Presentation is loading. Please wait.

Presentation is loading. Please wait.

TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh

Published byLucas Strickland Modified over 6 years ago

Similar presentations

Presentation on theme: "TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh"— Presentation transcript:

1 TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh
A virtual machine-based platform for trusted computing Presented by: David Rager November 10, 2004 November 8, 2018

2 Why there exists a need Commodity OS too complex to build securely upon Commodity OS poorly isolate apps Only weak mechanisms for peer authentication, making secure dist. apps difficult No trusted path between users and programs (authentication) November 8, 2018

3 Current Solutions “Closed box” systems
Good for limiting interaction but inflexible November 8, 2018

4 Terra Trusted Virtual Machine Monitor “Secure” applications
High-assurance Tamper-resistant General-purpose platform Provide “open” or “closed-box” VMs Run existing software – highly compatible Trusted Quake to come…. November 8, 2018

5 Architecture November 8, 2018

6 Features List Isolation – multiple applications in isolation
Extensibility – small vs. large OS Efficiency – virtualizable hardware costs very little Compatibility – can run many OS’s Security – relatively simple program Root Secure – cannot enter modify closed boxes Attestation – verifiable binaries Trusted Path November 8, 2018

7 3 Means to Attestation Certifying the Chain Private key embedded
Signed by hardware vendor Hardware certifies firmware Firmware certifies bootloader Bootloader certifies TVMM TVMM certifies VMs November 8, 2018

8 3 Means to Attestation A component wanting to be certified:
Component generates public/private key Component makes ENDORSE API call to lower level component Lower level component generates and signs certificate containing: SHA-1 hash of attestable parts of higher comp. Higher comp’s public key and application data November 8, 2018

9 3 Means to Attestation Certifying VM itself
TVMM signs hash of all persistent data that defines the VM Includes: BIOS, executable code, constant data of the VM Does not include: temporary data This difference is application defined November 8, 2018

10 An Attestation Example
Remote server verifies: Hardware vendor’s certificate All hashes in certificate chain in remote server’s list of authorized software Hash of VM’s attested storage is on list of authorized applications (valid version of Quicken) November 8, 2018

11 Concerns Vendor key revocation Privacy Interoperability of software
Extracting the vendor key from tamper-resistant hardware and publishing Privacy Use Privacy Certificate Authority (PCA)? PCA translates Hardware ID into random num Group signatures (allows revocation) Interoperability of software Attestation allows software to only operate under limited conditions (monopoly power) Digital Rights Management Only play music on software that enforces limits November 8, 2018

12 Platform Security “root” secure
Independent OS/application vulnerability Attested software !--> Secure software (duh) November 8, 2018

13 Storage Options Encrypted disks Integrity-checked disks Raw disks
HMAC Encryption Integrity-checked disks Raw disks A disk’s hash makes up the primary ID of a VM November 8, 2018

14 Storage Attestation Ahead-of-Time attestation Optimistic attestation
done during bootup Computations for 1 GB of data take 8 seconds on 2.4 gHz Single corrupt bit prevents booting Optimistic attestation Assumes will attest correctly Halts VM immediately on failed attestation November 8, 2018

15 Device Drivers Too large to be correct
Protect TVMM via hardware memory protection and restricting access to sensitive interfaces Inherently insecure when outside TVMM (other OS’s could spy on comm by exploiting drivers) November 8, 2018

16 Hardware Support Sealed storage (key saved on disk)
Can attest booted OS HW virtualization (make graphics cards and gigabit NICs fast) Secure counter (ideally a secure clock) Real-time resource management November 8, 2018

17 Prototype Implementation
VMware GSX Server w/ Debian Comm btw VMs and TVMM’s done with VMware serial device Secure storage Ahead-of-Time trivial Optimistic must hash entire block OpenSSL Library for certificate mgmt November 8, 2018

18 Trusted Quake Closed-box VM boots Quake directly
Attests to each other that hosts (clients and servers) running same version Boot times: No attestation: 26.6 seconds Ahead-of-Time: 57.1 seconds Optimistic: 27.3 seconds Optimistic + encryption: 29.1 seconds No subjective difference in performance between ahead and optimistic November 8, 2018

19 Trusted Quake (cont’d)
Quake maintains shared secret for comm Prevents aiming proxies Binary client integrity Prevents mods that make characters further away seem larger than they are Server integrity Prevents server from offering unfair advantages to some Only allows trusted clients to connect November 8, 2018

20 Trusted Quake (cont’d)
Can’t prevent: Bugs Network DOS attacks (lag help) Out-of-band collusion (telephone) November 8, 2018

21 Trusted Access Points (TAPs)
Can secure corporate VPN endpoints Prevents source forging Prevents DOS attacks Scalability November 8, 2018

22 Conclusion Both “open-box” and “closed-box”
Hardware support helpful and even required Requires tamper-resistant hardware Optimistic attestation better Like current VMware products, but with emphasis on security Provides peer attestation November 8, 2018

23 Resources http://www.vmware.com/products/server/gsx_features.html
Terra: A Virtual Machine-Based Platform for Trusted Computing November 8, 2018

Download ppt "TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh"

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Vpn-info.com.

Vpn-info.com.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.

Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Virtual Machines Xen and Terra Rajan Palanivel. Xen and Terra : Papers Xen and the art of virtualization. -Univ. of Cambridge Terra: A VM based platform.

Virtual Machines Xen and Terra Rajan Palanivel. Xen and Terra : Papers Xen and the art of virtualization. -Univ. of Cambridge Terra: A VM based platform.
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Similar presentations

Ads by Google