sancus low cost trustworthy extensible networked devices
play

Sancus: Low-cost trustworthy extensible networked devices with a - PowerPoint PPT Presentation

Jul 02, 2023 •120 likes •806 views

Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing Base Pieter Agten Wilfried Daniels Raoul Strackx Job Noorman Anthony Van Herrewege Christophe Huygens Bart Preneel Ingrid Verbauwhede Frank

  1. Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing Base Pieter Agten Wilfried Daniels Raoul Strackx Job Noorman Anthony Van Herrewege Christophe Huygens Bart Preneel Ingrid Verbauwhede Frank Piessens 16 Aug 2013

  2. Noorman et al. Sancus 16 Aug 2013 2 / 29

  3. Carna Botnet Port scanning /0 using insecure embedded devices (Anonymous researcher) Carna Botnet client distribution March to December 2012. ∼ 420K Clients Noorman et al. Sancus 16 Aug 2013 2 / 29

  4. Although very relevant, low-end devices lack effective security features More threats on embedded devices Due to network connectivity and third-party extensibility No effective solutions exist It’s “a mess” (Viega and Thompson) Researchers are exploring this area E.g., SMART (El Defrawy et al.) Noorman et al. Sancus 16 Aug 2013 3 / 29

  5. Goal: design and implement a low-cost, extensible security architecture Strong isolation of software modules Given third-party extensibility Secure communication and attestation Both locally and remotely Counteracting attackers with full control over infrastructural software Zero-software Trusted Computing Base Noorman et al. Sancus 16 Aug 2013 4 / 29

  6. Target: a generic system model Infrastructure provider IP IP owns and administers nodes N i N 1 · · · SM 1 , 1 SM 2 , 1 SP 1 Software providers SP j wants to use the insfrastructure N 2 · · · SM 2 , 2 SM j , k SP 2 Software modules . . . . . . SM j , k is deployed by SP j on N i Noorman et al. Sancus 16 Aug 2013 5 / 29

  7. Example node configuration Node SM 1 SP 1 . . . . SM S S . IP . SM n SP n Noorman et al. Sancus 16 Aug 2013 6 / 29

  8. Preview Module isolation 1 Key management 2 Remote attestation and secure communication 3 Secure linking 4 Results 5 Noorman et al. Sancus 16 Aug 2013 7 / 29

  9. Overview Module isolation 1 Module layout Access rights enforcement Key management 2 Remote attestation and secure communication 3 Secure linking 4 Results 5 Noorman et al. Sancus 16 Aug 2013 8 / 29

  10. Modules are bipartite with a public text section and a protected data section Public text section Containing code and constants Protected data section Containing secret runtime data Noorman et al. Sancus 16 Aug 2013 9 / 29

  11. Node with one software module loaded Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM 1 SM 1 metadata Protected storage area K N Layout Keys Noorman et al. Sancus 16 Aug 2013 10 / 29

  12. Node with one software module loaded Public and protected sections Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM 1 SM 1 metadata Protected storage area K N Layout Keys Noorman et al. Sancus 16 Aug 2013 10 / 29

  13. Node with one software module loaded Module layout Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM 1 SM 1 metadata Protected storage area K N Layout Keys Noorman et al. Sancus 16 Aug 2013 10 / 29

  14. Node with one software module loaded Module identity Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM 1 SM 1 metadata Protected storage area K N Layout Keys Noorman et al. Sancus 16 Aug 2013 10 / 29

  15. Node with one software module loaded Module entry point Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM 1 SM 1 metadata Protected storage area K N Layout Keys Noorman et al. Sancus 16 Aug 2013 10 / 29

  16. Node with one software module loaded Module keys Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM 1 SM 1 metadata Protected storage area K N Layout Keys Noorman et al. Sancus 16 Aug 2013 10 / 29

  17. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter Noorman et al. Sancus 16 Aug 2013 11 / 29

  18. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter From/to Text Protected Unprotected Text Other Noorman et al. Sancus 16 Aug 2013 11 / 29

  19. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter From/to Text Protected Unprotected Text Other Noorman et al. Sancus 16 Aug 2013 11 / 29

  20. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter From/to Text Protected Unprotected Text Other Noorman et al. Sancus 16 Aug 2013 11 / 29

  21. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter Isolation of data Only accessible from text section From/to Text Protected Unprotected Text rw- Other --- Noorman et al. Sancus 16 Aug 2013 11 / 29

  22. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter Isolation of data Only accessible from text section Protection against code misuse (e.g., ROP) From/to Text Protected Unprotected Text r-x rw- Other r-- --- Noorman et al. Sancus 16 Aug 2013 11 / 29

  23. Node with one software module loaded Module entry point Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM 1 SM 1 metadata Protected storage area K N Layout Keys Noorman et al. Sancus 16 Aug 2013 11 / 29

  24. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter Isolation of data Only accessible from text section Protection against code misuse (e.g., ROP) Enter module through single entry point From/to Text Protected Unprotected Entry r-x rw- Text r-x rw- Other r-- --- Noorman et al. Sancus 16 Aug 2013 11 / 29

  25. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter Isolation of data Only accessible from text section Protection against code misuse (e.g., ROP) Enter module through single entry point From/to Entry Text Protected Unprotected Entry r-x r-x rw- Text r-x r-x rw- Other r-x r-- --- Noorman et al. Sancus 16 Aug 2013 11 / 29

  26. Modules are isolated using program-counter based memory access control Variable access rights Depending on the current program counter Isolation of data Only accessible from text section Protection against code misuse (e.g., ROP) Enter module through single entry point From/to Entry Text Protected Unprotected Entry r-x r-x rw- rwx Text r-x r-x rw- rwx Other r-x r-- --- rwx Noorman et al. Sancus 16 Aug 2013 11 / 29

  27. Isolation can be enabled/disabled using new instructions Noorman et al. Sancus 16 Aug 2013 12 / 29

  28. Node with one software module loaded Module layout Node SM 1 protected data section SM 1 text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM 1 SM 1 metadata Protected storage area K N Layout Keys Noorman et al. Sancus 16 Aug 2013 12 / 29

  29. Isolation can be enabled/disabled using new instructions protect layout, SP Enables isolation at layout unprotect Disables isolation of current SM Noorman et al. Sancus 16 Aug 2013 12 / 29

  30. Overview Module isolation 1 Key management 2 Remote attestation and secure communication 3 Secure linking 4 Results 5 Noorman et al. Sancus 16 Aug 2013 13 / 29

  31. Providing a flexible, inexpensive way for secure communication Establish a shared secret Between SP and its module SM Use symmetric crypto Public-key is too expensive for low-cost nodes Ability to deploy modules without IP intervening After initial registration, that is Noorman et al. Sancus 16 Aug 2013 14 / 29

  32. Key derivation scheme allowing both Sancus and SP ’s to get the same key Infrastructure provider is trusted party IP Able to derive all keys Every node N stores a key K N N 1 N 2 N 3 Generated at random Derived key based on SP ID SP 1 SP 2 SP 3 K SP = kdf ( K N , SP ) Derived key based on SM identity SM 1 SM 2 SM 3 K SM = kdf ( K SP , SM ) Noorman et al. Sancus 16 Aug 2013 15 / 29

  33. Key derivation scheme allowing both Sancus and SP ’s to get the same key Infrastructure provider is trusted party IP Able to derive all keys Every node N stores a key K N N 1 N 2 N 3 Generated at random Derived key based on SP ID SP 1 SP 2 SP 3 K SP = kdf ( K N , SP ) Derived key based on SM identity SM 1 SM 2 SM 3 K SM = kdf ( K SP , SM ) Noorman et al. Sancus 16 Aug 2013 15 / 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Networked Embedded Devices Frank Piessens, imec-DistriNet, KU Leuven Introduction Long-term

Networked Embedded Devices Frank Piessens, imec-DistriNet, KU Leuven Introduction Long-term

Sancus 2.0: A Security Architecture for Low-Cost Networked Embedded Devices Frank Piessens, imec-DistriNet, KU Leuven Introduction Long-term objective: Secure open software application platforms for distributed IT infrastructure

712 views • 40 slides
Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared

Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared

Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared Infrastructure Job Noorman Public PhD Defence 19 Apr 2017 Safety considerations when lodging in a hotel Untrusted guests Locked room Unknown personnel

1.16k views • 79 slides
Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your

Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your

Sancus BMS Group Sancus (Isle of Man) Mike Hennessy & Andrew Whelan 18 th July 2017 Your hosts Andrew Whelan CEO, Sancus BMS Group Chartered Fellow of the Chartered Institute for Securities & Investment Andys career has spanned

765 views • 18 slides
Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O

Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O

Responsiveness Guarantee for the Sancus Protected Module Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O & application case o 3. Objectives Attacker model & properties o 4. Design

420 views • 14 slides
Sancus BMS Group The Future for Alternative Finance Andrew Whelan May 2017 GLI Finance

Sancus BMS Group The Future for Alternative Finance Andrew Whelan May 2017 GLI Finance

Sancus BMS Group The Future for Alternative Finance Andrew Whelan May 2017 GLI Finance Investment Portfolio of SME Lending Platforms This document is confidential and should only be circulated with prior approval from Sancus BMS Group. 2 |

947 views • 32 slides
Mesh Stalkings Penetration Testing with Small Networked Devices Philip Polstra University of

Mesh Stalkings Penetration Testing with Small Networked Devices Philip Polstra University of

Mesh Stalkings Penetration Testing with Small Networked Devices Philip Polstra University of Dubuque @ppolstra DrPhil@polstra.org Please complete the Speaker Feedback Surveys. This will help speakers to improve and for Black Hat to make

901 views • 55 slides
TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies for Local Responding To and Trust Assessment Area Monitoring and Area

291 views • 8 slides
Sancus 2.0: Open-Source Trusted Computing for the IoT Jan Tobias Mhlberg

Sancus 2.0: Open-Source Trusted Computing for the IoT Jan Tobias Mhlberg

Sancus 2.0: Open-Source Trusted Computing for the IoT Jan Tobias Mhlberg jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium FOSDEM, Brussels, February 2018 Joint work with Job Noorman, Jo Van

815 views • 46 slides
Networked VR Ashweeni Beeharee Ashweeni Beeharee VE Course - Networked VR 1 Content

Networked VR Ashweeni Beeharee Ashweeni Beeharee VE Course - Networked VR 1 Content

Networked VR Ashweeni Beeharee Ashweeni Beeharee VE Course - Networked VR 1 Content Networked VR scenarios Architectures Peer-to-peer Consistency Full Partial Predicted Conclusion Ashweeni Beeharee VE Course -

567 views • 22 slides
Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a simple, modular approach to networked access control with scalability in mind. Easy management from a central location PC from anywhere with an

196 views • 9 slides
Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks

Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks

Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks for semester ECTS: 6.0 Web: http://ti.tuwien.ac.at/rts/teaching/courses/networked-embedded-systems Type: Lessons (VU Vorlesung) with

700 views • 20 slides
Trustworthy Technologies for Local Area Management, Monitoring, and Control Tom Overbye Number

Trustworthy Technologies for Local Area Management, Monitoring, and Control Tom Overbye Number

Trustworthy Technologies for Local Area Management, Monitoring, and Control Tom Overbye Number of Activities: 5 2012 Industry Workshop October 30, 2012 | 1 TCIPG Technical Clusters and Threads Trustworthy Technologies Trustworthy

419 views • 10 slides
Low Cost 3D Rotational Input Devices: the Stationary Spinball and the Stationary Spinball and

Low Cost 3D Rotational Input Devices: the Stationary Spinball and the Stationary Spinball and

Low Cost 3D Rotational Input Devices: the Stationary Spinball and the Stationary Spinball and the Mobile Soap3D Marcus Tnnis, Florian Echtler, Manuel Huber, Gudrun Klinker Fachgebiet Augmented Reality T Technische Universitt Mnchen,

660 views • 21 slides
NAG : Motivating Deployment of Networked Systems Mohit Lad UCLA Deployment of Networked Systems

NAG : Motivating Deployment of Networked Systems Mohit Lad UCLA Deployment of Networked Systems

NAG : Motivating Deployment of Networked Systems Mohit Lad UCLA Deployment of Networked Systems Goal: How do you convince users to deploy applications? Prior work: Lottery System (Sigcomm 07) Probabilistic incentive to motivate

448 views • 7 slides
Trustworthy Computing * Reverse engineers agree on that! Trustworthy Computing Trustworthy

Trustworthy Computing * Reverse engineers agree on that! Trustworthy Computing Trustworthy

Trustworthy Computing * Reverse engineers agree on that! Trustworthy Computing Trustworthy Computing Trustworthy Computing Trustworthy Computing Trustworthy Computing Trustworthy Computing *

753 views • 63 slides
Extensible Dependency Grammar: A Modular Grammar Formalism Based On Multigraph Description Ralph

Extensible Dependency Grammar: A Modular Grammar Formalism Based On Multigraph Description Ralph

Extensible Dependency Grammar Extensible Dependency Grammar: A Modular Grammar Formalism Based On Multigraph Description Ralph Debusmann Programming Systems Lab, Saarbrcken, Germany Promotionskolloquium, November 3, 2006 Extensible

988 views • 85 slides
Quantitative Text Analysis. Applications to Social Media Research Pablo Barber a London

Quantitative Text Analysis. Applications to Social Media Research Pablo Barber a London

Quantitative Text Analysis. Applications to Social Media Research Pablo Barber a London School of Economics www.pablobarbera.com Course website: pablobarbera.com/text-analysis-vienna Automated Analysis of Social Media Text Workflow:

1.13k views • 12 slides
Statistical graphics with Statistical graphics with ggplot2 ggplot2 Programming for Statistical

Statistical graphics with Statistical graphics with ggplot2 ggplot2 Programming for Statistical

Statistical graphics with Statistical graphics with ggplot2 ggplot2 Programming for Statistical Programming for Statistical Science Science Shawn Santo Shawn Santo 1 / 59 1 / 59 Supplementary materials Full video lecture available in

613 views • 59 slides
HTML Hyper Text Markup Language HTML 4.0 has strict compliance with XML standard

HTML Hyper Text Markup Language HTML 4.0 has strict compliance with XML standard

HTML and XML Venkat Subramaniam svenkat@cs.uh.edu 1 HTML Hyper Text Markup Language HTML 4.0 has strict compliance with XML standard Presentation details presented with information using markups Browsers act as

607 views • 35 slides
Caradoc: a Pragmatic Approach to PDF Parsing and Validation IEEE Security & Privacy LangSec

Caradoc: a Pragmatic Approach to PDF Parsing and Validation IEEE Security & Privacy LangSec

Caradoc: a Pragmatic Approach to PDF Parsing and Validation IEEE Security & Privacy LangSec Workshop 2016 Guillaume Endignoux Olivier Levillain Jean-Yves Migeon cole Polytechnique, France EPFL, Switzerland ANSSI, France Thursday 26 th

842 views • 35 slides
The w orld of data v is u ali z ation DATA VISU AL IZATION IN R Ron Pearson Instr u ctor

The w orld of data v is u ali z ation DATA VISU AL IZATION IN R Ron Pearson Instr u ctor

The w orld of data v is u ali z ation DATA VISU AL IZATION IN R Ron Pearson Instr u ctor Graphical tools help u s u nderstand a dataset O u r abilit y to interpret pa erns is a ke y strength T w o basic t y pes of data v is u ali z ations :

823 views • 35 slides
CS 423 Operating System Design: The Linux Reference Monitor Professor Adam Bates CS 423:

CS 423 Operating System Design: The Linux Reference Monitor Professor Adam Bates CS 423:

CS 423 Operating System Design: The Linux Reference Monitor Professor Adam Bates CS 423: Operating Systems Design All the Access Controls Basic Access Matrix UNIX, ACL, various capability systems Aggregated Access Matrix TE,

1.02k views • 27 slides
Main Memory Storage Engines Justin A. DeBrabant debrabant@cs.brown.edu Roadmap Paper 1:

Main Memory Storage Engines Justin A. DeBrabant debrabant@cs.brown.edu Roadmap Paper 1:

Main Memory Storage Engines Justin A. DeBrabant debrabant@cs.brown.edu Roadmap Paper 1: Data-Oriented Transaction Execution Paper 2: OLTP Through the Looking Glass Paper 3: Generic Database Cost Models for Hierarchical Memory Systems

685 views • 39 slides
Freedom of Access to Scientific Data Prof. Sergio Marchisio Sapienza University, Rome OPEN

Freedom of Access to Scientific Data Prof. Sergio Marchisio Sapienza University, Rome OPEN

UN/Italy Workshop on the Open Universe Initiative 20 November 2017 Freedom of Access to Scientific Data Prof. Sergio Marchisio Sapienza University, Rome OPEN UNIVERSE INITIATIVE Freedom of access to space data: legal aspects Space law:

595 views • 14 slides

More recommend