270 likes | 423 Views
Security in the industry H/W & S/W. What is AMD’s ”enhanced virus protection” all about? What’s coming next? Presented by: Micha Moffie. Outline. Security Objectives Happening now… AMD Solution – ‘enhanced virus protection’ WinXP support in SP2 Coming soon …
E N D
Security in the industry H/W & S/W What is AMD’s ”enhanced virus protection” all about? What’s coming next? Presented by: Micha Moffie
Outline • Security Objectives • Happening now… • AMD Solution – ‘enhanced virus protection’ • WinXP support in SP2 • Coming soon … • Intel LaGrande technology • Windows Palladium/NGSCB NUCAR
Security - Objectives • Protect • User Confidential Data • From: • Attacks on executing software • Software vulnerabilities • Attacks from malicious software • Viruses/worms/Trojan horses • Attacks on hardware • Access to keyboard & mouse data / screen output NUCAR
AMD’s ‘Enhanced Virus Protection’ • Hardware support against stack smashing • Stack smashing attack - reminder • Hardware implements • NX bit - No eXecution on predefined pages. • Each page in the translation pages has a new NX bit, when the instruction TLB is loaded with a new page, this bit is checked. if the bit is set (we are trying to execute from a non executable page) we will get a page fault exception. • this applied to all privilege levels (from AMD manual) NUCAR
The OS role • Window XP (Service Pack 2) • Microsoft uses NX bit to: ”prevents the execution of code in memory regions that are marked as data storage” • This will NOT prevent an attacker from overrunning the data buffer, but will prevent him from executing his attack (generate an exception) • Some problems with legitimate code • a ”Data Execution Prevention" error message – for legitimate code • Workaround - Microsoft allow exceptions, per application. (I.e. turn DEP off for specific apps.) NUCAR
Who else? • Transmeta • already supported • Intel • Itanium supports this bit • Intel Pentium … in the near future • Linux • a patch to the Linux kernel exists that supports the NX bit • http://www.uwsg.indiana.edu/hypermail/linux/kernel/0406.0/0497.html NUCAR
Outline • Security Objectives • Happening now… • AMD Solution – ‘enhanced virus protection’ • WinXP support in sp2 • Coming soon … • Intel LaGrande technology • Windows Palladium NUCAR
Intel LaGrange Technology (LT) • New Hardware Components complemented with New OS & New applications: • protect data from software attacks • protect data confidentiality & integrity • Hardware Capabilities • Isolated execution • Protected memory pages • Sealed storage (TPM) • Protected I/O (keyboard/mouse/graphics) • Attestation (Proof of current protected environment) NUCAR
LT Hardware enhancements NUCAR
Standard partition execute: legacy code, non secure portion of new code provides regular IA32 semantics Protected partition execute new security modules & services Provides execution isolation sealed storage Protected I/O Attestation LT Protection Model NUCAR
Microsoft Palladium NGSCB • Next Generation Secure Computing Base • security technology for the Microsoft® Windows® platform, • will be included in “Longhorn” • Includes a new operating system module: “Nexus” • enable secure interaction with applications, peripheral hardware, memory and storage NUCAR
Microsoft NGSCB • Four key features: • Strong process isolation • even against attacks from the kernel • Sealed storage • accessible only to program, nexus & machine • Secure path to/from user • Attestation NUCAR
The nexus • Essentially the kernel of an isolated software stack • runs alongside the existing OS software stack. • not underneath it • Provides a limited set of APIs and services for applications, including sealed storage and attestation functions. • Special processes that work with nexus are called “Agents” • Can run different nexuses on a machine • But only one nexus at a time NUCAR
References • AMD64 Architecture Programmer's Manual Volume 2: System Programming, 3.09 edition, Sep. 2003. Publication No. 24593. • Microsoft Knowledge Base Articles 875352 & 875351 • Intel, LaGrande Technology Architectural Overview, 252491-001, September 2003 • Microsoft The Next-Generation Secure Computing Base: Four Key Features, June 2003 • Microsoft Next-Generation Secure Computing Base - Technical FAQ, July 2003 • Microsoft "Palladium": A Business Overview, August 2002 • TPM Main Part 1 Design Principles, Specification Version 1.2 Revision 62 2 October 2003 Published • ARM, A New Foundation for CPU Systems Security, Security Extensions to the ARM Architecture, Richard York, May 2003 • A wooden fence in Kyoto, http://www.gastric.com /mari/54.htm NUCAR
The End • Thanks, • Questions ? NUCAR
Backup & links NUCAR
Stack Stack grows main( ) auto variables 10 +12 ptr to input string +8 return addr of foo( ) +4 Frame ptr frame ptr of foo( ) 0 dddd b[3] -4 Stack ptr cccc -8 b[2] bbbb -12 b[1] aaaa -16 b[0] Buffer grows Stack Smashing Attack main(int argc, char **argv) { … foo(argv[1], 10); … } void foo(int i, char *s) { char b[16]; strcpy(b, s); …… } NUCAR
Stack Smashing Attack - II Stack Stack grows Attacker code executed in Stack Segment.. attack code attack code attack code +12 start of attack code 0x0012ff12 0x0012ff08 +8 0x0012ff12 0x0012ff04 +4 0x0012ff12 0x0012ff00 0 0x0012ff12 **** b[3] -4 return addr of foo( ) Has changed! it will return to 0x0012ff12, the attacker code **** -8 b[2] **** -12 b[1] **** -16 b[0] NUCAR Buffer grows
TPM • Trusted Platform Module • also called SSC - Security Support Component • Stores hardware secret key • Base of trust • Cryptographic co-processor • more… NUCAR
TPM architecture NUCAR
Transitive Trust NUCAR
ARM – TrustZone • Extending the CPU to enable more security • Main problem with current OS • It is huge, millions of code lines - Complex • difficult to establish a ‘trusted code base’ • A rich API - Open • enables widespread access to OS from non-secure code • Main idea: • establishing a trusted code base • using a hardware enforced security domain to systemize the implementation of secure systems NUCAR
ARM - cont • Current typical security structure NUCAR
ARM - Cont • New security structure NUCAR
ARM - Cont • Introduce an NS-bit • use this bit to identify secure data throughout system • cache • pages • Monitor • manages the NS-bit • manages transition in & out of security mode • Small fixed API NUCAR