Measuring Semantic Integrity for Remote Attestation Fabrizio Baiardi - - PowerPoint PPT Presentation

Introduction Proposed Solution: VIMS Conclusion

Measuring Semantic Integrity for Remote Attestation

Fabrizio Baiardi1 Diego Cilea2 Daniele Sgandurra2 Francesco Ceccarelli3

1Polo G. Marconi - La Spezia, Università di Pisa, Italy 2Dipartimento di Informatica, Università di Pisa, Italy 3ENEL SpA, Italy

Trust 2009

1/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion

Outline

1

Introduction Integrity of a Remote System Case Study

2

Proposed Solution: VIMS Overall Architecture Implementation

3

Conclusion Results and Future Works

2/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Integrity of a Remote System Case Study

Integrity of a Remote System

Network administrators cannot guarantee the confidentiality and the integrity of Intranet data accessed by remote clients:

little assurance about the integrity of remote clients can be established; an attacker may have compromised a remote client’s application.

We need a general notion of integrity the should consider that:

a remote client can be trusted only if it executes applications in a predefined set; remote client’s applications should be continuously monitored to discover if they have been attacked.

Checking run-time attacks against remote client’s applications and OS.

3/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Integrity of a Remote System Case Study

Case Study: Enel SPA Livorno Lab

The private network host SCADA devices that can be remotely administered by remote nodes inside the Intranet. Remote nodes are commodity PCs, which can also be connected to Internet or run arbitrary software. Goal: when accessing SCADA device, the integrity of the remote nodes must be assured:

the remote PC should run only authorised software; the behaviour of the software should be continuously monitored.

4/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Integrity of a Remote System Case Study

Case Study: Enel SPA Livorno Lab

5/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Integrity of a Remote System Case Study

Integrity Measurements: Current Approaches

Only static checks (e.g., at boot-time).

6/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

VIMS

Virtual machine Integrity Measurement System (VIMS) is an architecture that implements a dynamic-based approach to integrity. The notion of integrity includes not only the correct configuration of the system and of the software it runs, but also that the remote client does not execute some malware that changes the behaviour of its applications. VIMS exploits virtualization technology to run two virtual machines (VMs) on the remote host:

the Client VM: it runs the VPN client to access the SCADA network; the Assurance VM: the VM that implements remote attestation.

Moreover, “dangerous” applications are run in a distinct VM.

7/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Virtual Machine Introspection

Introspection is a generic technique to detect intrusions. With virtualization, no need of additional hardware units:

visibility: access VM’s state from a lower level; robustness: introspect a VM from another VM.

8/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Kernel Integrity

With virtual machine introspection, the Assurance VM can dynamically check from the “outside”:

integrity of the kernel code (also modules); modifications to the interrupt descriptor table; modifications to the system call table; the list of running processes; the list of open files.

9/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Process Integrity: Defining the Process Self

Protecting a process from attacks that alter the intended behaviour of the process’ program. We want to preserve the original semantics of the program (VPN client). Notion of process self: the program that the process executes. Based on traces of system calls:

dynamic analysis: Forrest et al; static analysis: Wagner and Dean.

10/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Grammar of System Call Sequences

We deduce the possible valid sequences of system calls that the process can issue from the source code:

we encode them using a context-free grammar.

A static tool computes a context-free grammar CFG that models the legal system call traces the remote VPN client can issue. At run-time, a sequence of system calls is valid only if it is a prefix of at least one string generated by the grammar.

11/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Grammar of System Call Sequences: An Example

int n = 5; foo() { n--;

• pen();

write() if(n) foo(); close(); } int main(int argc) { if(argc) foo(); else {

• pen();

read(); close(); } }

main→ foo | open read close; foo→ open write (foo)? close;

12/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

VIMS

The Client VM (C-VM) runs the remote client software, i.e. the VPN client application to connect to the VPN server. the Assurance VM (A-VM) is a shadow VM that applies a set of security checks on the memory of the C-VM:

integrity checks (kernel-level); sense of self checks (user-level).

These checks measure, on behalf of the VPN server, the integrity of the software that the C-VM runs. The A-VM can either apply consistency checks periodically or on demand when requested by the VPN server.

13/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Threat Model

TPM, CPU and BIOS are trusted. Memory cannot be hacked at run-time, e.g. via DMA. VMM and A-VM are trusted: small size, no Internet services open. All the nodes belong to the Intranet.

14/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Current Prototype

Xen. TrustedBoot. TrouSerS. Simple client VPN + remote attestation protocol. Assurance Module:

Introspection Library:

VCPU introspection; memory introspection.

kernel code integrity checks; grammar generating algorithm + parser for sense of self:

Icaria + Ponder + Grappa; Bison.

Server OpenVPN plugin for remote attestation.

15/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Introspection Library

The Introspection Library is invoked by the Assurance Module periodically and whenever the VPN client issues a system call. Memory Introspection, to access the memory of a Client VM both at the kernel and at the user-level. VCPU-Context Introspection, to retrieve the state of the Client VM’s virtual processor.

16/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Kernel Integrity Checks

17/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Sense of Self Definition

We build CFG (context-free grammar) by exploiting Icaria + Ponder, Grappa and Bison to generate a parser for the system call grammar:

1

modified Icaria + Ponder to produce an AST;

2

from the AST, using our extended Grappa Lib (specialised for AST analysis), we generate the CFG in Bison syntax;

3

invoke Bison to CFG to build the on-line parser that checks that the VPN client generates a legal trace.

18/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Sense of Self Checks

Each time the VPN client invokes a system call, the Client VM is suspended, and the Assurance VM checks that system call trace is coherent with the grammar.

19/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Current Prototype

20/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Remote Attestation

21/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Remote Attestation

21/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Remote Attestation

21/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Remote Attestation

21/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Remote Attestation

21/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Remote Attestation

21/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Remote Attestation

21/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Remote Attestation

21/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Overall Architecture Implementation

Performance Evaluation

Overhead due to kernel integrity checks:

less than 10% with 1 sec interval.

Overhead due to sense of self checks:

taking into account the rate of system call invocations, the average execution time overhead is at most 20%.

Overhead of VPN connection:

less than 1%.

22/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Results and Future Works

Summary

Case study:

VPN connection to a SCADA network from Intranet nodes; attest the remote client’s integrity (i.e., running SW).

VIMS is an architecture to enable a network to evaluate and gain some assurance about the integrity of a remote party. Virtualization allows the remote client to run a shadow VM that applies the integrity checks in a transparent way. VIMS dynamically checks the remote client’s applications to discover attacks that alter their expected behaviour.

23/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Results and Future Works

Results

Checks on the remote client’s integrity; with respect to TPM-based solutions, VIMS can apply more granular and dynamic checks:

the remote client’s run-time is continuously monitored; checking kernel integrity; process’ sense of self (system call-based).

Support for dynamic policies: the security policy can be changed by the VPN Server at anytime.

24/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Results and Future Works

Future Works

Apply the static analysis to a “real” VPN client to define its profile that is used by the A-VM to monitor its run-time behaviour. Porting to Windows. Exploitation of an USB dongle/ CDBoot. Extended VIMS with the description/implementation of user-based security policies to define the operations that remote users can invoke.

25/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation

Introduction Proposed Solution: VIMS Conclusion Results and Future Works

Questions?

Thank you!

26/26

• F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli

Measuring Semantic Integrity for Remote Attestation