340 likes | 709 Views
Bootstrapping Trust in Commodity Computers. Carnegie Mellon University. Bryan Parno , Jonathan McCune, Adrian Perrig. A Travel Story. Trust is Critical. Will I regret having done this?. Software Engineering &. Programming Languages :. Bootstrapping Trust :.
E N D
Bootstrapping Trust in Commodity Computers Carnegie Mellon University Bryan Parno, Jonathan McCune, Adrian Perrig
Trust is Critical Will I regret having done this?
Software Engineering & Programming Languages: Bootstrapping Trust: What F will this machine compute? Does program P compute F? Is F what the programmer intended? Bootstrapping Trust What F will this machine compute? XOther YOther F XAlice YAlice
Bootstrapping Trust is Hard! Challenges: App 1 App 4 App 5 App N App 2 App 3 • Hardware assurance • Ephemeral software • User Interaction S2( ) S14( ) S1( ) S15( ) S3( ) S11( ) S5( ) S6( ) S13( ) S12( ) S7( ) S8( ) S9( ) S10( ) S4( ) OS Module 1 Module 3 Module 4 Module 2 ^ Safe? H( ) H( ) Yes!
Bootstrapping Trust is Hard! Challenges: Evil App • Hardware assurance • Ephemeral software • User Interaction Evil OS Safe? Yes!
What do we need to know? • How can we use it locally? • How can we use it remotely? • How do we interpret it? • What serves as a foundation of trust? • How can we validate the bootstrapping? • Applications • Human factors • Limitations • Future directions In the paper… • Bootstrapping foundations • Transmitting bootstrap data • Interpretation • Validation • Applications • Human factors • Limitations • Future directions • … and much more!
1) Establish Trust in Hardware • Hardware is durable • Establish trust via: • Trust in the manufacturer • Physical security Open Question: Can we do better?
2) Establish Trust in Software App 1 App N … • Software is ephemeral • We care about the software currently in control • Many properties matter: • Proper control flow • Type safety • Correct information flow… Which property matters most? OS
A Simple Thought Experiment • Imagine a perfect algorithm for analyzing control flow • Guarantees a program always follows intended control flow • Does this suffice to bootstrap trust? No! P We want code identity Respects control flow Type Safe
What is Code Identity? • An attempt to capture the behavior of a program • Current state of the art is the collection of: • Program binary • Program libraries • Program configuration files • Initial inputs • Often condensed into a hash of the above Function f Inputs to f • Attempt to capture the f computed by a program • Current state of the art is the collection of: • Program binary • Program libraries • Program configuration files • Program inputs • Often condensed into a hash of the above
Code Identity as Trust Foundation • From code identity, you may be able to infer: • Proper control flow • Type safety • Correct information flow… • Reverse is not true!
What Can Code Identity Do For You? • Research applications • Commercial applications • Secure the boot process • Count-limit objects • Improve security of network protocols • Thwart insider attacks • Protect passwords • Create a Trusted Third Party • Secure disk encryption (e.g., Bitlocker) • Improve network access control • Secure boot on mobile phones • Validate cloud computing platforms
Establishing Code Identity • [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],… YOther XOther F YAlice XAlice
Establishing Code Identity • [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],… YOther XOther … f1 f2 fN XAlice YAlice
Establishing Code Identity • [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04],… Chain of Trust Root of Trust ? Software N Software N-1 Software 1 . . .
Trusted Boot: Recording Code Identity Root of Trust • [Gasser et al. ’89], [England et al. ‘03], [Sailer et al. ‘04],… Software N Software N-1 Software 1 . . . SW 2 SW 1 SW N-1 SW N
Attestation: Conveying Records to an External Entity • [Gasser et al. ‘89], [Arbaugh et al. ‘97], [England et al. ‘03], [Sailer et al. ’04]… Software N Software N-1 Software 1 . . . random # ( ) Sign Kpriv random # SW 2 SW 1 SW N-1 SW N SW 1 SW 2 SW N-1 SW N Controls Kpriv
Interpreting Code Identity Traditional App 1…N • [Gasser et al. ‘89], [Sailer et al. ‘04] Drivers 1…N Policy Enforcement • [Marchesini et al. ‘04], [Jaeger et al. ’06] OS Bootloader Option ROMs BIOS
Interpreting Code Identity Traditional • [Gasser et al. ‘89], [Sailer et al. ‘04] Virtual Machine Policy Enforcement • [Marchesini et al. ‘04], [Jaeger et al. ’06] Virtualization • [England et al. ‘03], [Garfinkel et al. ‘03] Virtual Machine Monitor Bootloader Option ROMs BIOS
Interpreting Code Identity Late Traditional Launch Virtual Machine • [Gasser et al. ‘89], [Sailer et al. ‘04] VMM Policy Enforcement • [Marchesini et al. ‘04], [Jaeger et al. ’06] OS Virtualization • [England et al. ‘03], [Garfinkel et al. ‘03] Late Launch Virtual Machine Monitor • [Kauer et al. ‘07], [Grawrock ‘08] Bootloader Option ROMs BIOS
Interpreting Code Identity Late Traditional Launch • [Gasser et al. ‘89], [Sailer et al. ‘04] Flicker Policy Enforcement • [Marchesini et al. ‘04], [Jaeger et al. ’06] OS Virtualization • [England et al. ‘03], [Garfinkel et al. ‘03] S Late Launch • [Kauer et al. ‘07], [Grawrock ‘08] Flicker Targeted Late Launch • [McCune et al. ‘07] Attested
Interpreting Code Identity App 1…N Drivers 1…N OS S Flicker Bootloader Option ROMs BIOS
Load-Time vs. Run-Time Properties • Code identity provides load-time guarantees • What about run time? • Approach #1: Static transformation • [Erlingsson et al. ‘06] Run-Time Policy Attested Compiler Code Code’
Load-Time vs Run-Time Properties • Code identity provides load-time guarantees • What about run time? • Approach #1: Static transformation • Approach #2: Run-Time Enforcement layer Open Question: How can we get complete run-time properties? • [Erlingsson et al. ‘06] • [Haldar et al. ‘04], [Kil et al. ‘09] Code Run Time Attested Load Time Enforcer
Roots of Trust • General purpose • Tamper responding • General purpose • No physical defenses • Specialpurpose • Timing-based attestation • Require detailed HW knowledge Open Question: What functionality do we need in hardware? 0 0 4 2 • [Weingart ‘87] • [White et al. ‘91] • [Yee ‘94] • [Smith et al. ‘99] • … • [ARM TrustZone ‘04] • [TCG ‘04] • [Zhuang et al. ‘04] • … • [Chun et al. ‘07] • [Levin et al. ‘09] • [Spinellis et al. ‘00] • [Seshadri et al. ‘05] • … Cheaper
Open Question: What does Alice do with a failed attestation? Open Question: How can Alice trust her device? Human Factors SW 1 SW 2 SW N-1 SW N Open Questions: How should be communicated to Alice? What does Alice do with a failed attestation? How can Alice trust her device? SW 1 SW 2 SW N-1 SW N
Conclusions • Code identity is critical to bootstrapping trust • Assorted hardware roots of trust available • Many open questions remain! Thank you! parno@cmu.edu