Download presentation
Presentation is loading. Please wait.
Published byNoreen Higgins Modified over 9 years ago
1
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007
2
2 CPU, RAM TPM, Chipset CPU, RAM TPM, Chipset Trusted Computing Base (TCB) DMA Devices (Network, Disk, USB, etc.) OS App S S 1 … DMA Devices (Network, Disk, USB, etc.) OS App 1 … S S Shim
3
3 Contributions Isolate security-sensitive code execution from all other code and devices Attest to security-sensitive code and its arguments and nothing else Convince a remote party that security- sensitive code was protected Add < 250 LoC to the software TCB Shim S S Software TCB < 250 LoC
4
4 TPM Background The Trusted Platform Module (TPM) is a dedicated security chip It can provide an attestation to remote parties –Platform Configuration Registers (PCRs) summarize the computer’s software state –TPM provides a signature over PCR values TPM spec v1.2 includes dynamic PCRs –Values can be reset without a reboot
5
5 Late Launch Background Supported by new commodity CPUs –SVM for AMD –TXT (formerly LaGrande) for Intel Designed to launch a VMM without a reboot –Hardware-based protections ensure launch integrity New CPU instruction (SKINIT/SENTER) accepts a memory region as input and atomically: –Resets dynamic PCRs –Disables interrupts –Extends a measurement of the region into PCR 17 –Begins executing at the start of the memory region
6
6 Adversary Capabilities Run arbitrary code with maximum privileges Subvert any DMA- enabled device –E.g., network cards, USB devices, hard drives Perform limited hardware attacks –E.g., power cycle the machine –Excludes physically monitoring/modifying CPU- to-RAM communication CPU, RAM TPM, Chipset DMA Devices (Network, Disk, USB, etc.) OS App 1 … Shim S S
7
7 Architecture Overview Core technique –Pause current execution environment –Execute security-sensitive code with hardware- enforced isolation –Resume previous execution Extensions –Preserve state securely across invocations –Attest only to code execution and protection –Establish secure communication with remote parties
8
8 Execution Flow TPM PCRs: K -1 729 … 000 CPU OS App Shim S S Module RAM OS App Module SKINIT Reset Inputs Outputs Module 0h0 0H00 Shim S S 000
9
9 TPM PCRs: 0 K -1 … TPM PCRs: K -1 … 000 Shim S S Inputs Outputs Attestation
10
10 TPM PCRs: K -1 … 000 Shim S S Inputs Outputs Attestation What code are you running? Shim S S Inputs Outputs Sign (), K -1 Sign ), K -1 … OS App S S 5 App 5 App 4 App 4 App 3 App 3 App 2 App 2 App 1 App 1 ( Versus
11
11 Potential Applications Server applications –Password authentication, SSL keys, Certificate Authority (CA), etc. Verifiable distributed computing –SETI@Home, Folding@Home, distcc, etc. Client-side applications –Secure password entry
12
12 Ongoing Work Extracting security-sensitive code from existing applications Containing malicious or malfunctioning security-sensitive code Coping with slow security-sensitive code Creating a trusted path to the user
13
13 Related Work Secure coprocessors –Dyad [Yee 1994], IBM 4758 [JiSmiMi 2001] System-wide attestation –Secure Boot [ArFaSm 1997], IMA [SaZhJaDo 2004], Enforcer [MaSmWiStBa 2004] VMM-based isolation –BIND [ShPeDo2005], AppCores [SiPuHaHe 2006], Trustworthy Kiosks [GaCáBeSaDoZh 2006], Proxos [TaLiLi 2006]
14
14 Conclusions Explore how far an application’s TCB can be minimized Isolate security-sensitive code execution Provide fine-grained attestations Allow application writers to focus on the security of their own code
15
15 Thank you! parno@cmu.edu
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.