TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and BonehWhy there exists a needCurrent SolutionsTerraArchitectureFeatures List3 Means to AttestationSlide 8Slide 9An Attestation ExampleConcernsPlatform SecurityStorage OptionsStorage AttestationDevice DriversHardware SupportPrototype ImplementationTrusted QuakeTrusted Quake (cont’d)Slide 20Trusted Access Points (TAPs)ConclusionResourcesJanuary 14, 2019January 14, 2019 TERRATERRAAuthored by: Garfinkel, Pfaff, Chow, Rosenblum, and Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and BonehBonehA virtual machine-based platformA virtual machine-based platformfor trusted computingfor trusted computingPresented by: David RagerPresented by: David RagerNovember 10, 2004November 10, 2004January 14, 2019January 14, 2019 Why there exists a needWhy there exists a needCommodity OS too complex to build Commodity OS too complex to build securely uponsecurely uponCommodity OS poorly isolate appsCommodity OS poorly isolate appsOnly weak mechanisms for peer Only weak mechanisms for peer authentication, making secure dist. apps authentication, making secure dist. apps difficultdifficultNo trusted path between users and No trusted path between users and programs (authentication)programs (authentication)January 14, 2019January 14, 2019 Current SolutionsCurrent Solutions““Closed box” systemsClosed box” systemsGood for limiting interaction but inflexibleGood for limiting interaction but inflexibleJanuary 14, 2019January 14, 2019 TerraTerraTrusted Virtual Machine MonitorTrusted Virtual Machine Monitor ““Secure” applicationsSecure” applicationsHigh-assuranceHigh-assuranceTamper-resistantTamper-resistantGeneral-purpose platformGeneral-purpose platformProvide “open” or “closed-box” VMsProvide “open” or “closed-box” VMsRun existing software – highly compatibleRun existing software – highly compatibleTrusted Quake to come….Trusted Quake to come….January 14, 2019January 14, 2019 ArchitectureArchitectureJanuary 14, 2019January 14, 2019 Features ListFeatures ListIsolation – multiple applications in isolationIsolation – multiple applications in isolationExtensibility – small vs. large OSExtensibility – small vs. large OSEfficiency – virtualizable hardware costs very Efficiency – virtualizable hardware costs very little little Compatibility – can run many OS’sCompatibility – can run many OS’sSecurity – relatively simple programSecurity – relatively simple programRoot Secure – cannot enter modify closed boxesRoot Secure – cannot enter modify closed boxesAttestation – verifiable binariesAttestation – verifiable binariesTrusted PathTrusted PathJanuary 14, 2019January 14, 2019 3 Means to Attestation3 Means to AttestationCertifying the ChainCertifying the ChainPrivate key embeddedPrivate key embeddedSigned by hardware vendorSigned by hardware vendorHardware certifies firmwareHardware certifies firmwareFirmware certifies bootloaderFirmware certifies bootloaderBootloader certifies TVMMBootloader certifies TVMMTVMM certifies VMsTVMM certifies VMsJanuary 14, 2019January 14, 2019 3 Means to Attestation3 Means to AttestationA component wanting to be certified:A component wanting to be certified:Component generates public/private keyComponent generates public/private keyComponent makes ENDORSE API call to Component makes ENDORSE API call to lower level componentlower level componentLower level component generates and signs Lower level component generates and signs certificate containing:certificate containing:SHA-1 hash of attestable parts of higher comp.SHA-1 hash of attestable parts of higher comp.Higher comp’s public key and application dataHigher comp’s public key and application dataJanuary 14, 2019January 14, 2019 3 Means to Attestation3 Means to AttestationCertifying VM itselfCertifying VM itselfTVMM signs hash of all persistent data that TVMM signs hash of all persistent data that defines the VMdefines the VMIncludes: BIOS, executable code, constant Includes: BIOS, executable code, constant data of the VMdata of the VMDoes not include: temporary data Does not include: temporary data This difference is application definedThis difference is application definedJanuary 14, 2019January 14, 2019 An Attestation ExampleAn Attestation ExampleRemote server verifies:Remote server verifies:Hardware vendor’s certificateHardware vendor’s certificateAll hashes in certificate chain in remote All hashes in certificate chain in remote server’s list of authorized softwareserver’s list of authorized softwareHash of VM’s attested storage is on list of Hash of VM’s attested storage is on list of authorized applications (valid version of authorized applications (valid version of Quicken)Quicken)January 14, 2019January 14, 2019 ConcernsConcernsVendor key revocationVendor key revocationExtracting the vendor key from tamper-Extracting the vendor key from tamper-resistantresistant hardware and publishinghardware and publishingPrivacyPrivacyUse Privacy Certificate Authority (PCA)?Use Privacy Certificate Authority (PCA)?PCA translates Hardware ID into random numPCA translates Hardware ID into random numGroup signatures (allows revocation)Group signatures (allows revocation)Interoperability of softwareInteroperability of softwareAttestation allows software to only operate under Attestation allows software to only operate under limited conditions (monopoly power)limited conditions (monopoly power)Digital Rights ManagementDigital Rights ManagementOnly play music on software that enforces limitsOnly play music on software that enforces limitsJanuary 14, 2019January 14, 2019 Platform SecurityPlatform Security““root” secureroot” secureIndependent OS/application vulnerabilityIndependent OS/application vulnerabilityAttested software !--> Secure software Attested software !--> Secure software (duh)(duh)January 14, 2019January 14, 2019 Storage OptionsStorage OptionsEncrypted disksEncrypted disksHMAC HMAC EncryptionEncryptionIntegrity-checked disksIntegrity-checked disksHMACHMACRaw disksRaw disksA disk’s hash makes up the primary ID of A disk’s hash makes up the primary ID of a VMa VMJanuary 14, 2019January 14, 2019 Storage AttestationStorage AttestationAhead-of-Time attestationAhead-of-Time attestationdone during bootupdone during bootupComputations for 1 GB of data take 8 Computations for 1 GB
View Full Document