trusted component deployment
play

Trusted Component Deployment Trusted Components Bernd Schoeller - PowerPoint PPT Presentation

Mar 11, 2024 •111 likes •392 views

Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th , 2006 Code from the Web Can I trust the software on my machine, knowing that there are very bad people out there ? risk of malicious code risk of

  1. Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th , 2006

  2. Code from the Web ➢ Can I trust the software on my machine, knowing that there are “very bad people” out there ? ● risk of malicious code ● risk of insecure code ● risk of misbehaving code

  3. Overview ➢ Cryptographic crash course ➢ Component deployment technologies ● signed binaries ● public key infrastructure ● trusted computing ● processes and virtual machines ➢ Next week: proof-carrying code

  4. Cryptographic Crash Course ➢ Encryption / Decryption xrundctba Hello World Hello World asjfijas43

  5. Cryptographic Crash Course ➢ Symmetric Encryption xrundctba Hello World Hello World asjfijas43 = “shared secret”

  6. Cryptographic Crash Course ➢ Asymmetric Encryption xrundctba Hello World Hello World asjfijas43 = “private key” = “public key” + = “key pair”

  7. Hash Function Hello World 4711 = “hash function” 4711 = “hash value” Hallo World 0815

  8. Digital Signatures (very short) 4711 Hello World 4654 4711 Hello World 4654 equal ? 4711 4654

  9. Using Hash Values for Trust

  10. Using Hash Values for Trust

  11. Using Hash Values for Trust Bad guy TM

  12. “Man in the Middle” Attack Request hash value for X Request hash value for X The hash value for X is H The hash value for X is H' Bad guy TM

  13. Signed Binaries ➢ A signed binary can be authenticated to come from a certain source ● trust developer, but not deployment channel ● safe for “man in the middle” attack ● automatic check ● liability and damages

  14. The Next Problem ➢ How do we get the public keys to the users ?

  15. PKI ➢ “Public Key Infrastructure”: an global or local arrangement that provides the vetting of, and the vouching for user identities and the connected distribution of public keys. ➢ Types of PKI ● Hierarchical ● Distributed

  16. CAs: VeriSign, BSI Hierarchical PKIs Central Authority signs the public keys of Key Issuer Key Issuer Key Issuer signs the public keys of signs the public keys of signs the public keys of

  17. Distributed PKIs ➢ “Chain of Trust” ● all participants of a security network start to sign each others keys ● a key is officially seen as valid if ● signed by myself ● signed by “enough” other key holders, which are trusted by myself

  18. PGP “Web of Trust” ➢ Levels of trust ● untrusted: signatures with this key are ignored ● marginal: 2 signatures make a key valid ● complete/unlimited: signatures with this key make a key valid

  19. APT Secure ➢ APT is the standard package distribution tool of the Debian linux distribution ➢ Packages can be distributed world-wide ➢ User are encouraged to use a local package server with good connectivity ➢ Authenticity of packages automatically validated with digital signatures

  20. APT Secure (cont.) Packages Packages Software Release 3476 Release Debian Developer Packages Software Release 3476 User Maintainer

  21. Trusted Computing ➢ Definition I: ➢ Definition II: System that lets the System that lets the user verify/control the manufacturer Not part of this lecture software that he is verify/control the running on his software that the user machine is running on his machine

  22. Trusted Computing (cont.) ➢ Integrate a chip into computers that can ● supervise the boot process ● safely store (write only) keys ● verify signatures of code before execution ➢ Integrated into many IBM Thinkpad notebooks ➢ Driver available for Linux (tpm) ● Part of Linux Kernel 2.6.12-rc2 or later

  23. Untrusted Execution ➢ Can we execute code that we do not trust ? ● separate the code execution from the rest of the system ● control access to resources (CPU, memory, IO) ● support the user in assessing computational results

  24. Assessing Computational Results Am I trustworthy?

  25. UNIX Processes ➢ Traditional system separation ● code execution is associated with a user account ● control hardware resources (ulimit) ● IO access controlled by “user mode” ● CPU resource controlled by scheduler ● memory access controlled by MMU

  26. Virtual Machines ➢ Hardware support not needed ● Code JIT compiled or interpreted ➢ Byte-code allows static analysis ➢ Code verification at load time ● verified code can disable monitoring ➢ JIT compiler can integrate run-time checks ➢ Fine-grained verification

  27. Examples of Virtual Machines ➢ JVM, .NET ➢ JavaScript ➢ Postscript ➢ Online Games: Quake, UT, Doom, Half-Life

  28. Summary ➢ We have to be careful about the code that is executed on our machines ● There are many reasons not to trust code that others give you ● Dynamic systems require complex deployment and verification mechanisms

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GENERIC TRUSTED COMPONENT BRUNO VAVALA CMU / UL Nuno Neves Peter Steenkiste UL CMU

GENERIC TRUSTED COMPONENT BRUNO VAVALA CMU / UL Nuno Neves Peter Steenkiste UL CMU

SECURE IDENTIFICATION of ACTIVELY EXECUTED CODE on a GENERIC TRUSTED COMPONENT BRUNO VAVALA CMU / UL Nuno Neves Peter Steenkiste UL CMU IEEE/IFIP Conference on Dependable Systems & Networks (DSN16) outline Trusted Practical

663 views • 47 slides
A Formal Framework for Component Deployment Y. David Liu Scott F. Smith Johns Hopkins

A Formal Framework for Component Deployment Y. David Liu Scott F. Smith Johns Hopkins

A Formal Framework for Component Deployment Y. David Liu Scott F. Smith Johns Hopkins University OOPSLA'06, Portland, Oregon A Menagerie of Deployment Systems CLI Assemblies InstallShield JSR 277 OSGi RPM Dpkg EJB Manifests Portage

934 views • 82 slides
MonDe: Safe Updating through Monitored Deployment of New Component Versions Alessandro Orso

MonDe: Safe Updating through Monitored Deployment of New Component Versions Alessandro Orso

MonDe: Safe Updating through Monitored Deployment of New Component Versions Alessandro Orso Jonathan Cook Georgia Institute New Mexico of Technology State University SPARC Group This work was supported in part by NSF awards CCR-0306457,

368 views • 20 slides
Rhythm: Component-distinguishable Workload Deployment in Datacenters Laiping Zhao 1 , Yanan Yang 1

Rhythm: Component-distinguishable Workload Deployment in Datacenters Laiping Zhao 1 , Yanan Yang 1

Rhythm: Component-distinguishable Workload Deployment in Datacenters Laiping Zhao 1 , Yanan Yang 1 , Kaixuan Zhang 1 , Xiaobo Zhou 1 , Tie Qiu 1 , Keqiu Li 1 , Yungang Bao 2 1 Tianjin University, 2 Inst. Of Computing Technology, CAS College of

501 views • 22 slides
Gneiss A nice component framework in SPARK Johannes Kliemann FOSDEM, Brussels, 2020-02-02

Gneiss A nice component framework in SPARK Johannes Kliemann FOSDEM, Brussels, 2020-02-02

Gneiss A nice component framework in SPARK Johannes Kliemann FOSDEM, Brussels, 2020-02-02 Component-based Architectures Trusted Components Cant reimplement everything Solution: software reuse Protocol validator Untrusted

413 views • 17 slides
Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop R U Ready? This is my vest this is my CORE. These are all of the things I need as a Marine to be successful during this deployment: Who

453 views • 34 slides
Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop R U Ready? This is my vest this is my CORE. These are all of the things I need as a Marine to be successful during this deployment: Who

426 views • 25 slides
Components Infrastructures Manuel Oriol December 14th, 2005 Software Engineering Component?

Components Infrastructures Manuel Oriol December 14th, 2005 Software Engineering Component?

Components Infrastructures Manuel Oriol December 14th, 2005 Software Engineering Component? A component is a reusable unit of deployment and composition which is accessed through an interface.

344 views • 16 slides
IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6 Deployment WG Chair Takashi Arano (Intec NetCore, Inc.) IPv6 Deployment Guideline solves barriers for deployment I cant see IPv6s

319 views • 7 slides
TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

703 views • 48 slides
Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and affordable caregivers to families on demand. Why create RestUp? Americans provide $470 Billion in unpaid care in 2015. Emergency Staffing

324 views • 8 slides
Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &

Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &

Chinas Dietary Supplement Industry Market Insights Natural Products Expo West March 11, 2017 Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey & Company Your Trusted Partner in China Consumer

409 views • 29 slides
For use in AIM Awards centres Component Level: Level Three Component Guided Learning Hours: 28

For use in AIM Awards centres Component Level: Level Three Component Guided Learning Hours: 28

Qualification Component and Record of Learner Achievement Garden Design: Presentation Techniques L3(Y/504/1124) For use in AIM Awards centres Component Level: Level Three Component Guided Learning Hours: 28 Ofqual Component Reference No:

344 views • 6 slides
Family Communication During Deployment Please download the Family Communication during Deployment

Family Communication During Deployment Please download the Family Communication during Deployment

Family Communication During Deployment Please download the Family Communication during Deployment Worksheet before beginning this class. Family Communication during Deployment (MAR 2103) What are the options? Care E-mail Packages Letters

221 views • 9 slides
Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school

Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school

ICFP Integrated Curriculum Financial Planning Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school leaders/trustees to ensure value for money and efficient use of the funding we currently receive Staff Deployment

517 views • 20 slides
DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW

DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW

5.08.2020 PRESENTATION TO PWS-RCAC TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW An assessment and evaluation of available technologies and methods for establishing an

1.17k views • 69 slides
Welcome! Todays Agenda: Introduction Hardware Trust No One / An Efficient

Welcome! Todays Agenda: Introduction Hardware Trust No One / An Efficient

/INFOMOV/ Optimization & Vectorization J. Bikker - Sep-Nov 2018 - Lecture 12: Multithreading Welcome! Todays Agenda: Introduction Hardware Trust No One / An Efficient Pattern Experiments Final

517 views • 31 slides
Applying Trust Policies for Protecting Applying Trust Policies for Protecting Mobile Agents

Applying Trust Policies for Protecting Applying Trust Policies for Protecting Mobile Agents

Applying Trust Policies for Protecting Applying Trust Policies for Protecting Mobile Agents Against DoS Mobile Agents Against DoS Biljana Cubaleska 1 , Markus Schneider 2 1 University of Hagen, Dept. Of Communication Systems, Germany 2

511 views • 21 slides
Suite March 2018 Webinar Instructions Presenters Chris Andrews, The Cloudburst Group

Suite March 2018 Webinar Instructions Presenters Chris Andrews, The Cloudburst Group

Housing Trust Fund and eCon Planning Suite March 2018 Webinar Instructions Presenters Chris Andrews, The Cloudburst Group HUD Staff Beth Hendrix, OBGA Jessica Suimanjaya, OAHP 2 Webinar Instructions Webinar will last

589 views • 39 slides
Behavioral Query 12/12/2019 Jiaping Gui , Xusheng Xiao , Ding Li , Chung Hwan Kim

Behavioral Query 12/12/2019 Jiaping Gui , Xusheng Xiao , Ding Li , Chung Hwan Kim

Progressive Processing of System- Behavioral Query 12/12/2019 Jiaping Gui , Xusheng Xiao , Ding Li , Chung Hwan Kim , and Haifeng Chen NEC Laboratories America, Inc. Case Western Reserve University 1 www.nec-labs.com

629 views • 16 slides
The New Uniform Grant Guidance: Executive Level Overview What You Need to Know Shelly L. Hammond

The New Uniform Grant Guidance: Executive Level Overview What You Need to Know Shelly L. Hammond

The New Uniform Grant Guidance: Executive Level Overview What You Need to Know Shelly L. Hammond Vice President, Assurance Services Allen, Gibbs & Houlik, L.C. Administration Slides: The presentation slide link was provided the day

765 views • 63 slides
Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 5 Best Frameworks available today

Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 5 Best Frameworks available today

Principles of Software Construction: Objects, Design, and Concurrency Part 3: Concurrency Introduction to concurrency, part 4 In the trenches of parallelism Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 5 Best Frameworks

499 views • 36 slides
www.cornwall-insight.com Tim Dixon James Brabben HELPING YOU MAKE SENSE OF THE HELPING YOU MAKE

www.cornwall-insight.com Tim Dixon James Brabben HELPING YOU MAKE SENSE OF THE HELPING YOU MAKE

www.cornwall-insight.com Tim Dixon James Brabben HELPING YOU MAKE SENSE OF THE HELPING YOU MAKE SENSE OF THE www.cornwall-insight.com ENERGY AND WATER SECTORS ENERGY AND WATER SECTORS Tim Dixon Analyst Title slide James Brabben Head of

474 views • 19 slides
This may be the most important question to ask. It will affect or determine the size, cost,

This may be the most important question to ask. It will affect or determine the size, cost,

This may be the most important question to ask. It will affect or determine the size, cost, depth, and many other factors. There are many uses for ponds, including: Irrigation (row crops, vegetables, & orchards), Livestock watering, and

219 views • 11 slides

More recommend