sancus a low cost security architecture for distributed
play

Sancus: A Low-Cost Security Architecture for Distributed IoT - PowerPoint PPT Presentation

Jan 22, 2024 •367 likes •1.16k views

Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared Infrastructure Job Noorman Public PhD Defence 19 Apr 2017 Safety considerations when lodging in a hotel Untrusted guests Locked room Unknown personnel

  1. Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared Infrastructure Job Noorman Public PhD Defence 19 Apr 2017

  2. Safety considerations when lodging in a hotel Untrusted guests Locked room Unknown personnel Just trust them Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 1 / 33

  3. A hotel as an analogy for computing devices Untrusted guests Other applications Locked room Virtual memory, virtual machines,. . . Unknown personnel Operating system Just trust them Just trust it Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 1 / 33

  4. A hotel as an analogy for computing devices Untrusted guests Other applications Locked room Virtual memory, virtual machines,. . . Unknown personnel Operating system Just trust them Just trust it Hostile environment Untrusted network Guarded transportation Cryptography Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 1 / 33

  5. A hotel nobody would want to go, a good analogy for embedded devices Untrusted guests Other applications Locked room Virtual memory, virtual machines,. . . Unknown personnel Operating system Just trust them Just trust it Hostile environment Untrusted network Guarded transportation Cryptography No rooms/walls No software isolation Don’t go there Well, just go there anyway. . . Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 1 / 33

  6. Lack of isolation problematic for third-party extensibility Private hotel Monolithic application No other guests Single, fixed binary Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 2 / 33

  7. Lack of isolation problematic for third-party extensibility Private hotel Monolithic application No other guests Single, fixed binary Trusted guests First-party extensibility Bouncer at the entrance Authenticated binaries Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 2 / 33

  8. Lack of isolation problematic for third-party extensibility Private hotel Monolithic application No other guests Single, fixed binary Trusted guests First-party extensibility Bouncer at the entrance Authenticated binaries Untrusted guests Third-party extensibility Rooms for security Memory isolation for security Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 2 / 33

  9. Although very relevant, low-end devices lack effective security features More threats on embedded devices Due to network connectivity and third-party extensibility No effective solutions exist It’s “a mess” (Viega and Thompson) Researchers are exploring this area E.g., SMART (El Defrawy et al.) Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 3 / 33

  10. Goal: create a trustworthy hotel for secure lodging Isolation of guests Private rooms for the guests Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 4 / 33

  11. Goal: create a trustworthy hotel for secure lodging Isolation of guests Private rooms for the guests Attestation of well-being Proof unharmed arrival Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 4 / 33

  12. Goal: create a trustworthy hotel for secure lodging Isolation of guests Private rooms for the guests Attestation of well-being Proof unharmed arrival Secure communication Call home/with other guests Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 4 / 33

  13. Goal: create a trustworthy hotel for secure lodging Isolation of guests Private rooms for the guests Attestation of well-being Proof unharmed arrival Secure communication Call home/with other guests Zero-people Trusted Lodging Base Less people to trust, less can go wrong Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 4 / 33

  14. Goal: design and implement a low-cost, extensible security architecture Isolation of software modules Memory isolation for data and code Attestation of a module’s state Proof integrity and isolation Secure communication Both locally and remotely Zero-software Trusted Computing Base Counteracting attackers with full control over infrastructural software Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 5 / 33

  15. Extended goals Confidentiality of communication and code Authenticity often not enough Guarantees for distributed applications On an infrastructure shared with the attacker Securing unaltered legacy code When changing code is impossible/too expensive Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 6 / 33

  16. Target: a generic system model Infrastructure provider IP IP owns and administers nodes N i N 1 SM 1 , 1 SM 2 , 1 SP 1 · · · Software providers SP j wants to use the infrastructure N 2 SM 2 , 2 SM j , k SP 2 · · · Software modules . . . . . . SM j , k is deployed by SP j on N i Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 7 / 33

  17. Example node configuration Node SM 1 SP 1 . . . . SM S S . IP . SM n SP n Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 8 / 33

  18. Preview Module isolation 1 Key management 2 Remote attestation and secure communication 3 Secure linking 4 Results 5 Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 9 / 33

  19. Overview Module isolation 1 Hotel analogy Module layout Access rights enforcement Key management 2 Remote attestation and secure communication 3 Secure linking 4 Results 5 Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 10 / 33

  20. Safe lodging for guests by building rooms Walls to keep other guests and personnel out Safeguard possessions, prevent attacks Door with lock to allow controlled access We want room service, right? Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 11 / 33

  21. Modules are bipartite with a text section and a private data section Immutable text section Containing code and constants Private data section Containing secret runtime data Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 12 / 33

  22. Node with one software module loaded Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data Next ID K N , SP , SM 1 SM 1 metadata Protected Caller ID storage area K N Layout Keys Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 13 / 33

  23. Node with one software module loaded Text and data sections Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data Next ID K N , SP , SM 1 SM 1 metadata Protected Caller ID storage area K N Layout Keys Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 13 / 33

  24. Node with one software module loaded Module layout Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data Next ID K N , SP , SM 1 SM 1 metadata Protected Caller ID storage area K N Layout Keys Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 13 / 33

  25. Node with one software module loaded Module identity Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data Next ID K N , SP , SM 1 SM 1 metadata Protected Caller ID storage area K N Layout Keys Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 13 / 33

  26. Node with one software module loaded Module entry point Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data Next ID K N , SP , SM 1 SM 1 metadata Protected Caller ID storage area K N Layout Keys Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 13 / 33

  27. Node with one software module loaded Module keys Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data Next ID K N , SP , SM 1 SM 1 metadata Protected Caller ID storage area K N Layout Keys Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 13 / 33

  28. Node with one software module loaded ID registers Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data Next ID K N , SP , SM 1 SM 1 metadata Protected Caller ID storage area K N Layout Keys Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 13 / 33

  29. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 14 / 33

  30. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter From/to Text Data Unprotected Text Other Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 14 / 33

  31. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter From/to Text Data Unprotected Text Other Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 14 / 33

  32. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter From/to Text Data Unprotected Text Other Job Noorman (Public PhD Defence) Sancus 19 Apr 2017 14 / 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O

Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O

Responsiveness Guarantee for the Sancus Protected Module Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O & application case o 3. Objectives Attacker model & properties o 4. Design

420 views • 14 slides
The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed systems Walt Williams Who is this bloke? Author of Security for Service Oriented Architecture, CRC press 2014 Director of Information Security,

1.12k views • 55 slides
Networked Embedded Devices Frank Piessens, imec-DistriNet, KU Leuven Introduction Long-term

Networked Embedded Devices Frank Piessens, imec-DistriNet, KU Leuven Introduction Long-term

Sancus 2.0: A Security Architecture for Low-Cost Networked Embedded Devices Frank Piessens, imec-DistriNet, KU Leuven Introduction Long-term objective: Secure open software application platforms for distributed IT infrastructure

712 views • 40 slides
Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing

Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing

Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing Base Pieter Agten Wilfried Daniels Raoul Strackx Job Noorman Anthony Van Herrewege Christophe Huygens Bart Preneel Ingrid Verbauwhede Frank

806 views • 67 slides
DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT

DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT

DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT Sergio Seminara seminara@kth.se KTH - Kungliga Tekniska Hgskola Examiner: prof. Mads Dam Supervisor: prof. Roberto Guanciale Seminara (KTH)

545 views • 50 slides
Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your

Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your

Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your hosts Andrew Whelan CEO, Sancus BMS Group Chartered Fellow of the Chartered Institute for Securities & Investment Andys career has spanned

765 views • 18 slides
Ostro OS security architecture An IoT OS security architecture that is so boring that you can

Ostro OS security architecture An IoT OS security architecture that is so boring that you can

Ostro OS security architecture An IoT OS security architecture that is so boring that you can sleep soundly at night Ismo Puustinen, Intel Finland What is Ostro OS? https://ostroproject.org IoT operating system, based on Yocto project

261 views • 9 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Sancus BMS Group The Future for Alternative Finance Andrew Whelan May 2017 GLI Finance

Sancus BMS Group The Future for Alternative Finance Andrew Whelan May 2017 GLI Finance

Sancus BMS Group The Future for Alternative Finance Andrew Whelan May 2017 GLI Finance Investment Portfolio of SME Lending Platforms This document is confidential and should only be circulated with prior approval from Sancus BMS Group. 2 |

947 views • 32 slides
Outline Introduction Background Distributed DBMS Architecture Distributed Database Design

Outline Introduction Background Distributed DBMS Architecture Distributed Database Design

Outline Introduction Background Distributed DBMS Architecture Distributed Database Design Distributed Query Processing Distributed Transaction Management Building Distributed Database Systems (RAID) Mobile Database Systems Privacy, Trust,

620 views • 20 slides
Towards a Reference Architecture for Service- Oriented Cross Domain Security Infrastructures Wen

Towards a Reference Architecture for Service- Oriented Cross Domain Security Infrastructures Wen

Towards a Reference Architecture for Service- Oriented Cross Domain Security Infrastructures Wen Zhu Dr. Lowell Vizenor Dr. Avinash Srinivasan 7 th International Conference on Internet and Distributed Computing Systems Agenda Background

128 views • 12 slides
Distributed Control Lab - A component-based application Overview Architecture Experiments

Distributed Control Lab - A component-based application Overview Architecture Experiments

Distributed Control Lab - A component-based application Overview Architecture Experiments Outline Motivation The Distributed Control Lab (DCL) Architecture Foucault's Pendulum Details Hardware / Software Architecture

794 views • 48 slides
Poster 158 1 / 4 Poster 158 Security in Distributed ML Zeno: distributed synchronous SGD that

Poster 158 1 / 4 Poster 158 Security in Distributed ML Zeno: distributed synchronous SGD that

Zeno: Distributed Stochastic Gradient Descent with Suspicion-based Fault-tolerance Cong Xie, Oluwasanmi Koyejo, Indranil Gupta June 12, 2019 Poster 158 1 / 4 Poster 158 Security in Distributed ML Zeno: distributed synchronous SGD that

211 views • 4 slides
CockroachDB Architecture of a Geo-Distributed SQL Database Nathan VanBenschoten (@natevanben),

CockroachDB Architecture of a Geo-Distributed SQL Database Nathan VanBenschoten (@natevanben),

CockroachDB Architecture of a Geo-Distributed SQL Database Nathan VanBenschoten (@natevanben), Staff Software Engineer CockroachDB: Geo-distributed SQL Database Make Data Easy Distributed Horizontally scalable to grow with your

2.25k views • 110 slides
Recovery, Convergence and Documentation of Languages Doctoral defence of Drs. ir. Vadim V.

Recovery, Convergence and Documentation of Languages Doctoral defence of Drs. ir. Vadim V.

Recovery, Convergence and Documentation of Languages Doctoral defence of Drs. ir. Vadim V. Zaytsev Acknowledgements ? Outline Recovery, Convergence and Documentation of Languages bgf (115) abstract (78) approach (54) argument

815 views • 45 slides
San Francisco, Portsmouth Square, October 1918 6 th Amendment In all criminal prosecutions, the

San Francisco, Portsmouth Square, October 1918 6 th Amendment In all criminal prosecutions, the

San Francisco, Portsmouth Square, October 1918 6 th Amendment In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district where in the crime shall have been

308 views • 9 slides
Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy Enhancing Technologies Symposium Minneapolis, Minnesota, USA 19 July, 2017 @gchers Website Fingerprinting (WF) Encrypted Tunnel Victim

400 views • 20 slides
Climate Change: Implica0ons for Defence Key Findings from

Climate Change: Implica0ons for Defence Key Findings from

climate everyones business Climate Change: Implica0ons for Defence Key Findings from the Intergovernmental Panel on Climate Change Fi7h Assessment Report

94 views • 7 slides
Joint Workshop Theme: Value for Money and Complex Decisions Tuesday 19 th November 2019

Joint Workshop Theme: Value for Money and Complex Decisions Tuesday 19 th November 2019

Joint Workshop Theme: Value for Money and Complex Decisions Tuesday 19 th November 2019 The BAWA Centre, Filton, Bristol, BS34 7RG The Defence S pecial Interest Group (DS IG) of the Operational Research (OR) society and the S ociety

302 views • 4 slides
1 Peter Series Lesson #083 March 9, 2017 Dean Bible Ministries www.deanbibleministries.org Dr.

1 Peter Series Lesson #083 March 9, 2017 Dean Bible Ministries www.deanbibleministries.org Dr.

1 Peter Series Lesson #083 March 9, 2017 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. T HE G OODNESS OF G OD ; G IVING A N A NSWER P ART 1 1 P ETER 3:15 1 Pet. 3:13, And who is he who will harm you if you become

498 views • 31 slides
Surviving the Viva ! ! The role of your supervisor and examiners ! What to expect on the day Dr

Surviving the Viva ! ! The role of your supervisor and examiners ! What to expect on the day Dr

Outline of session ! The viva in context of a PhD Surviving the Viva ! ! The role of your supervisor and examiners ! What to expect on the day Dr Keith Morgan - Typical questions / topics Dr Sara Shinton - Possible outcomes - Common

324 views • 6 slides
Linear functions A. Functions in general A. Functions in general 1. definition B. Linear

Linear functions A. Functions in general A. Functions in general 1. definition B. Linear

1 2 Linear functions A. Functions in general A. Functions in general 1. definition B. Linear functions C. Linear (in)equalities Handbook: E. Haeussler, R. Paul, R. Wood (2011). Introductory Mathematical Analysis for business, economics and

442 views • 20 slides

More recommend