1 / 27

Security in the industry H/W & S/W

Security in the industry H/W & S/W. What is AMD’s ”enhanced virus protection” all about? What’s coming next? Presented by: Micha Moffie. Outline. Security Objectives Happening now… AMD Solution – ‘enhanced virus protection’ WinXP support in SP2 Coming soon …

glynnis
Download Presentation

Security in the industry H/W & S/W

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security in the industry H/W & S/W What is AMD’s ”enhanced virus protection” all about? What’s coming next? Presented by: Micha Moffie

  2. Outline • Security Objectives • Happening now… • AMD Solution – ‘enhanced virus protection’ • WinXP support in SP2 • Coming soon … • Intel LaGrande technology • Windows Palladium/NGSCB NUCAR

  3. Security - Objectives • Protect • User Confidential Data • From: • Attacks on executing software • Software vulnerabilities • Attacks from malicious software • Viruses/worms/Trojan horses • Attacks on hardware • Access to keyboard & mouse data / screen output NUCAR

  4. AMD’s ‘Enhanced Virus Protection’ • Hardware support against stack smashing • Stack smashing attack - reminder • Hardware implements • NX bit - No eXecution on predefined pages. • Each page in the translation pages has a new NX bit, when the instruction TLB is loaded with a new page, this bit is checked. if the bit is set (we are trying to execute from a non executable page) we will get a page fault exception. • this applied to all privilege levels (from AMD manual) NUCAR

  5. The OS role • Window XP (Service Pack 2) • Microsoft uses NX bit to: ”prevents the execution of code in memory regions that are marked as data storage” • This will NOT prevent an attacker from overrunning the data buffer, but will prevent him from executing his attack (generate an exception) • Some problems with legitimate code • a ”Data Execution Prevention" error message – for legitimate code • Workaround - Microsoft allow exceptions, per application. (I.e. turn DEP off for specific apps.) NUCAR

  6. Who else? • Transmeta • already supported • Intel • Itanium supports this bit • Intel Pentium … in the near future • Linux • a patch to the Linux kernel exists that supports the NX bit • http://www.uwsg.indiana.edu/hypermail/linux/kernel/0406.0/0497.html NUCAR

  7. Outline • Security Objectives • Happening now… • AMD Solution – ‘enhanced virus protection’ • WinXP support in sp2 • Coming soon … • Intel LaGrande technology • Windows Palladium NUCAR

  8. Intel LaGrange Technology (LT) • New Hardware Components complemented with New OS & New applications: • protect data from software attacks • protect data confidentiality & integrity • Hardware Capabilities • Isolated execution • Protected memory pages • Sealed storage (TPM) • Protected I/O (keyboard/mouse/graphics) • Attestation (Proof of current protected environment) NUCAR

  9. LT Hardware enhancements NUCAR

  10. Standard partition execute: legacy code, non secure portion of new code provides regular IA32 semantics Protected partition execute new security modules & services Provides execution isolation sealed storage Protected I/O Attestation LT Protection Model NUCAR

  11. LT Protection Model - Cont NUCAR

  12. Microsoft Palladium  NGSCB • Next Generation Secure Computing Base • security technology for the Microsoft® Windows® platform, • will be included in “Longhorn” • Includes a new operating system module: “Nexus” • enable secure interaction with applications, peripheral hardware, memory and storage NUCAR

  13. Microsoft NGSCB • Four key features: • Strong process isolation • even against attacks from the kernel • Sealed storage • accessible only to program, nexus & machine • Secure path to/from user • Attestation NUCAR

  14. The nexus • Essentially the kernel of an isolated software stack • runs alongside the existing OS software stack. • not underneath it • Provides a limited set of APIs and services for applications, including sealed storage and attestation functions. • Special processes that work with nexus are called “Agents” • Can run different nexuses on a machine • But only one nexus at a time NUCAR

  15. NGSCB- run time environment NUCAR

  16. References • AMD64 Architecture Programmer's Manual Volume 2: System Programming, 3.09 edition, Sep. 2003. Publication No. 24593. • Microsoft Knowledge Base Articles 875352 & 875351 • Intel, LaGrande Technology Architectural Overview, 252491-001, September 2003 • Microsoft The Next-Generation Secure Computing Base: Four Key Features, June 2003 • Microsoft Next-Generation Secure Computing Base - Technical FAQ, July 2003 • Microsoft "Palladium": A Business Overview, August 2002 • TPM Main Part 1 Design Principles, Specification Version 1.2 Revision 62 2 October 2003 Published • ARM, A New Foundation for CPU Systems Security, Security Extensions to the ARM Architecture, Richard York, May 2003 • A wooden fence in Kyoto, http://www.gastric.com /mari/54.htm NUCAR

  17. The End • Thanks,  • Questions ? NUCAR

  18. Backup & links NUCAR

  19. Stack Stack grows main( ) auto variables 10 +12 ptr to input string +8 return addr of foo( ) +4 Frame ptr frame ptr of foo( ) 0 dddd b[3] -4 Stack ptr cccc -8 b[2] bbbb -12 b[1] aaaa -16 b[0] Buffer grows Stack Smashing Attack main(int argc, char **argv) { … foo(argv[1], 10); … } void foo(int i, char *s) { char b[16]; strcpy(b, s); …… } NUCAR

  20. Stack Smashing Attack - II Stack Stack grows Attacker code executed in Stack Segment.. attack code attack code attack code +12 start of attack code 0x0012ff12 0x0012ff08 +8 0x0012ff12 0x0012ff04 +4 0x0012ff12 0x0012ff00 0 0x0012ff12 **** b[3] -4 return addr of foo( ) Has changed! it will return to 0x0012ff12, the attacker code **** -8 b[2] **** -12 b[1] **** -16 b[0] NUCAR Buffer grows

  21. TPM • Trusted Platform Module • also called SSC - Security Support Component • Stores hardware secret key • Base of trust • Cryptographic co-processor • more… NUCAR

  22. TPM architecture NUCAR

  23. Transitive Trust NUCAR

  24. ARM – TrustZone • Extending the CPU to enable more security • Main problem with current OS • It is huge, millions of code lines - Complex • difficult to establish a ‘trusted code base’ • A rich API - Open • enables widespread access to OS from non-secure code • Main idea: • establishing a trusted code base • using a hardware enforced security domain to systemize the implementation of secure systems NUCAR

  25. ARM - cont • Current typical security structure NUCAR

  26. ARM - Cont • New security structure NUCAR

  27. ARM - Cont • Introduce an NS-bit • use this bit to identify secure data throughout system • cache • pages • Monitor • manages the NS-bit • manages transition in & out of security mode • Small fixed API NUCAR

More Related