Presentation is loading. Please wait.

Presentation is loading. Please wait.

User-mode Secret Protection (SP) architecture

Published byΚρόνος Τοκατλίδης Modified over 5 years ago

Similar presentations

Presentation on theme: "User-mode Secret Protection (SP) architecture"— Presentation transcript:

1 User-mode Secret Protection (SP) architecture
Paper and slides from: Ruby Lee, Peter Kwan, Patrick McGregor, Jeffrey Dwoskin and Zhenghong Wang, “Architecture for Protecting Critical Secrets in Microprocessors”, IEEE/ACM International Symposium on Computer Architecture (ISCA), June 2005. Princeton Architecture Laboratory for Multimedia and Security (PALMS), Princeton University

2 One User, Many Documents/Keys, Multiple Devices
1

3 Reduced security perimeter: From the box to the chip
Attacks on Devices Reduced security perimeter: From the box to the chip Physical probing Processor chip Registers On-chip cache Video Off-chip cache Main memory Network Other I/O Disk SW Access to hard disk Secure I/O SW Access in supervisor mode SW Access in OS Interrupt Handler Security vulnerabilities: Software Physical (device theft) 2

4 Distributed software-based key management
Past Work Distributed software-based key management Involves multiple servers Secure coprocessors and crypto tokens (deployed) Tamper-resistant crypto modules (IBM’s 4758) and smartcards Trusted Computing Group (TPM recently available) Industry: Microsoft NGSCB, Intel LaGrande. Recent secure processor proposals (research) XOM, AEGIS, VSCoP Our approach Lower cost, high performance, no auxiliary hardware, no permanent secret and requires minimal trusted software 3

5 Secret Protected (SP) Architecture
Security Goal: Keep user’s keys private to the user 1. New Trust Model Most SW and HW untrusted 2. Trusted software module (TSM) Securely perform operations using the keys 3. Encrypted keychain Reduce the amount of secrets needing protection 4. Concealed execution mode (CEM) Protect the execution environment of TSM 5. New processor features Very small additions to ISA Secure I/O – input of the user key. 4

6 Disjoint region of trust wrt CPU protection rings
New Trust Model TSM API Unprivileged Software Privileged Software OS Kernel Trusted Software Module User Secrets User Secrets Disjoint region of trust wrt CPU protection rings 6

7 1,000’s keys are secured by protecting 1
Hash() Pass- phrase User Master Key K1 K2 K3 K4 K5 7

8 HW Supporting the Key Chain
Core L1 instr. Cache L2 unified cache Encryption/ hashing engine External memory L1 data cache New registers: CEM Status Flags (2) User Master Key (128) Device Master Key (128) CEM Return Address (64) CEM Interrupt Hash (128) Secure I/O logic LEDs, buttons, keyboard 8

9 Secret Protected (SP) Architecture
New Trust Model Orthogonal to protection rings 2. Hierarchical keychain Reduce amount of secrets needing protection 3. Trusted software module (TSM) Carry out operations using the keys 4. Concealed execution mode (CEM) – isolation Protect TSM program integrity Protect TSM data in main memory and caches Protect registers on interrupts 5. New processor features Very little addition to achieve the goal 9

10 Protect TSM program integrity
TSM code TSM code Code address Device Master Key Keyed_hash() MAC MAC Instructions MAC 16 48 bytes ……. 64-byte cache line Device Master Key Provide keyed hash (Message Authentication Code) per cache line 10

11 Basic Approach for protecting TSM data
Outside security perimeter: data exists as ciphertext Use Encryption and hashing Processor chip On-chip cache DRAM Off-chip cache Inside security perimeter: data exists as plaintext Use Tagging 11

12 Protection over the entire memory hierarchy
Secure Instruction Tags L2 Unified Cache Main Memory Secure Code 2 Code 3 Secure Code 1 Secure Code 1 Secure Code 1 L1 Instr Cache Secure Code 2 Secure Data 2 Secure Code 1 Secure Code 1 Decryption and hashing Secure Code 2 Secure Code 2 Secure Code 1 Code 3 Code 3 Code 3 Code 3 Secure Data 2 Data 3 Data 3 = N L1 Data Cache Secure Data 2 Secure Data 2 Secure Data 2 Secure Data 2 Y Data 3 Data 1 Data 1 Data 1 Data 1 Data 1 Secure Data Tags Data 3 Data 3 Secure Code 2 Secure Code 2 Cache line tagging – separating secure from nonsecure, and data from code. 12

13 HW Supporting memory protection
Core L1 instr. Cache L2 unified cache Encryption/ hashing engine External memory Registers L1 data cache New registers: CEM Status Flags (2) User Master Key (128) Device Master Key (128) CEM Return Address (64) CEM Interrupt Hash (128) Secure I/O logic LEDs, buttons, keyboard 13

14 Protecting register values during interrupts
New registers: ...... ...... R0 R0 R1 R1 R2 R2 R31 R31 CEM Status Flags (2) ...... CEM Return Address (64) CEM Return Address (64) R0 One Plaintext message R1 R2 R31 Encryption() One Ciphertext message User Master Key (128) Device Master Key (128) Device Master Key (128) CEM Interrupt Hash (128) CEM Interrupt Hash (128) R0 R1 R2 R31 Hash() ...... R0 R1 R2 R31 “In situ” registers encryption no change required in OS interrupt handler Store hash on-chip Return address trigger 14

15 Architectural summary
User Master Key protects Secure I/O Trusted software module Operates upon Execution environment on device Code Memory Registers Device Master Key Device initialization protects 15

16 Small additions to the processor
Core L1 instr. Cache L2 unified cache Core L2 unified cache L1 data L1 instr. Cache New registers: CEM Status Flags (2) User Master Key (128) Device Master Key (128) CEM Return Address (64) CEM Interrupt Hash (128) Encryption/ hashing engine Secure I/O logic Encryption/ hashing engine External memory L1 data cache New registers: CEM Status Flags (2) User Master Key (128) Device Master Key (128) CEM Return Address (64) CEM Interrupt Hash (128) Secure I/O logic LEDs, buttons, keyboard 5

17 Contributions and Conclusions
Minimalist SP-architecture protects critical secrets (keys) which then protect other sensitive data Decouples users from devices more convenient and realistic usage model No permanent secret defends against factory database compromise Master keys are symmetric keys faster and less storage Security without compromising performance, cost, usability Core L2 unified cache L1 data L1 instr. Cache 16

Download ppt "User-mode Secret Protection (SP) architecture"

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Operating System Structures

Operating System Structures
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 3 Operating System Organization.
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
Implementing an Untrusted Operating System on Trusted Hardware.

Implementing an Untrusted Operating System on Trusted Hardware.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
© 2004, D. J. Foreman 1 O/S Organization. © 2004, D. J. Foreman 2 Topics  Basic functions of an OS ■ Dev mgmt ■ Process & resource mgmt ■ Memory mgmt.

© 2004, D. J. Foreman 1 O/S Organization. © 2004, D. J. Foreman 2 Topics  Basic functions of an OS ■ Dev mgmt ■ Process & resource mgmt ■ Memory mgmt.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Input/Output. Input/Output Problems Wide variety of peripherals —Delivering different amounts of data —At different speeds —In different formats All slower.

Input/Output. Input/Output Problems Wide variety of peripherals —Delivering different amounts of data —At different speeds —In different formats All slower.
Security in the industry H/W & S/W What is AMD’s ”enhanced virus protection” all about? What’s coming next? Presented by: Micha Moffie.

Security in the industry H/W & S/W What is AMD’s ”enhanced virus protection” all about? What’s coming next? Presented by: Micha Moffie.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.

Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
Recall: Three I/O Methods Synchronous: Wait for I/O operation to complete. Asynchronous: Post I/O request and switch to other work. DMA (Direct Memory.

Recall: Three I/O Methods Synchronous: Wait for I/O operation to complete. Asynchronous: Post I/O request and switch to other work. DMA (Direct Memory.
April 2000Dr Milan Simic1 Network Operating Systems Windows NT.

April 2000Dr Milan Simic1 Network Operating Systems Windows NT.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University.
Computers Operating System Essentials. Operating Systems PROGRAM HARDWARE OPERATING SYSTEM.

Computers Operating System Essentials. Operating Systems PROGRAM HARDWARE OPERATING SYSTEM.

Similar presentations

Ads by Google