1 / 20

Trusted Computing for the GRID

Trusted Computing for the GRID. Dirk Kuhlmann [dirk.kuhlmann@hp.com] Trusted Systems Lab, HPLabs, Bristol. Platform security concerns for GRID. Large number of dynamically managed nodes Reliably identify a particular node Get reliable information about runtime status

liluye
Download Presentation

Trusted Computing for the GRID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Trusted Computing for the GRID Dirk Kuhlmann[dirk.kuhlmann@hp.com] Trusted Systems Lab, HPLabs, Bristol

  2. Platform security concerns for GRID • Large number of dynamically managed nodes • Reliably identify a particular node • Get reliable information about runtime status • Protect user data and programs • OS and hardware in GRID scenarios • Commercial ‘off the shelve’ elements to save costs • Subjected to COTS vulnerabilities • ‘Script kiddies’ and worms don’t care whether they attacka private platform or a GRID node • Trusted platforms • Next-generation hardware and software GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  3. Trusted Nodes as building blocks for Trusted Infrastructure • Are the IT systems on my network the ones I intended to be part of the infrastructure? • Is the software and configuration on IT systems what they are intended it to be? • Is the software I deploy on my IT systems going to behave as intended? Trusted Computing could become a foundational component to address the first two question. TC hardware is no silver bullet! • Secure product development must address the third issue. • Main challenges concern software, in particular OS! GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  4. Trusted Computing and HPLabs • Trusted Computing Platform Alliance - TCPA • Founded October 1999 • Compaq, HP, IBM, Intel, Microsoft • Created Embedded Security chip Specification v1.1b • Trusted Computing Group - TCG • Founded April 2003 • Build on TCPA • Expands Trusted Computing to other platform categories and infrastructure • HPLabs held HP’s Technical Committee chair for TCPA and now for TCG. GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  5. Trusted Computing evolution Tier 3 Tier 2 Increased integration Tier 1 Trusted Ecosystems / GRID TC Apps – Enterprise, Biz. Critical, Other Tier 0 TC Operating Environment - Chain-of-Trust HW Platform Root-of-Trust TPM Hardware availability GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  6. The Trusted Platform Module - TPM - • Trusted Computing builds upon a TPM hardware Root of Trust. Think: smartcard-like hardware component embedded into the platform • Available in D530 series desktops and nc4010, nc6000, nc8000, and nw8000 notebooks GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  7. Main value-proposition for GRID today: platform authentication • With Trusted Computing Platforms, network resources can be restricted for access from approved devices as well as approved users • Access grantedto devices authenticated using the Trusted Platform Module (TPM – or Embedded Security Chip) • To grant access to sensitive applications and services • To control access to file servers and databases • To control access from peers or remote clients through VPN and segment portions of the network GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  8. Establish encrypted channel Corporate Gateway Authenticates user AND Authenticates Platform as Corporate IT-maintained platform and/or Databases Services The VPN example ISP Internet TC-enabled Remote Employee Resources GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  9. Authentication of users and devices User Authentication Device Authentication + Trusted Computing • Creates a Trusted Entity on the network • Provides enhanced network rights, roles, and responsibility • Can be introduced with no disruption to existing IT infrastructure • allows IT managers to dynamically assign granular access control • The device can also now be used as an authentication factor with: • Ease of Use – for the mobile professional • Reduced Total Cost of Ownership – for the IT department GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  10. Value proposition for GRID tomorrow: trustworthiness of nodes • Research / Development Tier 3 Tier 2 Tier 1 Trusted Ecosystems TC Apps – Enterprise, Biz. Critical, Other Tier 0 TC Operating Environment - Chain-of-Trust HW Platform Root-of-Trust TPM Hardware availability GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  11. Trusted Node Requirements • Allow for device authentication • Monitor software integrity during boot-up and runtime • Keep node alive and manageable • Support standard operating systems • Current operating systems: • Integrity measurements as such do not enhance security • Typically not geared towards ‘keep alive’ GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  12. TPM TPM Generic vs. hosted OS • SE Linux • Bastille • Trustix, … • Windows NGSCB? Host OS options: • UM Linux • Micro / Exokernels • Paravirtualization (Xen) • VMware / Plex86 Applications Applications Windows / Linux Virtualization & Mgmt Secuity enhanced OS (Windows / Linux) Hardware (CPU, Disks, Network etc.) Hardware (CPU, Disks, Network etc.) GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  13. Chain of trust: TPM + hardened OS • List of trusted drivers, libraries, binaries, config, policies • Intercept syscalls open(), exec() etc • OS monitor checks memory image for each ‘trusted’ file • Alternative: check complete boot file system image • Policy: no further LKM-loading after trusted boot-up • OS locked down: restrict raw disk /memory access etc. • Fine grained OS policy to constrain max. possible damage • Compartments: essentially ‘sandboxing’ at user/process group level • Processes subjected to group-specific I/O and IPC policy • No visibility of processes of other compartments, chroot’ed • List of allowed ‘from/to’ addresses for networking GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  14. TPM + hardened host OS for UM-Linux • Use hardened OS as host OS • Host OS integrity check supported by TC hardware • Guest OS integrity checked by trusted SW in host OS • think tripwire • Guest OS launched inside host OS compartment • Guest OS ‘inherits’ compartment rules • network policy enforced outside the guest OS • can be restricted further, e.g. by netfilter on guest OS • Option: dedicated hosted instances • packet filtering, firewall local to platform or guest OS • monitor, audit, report GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  15. Challenges • Weak TC notion of ‘expected behaviour’ • SW integrity checking (essentially signed binaries) • Could be extended to binary + policy • No notion of actual runtime behaviour • Borrow concepts: anomaly detection, proof carrying code • Further extension: runtime + policy + runtime signature • ‘Contractual Programming’? ‘Commpacts’? • Management overhead: is it worth it? • Main concern: size of Trusted Computing Base • Huge TCB for User Mode Linux scenario • Who does the validation for OSS? • Favours microkernel/virtualization layer, minimal code base GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  16. Applications Applications Applications Windowsor Linux Windowsor Linux Windowsor Linux RptgAgent SoftTPM SoftTPM SoftTPM TPM A TCG/Virtualization Artifact Isolated processing environments Trusted Infrastructure Interface (TII) Secure Virtualization Layer + TCG functionality Hardware (CPU, Disks, Network interfaces etc.) GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  17. Trust Instrumentation: TCG and Secure Audit Query: show me all patching events on my service Accountability System Timestampservice TCGrooted reporting TCGrooted reporting TCGrooted reporting AutomatedTestResults CERTVuln. SWActivityreport Systemconfig.report Process Reports … ExternalService probe agent sensor GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  18. Trusted Virtualization Layer: Proprietary or Public/Open? • There is a lot of effort going into proprietary solutions, esp. Windows NGSCB … • So far, little complementary efforts in the Open Source field • General scepticism about Trusted Computing approach • Problem space beyond ‘typical’ OSS developer community • Controversial discussion about OSS security in general • Co-ordinated effort for Open Source is necessary • International approach • Academia, industry, and OSS communities • Validation as important as design & implementation ! GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  19. Conclusions • Today’s TCG hardware can be the stepping stone for innovative security capabilities. • Trusted Computing is a journey and we are seeing the first technology components appear on the market • It will be a long and difficult way towards trusted GRID nodes and infrastructure. The main challenges are in the area of software: operating systems and management. • Trustworthiness requires peer-review, replicable validation: Open Trusted Computing GGF12 Security WS - Sep 20, 2004 - Trusted Computing & Grid

  20. HP logo

More Related