system security iii trusted computing
play

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet - PowerPoint PPT Presentation

Dec 29, 2023 •753 likes •1.42k views

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson Research Security / Lund University 1 2020-02-28 B. Smeets LiTH course Goal of this lecture Understand trusted computing and its purpose Threats

  1. SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationssäkerhet Ben Smeets Ericsson Research Security / Lund University 1 2020-02-28 B. Smeets LiTH course

  2. Goal of this lecture • Understand trusted computing and its purpose • Threats to computing HW/infrastructure • Get a basic insight in technologies to achieve trusted computing in devices, servers, and cloud infrastructure • Meet technical approaches to build trustworthy ICT systems • In the first part you already saw approached used in operating systems and VMs with access control and the use of memory protection 2 2020-02-28 B. Smeets LiTH course

  3. Overview • Why trusted computing? • Intuitive model for trusted computing • Roots of trust • Hardware versus software • CPU secured execution environment: • TrustZone, • SGX • (AMD SEV) 3 2020-02-28 B. Smeets LiTH course

  4. New Security Challenges • Computing devices are becoming distributed, unsupervised, and physically exposed • Computers on the Internet (with untrusted owners) • Embedded devices (cars, home appliances) • Mobile devices (cell phones, PDAs, laptops) • Base stations and wireless access points • Cloud computing • Virtualization, containers • Web technologies - microservices • Attackers may physically tamper with devices • Invasive probing • Non-invasive measurement • Install malicious software 4 2020-02-28 B. Smeets LiTH course

  5. The main security question from a user’s perspective SERVICE USER(S) How can we trust the service I’m interacting with? (we ignore here the questions related to the trustworthiness related to the semantics of data exchanged and processed) 5 2020-02-28 B. Smeets LiTH course

  6. Important aspects • Is it really the right service/server I’m interacting with? • Is the service/server in a proper state so • I dare to interact sensitive information? • It complies to business or regulatory requirements? 6 2020-02-28 B. Smeets LiTH course

  7. What are typical problems we want to address • How can we inside a device/computer protect sensitive data (and thus also keys)? • How can we securely insert a key in a remote server for setting up a secure TLS connection? • How can we do confidential computing, say of patient information, on a remote systems? 7 2020-02-28 B. Smeets LiTH course

  8. Trusted Computing • Trusted computing is a notion for computing where we can provide answers to our three problem questions. • There are different approaches to this and there is no well-established agreed precise definition of its properties. • Other closely related notions are that of • Trusted Execution Environments (TEEs), • Trusted Platforms, and • Confidential Computing 8 2020-02-28 B. Smeets LiTH course

  9. Alternative to trusted computing/platforms ◼ Secure multi-party computation and homomorphic encryption can be alternatives but, except for special cases these are slow! ◼ For example CryptDB from MIT. (in cryptDB information on stored data still may leak during processing, but the idea is very nice, and it works pretty efficient) css.csail. mit .edu/ cryptdb / Unfortunately secure multi-party computation and Homomorphic encryption is still not practical except for some special (use) cases. 2020-02-28 B. Smeets LiTH course 9

  10. Homomorphic encryption - Processing on encrypted data • For example database operations See http://css.csail.mit.edu/cryptdb/ Not completely homomorphic encryption based Encrypted query Encrypted Application DB Encrypted results Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan. CryptDB: Protecting Confidentiality with Encrypted Query Processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP), Cascais, Portugal, October 2011. 10 2020-02-28 B. Smeets LiTH course

  11. Trusted vs Trustworthy What are we after, a trusted or trustworthy platform? Trusted: A system is trusted but is it trustworthy? Trustworthy: The system can fullfill the requirements defined by a methodology. Is the methodology then trustworthy ( and we get a recurssion) or we just trust the methdology. Recall: Using Common Criteria a system that is successfully evaluated at level EALx is considered to be trustworthy. 11 2020-02-28 B. Smeets LiTH course

  12. Common Criteria as an approach to achieve trustworthiness • Common Criteria (CC) is an ISO standard of a methodology to evaluation and certify products according an agreed target set of (security related) requirements • • It is used for smart cards, crypto libraries, crypto HW, severs, etc. • Certification is done via approved certification bodies and an CC certificate holds in any country that accepts the CC scheme. • In Sweden, see FMV/CSEC http://www.fmv.se/en/Our-activities/CSEC---The-Swedish-Certification-Body-for-IT-Security/ 12 2020-02-28 B. Smeets LiTH course

  13. How to obtain trustworthiness ? Cloud realization Traditional realization How to deal with the differences between cloud and traditional? SERVICE SERVICE Trustworthy because ? Exe environment Exe environment Trustworthy because ? Platform (SW) Trustworthy because ? Platform (HW) CLOUD SERVER Trustworthy because ? 13 2020-02-28 B. Smeets LiTH course

  14. E.g. How & why trust HW • Trust by reputation (e.g. made by Sectra) • Trust by relying on a third party • Assurance of design • Review • Proofs (by modeling of HW) • Assurance of production • HW is produced according to design Trustworthy because ? Platform (HW) 14 2020-02-28 B. Smeets LiTH course

  15. Trustworthy at distance: Remote attestation • Purpose is to establish a • Provide secure information of a system’s state to a trust relation(e.g. a secure channel) to a specific remote remote party system Remote system request State Attester Verifier attest Observations Note: similarity to a challenge-response based authentication 15 2020-02-28 B. Smeets LiTH course

  16. S tart of trust chain – Root of Trust(RoT) We want to trust ROOT OF TRUST (RoT) Service Service Trustworthy Service Program Program Execution env Execution env Recursion must stop at a service we trust/have to trust, e.g. Intel HW. Note: RoT is not only data (e.g. keys) but also logic, therefore we say that a RoT is an engine. 16 2020-02-28 B. Smeets LiTH course

  17. Trustworthy: Hardware vs Software • Functionality in • Functionality in Hardware Software • hard/costly to change • Easy to change • high performance • Difficult to hold private possible keys The general view is that HW is more trustworthy than SW realizations 17 2020-02-28 B. Smeets LiTH course

  18. Trustworthy Systems in Software • Possible to do but we have limitations • owner of the device on which software runs should not be an attacker (he/she and the device ” work together ”/” have the same interests”) • Does not work when the device in the ”enemy’s territory ” • But ”software only ” is sometimes the only implementation option: e.g. virtual platforms 18 2020-02-28 B. Smeets LiTH course

  19. Trusted Execution Environments(TEE) • Solutions to have best of both, using soft- and hardware protection mechanisms • Hypervisor (also called Virtual Machine Monitor (VMM)) • attestation through virtual device • Modify OS • try to create isolation (VMs, Containers or OS features) • Dockers, SystemD, SE Linux Our focus • Modify existing hardware (CPU, memory controllers, etc) • attestation done by hardware module • add secure execution mode to CPU 19 2020-02-28 B. Smeets LiTH course

  20. Execution environment setups for a trustworthy platform User User User space trusted space space User User User User User User space space kernel space space space space kernel kernel virtualization hypervisor trusted kernel kernel kernel kernel kernel (VMM ) Containers Hypervisor/VMM CPU with Virtual Machine Normal OS trusted mode Xen, VMware ESXi, Docker, LXC e.g.TrustZone Windows, Linux VMWare, KVM, systemd Microsoft Hyper-V and Intel SGX SE Linux, Virtualbox, (L4) Java VM Android iOS Partly based on slide material from Dries Schellekens 20 2020-02-28 B. Smeets LiTH course

  21. Examples of approaches to CPU/HW supported trusted computing • ARM TRUSTZONE • Basic idea of TZ • Trustzone use • Trustzone shortcomings • Intel SGX • Basic ideas and concepts of SGX enclaves • Secure key delivery • Local and remote attestation • Two examples where SGX is used • SGX shortcomings 2020-02-28 B. Smeets LiTH course 21

  22. ARM TRUSTZONE TrustZone is a set of security extensions added to ARMv6 processors and greater, such as ARM11, CortexA8, CortexA9, CortexA15 and now Cortex-M. To improve security, these ARM processors can run a secure operating system (secure OS) and a normal operating system (normal OS) at the same time from a single core. 22 2020-02-28 B. Smeets LiTH course

  23. ARM standard approach Protection rings Dedicated Operating System • instructions Kernel/Services • memory space Rings create isolation via hw enforced access control Privileged mode Supervisor mode Applications User mode 24 2020-02-28 B. Smeets LiTH course

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson Research Security / Lund University 1 2019-03-01 B. Smeets LiTH course Goal of this lecture Understand trusted computing and its purpose Threats

794 views • 66 slides
Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and

Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and

Computer S ecurity: Principles and Practice Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and Multilevel Security First Edition by William S tallings and Lawrie Brown Lecture slides by Lawrie

636 views • 40 slides
& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) & Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides
Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued Encapsulated environments CS 239 Security for Networks and System Software May 22, 2002 Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Spring

389 views • 15 slides
Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal Holloway, University of London c.mitchell@rhul.ac.uk http://www.isg.rhul.ac.uk/~cjm Contents What is trusted computing? The TCG TCG

1.43k views • 114 slides
A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin,

A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin,

A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin, Jun-Hyeok Park, and HyoungChun Kim, National Security Research Institute BACKGROUND Trusted Computing Group (TCG) Trusted Platform Module

375 views • 19 slides
Trusted Platform Module Dries Schellekens COSIC, KU Leuven Nomenclature Trusted versus

Trusted Platform Module Dries Schellekens COSIC, KU Leuven Nomenclature Trusted versus

Trusted Platform Module Dries Schellekens COSIC, KU Leuven Nomenclature Trusted versus trustworthy RFC 4949 (Internet Security Glossary) Trust : A feeling of certainty (sometimes based on inconclusive evidence) either (a) that the system

788 views • 33 slides
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklins 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have trusted hardware?

315 views • 27 slides
1 Cryptography basics Secret-key encryption Algorithms (E, D) are widely known Also

1 Cryptography basics Secret-key encryption Algorithms (E, D) are widely known Also

Security The security environment Basics of cryptography User authentication Chapter 9: Security Attacks from inside the system Attacks from outside the system Protection mechanisms Trusted systems CS 1550, cs.pitt.edu

538 views • 11 slides
Introduction to Trusted Computing Pieter Maene , Johannes G otzfried, Ruan de Clercq, Tilo M

Introduction to Trusted Computing Pieter Maene , Johannes G otzfried, Ruan de Clercq, Tilo M

Introduction to Trusted Computing Pieter Maene , Johannes G otzfried, Ruan de Clercq, Tilo M uller, Felix Freiling, and Ingrid Verbauwhede 1 KU Leuven/COSIC, Belgium 2 FAU Erlangen-N urnberg, Germany January 31, 2017 Trusted Computing 2

723 views • 35 slides
About imec-DistriNet enclave research https://distrinet.cs.kuleuven.be/ Trusted computing across

About imec-DistriNet enclave research https://distrinet.cs.kuleuven.be/ Trusted computing across

About imec-DistriNet enclave research https://distrinet.cs.kuleuven.be/ Trusted computing across the system stack: hardware, compiler, OS, application Integrated attack-defense perspective and open-source prototypes SGX-Step framework Sancus

925 views • 75 slides
Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck 1st RISE Annual Conference, November 14, 2018 A primer on software security Secure program:

952 views • 79 slides
Trusted Platform Module (TPM) introduction Mark D. Ryan University of Birmingham Computer

Trusted Platform Module (TPM) introduction Mark D. Ryan University of Birmingham Computer

Trusted Platform Module (TPM) introduction Mark D. Ryan University of Birmingham Computer Security module October 2009 The Trusted Computing Group An industry consortium including Microsoft, HP, Dell, Sony, Lenovo, Toshiba, Vodafone,

415 views • 18 slides
Chapter 9: Security Security The security environment Basics of cryptography User

Chapter 9: Security Security The security environment Basics of cryptography User

Chapter 9: Security Security The security environment Basics of cryptography User authentication Attacks from inside the system Attacks from outside the system Protection mechanisms Trusted systems Chapter 9: Security

801 views • 65 slides
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore PETS 2017 Privacy-Preserving Computation with Trusted

477 views • 34 slides
Trusted Platform Module Alan Dunn , Owen Hofmann, Brent Waters, Emmett Witchel University of

Trusted Platform Module Alan Dunn , Owen Hofmann, Brent Waters, Emmett Witchel University of

Cloaking Malware with the Trusted Platform Module Alan Dunn , Owen Hofmann, Brent Waters, Emmett Witchel University of Texas at Austin USENIX Security August 12, 2011 Trusted Computing Goal: Secure environment for computation Trust

331 views • 19 slides
and Binary Formats Don Porter CSE 506: Operating Systems Logical Diagram Binary Memory

and Binary Formats Don Porter CSE 506: Operating Systems Logical Diagram Binary Memory

CSE 506: Operating Systems Process Address Spaces and Binary Formats Don Porter CSE 506: Operating Systems Logical Diagram Binary Memory Threads Todays Formats Allocators User Lecture System Calls Kernel RCU File System

851 views • 47 slides
2019 1 STAT373/ Week 10 STAT814_STAT714 Descriptive statistics of the three strata

2019 1 STAT373/ Week 10 STAT814_STAT714 Descriptive statistics of the three strata

STAT373/ Week 10 STAT814_STAT714 Statistical Divisions (SD) NOTE: LGAs (182 of them) are grouped into 12 Statistical Week 10: STRATIFIED SAMPLING Divisions (SDs). These become our strata. SD id SD name Number of LGAs LGA example 5

235 views • 12 slides
Safe Interacting Enclaves for Heterogeneous Protected Module Architectures Sten Verbois 29 June

Safe Interacting Enclaves for Heterogeneous Protected Module Architectures Sten Verbois 29 June

Safe Interacting Enclaves for Heterogeneous Protected Module Architectures Sten Verbois 29 June 2018 Content 1. Motivation 2. Research Goals 3. Aspects of Using Rust 4. Case Study: Attestation server for VulCAN 5. Demo 1 Motivation

499 views • 27 slides
Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito

Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito

ISSRE 2019 Building Applications Tutorial Session for Trustworthy Data Analysis in the Cloud Andrey Brito Andr Martin Lilia Sampaio Fbio Silva Security-aware data processing Part 1 Why secure data processing? 3 In 2019, companies

1.24k views • 69 slides
SETTING U G UP A TELE-PSYCHIATRY S Y SERVICE CE F FOR R RU RURAL E EMERGENCY D NCY DEPART

SETTING U G UP A TELE-PSYCHIATRY S Y SERVICE CE F FOR R RU RURAL E EMERGENCY D NCY DEPART

SETTING U G UP A TELE-PSYCHIATRY S Y SERVICE CE F FOR R RU RURAL E EMERGENCY D NCY DEPART RTMENT NTS DR. R RAH AHUL G GUPTA FRANZCP CLINICAL LEAD NMHEC-RAP HUNTER NEW ENGLAND MENTAL HEALTH SERVICE 1 NMHE MHEC-RAP RAP NORT

774 views • 51 slides
supporting international students in the classroom BALEAP. The Janus Moment in EAP: Revisiting

supporting international students in the classroom BALEAP. The Janus Moment in EAP: Revisiting

Teach for success: supporting international students in the classroom BALEAP. The Janus Moment in EAP: Revisiting the Past and Building the Future, University of Nottingham, 19-21 April 2013 Jill Doubleday, Modern Languages & Centre for

832 views • 30 slides
Seven types of community participation (adapted from Pretty 1994 and Cornwall 1996) 1.

Seven types of community participation (adapted from Pretty 1994 and Cornwall 1996) 1.

Seven types of community participation (adapted from Pretty 1994 and Cornwall 1996) 1. Manipulative participation (Co-option): Community participation is simply a pretence, with people's representatives on official boards who are unelected and

412 views • 7 slides
Chapter 4: Variability O Overview i In statistics, our goal is to measure the amount of

Chapter 4: Variability O Overview i In statistics, our goal is to measure the amount of

Chapter 4: Variability O Overview i In statistics, our goal is to measure the amount of variability for a particular set of t f i bilit f ti l t f scores, a distribution. In simple terms, if the scores in a distribution are

586 views • 37 slides

More recommend