sancus 2 0 open source trusted computing for the iot
play

Sancus 2.0: Open-Source Trusted Computing for the IoT Jan Tobias - PowerPoint PPT Presentation

Sep 27, 2023 •342 likes •815 views

Sancus 2.0: Open-Source Trusted Computing for the IoT Jan Tobias Mhlberg jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium FOSDEM, Brussels, February 2018 Joint work with Job Noorman, Jo Van

  1. Sancus 2.0: Open-Source Trusted Computing for the IoT Jan Tobias Mühlberg jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium FOSDEM, Brussels, February 2018 Joint work with Job Noorman, Jo Van Bulck, Frank Piessens, Pieter Maene, Ingrid Verbauwhede and many others.

  2. empty Security Source of images 1, 2, 3: https://en.wikipedia.org/ 2 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  3. empty Security 1 Understand the system. • Context, hardware, software, data, users, use cases, etc. Source of images 1, 2, 3: https://en.wikipedia.org/ 2 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  4. empty Security 1 Understand the system. • Context, hardware, software, data, users, use cases, etc. 2 Understand the security requirements. • Requirements are not features! • “Only authenticated users can do X. Two-factor authentication is required for all users. All X are logged, detailing time, user and properties of X.” Source of images 1, 2, 3: https://en.wikipedia.org/ 2 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  5. empty Security 1 Understand the system. • Context, hardware, software, data, users, use cases, etc. 2 Understand the security requirements. • Requirements are not features! • “Only authenticated users can do X. Two-factor authentication is required for all users. All X are logged, detailing time, user and properties of X.” 3 Understand the attacker. • “Attackers can listen to all communication, can drop, reorder or replay messages, may compromise Y% of the system, can’t break crypto.” Source of images 1, 2, 3: https://en.wikipedia.org/ 2 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  6. empty Security “New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.” Source: https://xkcd.com/1938/ 3 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  7. empty Security “New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.” 1 Understand the system. 2 Understand the security requirements. 3 Understand the attacker. Source: https://xkcd.com/1938/ 3 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  8. empty Security “New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.” 1 Understand the system. 2 Understand the security requirements. 3 Understand the attacker. 4 Understand and embrace change! • Discovery of vulnerabilities • Different understanding of the system • New (functional|security) requirements • New attacks, different attackers Source: https://xkcd.com/1938/ 3 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  9. empty Trusted Computing Source: https://en.wikipedia.org/wiki/Trusted_Computing 4 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  10. empty Trusted Computing According to the Trusted Computing Group Protect computing infrastructure at end points; Hardware extensions to enforce specific behaviour and to provide cryptographic capabilities, protecting against unauthorised change and attacks Source: https://en.wikipedia.org/wiki/Trusted_Computing 4 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  11. empty Trusted Computing According to the Trusted Computing Group Protect computing infrastructure at end points; Hardware extensions to enforce specific behaviour and to provide cryptographic capabilities, protecting against unauthorised change and attacks • Endorsement Key , EK Certificate, Platform Certificate: Unique private key that never leaves the hardware, authenticate device identity • Memory curtaining: provide isolation of sensitive areas of memory • Sealed storage: Bind data to specific device or software • Remote attestation: authenticate hardware and software configuration to a remote host • Trusted third party as an intermediary to provide (ano|pseudo)nymity Source: https://en.wikipedia.org/wiki/Trusted_Computing 4 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  12. empty Trusted Computing According to the Trusted Computing Group Protect computing infrastructure at end points; Hardware extensions to enforce specific behaviour and to provide cryptographic capabilities, protecting against unauthorised change and attacks • Endorsement Key , EK Certificate, Platform Certificate: Unique private key that never leaves the hardware, authenticate device identity • Memory curtaining: provide isolation of sensitive areas of memory • Sealed storage: Bind data to specific device or software • Remote attestation: authenticate hardware and software configuration to a remote host • Trusted third party as an intermediary to provide (ano|pseudo)nymity In practice: different architectures, subset of the above features, additions such as “enclaved” execution, memory encryption or secure I/O capabilities Source: https://en.wikipedia.org/wiki/Trusted_Computing 4 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  13. empty Trusted Computing According to the Trusted Computing Group Protect computing infrastructure at end points; Hardware extensions to enforce specific behaviour and to provide cryptographic capabilities, protecting against unauthorised change and attacks • Endorsement Key , EK Certificate, Platform Certificate: Unique private key that never leaves the hardware, authenticate device identity • Memory curtaining: provide isolation of sensitive areas of memory • Sealed storage: Bind data to specific device or software • Remote attestation: authenticate hardware and software configuration to a remote host • Trusted third party as an intermediary to provide (ano|pseudo)nymity In practice: different architectures, subset of the above features, additions such as “enclaved” execution, memory encryption or secure I/O capabilities Source: https://en.wikipedia.org/wiki/Trusted_Computing 4 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  14. empty Trusted Computing According to Richard Stallman Treacherous Computing: “The technical idea underlying treacherous computing is that the computer includes a digital encryption and signature device, and the keys are kept secret from you. Proprietary programs will use this device to control which other programs you can run, which documents or data you can access, and what programs you can pass them to. These programs will continually download new authorisation rules through the Internet, and impose those rules automatically on your work.” Source: https://www.gnu.org/philosophy/can-you-trust.html 5 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  15. empty Trusted Computing According to Richard Stallman Treacherous Computing: “The technical idea underlying treacherous computing is that the computer includes a digital encryption and signature device, and the keys are kept secret from you. Proprietary programs will use this device to control which other programs you can run, which documents or data you can access, and what programs you can pass them to. These programs will continually download new authorisation rules through the Internet, and impose those rules automatically on your work.” In the light of recent incidents. . . • Buggy software: think of OpenSSL ’s Heartbleed in an enclave • Side channels: timing, caching, speculative execution, etc. • Buggy system: CPUs, peripherals, firmware (Broadpwn, Intel ME, Meltdown) • Malicious intent: Backdoors, ransomware, etc. Source: https://www.gnu.org/philosophy/can-you-trust.html 5 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  16. empty Trusted Computing (and why Sancus?) Good design practice for trusted computing? Good use cases for trusted computing? • non-invasive, understandable, measurably secure • stuff that matters: critical applications, critical infrastructure, embedded Source: https://twitter.com/MelissaKaulfuss/status/804209991510937600?s=09 6 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  17. empty Trusted Computing (and why Sancus?) Good design practice for trusted computing? Good use cases for trusted computing? • non-invasive, understandable, measurably secure • stuff that matters: critical applications, critical infrastructure, embedded Don’t restrict the user but enable them, convince them to trust. Build to validate, invite to crutinize: hardware and software. Build upon well-understood OSS building blocks: hardware, crypto, compilers, OS, libs Divide and conquer: memory curtaining and isolation make validation easier Source: https://twitter.com/MelissaKaulfuss/status/804209991510937600?s=09 6 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  18. empty Isolation and Attestation on Light-Weight MCUs Many microcontrollers feature little security functionality 7 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  19. empty Isolation and Attestation on Light-Weight MCUs Many microcontrollers feature little security functionality 7 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  20. empty Isolation and Attestation on Light-Weight MCUs Many microcontrollers feature little security functionality 7 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

  21. empty Isolation and Attestation on Light-Weight MCUs Many microcontrollers feature little security functionality • Applications share address space 7 /22 Jan Tobias Mühlberg Sancus 2.0, Trusted Computing

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT

DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT

DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT Sergio Seminara seminara@kth.se KTH - Kungliga Tekniska Hgskola Examiner: prof. Mads Dam Supervisor: prof. Roberto Guanciale Seminara (KTH)

545 views • 50 slides
About imec-DistriNet enclave research https://distrinet.cs.kuleuven.be/ Trusted computing across

About imec-DistriNet enclave research https://distrinet.cs.kuleuven.be/ Trusted computing across

About imec-DistriNet enclave research https://distrinet.cs.kuleuven.be/ Trusted computing across the system stack: hardware, compiler, OS, application Integrated attack-defense perspective and open-source prototypes SGX-Step framework Sancus

925 views • 75 slides
Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing

Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing

Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing Base Pieter Agten Wilfried Daniels Raoul Strackx Job Noorman Anthony Van Herrewege Christophe Huygens Bart Preneel Ingrid Verbauwhede Frank

806 views • 67 slides
Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and

Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and

Computer S ecurity: Principles and Practice Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and Multilevel Security First Edition by William S tallings and Lawrie Brown Lecture slides by Lawrie

636 views • 40 slides
Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your

Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your

Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your hosts Andrew Whelan CEO, Sancus BMS Group Chartered Fellow of the Chartered Institute for Securities & Investment Andys career has spanned

765 views • 18 slides
Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source Licenses: GPL vs. LGPL vs. MIT/Apache Foundations: Linux, Apache, Eclipse, Similar: Open Data, Open Hardware, Open Knowledge, ... Advantages of OS

508 views • 13 slides
Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &

Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &

Chinas Dietary Supplement Industry Market Insights Natural Products Expo West March 11, 2017 Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey & Company Your Trusted Partner in China Consumer

409 views • 29 slides
Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal Holloway, University of London c.mitchell@rhul.ac.uk http://www.isg.rhul.ac.uk/~cjm Contents What is trusted computing? The TCG TCG

1.43k views • 114 slides
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklins 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have trusted hardware?

315 views • 27 slides
Hyper-scaling on Openstack with Open Source tooling A use case in deploying hyper-scale grid

Hyper-scaling on Openstack with Open Source tooling A use case in deploying hyper-scale grid

Hyper-scaling on Openstack with Open Source tooling A use case in deploying hyper-scale grid computing on Open Telekom Cloud Why Open Source? Open Open Design Open Choice Standards Community Lead Contributor Model No-Lock in Cloud Design

416 views • 14 slides
Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and

Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and

The State of Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and Open Source databases RedHat Acquired by IBM Image Source: https://techcrunch.com/story/ibm-acquires-red-hat/ Open Source

663 views • 29 slides
SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson Research Security / Lund University 1 2019-03-01 B. Smeets LiTH course Goal of this lecture Understand trusted computing and its purpose Threats

794 views • 66 slides
SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson Research Security / Lund University 1 2020-02-28 B. Smeets LiTH course Goal of this lecture Understand trusted computing and its purpose Threats

1.42k views • 65 slides
Introduction to Trusted Computing Pieter Maene , Johannes G otzfried, Ruan de Clercq, Tilo M

Introduction to Trusted Computing Pieter Maene , Johannes G otzfried, Ruan de Clercq, Tilo M

Introduction to Trusted Computing Pieter Maene , Johannes G otzfried, Ruan de Clercq, Tilo M uller, Felix Freiling, and Ingrid Verbauwhede 1 KU Leuven/COSIC, Belgium 2 FAU Erlangen-N urnberg, Germany January 31, 2017 Trusted Computing 2

723 views • 35 slides
RustZone: Writing Trusted Applications in Rust Eric Evenchick Black Hat Asia 2018 About Me

RustZone: Writing Trusted Applications in Rust Eric Evenchick Black Hat Asia 2018 About Me

RustZone: Writing Trusted Applications in Rust Eric Evenchick Black Hat Asia 2018 About Me Principal Research Consultant @ Atredis Partners Founder, Developer of Open Source Hardware Things @ Linklayer Labs Outline Trusted

847 views • 30 slides
Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O

Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O

Responsiveness Guarantee for the Sancus Protected Module Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O & application case o 3. Objectives Attacker model & properties o 4. Design

420 views • 14 slides
Saurabh Gupta Many slides adapted from B. Hariharan, L. Lazebnik, N. Snavely, Y. Furukawa. The

Saurabh Gupta Many slides adapted from B. Hariharan, L. Lazebnik, N. Snavely, Y. Furukawa. The

Review - Computer Vision Saurabh Gupta Many slides adapted from B. Hariharan, L. Lazebnik, N. Snavely, Y. Furukawa. The goal(s) or computer vision What is the image about? What objects are in the image? Where are they? How are

1.03k views • 46 slides
A New Approach for Constructing Low-Error Two-Source Extractors DEAN DORON TEL-AVIV

A New Approach for Constructing Low-Error Two-Source Extractors DEAN DORON TEL-AVIV

A New Approach for Constructing Low-Error Two-Source Extractors DEAN DORON TEL-AVIV UNIVERSITY Joint work with AVRAHAM BEN-AROYA ESHAN CHATTOPADHYAY XIN LI AMNON TA-SHMA Todays talk Two-source extractors and the low-error challenge.

1.28k views • 113 slides
miltos1 https://miltos.allamanis.com Microsoft Research Cambridge

miltos1 https://miltos.allamanis.com Microsoft Research Cambridge

miltos1 https://miltos.allamanis.com Microsoft Research Cambridge http://www.eclipse.org/recommenders/ https://visualstudio.microsoft.com/services/intellicode/ Predicting Program Properties from Code Deep Learning Type Inference V. Raychev,

754 views • 30 slides
FINDING QUALITY IN QUANTITY: THE CHALLENGE OF DISCOVERING VALUABLE SOURCES FOR INTEGRATION

FINDING QUALITY IN QUANTITY: THE CHALLENGE OF DISCOVERING VALUABLE SOURCES FOR INTEGRATION

FINDING QUALITY IN QUANTITY: THE CHALLENGE OF DISCOVERING VALUABLE SOURCES FOR INTEGRATION Theodoros Rekatsinas University of Maryland Amol Deshpande, Xin Luna Dong, Lise Getoor and Divesh Srivastava DATA, DATA, DATA Clean Analyze

514 views • 25 slides
EDAN20 Language Technology http://cs.lth.se/edan20/ Chapter 13: Dependency Parsing Pierre

EDAN20 Language Technology http://cs.lth.se/edan20/ Chapter 13: Dependency Parsing Pierre

Language Technology EDAN20 Language Technology http://cs.lth.se/edan20/ Chapter 13: Dependency Parsing Pierre Nugues Lund University Pierre.Nugues@cs.lth.se http://cs.lth.se/pierre_nugues/ September 19, 2016 Pierre Nugues EDAN20 Language

841 views • 40 slides
Carcross HMP Working Group, April 8, 2015: 2015 04 10 Hal Kalman slides What is a Heritage

Carcross HMP Working Group, April 8, 2015: 2015 04 10 Hal Kalman slides What is a Heritage

Carcross HMP Working Group, April 8, 2015: 2015 04 10 Hal Kalman slides What is a Heritage Management Plan? ( or conservation management plan / conservation plan ) A document which sets out what is significant in a

357 views • 9 slides
Optimal control of state constrained PDEs system with Sparse controls. Kazufumi Ito Dept. of

Optimal control of state constrained PDEs system with Sparse controls. Kazufumi Ito Dept. of

Optimal control of state constrained PDEs system with Sparse controls. Kazufumi Ito Dept. of Math, North Carolina State University Abstract: In this talk we discuss point-wise state constraint prob- lems with sparse controls for a general class

586 views • 15 slides
Protocol Principles Framing, FCS and ARQ 2005/03/11 (C) Herbert Haas Link Layer Tasks

Protocol Principles Framing, FCS and ARQ 2005/03/11 (C) Herbert Haas Link Layer Tasks

Protocol Principles Framing, FCS and ARQ 2005/03/11 (C) Herbert Haas Link Layer Tasks Framing Frame Protection Optional Addressing Optional Error Recovery Connection-oriented or connectionless mode Optional Flow Control

928 views • 51 slides

More recommend