Advanced Operating Systems, CSci555

Download Report

Transcript Advanced Operating Systems, CSci555 

USC CSci599
Trusted Computing
Lecture Three – Software Basis for TC
January 26, 2007
Dr. Clifford Neuman
University of Southern California
Information Sciences Institute
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Prelim Project 1A
• Pick an application that could benefit
from the use of trusted computing.
– Prepare 5-15 slides explaining the
benefits for the application to use
trusted computing and describing
how trusted computing provides
those benefits.
OR
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Prelim Project 1B
OR
• Pick an function critical for trusted
computing.
– Prepare 5-15 slides explaining the
purpose of the function and how it
is implemented or would be
implemented within an operating
system or hardware platform.
OR
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Prelim Project 1B
OR
• Pick an OS that has support for
Trusted Computing.
– Prepare 5-15 slides explaining how
the OS provides important TC
functions. What is the underlying
basis for the trust, and how do
applications use the functionality.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Software Basis for Trusted
Computing
• Last week we discussed the
hardware base – the TPM.
• This week we look at the
requirements within an operating
system for Trusted Computing.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
OS Concepts
• Trusted computing base
• Trusted path
• Separation of processes
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
The Trusted Computing Bases
(TCB)
• That part of the system which is critical for
security.
– Vulnerability of the TCB affects the core
security of the system.
– Trusted Computing Extends the TCB
across physical system boundaries.
▪ Allows remote components to be part
of the TCB for a particular function.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Trusted Path
• Provides attestation of the system to
the user.
– Requires confidence in the
hardware by the user.
– Requires training of the user on
how to invoke trusted path.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Separation of Processes
• Allows process that are trusted to
run without interference from other
processes.
– Requires isolation that is provided
by lower level trusted modules.
– Include hardware support, much of
which is already standard in chips,
but some which is not.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Vista Security Technologies
• Summary of some of the support for
trusted computing in Vista
(on the following slides)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Trusted Platform Module (TPM)?
Smartcard-like module
on the motherboard that:
• Performs cryptographic functions
– RSA, SHA-1, RNG
– Meets encryption export requirements
• Can create, store and manage keys
– Provides a unique Endorsement Key (EK)
– Provides a unique Storage Root Key (SRK)
• Performs digital signature operations
• Holds Platform Measurements (hashes)
• Anchors chain of trust for keys
and credentials
• Protects itself against attacks
TPM 1.2 spec:
www.trustedcomputinggroup.org
Slide From Steve
Lamb at Microsoft
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Why Use A TPM?
•
•
•
Trusted Platforms use Roots-of-Trust
– A TPM is an implementation of a Root-of-Trust
A hardware Root-of-Trust has distinct advantages
– Software can be hacked by Software
▪ Difficult to root trust in software that has to validate itself
– Hardware can be made to be robust against attacks
▪ Certified to be tamper resistant
– Hardware and software combined can protect root secrets
better than software alone
A TPM can ensure that keys and secrets are only available for
use when the environment is appropriate
– Security can be tied to specific hardware and software
configurations
Slide From Steve
Lamb at Microsoft
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Disk Layout & Key Storage
Windows Partition Contains
 Encrypted OS
 Encrypted Page File
 Encrypted Temp Files
 Encrypted Data
 Encrypted Hibernation File
Where’s the Encryption Key?
1. SRK (Storage Root Key) contained in
TPM
2. SRK encrypts VEK (Volume Encryption
Key) protected by TPM/PIN/Dongle
3. VEK stored (encrypted by SRK) on hard
drive in Boot Partition
VEK
2
SRK
1
Windows
3
Slide From Steve
Lamb at Microsoft
Boot
Boot Partition Contains: MBR, Loader,
Boot Utilities (Unencrypted, small)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
BitLocker™ Architecture
Static Root of Trust Measurement of early boot components
Slide From Steve Lamb at Microsoft
PreOS
Static OS
All Boot Blobs
unlocked
Volume Blob of Target OS
unlocked
TPM Init
BIOS
MBR
BootSector
BootBlock
BootManager
OS Loader
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Start
OS
Vista co-existence
Slide From Steve Lamb at Microsoft
• BitLocker encrypts Windows partition only
• You won’t be able to dual-boot another OS
on the same partition
• OSes on other partitions will work fine
• Attempts to modify the protected Windows
partition will render it unbootable
– Replacing MBR
– Modifying even a single bit
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
More on Vista signatures
Slide From Steve Lamb at Microsoft
x6 • All kernel mode code must be signed or it won’t load
•Third-party
Don’t confuse
hash
validation with
•
drivers
must
be
WHQL-certified
or contain a
4
signatures
certificate
from a Microsoft CA
– No exceptions, period
• User mode binaries need no signature unless they—
Implement cryptographic functions
Load into the software licensing service
x3 • Signing applies only to drivers shipped with Windows
2 • Can control by policy what to do with third-party
• Unsigned kernel mode code will load
• User mode binaries—same as x64
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Code integrity non-goals
Slide From Steve Lamb at Microsoft
• Protecting from attackers with physical access
• Verifying the integrity of NTLDR
– Requires secure startup on TPM-enabled
machines
– Requires read-only fixed media otherwise
• Supporting rebinding or hotpatching
– These change the on-disk image
– CI will work if patch includes updated hash
• Boot-time checks for revocation lists
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
More on Vista Loading
• New Super-Secret feature in 64 bit
version of Vista (not TC related, but
useful to know)
– System files load at random
locations in memory.
– Uses no-execute feature in 64 bit
chipsets.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Linux and Trusted Computing
• An IBM research project based
– Foundations are TPM and Linux
Security Modules
• Provides
– TPM based trusted boot
– Authenticated File Metadata
– Also supports mandatory access
controls
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Linux and Trusted Computing
• Future plans include
– Integration with SELinux
– Integration with Xen
– Integration with encrypted file
systems.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE