Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption,...
Transcript of Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption,...
![Page 1: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/1.jpg)
Copyright 2012 & 2015 – Noah Mendelsohn
Security Fundamentals
Noah Mendelsohn Tufts University Email: [email protected] Web: http://www.cs.tufts.edu/~noah
COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015)
![Page 2: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/2.jpg)
© 2010 Noah Mendelsohn 2
Goal
Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc.
Non Goal This presentation does not attempt to explore broader
issues relating to good security architecture including requirements gathering, threat analysis, design for security, penetration testing, etc.
![Page 3: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/3.jpg)
© 2010 Noah Mendelsohn
Encryption Basics
![Page 4: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/4.jpg)
© 2010 Noah Mendelsohn
Simple Encryption
4
Encryption Function
Data
Encrypted Data
![Page 5: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/5.jpg)
© 2010 Noah Mendelsohn
Decryption
5
Decryption Function
Data
Encrypted Data
![Page 6: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/6.jpg)
© 2010 Noah Mendelsohn
Encryption/Decryption are functions over data+key
6
Data = Fdecrypt (key, Fencrypt(key, data))
EncryptedData = Fencrypt(key, data)
Data = Fdecrypt (key, EncryptedData)
![Page 7: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/7.jpg)
© 2010 Noah Mendelsohn
Encryption/Decryption are functions over data+key
7
EncryptedData = Fencrypt(key, data)
Data = Fdecrypt (key, EncryptedData)
Same key for encryption and decryption
![Page 8: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/8.jpg)
© 2010 Noah Mendelsohn
What’s secret?
8
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Encryption & Decryption Functions Usually not Secret
![Page 9: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/9.jpg)
© 2010 Noah Mendelsohn
What’s secret?
9
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Same secret key needed by sender & receiver
Key distribution/protection is
a big problem
![Page 10: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/10.jpg)
© 2010 Noah Mendelsohn
Public Key Basics
![Page 11: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/11.jpg)
© 2010 Noah Mendelsohn
Ordinary Encryption
11
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Same secret key for sender and receiver
![Page 12: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/12.jpg)
© 2010 Noah Mendelsohn
Data
Encrypted Data Decryption Function
Data
Asymmetric Key Crypto
12
Encryption Function
Key Pairs Different Keys
for Encryption & Decryption!!
Note: the encryption key cannot decrypt…only its pair can Either key can serve to encrypt, then the other decrypts.
![Page 13: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/13.jpg)
© 2010 Noah Mendelsohn
Digital Signatures
![Page 14: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/14.jpg)
© 2010 Noah Mendelsohn
Public Key Crypto
Built on asymmetric crypto
Pair: one part public, one part private – Private cannot be derived from public
To send me a message: – Encrypt it with my public key, which everyone knows is mine
– Only I have the private key to decrypt
Avoids need to distribute secret keys!
…but, we do need to watch for fraudulent public keys
14
![Page 15: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/15.jpg)
© 2010 Noah Mendelsohn
Digital signatures: non-repudiation
Prove that these bits were from me
Step 1: I hash the content yielding a small number unique to the content
Step 2: I encrypt that hash using my private key, resulting in a digital signature
Step 3: I send you the bits and the signature
Step 4: You decrypt the signature using my public key, and compare to hash you compute on bits you’ve received
15
Signature check: you have confidence the message came from me Non-repudiation: I can’t deny having signed those bits!
![Page 16: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/16.jpg)
© 2010 Noah Mendelsohn
Public Key Infrastructure
(PKI)
![Page 17: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/17.jpg)
© 2010 Noah Mendelsohn
Certificates
How do you know the public key is mine?
Certificate: a public key signed by someone you trust!
Their signature asserts: this key is Noah’s public key
Whom do you trust? – The organization you work for (E.g. Tufts University) – Well known signing organizations (Verisign, Thawt, Equifax, etc.) – Yourself (self-signed certs…usually a kludge only for testing)
Trust hierarchies – I am Noah as vouched for by Tufts as vouched for by Equifax – Your browser comes with a trusted set of root certificates
The PKI hierarchy has become fundamental to the integrity of the Web – used to establish identity of https: Web sites!
17
![Page 18: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/18.jpg)
© 2010 Noah Mendelsohn
Identity and Authentication
![Page 19: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/19.jpg)
© 2010 Noah Mendelsohn
PKI and identity management
PKI works best in hierarchical organizations of medium size
Nonetheless, it is the most common framework for authenticating the identity of Web sites
Some systems use PKI to authenticate down to the user-level
In practice, most Web sites use ordinary passwords, with sites authenticated using HTTPS (PKI)
There are ongoing problems with the operational integrity (and business motivations of) the some CA providers
19
![Page 20: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/20.jpg)
© 2010 Noah Mendelsohn
HTTPS and TLS
Warning: the protocol on the following slide is greatly simplified. Actual TLS has many crypto and PKI options, and uses a much more elaborate and robust setup protocol. This is close enough in spirit to give the general idea.
![Page 21: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/21.jpg)
© 2010 Noah Mendelsohn
Transport Level Security (TLS and SSL)
CPU Memory Storage
CPU Memory Storage
I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Tufts.edu
![Page 22: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/22.jpg)
© 2010 Noah Mendelsohn
Transport Level Security (TLS and SSL)
CPU Memory Storage
CPU Memory Storage
I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Tufts.edu Connection setup
Certificate from Tufts
Certificate from Tufts checked against cert hierarchy up to root
![Page 23: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/23.jpg)
© 2010 Noah Mendelsohn
Transport Level Security (TLS and SSL)
CPU Memory Storage
CPU Memory Storage
I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Tufts.edu
Problem:
Public key encryption much too slow for bulk data transfer.
![Page 24: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/24.jpg)
© 2010 Noah Mendelsohn
Transport Level Security (TLS and SSL)
CPU Memory Storage
CPU Memory Storage
Result: an authenticated, encrypted, high-performance connection.
Tufts.edu
Solution:
TLS/SSL use PKI to authenticate server (and optionally client) and to establish
agreement on a private (symmetric) key used to encrypt actual session data.
![Page 25: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/25.jpg)
© 2010 Noah Mendelsohn
Transport Level Security (TLS and SSL)
CPU Memory Storage
CPU Memory Storage
I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Tufts.edu Connection setup
Certificate from Tufts
![Page 26: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/26.jpg)
© 2010 Noah Mendelsohn
HTTPS: HTTP over TLS or SSL
E.g. Firefox E.g. Apache
Browser
Web Server
Many commercial applications work this way
![Page 27: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/27.jpg)
© 2010 Noah Mendelsohn
HTTPS: HTTP over TLS or SSL
E.g. Firefox E.g. Apache
Your browser keeps a list of root certs (Verisign, etc.)
These companies control the
verification of secure connections you make on the Web!
Web Server
Many commercial applications work this way
![Page 28: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/28.jpg)
© 2010 Noah Mendelsohn
HTTPS: HTTP over TLS or SSL
E.g. Firefox E.g. Apache
If someone can get a bogus cert for google.com or microsoft.com,
that’s a big deal!
Web Server
Many commercial applications work this way
![Page 29: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/29.jpg)
© 2010 Noah Mendelsohn
HTTPS: HTTP over TLS or SSL
E.g. Firefox E.g. Apache
Some Cert Authorities (Cas) aren’t nearly careful enough in
when issuing certs
Web Server
Many commercial applications work this way
![Page 30: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/30.jpg)
© 2010 Noah Mendelsohn
HTTPS: HTTP over TLS or SSL
E.g. Firefox E.g. Apache
Some Cert Authorities (Cas) aren’t nearly careful enough in
when issuing certs
Web Server
Many commercial applications work this way
News Reports on Lax CA Administration 2015 http://arstechnica.com/security/2015/03/google-warns-of-unauthorized-tls-certificates-trusted-by-almost-all-oses/
2011 http://www.theregister.co.uk/2011/04/11/state_of_ssl_analysis/
![Page 31: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/31.jpg)
© 2010 Noah Mendelsohn
The Web itself is a 2 or 3 Tier system
E.g. Squid E.g. Firefox E.g. Apache
Browser
Proxy Cache
Web Server
![Page 32: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/32.jpg)
© 2010 Noah Mendelsohn
The Web itself is a 2 or 3 Tier system
E.g. Squid E.g. Firefox E.g. Apache
Browser HTTP CONNECT header used to
make proxy transparent to TLS…benefits of proxy are lost!
Web Server
![Page 33: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/33.jpg)
© 2010 Noah Mendelsohn
The Web itself is a 2 or 3 Tier system
E.g. Squid E.g. Firefox E.g. Apache
Browser A malicious proxy with a
trusted cert can implement “man-in-the-middle” attacks
Web Server
![Page 34: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/34.jpg)
© 2010 Noah Mendelsohn
Trust
![Page 35: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/35.jpg)
© 2010 Noah Mendelsohn
What must be trusted?
36
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Storage and filesystem for data in the clear at
source
![Page 36: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/36.jpg)
© 2010 Noah Mendelsohn
What must be trusted?
37
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Encryption software and OS on which it
runs
![Page 37: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/37.jpg)
© 2010 Noah Mendelsohn
What must be trusted?
38
Decryption Function
Data
Encryption Function
Data
Encrypted Data
The compiler and linker used to build the
OS & encryption (per K. Thompson)
![Page 38: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/38.jpg)
© 2010 Noah Mendelsohn
What must be trusted?
39
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Key store at source
![Page 39: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/39.jpg)
© 2010 Noah Mendelsohn
What must be trusted?
40
Decryption Function
Data
Encryption Function
Data
Encrypted Data
The CPU, device HW and microcode used to
run the system
![Page 40: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/40.jpg)
© 2010 Noah Mendelsohn
What must be trusted?
41
Decryption Function
Data
Encryption Function
Data
Encrypted Data
All the equivalent at the receiver
![Page 41: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/41.jpg)
© 2010 Noah Mendelsohn
Trust is a key system design issue
Always consider: what/who is being trusted?
What is the consequence if trust is misplaced?
Can we tell if trust is misplaced – Reflections on Trusting Trust tells us “it’s at best really hard to be sure”
Can we change our minds (revoke trust)?
Watch for: – Any place where information is stored “in the clear”
– Any place where “capabilities” are stored or given out
– Note that keys are a kind of capability
42
![Page 42: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/42.jpg)
© 2010 Noah Mendelsohn
Some actual attacks that have worked
Freezing (I.e. chilling) RAM chips to retain data after power down
Timing attack: SSH password cracking facilitated by keystroke timing
Timing attack: SSL private keys revealed!! – Demonstrated on production Web servers*
Rootkits, bootkits & VM attacks
43
* SSL timing paper: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
![Page 43: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/43.jpg)
© 2010 Noah Mendelsohn
A Bit about Operating Systems and Virtual Machines
![Page 44: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/44.jpg)
© 2010 Noah Mendelsohn
Unix Kernel
Operating Systems and Virtual Machines
Sector
Ap
pli
cati
on
File
syst
em Sector
In-memory Block Cache B
lock
Dev
ice
Dri
ver
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
![Page 45: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/45.jpg)
© 2010 Noah Mendelsohn
Operating Systems and Virtual Machines
Sector
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
Virtual Machine “Hypervisor”
![Page 46: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/46.jpg)
© 2010 Noah Mendelsohn
Operating Systems and Virtual Machines
Sector
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
Virtual Machine “Hypervisor”
![Page 47: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/47.jpg)
© 2010 Noah Mendelsohn
Operating Systems and Virtual Machines
Sector
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
TTY
Dri
ver
Virtual Machine “Hypervisor”
![Page 48: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/48.jpg)
© 2010 Noah Mendelsohn
Operating Systems and Virtual Machines
Sector
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
TTY
Dri
ver
Virtual Machine “Hypervisor”
The Virtual Machine “Hypervisor” provides the illusion of a complete CPU
+ memory +I/O to each virtual machine
![Page 49: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/49.jpg)
© 2010 Noah Mendelsohn
Virtual Machines and Trust
Sector
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
TTY
Dri
ver
Virtual Machine “Hypervisor”
The Hypervisor has access to all resources of the VM’s, including RAM, disk, running program images, etc.
… Experimental exploits have been
implemented as hypervisors
![Page 50: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/50.jpg)
© 2010 Noah Mendelsohn
Operating Systems and Virtual Machines
Sector
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
TTY
Dri
ver
Virtual Machine “Hypervisor”
Timing attacks have been attempted across VMs.
![Page 51: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/51.jpg)
© 2010 Noah Mendelsohn
Summary
![Page 52: Naming System Design Tradeoffs2 Goal Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal This presentation](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed5a00d1b7fdd786a1b5b7b/html5/thumbnails/52.jpg)
© 2010 Noah Mendelsohn
Summary
Typical security mechanisms are build on core technologies like simple encryption & PKI
Those are just building blocks: security must be considered in all aspects of system design
Abstractions leak: (computation can be timed, etc.)
Many vulnerabilities are operational, not technical
There are serious vulernabilities in the Interent infrastructure and the Web – it’s not entirely clear how severe the consequences will be