measuring semantic integrity for remote attestation
play

Measuring Semantic Integrity for Remote Attestation Fabrizio Baiardi - PowerPoint PPT Presentation

Aug 19, 2022 •48 likes •378 views

Introduction Proposed Solution: VIMS Conclusion Measuring Semantic Integrity for Remote Attestation Fabrizio Baiardi 1 Diego Cilea 2 Daniele Sgandurra 2 Francesco Ceccarelli 3 1 Polo G. Marconi - La Spezia, Universit di Pisa, Italy 2

  1. Introduction Proposed Solution: VIMS Conclusion Measuring Semantic Integrity for Remote Attestation Fabrizio Baiardi 1 Diego Cilea 2 Daniele Sgandurra 2 Francesco Ceccarelli 3 1 Polo G. Marconi - La Spezia, Università di Pisa, Italy 2 Dipartimento di Informatica, Università di Pisa, Italy 3 ENEL SpA, Italy Trust 2009 1/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  2. Introduction Proposed Solution: VIMS Conclusion Outline Introduction 1 Integrity of a Remote System Case Study Proposed Solution: VIMS 2 Overall Architecture Implementation Conclusion 3 Results and Future Works 2/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  3. Introduction Integrity of a Remote System Proposed Solution: VIMS Case Study Conclusion Integrity of a Remote System Network administrators cannot guarantee the confidentiality and the integrity of Intranet data accessed by remote clients: little assurance about the integrity of remote clients can be established; an attacker may have compromised a remote client’s application. We need a general notion of integrity the should consider that: a remote client can be trusted only if it executes applications in a predefined set; remote client’s applications should be continuously monitored to discover if they have been attacked. Checking run-time attacks against remote client’s applications and OS. 3/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  4. Introduction Integrity of a Remote System Proposed Solution: VIMS Case Study Conclusion Case Study: Enel SPA Livorno Lab The private network host SCADA devices that can be remotely administered by remote nodes inside the Intranet. Remote nodes are commodity PCs, which can also be connected to Internet or run arbitrary software. Goal: when accessing SCADA device, the integrity of the remote nodes must be assured: the remote PC should run only authorised software; the behaviour of the software should be continuously monitored. 4/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  5. Introduction Integrity of a Remote System Proposed Solution: VIMS Case Study Conclusion Case Study: Enel SPA Livorno Lab 5/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  6. Introduction Integrity of a Remote System Proposed Solution: VIMS Case Study Conclusion Integrity Measurements: Current Approaches Only static checks (e.g., at boot-time). 6/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  7. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion VIMS Virtual machine Integrity Measurement System (VIMS) is an architecture that implements a dynamic-based approach to integrity. The notion of integrity includes not only the correct configuration of the system and of the software it runs, but also that the remote client does not execute some malware that changes the behaviour of its applications. VIMS exploits virtualization technology to run two virtual machines (VMs) on the remote host: the Client VM: it runs the VPN client to access the SCADA network; the Assurance VM: the VM that implements remote attestation. Moreover, “dangerous” applications are run in a distinct VM. 7/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  8. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion Virtual Machine Introspection Introspection is a generic technique to detect intrusions. With virtualization, no need of additional hardware units: visibility: access VM’s state from a lower level; robustness: introspect a VM from another VM. 8/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  9. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion Kernel Integrity With virtual machine introspection, the Assurance VM can dynamically check from the “outside”: integrity of the kernel code (also modules); modifications to the interrupt descriptor table; modifications to the system call table; the list of running processes; the list of open files. 9/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  10. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion Process Integrity: Defining the Process Self Protecting a process from attacks that alter the intended behaviour of the process’ program. We want to preserve the original semantics of the program (VPN client). Notion of process self: the program that the process executes. Based on traces of system calls: dynamic analysis: Forrest et al; static analysis: Wagner and Dean. 10/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  11. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion Grammar of System Call Sequences We deduce the possible valid sequences of system calls that the process can issue from the source code: we encode them using a context-free grammar. A static tool computes a context-free grammar CFG that models the legal system call traces the remote VPN client can issue. At run-time, a sequence of system calls is valid only if it is a prefix of at least one string generated by the grammar. 11/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  12. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion Grammar of System Call Sequences: An Example int n = 5; foo() { n--; open(); write() if(n) foo(); close(); � main �→ � foo � | open read close ; } � foo �→ open write ( � foo � )? close ; int main(int argc) { if(argc) foo(); else { open(); read(); close(); } } 12/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  13. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion VIMS The Client VM (C-VM) runs the remote client software, i.e. the VPN client application to connect to the VPN server. the Assurance VM (A-VM) is a shadow VM that applies a set of security checks on the memory of the C-VM: integrity checks (kernel-level); sense of self checks (user-level). These checks measure, on behalf of the VPN server, the integrity of the software that the C-VM runs. The A-VM can either apply consistency checks periodically or on demand when requested by the VPN server. 13/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  14. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion Threat Model TPM, CPU and BIOS are trusted. Memory cannot be hacked at run-time, e.g. via DMA. VMM and A-VM are trusted: small size, no Internet services open. All the nodes belong to the Intranet. 14/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  15. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion Current Prototype Xen. TrustedBoot. TrouSerS. Simple client VPN + remote attestation protocol. Assurance Module: Introspection Library: VCPU introspection; memory introspection. kernel code integrity checks; grammar generating algorithm + parser for sense of self: Icaria + Ponder + Grappa; Bison. Server OpenVPN plugin for remote attestation. 15/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  16. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion Introspection Library The Introspection Library is invoked by the Assurance Module periodically and whenever the VPN client issues a system call. Memory Introspection, to access the memory of a Client VM both at the kernel and at the user-level. VCPU-Context Introspection, to retrieve the state of the Client VM’s virtual processor. 16/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  17. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion Kernel Integrity Checks 17/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

  18. Introduction Overall Architecture Proposed Solution: VIMS Implementation Conclusion Sense of Self Definition We build CFG (context-free grammar) by exploiting Icaria + Ponder, Grappa and Bison to generate a parser for the system call grammar: modified Icaria + Ponder to produce an AST; 1 from the AST, using our extended Grappa Lib (specialised for AST 2 analysis), we generate the CFG in Bison syntax; invoke Bison to CFG to build the on-line parser that checks that the VPN 3 client generates a legal trace. 18/26 F. Baiardi, D. Cilea, D. Sgandurra, F. Ceccarelli Measuring Semantic Integrity for Remote Attestation

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B.

A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B.

A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B. Rasmussen, Gene Tsudik UC Irvine Overview Motivation Definition of Remote Attestation From Definition to Properties From Properties

452 views • 17 slides
Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim Eldefrawy, Norrathep Rattanavipanon , Gene Tsudik June 28, 2017 nrattana@uci.edu http://sprout.ics.uci.edu IoT/CPS/ES IoT/CPS/ES IoT/CPS/ES Remote

451 views • 33 slides
Going Remote with Integrity 3.0: Your Academic Integrity Policy Gone Virtual Dr. James Earl Orr,

Going Remote with Integrity 3.0: Your Academic Integrity Policy Gone Virtual Dr. James Earl Orr,

Going Remote with Integrity 3.0: Your Academic Integrity Policy Gone Virtual Dr. James Earl Orr, Jr. April 9, 2020 Caveat to Presentation True Promotion of Academic Integrity Involves a Coordinated Campus Conversation Faculty, Students,

464 views • 44 slides
Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware Xavier

Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware Xavier

Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware Xavier Carpent, Norrathep (Oak) Rattanavipanon , Gene Tsudik nrattana@uci.edu SPROUT Lab: sprout.ics.uci.edu University of California, Irvine 1

644 views • 42 slides
Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1 In

847 views • 48 slides
BARRETT: BlockchAin Regulated REmote aTTestation Michail Bampatsikos, Christoforos Ntantogian,

BARRETT: BlockchAin Regulated REmote aTTestation Michail Bampatsikos, Christoforos Ntantogian,

BARRETT: BlockchAin Regulated REmote aTTestation Michail Bampatsikos, Christoforos Ntantogian, Christos Xenakis, Stelios C. A. Thomopoulos ACKNOWLEDGEMENT: The research of the authors M. Bampatsikos and S. C. A. Thomopoulos is supported by Stavros

187 views • 15 slides
Align, Disambiguate, and Walk A Unified Approach for Measuring Semantic Similarity Semantic

Align, Disambiguate, and Walk A Unified Approach for Measuring Semantic Similarity Semantic

Align, Disambiguate, and Walk A Unified Approach for Measuring Semantic Similarity Semantic Similarity; how similar are a pair of lexical items? Semantic Similarity Semantic Similarity Semantic Similarity Sentence level

1.42k views • 127 slides
HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim Eldefrawy , Norrathep Rattanavipanon, Gene Tsudik HRL Labs UC Irvine UC Irvine (Currently at SRI) July 18, 2017 karim.eldefrawy@sri.com IoT/CPS/ES 2

1.07k views • 41 slides
BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance

BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance

BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance Use Disorder (SUD) Services DOH agrees that an attestation process for SUD services should be an option The attestation process for SUD

474 views • 8 slides
Preserving Linked Data on the Semantic Web by the application of Link Integrity techniques from

Preserving Linked Data on the Semantic Web by the application of Link Integrity techniques from

Preserving Linked Data on the Semantic Web by the application of Link Integrity techniques from Hypermedia Rob Vesse, Wendy Hall and Les Carr {rav08r,wh,lac}@ecs.soton.ac.uk 27 April 2010 Link Integrity Aims to ensure that a Link is valid

430 views • 14 slides
ADVANCED INTEGRITY INSPECTIONS DRONE REMOTE VISUAL INSPECTION & REMOTE DIGITAL INSPECTIONS

ADVANCED INTEGRITY INSPECTIONS DRONE REMOTE VISUAL INSPECTION & REMOTE DIGITAL INSPECTIONS

ADVANCED INTEGRITY INSPECTIONS DRONE REMOTE VISUAL INSPECTION & REMOTE DIGITAL INSPECTIONS Presenters: Paul Hughes (Stork), Stewart Wallace (Stork) & Murray Stewart (Air Control Entech). WELCOME & INTRODUCTIONS P a u l H u g h e

320 views • 18 slides
Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive

Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive

Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive Director EY Chair AICPA Trust Information Integrity Task Force Agenda Item 8-D IAASB Meeting, September 21-25, 2015 New York, USA Page 1 Increasing

444 views • 17 slides
Measuring Semantic Coherence of a Conversation Svitlana Vakulenko , Maarten de Rijke, Michael

Measuring Semantic Coherence of a Conversation Svitlana Vakulenko , Maarten de Rijke, Michael

Measuring Semantic Coherence of a Conversation Svitlana Vakulenko , Maarten de Rijke, Michael Cochez, Vadim Savenkov, Axel Polleres Semantic Coherence? I think Monterey is a great conference location! Oh yes, it has Florida s most beautiful

553 views • 26 slides
Measuring Semantic Coherence of a Conversation Svitlana Vakulenko , Maarten de Rijke, Michael

Measuring Semantic Coherence of a Conversation Svitlana Vakulenko , Maarten de Rijke, Michael

Measuring Semantic Coherence of a Conversation Svitlana Vakulenko , Maarten de Rijke, Michael Cochez, Vadim Savenkov, Axel Polleres 6 JUNE 2018 Semantic coherence An essential property of a conversation, continuity of senses

950 views • 25 slides
PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new release which allows signing using symmetric attestation keys (using COSE Mac0) Fully documented in ARM IHI 0085 TF-M master is slightly behind the

542 views • 17 slides
Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - Tlcom SudParis)

Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - Tlcom SudParis)

Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - Tlcom SudParis) 12/02/2019 interne France Tlcom - Orange Trust in Remote Devices: example A sensor sends the following message over a Bluetooth, BLE or Thread

528 views • 19 slides
Building Custom Linux Images Building Custom Linux Images for Amazon EC2 for Amazon EC2 Eric

Building Custom Linux Images Building Custom Linux Images for Amazon EC2 for Amazon EC2 Eric

Building Custom Linux Images Building Custom Linux Images for Amazon EC2 for Amazon EC2 Eric Hammond Eric Hammond VP Technology VP Technology CampusExplorer.com CampusExplorer.com O'Reilly OSCON Open Source Convention 2009 O'Reilly OSCON

1.33k views • 69 slides
Hands on Virtualization with Ganeti Lance Albertson Peter Krenesky http://is.gd/osconganeti |

Hands on Virtualization with Ganeti Lance Albertson Peter Krenesky http://is.gd/osconganeti |

Hands on Virtualization with Ganeti Lance Albertson Peter Krenesky http://is.gd/osconganeti | http://is.gd/osconganetipdf About us OSU Open Source Lab Server hosting for Open Source Projects Open Source development projects Lance / Lead

1.22k views • 119 slides
WHAT TO DO WITH READINGS Besides just reading SESSION TOPICS: 1. Types of readings to use in

WHAT TO DO WITH READINGS Besides just reading SESSION TOPICS: 1. Types of readings to use in

WHAT TO DO WITH READINGS Besides just reading SESSION TOPICS: 1. Types of readings to use in class 2. In-class activities & games 3. Partner & Individual work Kelly Ferguson Twitter: @kelferg kelly@compellinginstruction.com

267 views • 26 slides
Dear Peter: Remember, we were going to create a shortlist of important questions for future

Dear Peter: Remember, we were going to create a shortlist of important questions for future

Dear Peter: Remember, we were going to create a shortlist of important questions for future joint trials? Well, here is one potential candidate: Barbara Schmidt; February 18, 1998 I was just browsing through the neonatal Cochrane

314 views • 30 slides
Image BUILD aS - a - SeRVIce Why it makes sense to build your own cloud images OpenStack Summit

Image BUILD aS - a - SeRVIce Why it makes sense to build your own cloud images OpenStack Summit

Image BUILD aS - a - SeRVIce Why it makes sense to build your own cloud images OpenStack Summit Boston 2017 aBoUt US kURt gaRLoff Studied physics Built up SUSE Labs, where he was leading the development open teLekom cLoUD aRchItekt of

544 views • 29 slides
8th International Conference on Marine Pollution and Ecotoxicology Poster Presentation II Poster

8th International Conference on Marine Pollution and Ecotoxicology Poster Presentation II Poster

8th International Conference on Marine Pollution and Ecotoxicology Poster Presentation II Poster Mounting 22 June 2016 from 16:30 Poster dismounting 24 June 2016 from 13:00 Authors Topic P-59 Leu Ming-Yih THE POTENTIAL IMPACT OF OCEAN

291 views • 3 slides
Spatial mapping and modelling of heavy metals and xenobiotics in Ghana Lily Lisa Yevugah

Spatial mapping and modelling of heavy metals and xenobiotics in Ghana Lily Lisa Yevugah

Kwame Nkrumah University of Science & Technology, Kumasi, Ghana Spatial mapping and modelling of heavy metals and xenobiotics in Ghana Lily Lisa Yevugah Geomatic Engineering Department A PhD Student on the SHEATHE Project 1

1.46k views • 21 slides
Landfill Final Cover System Design Not as Simple as One May Think By: Brian Ayres,

Landfill Final Cover System Design Not as Simple as One May Think By: Brian Ayres,

Landfill Final Cover System Design Not as Simple as One May Think By: Brian Ayres, M.Sc., P.Eng. and Darren Dickson, M.A.Sc., P.Eng. SustainTech 2018 Conference March 22, 2018, Saskatoon, SK A world leader Founded in 1911,

257 views • 21 slides

More recommend