I I 3YSTEMS AND NTERNET NFRASTRUCTURE 3ECURITY ETWORK AND 3ECURITY 2ESEARCH ENTER EPARTMENT OF OMPUTER 3CIENCE AND NGINEERING 0ENNSYLVANIA 3TATE 5NIVERSITY 5NIVERSITY 0ARK 0 Rootkit Resistant Disks Stephen McLaughlin CSE 544 Systems Security SP 2010 in conjunction with Kevin Butler and Patrick McDaniel Slides adapted from Kevin Butler s The good one s are Kevin s Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 1 Trust models so far Applications Exploits command injection confused deputy Kaput Operating System IOCTL sysfs procfs NETLINK dev mem Windows User Mode Driver Framework Rootkits User based kernel based persistent and non persistent Virtual Machine Monitor Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 2 Won t happen Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 3 What s left Mediation regulating usage of data All data ultimately resides in persistent storage The disk interface is the first line of defense for data And a restricted one at that BUT Disks have traditionally been just bit buckets Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 4 Storage Today Disk systems are being increasingly equipped with their own memory and processing capabilities e g hybrid hard disks NVRAM FDE drives crypto ASIC Narrower interface means limited interaction with the rest of the system Downside limited context for information being received from the operating system and the file system disk is only exposed as a block device semantic gap between layers Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 non volatile memory bus I O ASIC firmware disk platters SATA SCSI ATA interface Page 5 Semantic Gap MPS for storage Subjects Objects Operations Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 6 Semantic Gap MPS for storage Subjects Just one the entire host system Objects Operations Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 7 Semantic Gap MPS for storage Subjects Just one the entire host system Objects Blocks Operations Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 8 Semantic Gap MPS for storage Subjects Just one the entire host system Objects Blocks Operations Read Write Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 9 Semantic Gap MPS for storage Subjects Just one the entire host system Objects Blocks Operations Read Write Label state transition state credentials Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 10 Need to add semantics First we should understand what type of policies can be reasonably enforced Disks not useful for secrecy Once a block is read it s gone Disks very useful for integrity Storage is the last stop for every write Policies stack nicely Every modification to a piece of data is mediated Integrity violation is required for a particular class of attack Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 11 Rootkit Persistence Infecting the storage makes a bad problem worse Rootkits may try to make themselves persistent modify binaries or configuration files to insert themselves into the boot process Q How do you know if the rootkit has been eradicated if it becomes persistent A You don t only surefire way of removing it is to wipe the disk clean and reinstall the OS Solving the problem of rootkits is akin to solving the general problem of malicious software However what if we can prevent rootkit persistence Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 12 Goals for a disk solution Protection against real rootkits demonstrable protection against currently deployed persistent kernel level rootkits Usable without user interaction and with minimal administration transparent operation Highly performant minimize performance overhead Low storage overhead as little metadata storage as possible Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 13 Rootkit Resistant Disks Disk enforcement of block immutability prevents critical data from being overwritten by malicious agents Hence preventing a compromised OS from infecting its on disk image Users directly interface with the disk using a physical token creating a trusted path to the disk drive enclosure non volatile memory token carries a capability that provides context to the disk Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 token interface bus I O authorization point firmware disk platters SATA SCSI ATA interface Page 14 RRD Overview Under normal operation where no tokens are present the RRD is used as a regular disk Host When a token is inserted blocks written are labeled with the token s label and marked as immutable App File System Write OK App File System Write Denied Disk Once that token is removed any writes to the labeled block are blocked NVRAM Current Token malicious software unable to write itself to immutable portions of the disk prevents rootkit persistence Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 15 Extended Filesystem Layout byte 1024 boot super block block inode inode table block block GDT bitmap bitmap data blocks block inode inode table BGDT bitmap bitmap data blocks block inode inode table bitmap bitmap data blocks block inode inode table BGDT bitmap bitmap data blocks block inode inode table bitmap bitmap data blocks backup backup SB backup backup SB Blk grp 0 Blk grp 1 Blk grp 2 Blk grp 3 Blk grp 4 Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 16 RRD Setup Operation Initial installation of the drive best done from a trusted boot e g root of trust install Initial disk setup is a three step process Write filesystem structures that need to be written by any process e g journal log block inode bitmaps with permanently mutable token Write critical system data e g MBR boot loader kernel kernel modules system binaries and configs with immutable token Rest of installation and subsequent operation of disk performed without a token Tokens only necessary again when upgrading OS Systems and Internet Infrastructure Security Laboratory SIIS Thursday April 8 2010 Page 17 Upgrading