m 02 Template release Oct 02 For the latest go to http w3 ibm com ibm presentations Indications in black Optional elements IB b to w Thomas J Watson Research Center Design and Implementation of a TCG based Integrity Measurement Architecture Reiner Sailer Trent Jaeger Leendert van Doorn and Xiaolan Zhang Secure Systems Department August 2004 Usenix Security Symposium 2004 F p cl g 2002 IBM Corporation T Confidentiality date line 13pt Arial Regular white Copyright 10pt Arial Template release Oct 02 For the latest go to http w3 ibm com ibm presentations Indications in black Optional elements IB b to a Thomas J Watson Research Center Overview B n e w b 5 Problem Runtime integrity guarantees Solution Hierarchical software stack measurements Load guarantees Property attestation Current Implementation Future Work 02 m 2 TCG based Integrity Measurement Architecture Usenix Security Symposium 2004 Optional slide number Title subtitle confidentiality line 10pt Arial Regular white 2004 IBM Corporation Copyright 10pt Arial A Template release Oct 02 For the latest go to http w3 ibm com ibm presentations Indications in black Optional elements IB b to a Thomas J Watson Research Center Problem What is the Integrity of a System B n e w b 5 Insecure networked world SSL and IPSEC provide secure channels Answers With whom am I interacting securely Open Problem How can you trust this system On Demand Grid Secure Domains B2B Application Thin Client 02 m Secure Channel 3 TCG based Integrity Measurement Architecture Usenix Security Symposium 2004 Optional slide number Title subtitle confidentiality line 10pt Arial Regular white 2004 IBM Corporation Copyright 10pt Arial Template release Oct 02 For the latest go to http w3 ibm com ibm presentations Indications in black Optional elements IB b to a Thomas J Watson Research Center Trusted Computing Group Architecture B n e w b 5 Execution Flow Measurement Flow TCG based Integrity Measurement Architecture 02 Defined by Grub IBM Tokyo Research Lab m Defined by TCG Platform specific 0 7 4 7 8 Platform Configuration Registers 0 23 4 TCG based Integrity Measurement Architecture Usenix Security Symposium 2004 Optional slide number Title subtitle confidentiality line 10pt Arial Regular white 2004 IBM Corporation Copyright 10pt Arial Template release Oct 02 For the latest go to http w3 ibm com ibm presentations Indications in black Optional elements IB b to a Thomas J Watson Research Center Integrity Measurement Architecture Solution 5 System Properties ext Information CERT Measurement Data Program Config data 02 m BootProcess Kernel Attested System Kernel module SHA1 Boot Process SHA1 Kernel SHA1 Kernel Modules SHA1 Program SHA1 Libraries SHA1 Configurations SHA1 Structured data Signed TPM Aggregate System Representation Analysis Known Fingerprints 5 TCG based Integrity Measurement Architecture Usenix Security Symposium 2004 Optional slide number Title subtitle confidentiality line 10pt Arial Regular white 2004 IBM Corporation Copyright 10pt Arial B n e w b Template release Oct 02 For the latest go to http w3 ibm com ibm presentations Indications in black Optional elements IB b to a Thomas J Watson Research Center TPM Based Integrity Measurement Architecture 5 Achievement of our Integrity Measurement Architecture IMA Extend TPM based attestation into the system runtime Attest the Software Stack IMA Guarantees Non intrusive not changing system behavior 02 Load guarantees for code loaded into the system run time m Detects systems cheating with the measurement list Goals Negligible overhead on attested system Usability 6 TCG based Integrity Measurement Architecture Usenix Security Symposium 2004 Optional slide number Title subtitle confidentiality line 10pt Arial Regular white 2004 IBM Corporation Copyright 10pt Arial B n e w b Template release Oct 02 For the latest go to http w3 ibm com ibm presentations Indications in black Optional elements IB b to a Thomas J Watson Research Center Example Web Server 5 02 Executables Program Libraries apachectrl httpd java mod ssl so mod auth so mod cgi so libc 2 3 2 so libjvm so libjava so Configuration Files apachectrl httpd catalina sh java startup sh httpd conf java security java classes User File I O IPC Network I O Libraries Module httpd conf html pages m httpd startup catalina sh servlet jar Unstructured Input HTTP Requests Management Data e100 ko autofs ko Linux 2 6 7 System Kernel Linux GRUB Bootstrap Loader Basic Input Output System 7 TCG based Integrity Measurement Architecture Usenix Security Symposium 2004 Optional slide number Title subtitle confidentiality line 10pt Arial Regular white 2004 IBM Corporation Copyright 10pt Arial B n e w b Template release Oct 02 For the latest go to http w3 ibm com ibm presentations Indications in black Optional elements IB b to a Thomas J Watson Research Center IMA Implementation File Measurements B n e w b 5 Measurement SHA1 File Contents at load time Kernel measures kernel modules programs and shared libraries Applications measure their own critical input Examples Bash Shell measures scripts before execution Future Java Perl Apache Jakarta Tomcat 02 m Advantage Unique Software Fingerprints e g sendmail 8 12 8 9 90 Secure hash represents well known security properties 8 TCG based Integrity Measurement Architecture Usenix Security Symposium 2004 Optional slide number Title subtitle confidentiality line 10pt Arial Regular white 2004 IBM Corporation Copyright 10pt Arial Template release Oct 02 For the latest go to http w3 ibm com ibm presentations Indications in black Optional elements IB b to a Thomas J Watson Research Center IMA Implementation Measurement List Maintenance B n e w b 5 Measurement list aggregation Compute 160bit SHA1 over the contents of the data measurement Adjust Protected hw Platform Configuration Register PCR to maintain measurement list integrity value Add measurement to ordered measurement list Executable content is recorded before it impacts the system That is before it can corrupt the system 02 m PCR0 0 PCRk SHA1 PCRk PCR newk 1 measurement new measurement Systemstart 9 k k 1 TCG based Integrity Measurement Architecture Usenix Security Symposium 2004 Optional slide number Title subtitle confidentiality line 10pt Arial Regular white Measurement List Integrity Value 2004 IBM Corporation Copyright 10pt Arial Template release Oct 02 For the latest go to http w3 ibm com ibm presentations Indications in black Optional elements IB b to a Thomas J Watson Research