic must hash entire block OpenSSL Library for certificate mgmt November 8, 2018

Trusted Quake Closed-box VM boots Quake directly Attests to each other that hosts (clients and servers) running same version Boot times: No attestation: 26.6 seconds Ahead-of-Time: 57.1 seconds Optimistic: 27.3 seconds Optimistic + encryption: 29.1 seconds No subjective difference in performance between ahead and optimistic November 8, 2018

Trusted Quake (cont’d) Quake maintains shared secret for comm Prevents aiming proxies Binary client integrity Prevents mods that make characters further away seem larger than they are Server integrity Prevents server from offering unfair advantages to some Only allows trusted clients to connect November 8, 2018

Trusted Quake (cont’d) Can’t prevent: Bugs Network DOS attacks (lag help) Out-of-band collusion (telephone) November 8, 2018

Trusted Access Points (TAPs) Can secure corporate VPN endpoints Prevents source forging Prevents DOS attacks Scalability November 8, 2018

Conclusion Both “open-box” and “closed-box” Hardware support helpful and even required Requires tamper-resistant hardware Optimistic attestation better Like current VMware products, but with emphasis on security Provides peer attestation November 8, 2018

Resources http://www.vmware.com/products/server/gsx_features.html Terra: A Virtual Machine-Based Platform for Trusted Computing November 8, 2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.