Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Security HardwareInformation AssuranceFall 2006Reading Material•Intel Pentium II Software Developer’s Manual: Volume 3. Sections 4.5 through 4.8–http://developer.intel.com/design/pentium4/manuals/253668.htm•TCG Specification Architecture Overview. Section 4 through 4.4.–https://www.trustedcomputinggroup.org/groups/TCG_1_0_Architecture_Overview.pdfMotivation•As CS folks we have concentrated on security abstractions or software implementations•Judicious use of security specific HW is beneficial–Feature Restriction–Physical separation–Performance benefitsOutline•Memory ring protection architecture•No execute bits•Smart Cards and Trusted Platform ModulesMemory Protection Rings•Originally in Multics•In Intel arch since x386Privilege Levels•CPU enforces constraints on memory access and changes of control between different privilege levels•Similar in spirit to Bell-LaPadula access control restrictions•Hardware enforcement of division between user mode and kernel mode in operating systems–Simple malicious code cannot jump into kernel spaceData Access Rules•Access allowed if–CPL <= DPL and RPL <= DPLData Access Rules•Three players–Code segment has a current privilege level CPL–Operand segment selector has a requested privilege level RPL–Data Segment Descriptor for each memory includes a data privilege level DPL•Segment is loaded if CPL <= DPL and RPL <= DPL –i.e. both CPL and RPL are from more privileged ringsData Access ExamplesDirect Control Transfers•For non-conforming code (the common case)–CPL <= DPL && RPL <= DPL–Can only directly jump to code at same privilege level or less privilegedCalling Through GatesDLPCall Gate Access Rules•For Call–CPL <= CG DPL–RPL <= CG DPL–Dst CS DPL <= CPL•Same for JMP but–Dst CS DPL == CPLCall Gate ExamplesStack Switching•Automatically performed when calling more privileged code–Prevents less privileged code from passing in short stack and crashing more privileged code–Each task has a stack defined for each privilege levelHardware Rings•Only most basic features generally used–2 rings–Installed base•Time to adoption–Must wait for widespread system code, e.g. Windows NTLimiting Memory Access Type•The Pentium architecture supports making pages read/only versus read/write•A recent development is the Execute Disable Bit (XD-bit)–Added in 2001 but only available in systems recently–Supported by Windows XP SP2•Similar functionality in AMD Altheon 64–Called No Execute bit (NX-bit)–Actually in machines on the market sooner than IntelWindows Support•Enabled in Windows XP SP2 as Data Execution Prevention (DEP)–Software version if no hardware support•Check to see if you have the bit–Control Panel -> System -> Advanced -> DEP tabDelay to widespread deployment•First hardware in 2001•Wait for OS support•Wait for vendors willing to sell•Generally available in 2005Consider encrypted files•Each file or directory may be encrypted with a unique key–How are the encryption keys stored?–Protected by the file system access control?•What if system root is compromised?–Encrypted by a master key?•How is the master key stored?–Protected by pass phrase?»Then human must be present»If multiple users use system, all must know pass phrase–Hide it in a good place and hope nobody finds it?Another solution•Secure separate storage for root keys–Smart card–Secure co-processor•Keys never leave security processor–Protocol to send encrypted blob to security processor and return decrypted data•Tamper proof–Data is destroyed when tampering is detected–Prevents sophisticated advisory from pulling secrets from dataCrypto/Smart Cards•Fortezza Card–Associated with proposed key escrow scheme–Used with secure phones–Vendor link http://www.spyrus.com/products/fortezza_cryptocard.asp•Smart Cards–Much lower cost point•So much lower storage and computation ability–Primarily used for authentication and/or tracking small amounts of information•E.g., frequent buyer programs or phone cards–http://www.gemplus.com/smart/cards/basics/download/smartcardforum.pdf•Can use smart or crypto cards to link into many authentication schemes–Windows GINA, Linux PAM, RadiusSecure Co-Processors•Co-located on a server or laptop–Prevents secure root information from being accessed by malicious programs on the general CPU•IBM sells security processors–http://www-03.ibm.com/security/cryptocards/–http://www.research.ibm.com/journal/sj/403/smith.pdfTrusted Computing Group•Consortium developing standards for computer architectures using secure co-processors–Called the Trusted Platform Module (TPM)–http://trustedcomputinggroup.org•Numerous computers (particularly laptops) already ship with TPM’s–http://www.tonymcfadden.net/tpmvendors.html–Many vendors targeting specific enterprises like Health Care that are particularly concerned with privacy (due to HIPPA)–Supported by Vista/LonghornMajor Functions of TPM•Attestation–Proof of accuracy of information–Attestation by TPM •Sign internal TPM information by TPM–Attestation of Platform•Proof of platform integrity–Authentication of Platform•Signature by non-migratable key•Protected CommunicationTPM Architecture OverviewTPM LayoutTPM Features•Unique, unmigratable keys–Unique Endorsement Key (EK) set at manufacture–Can generate additional Attestation Identity Keys (AIK)–Binds key use to particular piece of hardware–Potential Privacy concerns•Protected Capabilities–Shielded storage–Platform Configuration Registers (PCR)TPM Protected Message Exchanges•Binding – Encrypting using public key–If using non-migratable key value is bound to TPM•Signing – Encrypt with private key–Some keys are indicated as signing only keys•Sealing – Binding a message with set of platform metrics (expressed in PCRs)–So can only unseal values when the platform metrics match•Sealed-signing – Have a signature also be contingent on PCR valuesRoots of Trust•Root of Trust for Measurement (RTM)–Capable of making inherently reliable integrity measurements•Root of Trust for
View Full Document
Unlocking...