An Overview of PalladiumAcknowledgementsAgendaIntroduction & MotivationWhat is Palladium?Trusted Open SystemsNightmare ScenariosArchitecturePalladium At 50,000 Feet: 1Palladium At 50,000 Feet: 2Palladium At 50,000 Feet: 3Hardware SummaryHardware RequirementsWhat Palladium ProvidesPalladium Core FeaturesCode Identity in PalladiumCode IdentitySealed StorageSealed Storage(Allowing code to keep secrets)AttestationAttestation (How code authenticates itself)Secure User Input and OutputPolicy IssuesPolicy IssuesNexus PoliciesPrivacy of Machine IdentitiesPseudo-IdentitiesRegistering a Pseudo-IdentitySummaryLCS/CIS Seminar on PalladiumQuestions?An Overview An Overview of Palladiumof PalladiumBrian A. LaMacchiaBrian A. LaMacchiaSoftware ArchitectSoftware ArchitectWindows Trusted Platform TechnologiesWindows Trusted Platform TechnologiesAcknowledgementsAcknowledgementsz Key contributors to the Palladium initiative at Microsoft include:z Peter Biddlez John de Trevillez Paul Englandz Butler Lampsonz John Manferdelliz Marcus Peinadoz Bryan WillmanAgendaAgendaz Introduction and Motivationz Architecturez New Security Featuresz Policy Issuesz Summary/Q&AIntroduction & Introduction & MotivationMotivationWhat is Palladium?What is Palladium?z Palladium (Pd) is a set of new security-oriented capabilities in Windowsz Enabled by new hardware z Goal is to “protect software from software”z Defend against malicious software running in Ring 0 z Four categories of new security featuresz Sealed storagez Attestationz Curtained memoryz Secure input and outputTrusted Open SystemsTrusted Open Systemsz Our OSs are designed for:z Featuresz Performancez Plug-ability/Opennessz Applicationsz Driversz Core OS componentsz Ease of use, andz SecurityContrast this with the design of a smartcard OSNightmare ScenariosNightmare Scenariosz A virus/Trojan that launches something worse than a denial of service attack:z Trades a random stock (for mischief or profit)z Posts tax-records to a newsgroupz Orders a random book from Amazon.comz Grabs user/password for the host/web-sites and posts them to a newsgroupz Posts personal documents to a newsgroupArchitectureArchitecturePalladium At 50,000 Feet: 1Palladium At 50,000 Feet: 1AppOSUserKernelz How do you preserve the flexibility and extensibility that contributes so much to the entire PC ecosystem, while still providing end users with a safe place to do important work?z In particular, how can you keep anything secret, when pluggable kernel components control the machine?Palladium At 50,000 Feet: 2Palladium At 50,000 Feet: 2AgentAgentz The CPU is either in “standard” mode or “trusted” mode.z Pages of physical memory can be marked as “trusted.” Trusted pages can only be accessed when the CPU is in trusted mode. AppOSUserKernelStandardTrustedz The solution: subdivide the execution environment by adding a new mode flag to the CPU.NexusPalladium At 50,000 Feet: 3Palladium At 50,000 Feet: 3UserKernelAppOSStandardTrustedAgentNexusAgentSSCPub/Pri KeysTrustedGPUTrustedUSB Hubz Agents also need to let the user enter secrets and to display secrets to the user.z Input is secured by a trusted USB ‘hub’ for KB and mouse that carries on a protected conversation with the nexus.z Output is secured by a trusted GPU that carries on a crypto-protected conversation with the nexus.z This gives us “fingertip-to-eyeball” security.Hardware SummaryHardware Summaryz CPU changesz MMU changesz Southbridge (LPC bus interface) changesz Security Support Component (SSC)z New chip on the motherboard (LPC bus)z Trusted USB hubz May be on motherboard, in keyboard, or anywhere in betweenz Trusted GPUHardware RequirementsHardware Requirementsz SSC – Security Service Componentz Think “smart-card soldered to the motherboard”z Cheap, fixed-function devicez Contains z At least an AES key and an RSA key pair AES key & RSA private key never leave the chipz Registers: e.g. the “PCR” (platform configuration register) that contains the digest of the running Nexusz Must be close to the chipset (e.g. not a real smartcard) because it must be involved in nexus initializationz Contains other security “goodness”z RNG, counters, other key-storage, crypto-opsWhat Palladium ProvidesWhat Palladium Providesz Separate protectedprotected execution environment for applications (computing agents)(computing agents) that need higher securityz Hardware-based memory isolationz Privileged services for these agentsz Mostly cryptographic servicesz Agents can be z Standalone z Provide services to other applicationsz In the long termz “Project trust” into the main OSPalladium Core FeaturesPalladium Core Featuresz All Palladium capabilities build off of four key features:z Strong process isolationz Root key for persistent secret protectionz Secure path to and from the userz Attestationz The first three are needed to protect against malicious code (viruses, Trojans, etc.)z Attestation breaks new ground z Facts about “things” (SW, users, machines, services) can be proved to (and believed by) remote entities.Code Identity in PalladiumCode Identity in Palladiumz The Palladium security model assigns access rights to code identitiesz Palladium always knows what code is running in the right-hand sidez Booting a nexus (security kernel) causes the SSC to compute the hash of the nexus and store it in a read-only register (PCR)z Change the nexus, change its identityz The nexus recursively provides similar features for notarized computing agents executing in trusted modeCode IdentityCode IdentityOS Identity:OS Identity:•Keep the hardware simple!•The SSC/chipset measures the digest of the nexus on “secure initialization.”SSCNexusAgent AgentHardware“OS”ApplicationsApp Identity:App Identity:•Could be a digest, but we actually use a “manifest” – simplifies managementSealed StorageSealed Storagez Allows SW to keep long-lived secrets safe from other SW running on the hostz An encryption technologyz But more than simple encryptionz An OS/nexus can keep secrets from other OSsz If an OS can keep a secret, it can provide a similar service to applicationsz How do we do this?z Use the PCR value to “brand” encrypted secrets with the identity of the code that “owns” them.z Owners of secrets can also designate alternate recipients (necessary for update & migration)Sealed StorageSealed Storage(Allowing code to keep secrets)(Allowing code to keep secrets)z SSC Seal/UnSeal functionsz Seal(secret, PCR
View Full Document
Unlocking...