Post on 01-Aug-2020
Custos: Practical Tamper-Evident Auditing of Operating Systems
Using Trusted Execution
Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan,Adam Bates, Christopher W. Fletcher, Andrew Miller, Dave Tian
Logs Are Useful
2Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Logs Are Useful
3
• 75% of incident response specialists said logs are the most valuable artifact during an investigation.1
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
1 Carbon Black Quarterly Incident Response Threat Report April 2019
Logs Are Useful
4
• 75% of incident response specialists said logs are the most valuable artifact during an investigation.1
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
1 Carbon Black Quarterly Incident Response Threat Report April 2019
5Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
6Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Attack Model
7Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Attack pattern:
1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log Tampering
Attack ModelAttack pattern:
1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log Tampering
8Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Logs about the compromise are crucial for forensics!
Attack ModelAttack pattern:
1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log Tampering
9
Logs about the compromise are crucial for forensics!
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
If the attacker does nottamper with them, we can detect the attack.
Attack ModelAttack pattern:
1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log Tampering
10
If the attacker tampers with them, we can’t detect the attack.
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
If the attacker does nottamper with them, we can detect the attack.
Logs about the compromise are crucial for forensics!
Attack ModelAttack pattern:
1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log Tampering
11Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Attack ModelAttack pattern:
1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log Tampering6. Lateral Movement
12Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Attack ModelAttack pattern:
1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log Tampering6. Lateral Movement
13Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Central Server?
Attack ModelAttack pattern:
1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log Tampering6. Lateral Movement
14Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Logs
Integrity proofs
Design Overview
15Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Design Overview
1) TAMPER-EVIDENT LOGGING
16Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Design Overview
1) TAMPER-EVIDENT LOGGING
2) AUDITING
17Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
18
Logger
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
19
sk // secret key
Logger
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
ENCLAVE
20
sk // secret keyc // counterH // current hash
Logging:H.Update(mi)
𝝈 = 𝑺𝒊𝒈𝒔𝒌 (𝑯𝒂𝒔𝒉( 𝒎𝟏|| … || 𝒎𝒉||𝒄))
Logger
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
ENCLAVE
21
sk // secret keyc // counterH // current hash
Logging:H.Update(m1)
𝝈 = 𝑺𝒊𝒈𝒔𝒌 (𝑯𝒂𝒔𝒉( 𝒎𝟏|| … || 𝒎𝒉||𝒄))
m1
Logger
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
ENCLAVE
22
sk // secret keyc // counterH // current hash
Logging:H.Update(m2)
𝝈 = 𝑺𝒊𝒈𝒔𝒌 (𝑯𝒂𝒔𝒉( 𝒎𝟏|| … || 𝒎𝒉||𝒄))
m1
Logger
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
m2
ENCLAVE
23
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
𝝈 = 𝑺𝒊𝒈𝒔𝒌 (𝑯𝒂𝒔𝒉( 𝒎𝟏|| … || 𝒎𝒉||𝒄))
m1
Logger
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
m2
mh
…
ENCLAVE
24
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
m1
Logger
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
m2
mh
…
ENCLAVE
𝝈 = 𝑺𝒊𝒈𝒔𝒌 (𝑯𝒂𝒔𝒉( 𝒎𝟏|| … || 𝒎𝒉||𝒄))
25
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
m1
Logger
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
m2
mh
…Auditor
ENCLAVE
𝝈 = 𝑺𝒊𝒈𝒔𝒌 (𝑯𝒂𝒔𝒉( 𝒎𝟏|| … || 𝒎𝒉||𝒄))
26
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
Commitment:H.Update(c)𝜎 = Sigsk(H)H.Init()c++
m1
Logger
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
m2
mh
…Auditor
ENCLAVE
𝝈 = 𝑺𝒊𝒈𝒔𝒌 (𝑯𝒂𝒔𝒉( 𝒎𝟏|| … || 𝒎𝒉||𝒄))
Auditing
27Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
1) CENTRALIZED AUDITING
Auditing
28Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
1) CENTRALIZED AUDITING
2) DECENTRALIZED AUDITING
29Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Logger+Auditor
Logger+Auditor
Logger+Auditor
Logger+Auditor
Decentralized Auditing
30Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Auditor z
Logger v ENCLAVE
pkv -> public key of v
31Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Auditor z
Logger v ENCLAVE
audit challenge1
pkv -> public key of v
32Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Auditor z
Logger v ENCLAVE
𝝈 = 𝑺𝒊𝒈𝒔𝒌𝒗 (𝑯𝒂𝒔𝒉( 𝒎𝟏|| … || 𝒎𝒉||𝒄))
audit challenge1
pkv -> public key of v
33Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Auditor z
Logger v ENCLAVE
𝝈 = 𝑺𝒊𝒈𝒔𝒌𝒗 (𝑯𝒂𝒔𝒉( 𝒎𝟏|| … || 𝒎𝒉||𝒄))
audit challenge
logs and 𝜎
1
2
pkv -> public key of v
34Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Verification (𝜎, m1 , …, mh , c):H = Hash(m1 || … || mh || c)result = Verpk_v(𝜎, H)
Auditor z
Logger v ENCLAVE
𝝈 = 𝑺𝒊𝒈𝒔𝒌𝒗 (𝑯𝒂𝒔𝒉( 𝒎𝟏|| … || 𝒎𝒉||𝒄))
audit challenge
logs and 𝜎
1
2
pkv -> public key of v
35
Security Analysis
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
36
Security Analysis
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mi)
Logger v
ENCLAVE
37
Security Analysis
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
m1
Logger v
m2
mh
…
ENCLAVE
Attack pattern:1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation
38
Security Analysis
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
m1
Logger v
m2
mh
…
ENCLAVE
Attack pattern:1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log tampering
m’2m’1
m’k…
39
Security Analysis
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
m1
Logger v
m2
mh
…
ENCLAVE
Auditor
ENCLAVE
Attack pattern:1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log tampering
m’2m’1
m’k…
40
Security Analysis
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
Commitment:H.Update(c)𝜎 = Sigsk(H)H.Init()c++
m1
Logger v
m2
mh
…
ENCLAVE
Auditor
ENCLAVE
Attack pattern:1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log tampering
m’2m’1
m’k…
41
Security Analysis
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
Commitment:H.Update(c)𝜎 = Sigsk(H)H.Init()c++
m1
Logger v
m2
mh
…
ENCLAVE
Verification (𝜎, m’1 , …, m’k , c):H = Hash(m’1 || … || m’k || c)result = Verpk_v(𝜎, H)
Auditor
ENCLAVE
Attack pattern:1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log tampering
m’2m’1
m’k…
42
Security Analysis
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
Commitment:H.Update(c)𝜎 = Sigsk(H)H.Init()c++
m1
Logger v
m2
mh
…
ENCLAVE
Verification (𝜎, m’1 , …, m’k , c):H = Hash(m’1 || … || m’k || c)result = Verpk_v(𝜎, H)
Auditor
ENCLAVE
Attack pattern:1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log tampering
m’2m’1
m’k…
43
Security Analysis
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mh)
Commitment:H.Update(c)𝜎 = Sigsk(H)H.Init()c++
m1
Logger v
m2
mh
…
ENCLAVE
Verification (𝜎, m’1 , …, m’k , c):H = Hash(m’1 || … || m’k || c)result = Verpk_v(𝜎, H)
Auditor
ENCLAVE
Attack pattern:1. Initial Access2. Establish Foothold3. Download Exploit4. Privilege Escalation5. Log tampering
m’2m’1
m’k…
Full security analysis on the paper!
44
Microbenchmarks
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
45
Microbenchmarks
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
1 Karande et al. ”SGX-log: Securing System Logs With SGX." ASIACCS 2017.2 Hartung et al. “Practical and Robust Secure Logging from Fault-Tolerant Sequential Aggregate Signatures”, ProvSec 2017
0.001 0.01 0.1 1 10 100 1000 10000 100000
Custos
SGX-Log
BGLS
Logging Latency (μs)
1
2
46
Application Benchmarks
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
47
Application Benchmarks
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
00.10.20.30.40.50.60.70.80.9
11.11.2
nginx apache2 redis blast blast-multicore
Nor
mal
ized
Runt
ime
Insecure Custos
48
Realistic Case Study
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
49
Realistic Case Study
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
• Deploy Custos on 100 nodes.
50
Realistic Case Study
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
• Deploy Custos on 100 nodes.
• Replay attack from DARPA Transparent Computing engagement:– Professional red-team emulating a nation state attacker.
10:52
51Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
1. Failed Compromise Attempt (Exploit of
Firefox 54.0.1) 2. Initial Access(Exploit of Firefox 54.0.1)3. Unprivileged Shell
11:42
Complete the attack
11:46
10:52
52Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
1. Failed Compromise Attempt (Exploit of
Firefox 54.0.1) 2. Initial Access(Exploit of Firefox 54.0.1)3. Unprivileged Shell
11:42
Complete the attack
11:46
11:46:17
53Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
4. Download Drakon
5. Privilege Escalation (through Drakon binary)6. Log Tampering
11:46:44
11:46:47Custos’ auditingdiscovered log
tampering!
10:5211:42
11:46
Conclusion
54Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Conclusion• Log integrity is important.
55Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
Conclusion• Log integrity is important.
• Custos is a practical solutionfor log integrity.
56Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mi)m
Logger
ENCLAVE
Conclusion• Log integrity is important.
• Custos is a practical solutionfor log integrity.
• Custos can discover log tampering in near real-time.
57Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mi)m
Logger
ENCLAVE
Conclusion• Log integrity is important.
• Custos is a practical solutionfor log integrity.
• Custos can discover log tampering in near real-time.
• https://bitbucket.org/sts-lab/custos
58Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution – Riccardo Paccagnella
sk // secret keyc // counterH // current hash
Logging:H.Update(mi)m
Logger
ENCLAVE