Evil OS - University of Virginiaoakland31.cs.virginia.edu/slides/parno.pdf · 2010-05-23 ·...
Transcript of Evil OS - University of Virginiaoakland31.cs.virginia.edu/slides/parno.pdf · 2010-05-23 ·...
5/23/10
1
Bryan Parno, Jonathan McCune, Adrian Perrig
1
Carnegie Mellon University
2
A Travel Story
Trust is CriAcal
3
Will I regret having done this?
4
F
XAlice YAlice
YOther XOther
Is F what the programmer intended? Does program P compute F?
Bootstrapping Trust is Hard!
5
OS
App 1
App 2 App 3
App 4
App N
Module 1 Module 3
Module 2 Module 4
App 5
Challenges: • Hardware assurance
• Ephemeral soRware
• User InteracAon
Safe?
Yes!
Evil App
Evil OS
Bootstrapping Trust is Hard!
6
Challenges: • Hardware assurance
• Ephemeral soRware
• User InteracAon
Safe?
Yes!
5/23/10
2
In the paper…
7
• Bootstrapping foundaAons
• TransmiXng bootstrap data
• InterpretaAon
• ValidaAon
• ApplicaAons
• Human factors
• LimitaAons
• Future direcAons
• … and much more!
1) Establish Trust in Hardware • Hardware is durable • Establish trust via: – Trust in the manufacturer
– Physical security
8
2) Establish Trust in SoRware
9
OS
App 1
App N …
• SoRware is ephemeral • We care about the soRware currently in control
• Many properAes ma`er: – Proper control flow – Type safety – Correct informaAon flow
…
A Simple Thought Experiment • Imagine a perfect algorithm for analyzing control flow – Guarantees a program always follows intended control flow
• Does this suffice to bootstrap trust?
10
No!
P Respects control flow Type Safe
What is Code IdenAty? • An a`empt to capture the behavior of a program
• Current state of the art is the collecAon of: – Program binary – Program libraries
– Program configuraAon files
– IniAal inputs
• ORen condensed into a hash of the above
11
FuncAon f
Inputs to f
Code IdenAty as Trust FoundaAon
• From code idenAty, you may be able to infer: – Proper control flow – Type safety – Correct informaAon flow
…
• Reverse is not true!
12
5/23/10
3
What Can Code IdenAty Do For You?
13
• Research applicaAons
• Commercial applicaAons
• Thwart insider a`acks • Protect passwords • Create a Trusted Third Party
• Secure the boot process • Count‐limit objects • Improve security of
network protocols
• Secure disk encrypAon (e.g., Bitlocker) • Improve network access control • Secure boot on mobile phones
• Validate cloud compuAng plamorms
14
Establishing Code IdenAty [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],…
F
XAlice
XOther
YAlice
YOther
15
Establishing Code IdenAty [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],…
XAlice
XOther
f1 f2 fN
YAlice
YOther
… SoRware
N SoRware
N‐1 SoRware
1
Establishing Code IdenAty
16
. . . ? Root of Trust
Chain of Trust
[Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],…
SoRware N
SoRware N‐1
SoRware 1
Trusted Boot: Recording Code IdenAty
17
. . .
Root of Trust
SW 1
SW N
SW N‐1
SW 2
[Gasser et al. ’89], [England et al. ‘03], [Sailer et al. ‘04],…
A`estaAon: Conveying Records to an External EnAty
18
SoRware N
SoRware N‐1
SoRware 1 . . .
SW 1
SW N
SW N‐1
SW 2
[Gasser et al. ‘89], [Arbaugh et al. ‘97], [England et al. ‘03], [Sailer et al. ’04]…
random #
Sign ( ) Kpriv random #
SW 1
SW 2
SW N‐1
SW N
Controls Kpriv
5/23/10
4
InterpreAng Code IdenAty
19
BIOS
Bootloader
Drivers 1…N
App 1…N
OS
OpAon ROMs
[Gasser et al. ‘89], [Sailer et al. ‘04] TradiAonal
[Marchesini et al. ‘04], [Jaeger et al. ’06] Policy Enforcement
InterpreAng Code IdenAty
20
BIOS
Bootloader
Virtual Machine Monitor
OpAon ROMs
Virtual Machine
TradiAonal
[Marchesini et al. ‘04], [Jaeger et al. ’06] Policy Enforcement
[England et al. ‘03], [Garfinkel et al. ‘03] VirtualizaAon
[Gasser et al. ‘89], [Sailer et al. ‘04]
InterpreAng Code IdenAty
21
BIOS
Bootloader
Virtual Machine Monitor
OpAon ROMs
OS
VMM
Virtual Machine
TradiAonal
[Marchesini et al. ‘04], [Jaeger et al. ’06] Policy Enforcement
[England et al. ‘03], [Garfinkel et al. ‘03] VirtualizaAon
Late Launch [Kauer et al. ‘07], [Grawrock ‘08]
[Gasser et al. ‘89], [Sailer et al. ‘04]
InterpreAng Code IdenAty
22
TradiAonal
[Marchesini et al. ‘04], [Jaeger et al. ’06] Policy Enforcement
[England et al. ‘03], [Garfinkel et al. ‘03] VirtualizaAon
Late Launch [Kauer et al. ‘07], [Grawrock ‘08]
Targeted Late Launch [McCune et al. ‘07]
OS
Flicker
Flicker
S
A`ested
[Gasser et al. ‘89], [Sailer et al. ‘04]
InterpreAng Code IdenAty
23
BIOS
Bootloader
Drivers 1…N
App 1…N
OS
OpAon ROMs
Flicker
S
Load‐Time vs. Run‐Time ProperAes • Code idenAty provides load‐Ame guarantees • What about run Ame?
• Approach #1: StaAc transformaAon
24
Code
Run‐Time Policy
Code’
A`ested
[Erlingsson et al. ‘06]
5/23/10
5
Load‐Time vs Run‐Time ProperAes • Code idenAty provides load‐Ame guarantees • What about run Ame?
• Approach #1: StaAc transformaAon
• Approach #2: Run‐Time Enforcement layer
25
Code
Enforcer
A`ested Run Time
Load Time
[Erlingsson et al. ‘06]
[Haldar et al. ‘04], [Kil et al. ‘09]
Roots of Trust
26
0 0 4 2
• General purpose
• Tamper responding
• General purpose
• No physical defenses
• Special purpose
• Timing‐based a`estaAon
• Require detailed HW knowledge
[Chun et al. ‘07] [Levin et al. ‘09]
[Spinellis et al. ‘00] [Seshadri et al. ‘05]
…
[ARM TrustZone ‘04] [TCG ‘04] [Zhuang et al. ‘04]
…
[Weingart ‘87] [White et al. ‘91] [Yee ‘94] [Smith et al. ‘99]
…
Cheaper
Human Factors
27
SW 1
SW 2
SW N‐1
SW N
SW 1
SW 2
SW N‐1
SW N
Conclusions
• Code iden>ty is criAcal to bootstrapping trust
• Assorted hardware roots of trust available
• Many open ques>ons remain!
28