Security aid in producing vulnerability free code (bounds primary topic of the paper for today protect code from people with access to hardware checking, no-execute bit) aid in producing vulnerability free code (bounds secondary topic of the paper for today kernel mode) protection of software from software (page tables, hardware security categories 2 primary topic of the paper for today protect code from people with access to hardware checking, no-execute bit) secondary topic of the paper for today 1 kernel mode) protection of software from software (page tables, hardware security categories 1 Costan and Devadas, Intel SGX Explained http://www.cl.cam.ac.uk/~rja14/book.html Anderson, Security Engineering , Chapter 16. Supplementary reading: coprocessor”, 1998, Sections 1-6, 10 Smith and Weingart, “‘Building a high-performance, programmable secure This day’s papers: To read more… 2
major comments on the paper set page table ring 3 (“user mode”) ring 2 ring 1 ring 0 (“kernel mode”) hypervisor mode (“ring -1 ”) system management mode (“ring -2 ”) e.g. x86: lower level/outer ring — strictly more access a lot of hardware supports multiple protection levels multiple protection levels 5 confjgure I/O device disable interrupts example privileged instructions: use cases for secure coprocessors? kernel mode entered only using OS-controlled code privileged instructions require kernel mode privileges kernel mode — operating systems runs with extra protection: dual-mode operation 4 if device lost — plan to switch to new one usual goal: confjdence private key isn’t stolen banking certifjcate authorities authentication tokens some secure coprocessor use cases 3 performance loss? 6
emulating multiple levels page # 00434 00001 none (invalid) 00000 permissions page # physical virtual 00002 page table lookup real (physical) address 0x00044678 program (virtual) address 0x12345678 recall: page tables 7 run handler to user mode read/exec 00454 run handler 00149 page table … … … read/execute 00151 12346 read/execute 12345 read/write read/execute 00145 12344 … … … read/write 00042 00003 set page table (to kernel mode) program run handler virtual machine monitor ‘guest’ OS program emulating multiple levels 7 run handler to user mode set page table (to kernel mode) conceptual layering system call mode kernel mode user conceptual layering hardware virtual machine monitor ‘guest’ OS hardware user system call program mode kernel mode user conceptual layering hardware virtual machine monitor ‘guest’ OS emulating multiple levels mode 7 run handler to user mode set page table run handler (to kernel mode) system call mode kernel 8
recall: hierarchical page tables Diagram: Wikimedia / RokerHRO hardware ratchets: code loading 11 hardware ratchets 10 Figure from Carter et al, “Hardware Support for Fast Capability-Based Addressing” otherwise pointer tag becomes 0 key trick: seperate pointer instructions tagged architectures 9 12 Linear address: 63 56 55 48 47 40 39 32 31 24 23 16 15 8 7 0 sign extended 9 9 9 9 12 PML4 table page-directory- pointer table page directory page table ... ... ... ... 4K memory page ... PML4 entry PDP entry 64 bit PD ... entry 64 bit PT ... entry ... ... 40* ... CR3 *) 40 bits aligned to a 4-KByte boundary
hardware security categories pointer passed “bounds-check” instruction pointer passed “bounds-check” instruction “page table” for array bounds hardware-assisted bounds checking 14 pointer passed “bounds-check” instruction “page table” for array bounds hardware-assisted bounds checking 14 “page table” for array bounds protection of software from software (page tables, hardware-assisted bounds checking 13 primary topic of the paper for today protect code from people with access to hardware checking, no-execute bit) aid in producing vulnerability free code (bounds secondary topic of the paper for today kernel mode) 14
other hardware assistence (1) protect code from people with access to hardware tamper response tamper detection tamper resistence tamper evidence tamper ____ 17 tamper response tamper detection tamper resistence tamper evidence tamper ____ 16 primary topic of the paper for today checking, no-execute bit) write XOR execute aid in producing vulnerability free code (bounds secondary topic of the paper for today kernel mode) protection of software from software (page tables, hardware security categories 15 prevents accidental use of user pointers by OS user data operating system disables when intentionally accessing Intel name: “Supervisor Mode Access Pervention” mode trap on access to user-accessible memory in kernel makes bufger overfmows hardware (not impossible) 17 memory can only be writable or executable, not both
tamper-evidence 2nd image: HexView “Inside YubiKey Neo” http://www.hexview.com/~scl/neo/ tamper response tamper detection tamper resistence tamper evidence tamper ____ 20 tamper-resistence/evidence Appel, “Security Seals on Voting Machines: A Case Study” 19 tamper response tamper detection tamper resistence tamper evidence tamper ____ 18 21
tamper-detection tamper-response tampering must not let new software access secrets tampering must not reveal secrets device has secret data secure co-processor protection goals 24 disable machine! erase data! tamper-detection 23 add sensor to detect tampering tamper response tamper detection tamper resistence tamper evidence tamper ____ 22 e.g. switch if case is opened e.g. checksum of code 25
kinds of “tampering” replacing software accessing the memory with another device physically manipulating the device 26 kinds of “tampering” replacing software accessing the memory with another device physically manipulating the device 26 securing the software basic idea: load new software = erase old secrets 27 supporting software upgrades verify with cryptography! 28
public key cryptography (1) 30 if not, secrets are wiped on update updates to application must include application is loaded with public key cryptographic software update 31 correct” computationally infeasible to “forge” signature Smith and Weingart make extensive use of digital public key cryptography (3) two mathematical functions: 32 29 assumed known by/safe to tell everyone public key: given to B; serves as identity/name signatures digital signatures use a public/private keypair example use case: A wants to email B and have B A generates keypair for communicating with B know A wrote the email private key: kept secret by A public key-cryptography (2) assumed no one else has private key signature = Sign ( A’s private key , message ) Sign ( private key , the code ) correct? = Verify ( A’s public key , message , signature ) Verify will only say correct if private key was used A uses Sign operation, sends message and signature B uses Verify operation; rejects if it says “not
signature chain enforcing updates zeroing physically manipulating the device accessing the memory with another device replacing software kinds of “tampering” 35 zeroes data checks signatures 34 33 chain is device to OS to application can be used for application updates/messages need to check all signatures in the chain You get: verifying signature chain 36 Sign ( factoryprivkey, “Device PubKey 1 is a device key” ) Sign ( deviceprivkey 1 , “Device PubKey 2 is a device key” ) Sign ( deviceprivkey 2 , “I generated this output” )
secure(?) packaging Figure from Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems 37 secure(?) packaging Figure from Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems 38 power analysis Messerges et al, “Investigations of Power Analysis Attacks on Smartcards” 39 memory permanence values can be “burned” into some memories even RAMs that “go away” when they lose power 40
IBM’s solution temperature phase-locked loops to sync clocks voltage sensor radiation sensor temperature sensor sensors: IBM’s way of dealing with weirdness 43 … probably lots more changing clock signals changing voltages ionizing radiation all these can break CPU operation, or SRAM zeroing: circuitry to “bufger” power to processor things ways to make devices do weird 42 physically manipulating the device accessing the memory with another device replacing software kinds of “tampering” 41 move values in SRAM to avoid “burning” them in cannot just cut power and hope active SRAM erasing circuitry limit information available from power consumption 44
focused ion beam (on a smart card) attestation — verifying How can I keep Amazon from getting my data? How can I verify Amazon is really running my code? I run a VM on Amazon attestation use case — public cloud 47 anyone can verify this with miniboot’s certifjcate private key application signs “yes, I really computed X” using its 46 Kommerling and Kuhn, “Design Principles for Tamper-Resistant Smartcard Processors” this message is a certifjcate for the application what application it loaded loading code (miniboot) signs message saying: private key loaded at factory mechanism attestation — know what code is running attestation 45 48 the public part of a keypair it generated
Recommend
More recommend
