Some security - Nicolas T. Courtois
Download
Report
Transcript Some security - Nicolas T. Courtois
Computer Security
at the Low,
Hardware/Process/Memory Level
Nicolas T. Courtois
- University College London
Reading
Home reading
Sections 6.3. – 6.5.
2
Nicolas T. Courtois, January 2009
CompSec COMPGA01
Where Does Computer
Security Come From?
3
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
More Precisely
Some Things You Wanted to Know but Were Afraid To Ask…
4
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Do You Know…
Q1.
Can in Windows/Linux a process run by an
administrator access the system/kernel memory?
Q2.
Why do we must press Ctrl+Alt+Del when we log to a
PC under many versions of Windows?
Q3.
Why more than half of large banks in London bought
PCs with a pre-installed hardware Rootkit?
5
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
PC Software Security:
bound to be bad?
6
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Bottom Line
Can we rely on obscurity?
• only for very limited time, few months.
Software can hardly be protected by software.
• TRUE.
=> some hardware mechanisms are needed.
7
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Remark:
Some industries historically cared MUCH MORE about user’s security than
the Wintel guys…
See Applied Cryptography (COMPGA12) module.
Examples: SIM cards, bank cards, building access cards, etc…
8
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Key Remark
Software CANNOT be protected by software.
9
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Bottom Line – Not So Bad
We don’t need to have a dedicated certified tamperproof hardware module for everything we want to
do on a PC…
Good News:
Actually software can be protected by software with a
little bit of hardware support…
=> this is the objective of today’s lecture.
10
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Taxonomy of Threats to
Software and OS
11
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Taxonomy of Software Threats [Microsoft]
Spoofing = pretending to be someone else
Tampering = altering data or settings
Repudiation = user denies it was him that did of didn’t do sth.
Information disclosure = leak of personal information
Denial of service = preventing normal operation
Elevation of privilege = e.g. gaining the powers of root
• Remark: to know this by heart will NOT be on the
exam, hard to remember, even for me
12
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Impact of Software Threats [Microsoft]
Damage potential - $$$ lost
Reproducibility of the threat (hardness)
Exploitability = expertise and resources needed for attack
Affected Users = how many users
Discoverability = is attack likely to be detected?
13
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Overview
14
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
History
PCs are open source platform based on a set of industry-wide standards.
=> Only very recently there is an evolution towards more closed
source, and more fragmentation (competing standards)
1981. Designed by a team of 12 people.
Key decisions they took:
•
Build the machine with "off-the-shelf" parts from a variety of different
OEMs. Previously IBM had developed their own components.
•
An open architecture so that other manufacturers could produce and
sell compatible machines.
Businesses liked this: no lock-in. They bought PCs. They knew that they
wouldn’t be a slave of one vendor selling replacement parts.
The DOS was developed by a small company without importance,
Microsoft... IBM never made any substantial profits…
15
Nicolas T. Courtois, updated 2011
Reading
Home Reading
pages 1-12:
short history of Computer Security
16
Nicolas T. Courtois, January 2009
CompSec COMPGA01
Standard PC
except it never
was multi-user
17
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Bottom Line
Hardware security is better than software.
Actually software-only security will never exist
without some hardware that helps it.
=> in the sense that it provides
some security functionality.
Example: memory protection.
A lot of cooperation and support on the OS side need to exist as well.
1.
A security system that Microsoft with Intel wouldn’t embrace can
probably not exist.
2.
As for Linux systems, they never got into the process of industrial
innovation. And never wanted to secure Hollywood studio movies…
18
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Least Privilege [or Limitation] Principle
Every “module” (such as a process, a user or a program)
should be able to access only such information and resources
that are necessary to its legitimate purpose.
19
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Main Security Goals For the OS+Hardware
(Goal 0.)
Allowing reliable operation and business continuity.
Goal 1A.
Allowing multiple users securely share a computer.
Goal 1B.
Allowing multiple processes securely share a computer.
Goal 2.
Allow secure operation in a networked environment.
20
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Goal 1 – Means to Achieve It
Goal 1A+B.
Allowing multiple users / processes securely share a
computer.
•
•
•
•
memory protection (possibly memory encryption)
processor modes
authentication
file access control and (drive/file) encryption and auth.
• logging & auditing
21
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Goal 2 – Means to Achieve It
Goal 2.
Allow secure operation in a networked environment.
•
•
•
•
secure channels:
authentication
encrypted and authenticated
encryption
resource access control
intrusion prevention, detection and recovery
• logging & auditing
22
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Basic Hardware Mechanisms
23
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Memory Protection
24
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Memory Protection
Allows to implement memory access rights for
processes.
• Goal: One process should not access other’s
memory.
• Prerequisite: Operating system and user
processes need to have different privileges
25
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
1) Pre-history of Memory Protection
• Fence Register
0
– (OS+1 program) Fence
OS
User
Problems:
-multi-user
-multi-tasking
-flexibility
-sharing
Runtime checks by CPU
2 registers for each program
• Base
+ Bound
Program1
– (OS + several programs)
26
Nicolas T. Courtois, updated 2011
Shared
-flexibility
later base+bound for each
segment but
still not good enough
-performance
CompSec COMPGA01
*****Evolution on 1 Slide
0
1. Fence: Kernel vs. 1 user
Fence
OS
User
-multi-task
-multi-user
-flexibility
-sharing
2. Base+
Program1
Bound registers
Shared
for each program
3. Segments + rights rwx, each program different table
4. Segments + Paging
around 200X
Modern PCs
5. Paging only, rwx per page and per program
27
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Memory Protection History
• In Windows 9x, user processes COULD
access system memory.
• Though CPUs would allow the separation… capacity
not used!
• Used in:
– Most UNIX and Linux systems
– Mac OS X [2001]
– Windows NT since NT3.1.
– Windows XP [2001] and ever since.
28
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
*OLD OUTDATED
Memory Protection Methods
• Fence Register
– (OS+1 program)
• Base + Bound
– (OS + several programs)
• Base+Bound On Per Segment Basis
– (enough flexibility
but not efficient and not scalable)
29
Nicolas T. Courtois, updated 2011
Fence Register @CPU
Addresses
0
Operating
System
Fence
n
n+1
X
OK
high
30
User
Program
Problems:
-Flexibility
-Sharing
CompSec COMPGA01
Base + Bound Registers
A’s registers
Operating
System
base
bound
31
Nicolas T. Courtois, updated 2011
User
Program
A
Shared
User
Program
B
B’s registers
base
bound
CompSec COMPGA01
Segments
1
Split address into two
fields
Fetch <1,7>
Operating
System
7
+
Seg
Base
Bnd
0
a
b
1
n+1
m
n+8
n+8
<>
>
<
Error
32
Nicolas T. Courtois, updated 2011
User
Program
A
User
Program
B
– <seg, offset>
Each segment has a
base & bound
CompSec COMPGA01
Segments: Sharing & Protection
different table in
each program
Operating
System
Seg
Base
Bnd
Prot
0
a
n
rwx
1
n+1
m
rw
{
{
User
Program
A
Shared
User
Program
B
33
Nicolas T. Courtois, updated 2011
}
}
Seg
Base
Bnd
Prot
0
m+1
high
rwx
1
n+1
m
r
Working With Segments?
Q1: Are we inside the segment?
Q2: Do we have the right to write?
– checked at runtime
– costly checks at each memory access
And how do we manage all this?
34
Memory Management
Methods further evolved into having:
– A hardware memory management unit (MMU) and
a lot of special circuits in the CPU and chipset.
– A lot of support functions done by the OS.
– A more abstract view where the programmer and
the compiler would see a simple linear address
space. Will be achieved with paging…
35
CompSec COMPGA01
*Process Memory Layout
0x08048000
Text
Heap
Grows toward
high memory
Grows toward
low memory
0x40000000
Stack
0xC0000000
36
Nicolas T. Courtois, updated 2011
• Text: loaded from
exec code and readonly data
size fixed at
compilation
• Heap: runtime
allocated objects,
large (2 Gb)
• Stack: LIFO, holds
function arguments
and local variables,
small size (256 K)
CompSec COMPGA01
Modern Memory Protection Methods
1. Segmentation: used until recently, no longer used
2. Paging: the dominant method in 2012
3. Capability-based addressing
• the closest to “least-privilege” ideal.
But not used in Windows/Linux PCs.
37
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Capability Based Addressing
• Not used in commercial PCs
• In Java Virtual Machines
• Also in CapROS (open source, US DARPA-funded successor of
the defunct Extremely Reliable Operating System, supports x86 and ARM)
• How does it work?
• pointers are replaced by special objects called
capabilities
• only the kernel and special authorized processes can
create these objects.
• other programs can only use them.
38
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Mechanisms Used in Modern PCs
• Segmentation
• Paging
Work together, though totally independent.
Each could (only in theory) be disabled.
39
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Virtual Memory History
• This architecture exists since i386.
• Later CPUs added more performance and
more complexity with legacy code
compatibility etc…
40
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
**Memory Segmentation
1. Each memory address is a pair of (segment,
offset)
2. The translation is done by a [paged] memory
management unit (MMU).
41
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Segmentation + Paging Combined
• Before 200X segmentation + paging worked
together, e.g. Intel x32+early Windows XP
• However until very recently (even in say 2009)
there was a big loophole in cheap commercial PCs:
– no x protection at page level, only at segment level
42
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Segments - Security
•
•
Each segment had permissions R/W/X.
If the program uses pointer such that
–
–
–
–
it would jump to a segment for which has no X right
it would read memory for which he has no R right
the offset is outside the allowed range,
all this is checked by the CPU at runtime
•
with help of MMU = memory management unit
a HARDWARE exception 0xEh is raised
43
will be handled by OS Kernel
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Paging
Virtual Memory, typically 2,3 or 4 Gbytes
for a 32-bit process in Windows.
Each block is mapped either
– somewhere into memory
– or there is a page fault (OS handles it)
–
in the swap (security risk on its own!)
–
or not used.
Some security: a page not previously used,
can automatically generate a page fault error.
Paging is implemented in hardware+software (part of OS).
Pages are typically 4K bytes.
Security: each block can be marked as protected. (Kernel/OS)
44
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Paging
45
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Basic Security:
Linux: Kernel pages are never swapped to disk.
Windows: similar and more complex.
46
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
General Protection Fault (GPF)
It is a hardware mechanism!
Exception 0xD.
Occurs when the program does violate the CPU security rules
(they are VERY numerous). Examples:
–
–
–
using an instruction which can ONLY be used at ring 0 by the OS
Kernel…
accessing special types of registers and Descriptor Tables…
etc…
The OS is expected to catch it and close the process:
47
XP: XXX has encountered a problem and needs to close.
We are sorry for the inconvenience.
Vista/7: XXX has stopped working.
If not, if GPF occurs 3 times, (exception within exception
handler routine) even the OS Kernel cannot recover from
it.
=> Must reboot CPU and OS.
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Segmentation Fault a.k.a. Bus Error
One example program in C:
char *s=“abcd”;
*s=0;//change ‘a’ to ‘\0’
This will cause segmentation fault,
both in Unix/Windows
because compilers allocate “abcd”
in a segment marked as “read only”.
Software mechanism, but hardware detection by the CPU.
How does this happen?
In Linux typically the CPU will notify the OS, and the OS will
send the SIGBUS signal. Then the OS notifies the
process which caused the exception.
Under windows goes through exceptions which are handled by
the code itself…
48
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Page Protections and Permissions
• Historically, in Intel 32-bit CPUs, permissions (R/W/X)
exist at segment level, hard to use and wasteful.
• Since i386, W/R permissions exist at the page table
entry level, 4 K pages typically
– implemented in combination of hardware / OS kernel with the
“page descriptors”
• ONLY since Pentium 4, X (execution) can also be
disabled with DEP (later about it)
• BTW: No problem ever with i64. R/W/X at page level.
49
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Vista and Encrypted Paging
What about memory used for operations on protected
audio/video content in Vista?
–
For example a graphics card using RAM for its real-time working data?
Vista activates a special protection bit indicating that they must
be encrypted before being paged out to the disk, and
decrypted back again after being paged in.
But Vista doesn’t provide any other page file encryption, that programmers could use to
protect their credit card details or Aes keys or so…
=> Microsoft only cares about Hollywood studios.
50
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
*Kernel or Memory Dumps
If Windows XP crashes …
–
it will write either a full memory dump, or just a Kernel dump into the
page file (pagefile.sys).
–
temporary.
–
51
after reboot it will be copied to a separate file.
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
****ASLR = Address Space Layout Randomisation
Also covered later, see buffer overflow. SOFTWARE, not hardware.
Techniques to randomize at the runtime the layout of various pieces of data in
memory. Makes it much harder for the attacker to predict where the data is.
Example: the attacker injects some “shellcode” in a buffer stored on the process
stack and overwrites some pointers. In his exploit he expects consecutive
locations. The exploit does not work anymore (or with low probability).
–
–
OpenBSD (enabled by default)
Linux – weak form of ASLR by default since kernel 2.6.12. (much better with
the Exec Shield patch for Linux).
Windows Vista and Windows Server 2008:
–
–
52
ASLR enabled by default, although only for those executables and dynamic link
libraries specifically linked to be ASLR-enabled. So only very few programs such as
Internet Explorer 8 enable these protections…
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
WX Page Protections – in Linux
• What is W X?
– Each page should be either writable or executable,
but not both: Exclusive OR
Applications:
– Exe part of the program space (a.k.a. text) pages: X, not W
– Data pages (stack, heap): mark them as W, not X
Implementation of W X in Linux:
• In Linux 32-bit, and with 64-bit CPU, in hardware, since Kernel 2.6.8.
• In other cases, mechanism can be implemented in software.
– In OpenBSD since version 3.3. May 2003.
– In Linux PaX patch (optional), for 32-bit x86 processors,
Tricky way based on segment limit registers and segment R/W/X/ permissions
=> memory x2, really negligible performance degradation.
53
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Windows DEP = Data Execution Prevention
Old “X” idea: must allow explicitly, current OS+programs would stop working.
The “NX” idea: Never Xecute = can forbid. Easier to make compatible systems.
Hardware mechanism. Both Intel and AMD implement it but Intel was the last to
deliver this benefit to large-public CPUs, since P4 Prescott.
–
Windows - Since XP SP2.
•
•
•
–
Also active in Linux, mostly only on 64-bit CPUs, but also with 32-bit Linux,
•
•
54
Not active by default. Choice dictated by legacy programs…
PAE mode needed: 64-bit page tables. Bit 63 is used.
Compatibility problems with older processors and old motherboards
in Linux kernel since release 2.6.8 of August 2004.
Again can also be enforced purely in software,
for example in Linux PaX patch (optional Kernel patch).
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Future: Curtained Memory
Not used (as far as I know).
Expected to work with TP.
Full isolation of sensitive areas of memory—for example, locations containing
cryptographic keys.
Even the OS does not have full access to curtained memory.
Implementation:
Intel's Trusted Execution Technology
55
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
CPU Security Features
56
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Unique Serial Number
• Routine mechanism in most industries.
Unique serial number cannot be changed
(fixed by the manufacturer)
• Example:
Oyster card, building passes block 0.
• Introduced by Intel since P3.
– can be disabled too, due to privacy advocates
outcry…
57
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
CPU Protection –
Hardware Side
58
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Rings – Hardware @ CPU
Different CPU architectures define several Rings.
59
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Transition Calls (Transition Gates)
• Transition only through special “system calls”
– transfers control to a predefined entry point in more privileged code;
– the more privileged code does specify and checks
• where it can be entered,
• in which prior processor state one can enter.
• Privileged code, from the processor state and the stack left by the less privileged
code, determines what is requested and allows it or not.
Implementation:
• “call gates” (old): calling directly a Kernel function, slow
• INT – hardware interruption, saves and restores the CPU state, still slow
• Intel and AMD now introduced special faster instructions:
SYSCALL/SYSENTER, SYSRET/SYSEXIT
60
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
How to Penetrate to Ring 0?
Whatever you do, it is always possible to get there
through the boot loader.
• Critical and privileged access point in all PCs.
– Would allow to disable some hardware securities such as DEP…
– Could allow a virus to be so stealth that no anti-virus would detect it.
• Beware of boot sector viruses!
• Good news: most motherboards have a hardware
mechanism that prevents the OS from writing the boot
sector of the hard drive. No access from the O/S level.
– Problem: this can be disabled in BIOS.
• which is looking for trouble:
– IF this mechanism is totally usable: like it makes sounds and asks the user
to press Y on the keyboard, and there is no bug/problem
– THEN it is a bad idea to allow people to disable it.
61
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
How to Still Penetrate to Ring 0?
More HW mechanisms…
Furthermore, the BIOS has a password (and usually also an
admin password). But all NVM can be reset by a jumper, so
it is easy to hack…
Some computer motherboards designed for high security
customers/applications and certified by the government will
have better security… such as
• WORM* mechanisms = Write Once, Read Many
• unhackable BIOS… (more about BIOS sec later)
62
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Can We Defend Against Such Threats?
Yes, or partly so, through logging helped by hardware.
Example 1: a motherboard can have a log of events that cannot be erased
(WORM).
• Sandisk recently started commercializing WORM memory cards (with
very large capacity) – the data can be written but cannot be erased.
Example 2: Hard disk hardware can make it impossible to modify the file
creation and modification dates of files.
Then the virus can be detected (removal is another story).
This type of technology is used for forensic purposes much more frequently
than we think. We are just not informed about these extra (hidden)
features.
63
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
CPU Protection (3)
Hardware + OS
64
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
CPU Modes vs. Modern OS
• DOS: the kernel, drivers and applications typically run on ring 3,
whereas only the 386 memory manager such as EMM386 run at ring 0
• OS/2 used 3 rings!
• the Multics system had 8 rings…
•
•
•
•
•
most current OS and Windows XP use only two rings
ring 0 == kernel mode
ring 3 == user mode
only recently Microsoft have added some ring 1 code…
there also is a SMM mode, on every PC,
– 16-bit powerful close to ring 0,
– used by the BIOS NOT the OS,
• prevents CPU from overheat etc..
– later about it,
65
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
CPU Modes = Processor Modes = Privilege Levels
Hardware mechanisms that allow the OS to run with much
more privileges than any process.
• System mode = privileged mode = master mode =
supervisor mode = kernel mode = unrestricted mode.
• User mode
• Transition only through special “system calls” or privileged
instructions or hardware interruptions which can only be
executed in system mode.
In theory, only highly-trusted kernel code should run in the
unrestricted way.
In practice… Real time code such as drivers are allowed to
also run in the system mode.
66
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
system mode = privileged mode = master mode = supervisor
mode = kernel mode = unrestricted mode
–
–
–
–
can execute any instruction
access any memory location
access hardware devices
can change a number of special processor features:
•
•
•
•
•
enable/disable interrupts,
special registers,
descriptor tables,
change privileged/not processor state,
access memory management units,
user mode
– access only the “usual” CPU resources: computations+registers
• access to memory is limited,
– cannot access MMUs
• cannot execute certain special instructions,
• cannot disable interrupts, go to privileged state, change special
registers/tables, etc..
67
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Virtual PCs
68
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Virtual PCs – VirtualBox, VMWare etc
• recall: most current OS:
– ring 0 == kernel mode
– ring 3 == user mode
• using Virtual Box in software mode
– Hosted OS kernel runs at ring 1 replacing 0
• has a real-time code recompiler which replaces some instructions
• also does real-time code patching
• cannot run VirtualBox or VMWare inside it because cannot create virtual
machines
– Hosted OS apps run at ring 3
• but it also can do a hardware –assisted mode:
– ring 0 is run as ring 0 with isolated memory
– possible only on very recent CPUs:
69
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Virtualisation:
Intel VT = AMD-V
70
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Intel-VT, a.k.a. Vanderpool
• Main function: each virtual Machine running on the same CPU has
access to all 4 privilege rings.
• Required and used by Windows 7 XP Mode.
• So for example a virtual PC+OS cannot detect it is a virtual machine by trying
CPU instructions such as SYSENTER etc.
• Also speeds up running virtual PCs,
– they run much more like a real PC
• better CPU hardware support for paging => better memory isolation
• the difference between real and virtual PCs will tend to disappear in the near future…
– supported by most but not all current CPUs,
– Intel Atom Z5X0 are OK, Atom 2X0 are NOT OK
– in some motherboards it must be switched on in BIOS
– a PC compatible with Intel-VT can run Windows, Linux and Mac-OS AT
THE SAME TIME as native, no need to emulate ring 0 anymore.
71
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
BIOS and BOOT security
72
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Firmware
Def: a tiny ‘master’ program included in our PC
– runs first when you switch it on / or reset
– in old times stored in a ROM (Read-Only Memory),
•
•
73
nowadays most firmware is stored in NOR flash devices
can be updated
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Traditional BIOS
BIOS def. = a firmware in your PC
Basic Input/Output System, 25 years old
Responsible for (picture next slide):
1. initialization of much of the system, including important
components such as video, RAM, keyboards and mice.
–
2.
responsible for finding and loading the OS Boot
–
3.
74
POST = Power-On Self Test, (NOT hard drives or media)
from a number of different types of media, ranging from hard disks
to USB and LAN devices [can load option ROMs]
cooperates with the OS load further parts of the operating
system before the operating system completely takes over.
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Traditional BIOS and Boot [source: NIST SP800-147]
16-bit insecure mode
1st device
can be needed to boot
over the network
75
Nicolas T. Courtois, updated 2011
SMI Handlers =
Part of BIOS
runs in the background
CompSec COMPGA01
Threats and Attacks
Firmware update: if a virus does it, it can circumvent all the OS
security… Pre-OS attacks = before the OS loads.
Malicious updates can enter as:
–
user-initiated from a bootable disk
–
runtime software exploits
–
managed BIOS updates inside a company
–
new vectors? - self-updating BIOS rootkits? Maybe.
Payload:
–
Roll-back to old insecure version of BIOS (with attacks)
–
Install a Firmware Rootkit
–
Install a virtualization virus
76
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Firmware Rootkits
Firmware Rootkit = def:
uses device or platform firmware to create a persistent
malware image in hardware, such as a network card
hard drive, or the system BIOS. The rootkit hides in
firmware, because firmware is not usually inspected
for code integrity.
At BlackHat 2006 Heasman demonstrated the viability of
firmware rootkits in both ACPI firmware routines and
in a PCI expansion card ROM.
77
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Virtualization Attacks on BIOS
Virtualization viruses:
– e.g. Blue Pill,
run whole OS as a virtual machine,
some physical RAM is invisible,
rootkit claimed impossible to detect
code released by Joanna Rutkowska
c. 2010
78
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
SMM mode Viruses?
16-bit insecure mode
SMI Handlers = part of BIOS
•runs in special System Management Mode
79
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
SMI Handlers
SMI Handlers = part of BIOS, used for:
– invented to manage CPU temperature, fan control etc…
– also used for emulating hardware such as floppy disk
Security
– runs in special System Management Mode (SMM)
– super-privileged, very similar to ring 0
– 16-bit yet able to access 4G of RAM
– can access all I/O ports and peripherals
– implemented through a System Management Interrupt
(SMI):
– triggered by a physical PIN on the CPU socket
– transitions: next slide
80
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
**** x86 CPU transitions w.r.t. SMI mode [Duflot et al.]
16-bit start-up
32-bit
switched on by a
PIN on the CPU
socket,
386 and above
81
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Improved BIOS
BIOS is not modular.
In some recent computers the BIOS has two parts:
1. BIOS boot block, cannot be updated,
•
–
checks the integrity of the second block 2.
•
–
in ROM preferably
for this it can cooperate with special chip (Trusted Platform chip)
has recovery mechanisms
•
dual BIOS, restore last BIOS etc..
2. Main block, can be updated
•
82
in Flash memory
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
2006:
Bill Gates
If we think about boot, we're
finally moving away from
the old BIOS to this
UEFI
interface
[…] gives us new flexibility
and capability, and it's got
a rich API set to build on
[…]
83
Nicolas T. Courtois, updated 2011
/
Intel
CompSec COMPGA01
New Vocab
EFI, = Extensible Firmware Interface,
UEFI = Unified EFI
An industry group (Intel, Lenovo, Microsoft etc etc)
PI = Platform Initialization process and specs..
84
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Key Features of EFI
– authenticated BIOS updates using digital signatures
– protections against changing the BIOS already installed
– modular design, with added functionality in BIOS,
– for example support of FAT files system in firmware
through “EFI drivers”
Reading: NIST BIOS protection guidelines: SP800-147
85
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Improved EFI BIOS and Boot [cf. NIST]
86
Checks the digital
signature, root of trust
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
***Optional Reading: “A Tale of Two Standards”
87
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Enterprise Remote
IT Management
88
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Couple = AMT + vPro
• AMT = Active Management Technology – software part.
• Works with HARDWARE Intel vPro support on CPU and
motherboard and the network adapter.
A very impressive set of out-of-band techniques to remotely
connect to PCs, even without knowledge or permission of
the OS and the user that physically controls the PC.
–
–
–
–
–
–
89
Remote power up
Remote configuration, including access to BIOS
Encrypted network boot
Programmable hardware-based network filters and alerts
Remotely limit network traffic of infected PCs
Persistent logs stored in protected hardware
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Intel Anti-Theft Technology
(2010)
90
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Statistics
10 % of all laptops are stolen during 1 year
97 % are never found / recovered [source: FBI]
91
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Intel Anti-Theft Technology [2010]
Tamper-resistant HARDWARE protections:
• Allows encryption solutions to store and manage cryptographic keys in CPU hardware.
• Ability to disable your PC with a local or remote poison pill if the system is lost or stolen. The
poison pill can then delete essential cryptographic keys in CPU hardware.
• The PC will refuse to boot
–
–
–
works even if the OS is reimaged, the boot order is changed, a new hard-drive is installed, or the laptop
is disconnected from the network.
supports outgoing SMS (alert) and incoming SMS (poison pill) through an optional 3G card built-in.
can display a message to the thief:
•
•
Customize the policy to respond to events
–
–
–
•
invalid login attempts
failure to check-in to company network
tamper detection
Has a reactivation capacity: restore to normal.
–
–
92
like laptop reported missing, 100 $ reward if you find it, call this number etc.
Secondary long pass phrase to unlock
Unlock code can be transmitted by phone by the company’s IT service.
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Anti-Theft Software and
Support/Server Infrastructure
93
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Location Tracing of a PC
94
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Key Functionalities – iPad example
• An app which can be triggered
remotely by the owner
• Display a message+sound
for the thief
• Remote lock
• Remote wipe of all the data
• Use the iPad Camera to collect
crucial evidence
• Tamper-proof application.
95
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Remark:
PC versus iPad
• An app which can be triggered
remotely by the owner
Out of band
• Display a message+sound
for the thief
• Remote lock
• Remote wipe of all the data
channels / BIOS
rootkits
not needed (cf.
PCs):
Apple is in control
Tamper-proof OS
• Use the iPad Camera to collect
crucial evidence
• Tamper-proof application.
96
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Another Example for iPad
an app which can be triggered
remotely by the owner
97
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
CompuTrace:
Computrace® Track Locate Recover
• embedded in laptops and some expensive Dell
workstations.
One needs to pay a subscription with this
company.
• intended to trace lost/stolen PCs without the
knowledge of the thief
– for legal reasons, apparently only available in
US,UK,Canada and AUS.
98
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
CompuTrace as a RootKit
• also known as “a legitimate BIOS rootkit”.
– upon activation it will HACK/MODIFY the Windows partition:
• add a new service!
• modify several system files and the registry
• modify self-healing mechanisms such as Autochk.exe so it CANNOT be
detected or repaired(!)
• can be enabled or disabled or killed
– in the BIOS, appears as a PCI device 1917:1234, can be enabled
– in theory cannot be reactivated…
• can be hacked/subverted, cf. Sacco-Ortega attacks, BlackHat 2009,
•
•
•
•
99
redirection of communications… changing the URL/IP address
lack of authentication of code, could be replaced by malicious code...
Rootkit CAN be re-set to default settings and re-activated by software only
maybe can download unauthorized code during updates?
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
I/O Protection
100
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
In Both Unix and Windows NT
• I/O devices are usually NOT accessible in user mode!
protected mode
user space
driver
IPC
I/O device
kernel
shared RAM
101
Nicolas T. Courtois, updated 2011
process
CompSec COMPGA01
Example:
In Linux,
ONLY a process with effective UID = 0 (and 0==root)
can open TCP ports with numbers <1024.
102
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
***In Both Unix and Windows NT
There are two main methods for accessing I/O:
– mapping I/O to RAM,
• access as shared memory
• data written will be interpreted as commands
– dedicated I/O instructions,
• available only in the supervisor mode (!)
103
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
***How Devices Communicate with Drivers?
3 techniques:
1. Programmed I/O == periodic polling
–
2.
the I/O device, such as mouse, writes periodically some
information at a certain location…
Interrupt-driven I/O:
•
3.
uses hardware interrupts to tell the CPU data is here…
DMA = Direct Memory Access,
–
–
–
independent of CPU, but it can be stalled when transfer is
active
CPU controls the DMA
there are complications because of CPU cache!
•
104
usually CPU will flush the cache manually… complicated
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
OS Design
105
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Kernel space vs. User space
Two separate “memory zones”.
• Kernel space: the OS kernel, some kernel extensions, some device drivers
– run in the most privileged CPU mode, system mode.
– this memory usually cannot be swapped out.
•
User space, Userland: other parts of the OS that
run as processes or services/daemons in the user mode.
– I/O and components
– manipulating the filesystem
– shell
Windows:
– system processes will be running as system, so user space is a confusing name!
– user processes will be running as user.
Depending on systems we can have system = root = super-user = administrator or all
these will be distinct...
106
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Kernel Space vs. User Space
Process 1
Process 2
Process n
The Kernel
Hardware (disks, network interfaces, etc.)
107
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Kernel Design
108
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Big Kernels vs. Micro Kernels
109
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Big (Monolithic) Kernels
• The entire OS runs in system mode.
• Big kernel has all services:
– file system,
– network services,
– device drivers, etc.
• Security: all kernel code run in one address
space and can directly affect each other.
– Example: Linux 2.6 kernel = 6 millions lines of code
• fast
• less robust, less secure
Kernels with loadable kernel modules are still monolithic
110
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Microkernels
• A minimal kernel which provides only the mechanisms needed to
implement OS services,
– Kernel provides:
• low-level memory space management,
• thread and process management,
• inter-process communication (IPC).
– Operating-system services are provided by user-mode server modules.
•
•
•
•
device drivers,
protocol stacks,
file systems
user-interface code.
– More secure(better achieves least privilege), more robust w.r.t. failures
and bugs.
– Slower
111
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Hybrid or Mixed
• Mix of both worlds…
112
Nicolas T. Courtois, updated 2011
Windows NT
family:
(NT,XP,Vista).
A hybrid kernel or a
monolithic kernel
structured like a
microkernel
CompSec COMPGA01
Trusted Path
114
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Trusted Path
One possible meaning: (also used in Trusted Computing = NGCB)
• a mechanism that provides confidence that the
user is communicating with the right
program/process
– attackers should not be able to
• initiate the communication process
• snoop on it / modify it
– defense against fake login programs.
• In other words: something close to an
“unspoofable” and “incorruptible” channel (for a
process in question).
115
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
**Trusted Path and DRM
The dream of Hollywood studios:
A graphics card that decrypts video directly with
AES-128, so that high-quality video cannot be
captured…
Implemented in Windows Vista…
116
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Secure Attention Key
Def: a special key combination to be entered before a login
screen is presented.
• Windows NT, XP and better: Ctrl+Alt+Del
• Linux: Ctrl-Alt-Pause or the SysRq-K
117
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
WinLogon Security
Security:
Remark: Users can be instructed to report login prompts that appear without
having pressed this key combination.
It is certainly an attack on their system!
118
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
WinLogon Security
Windows NT is designed so that only the WinLogon process, a trusted
system process, can receive notification of this keystroke
combination.
119
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
**How?
only the WinLogon process can receive this keystroke:
– The kernel remembers the Process ID of this process,
and allows only that process to receive this notification.
– No software can intercept this call.
– Later, the WinLogon process will instruct GINA library (MSGINA.dll,
Graphical Identification and Authentication) to bring the “Windows
Security Dialog”
• It is possible to replace GINA with a third party software:
– one that accepts smart card or other tokens (!)
– See HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon, a string named GinaDLL
• In VISTA, GINA was replaced by “Credential Providers”
– significantly increased flexibility in supporting multiple credential collection
methods…
120
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Security in the User Space
121
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Security Mechanisms in the User Space
•
•
•
•
•
•
122
User privileges (admin/not admin)
Access Control
Authentication
Logging / Auditing
Intrusion Detection
…
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Logging
• Both normal and suspicious events, e.g.
• Every logon attempt
• Every time permissions are changed
• Network connection events
• Methods
–
–
–
–
application logging,
API hooking,
system call interception,
packet sniffing, …
Again, logging can be hidden
and use WORM mechanisms (forensic logging).
123
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Intrusion Detection
• Some also can and should be implemented
by the OS
– A lot is done in Vista,
a high level of paranoia in fact… adopted here:
“tilt bits” (sth. abnormal is going on,
false alarms most of the time, but the diffusion
“prime content” will be prevented).
124
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Disturbing Questions
and Virusology
125
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Disturbing Questions:
The OS does have some “file locks”:
• It does not allow one to change system files and
things such as file meta-data easily.
• Can this be circumvented? Maybe.
Idea, through locking the volume(possible) and directly accessing the disk, and directly
communicating with the resources (for this one has to implement an impressive range of
things, it is like implementing the OS from the scratch, not impossible but costly…
Some software, such as real-time disk defrag or real-time partition tools do need to have
higher privileges than normal software.
126
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Disturbing Questions:
The anti-virus software works in the user space?
Not really (try to kill an anti_virus),
but even if it has Kernel-level drivers there is a
process to install it…
Q: What prevents a virus from installing in the same
way? With very high privileges the anti-virus needs
to function?
127
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Hacking Anti-virus Software
Could one install a slightly modified anti-virus
software?
Defences: The process is in fact pre-approved by
Microsoft, installation is usually allowed by
checking digital signatures of its key component = a
Kernel-level driver.
But could we modify the anti-virus code on the fly during this
installation process (during which some anti-virus code is
promoted to a very high privilege)? Maybe…
128
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Jailing Anti-virus Software
Could we put the anti-virus software in jail?
Or just alter its communications with the
central servers [updates, status/virus
reporting, redirection etc]
Maybe.
129
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Browser Design
130
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Big (Monolithic) Browsers
• Legacy de facto dominant situation,
– since NCSA Mosaic program [1993]
• Monolithic architecture:
– initially, the browser kernel and the rendering engine
were just single image (one exe file)
– later they became modular with dlls, plugins, JVM, etc.
– But from the point of view of the security nothing
changed: all code executed in one single protection
domain.
• Examples: IE7 under XP, Firefox 3, Safari 3.1.
131
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
One Single Domain
Everything is run in one single protection
domain at the user’s level of privilege, for
example as admin.
– A single crash crashes everything
– Code that comes from the web runs locally at
user’s level of privilege
• an un-patched vulnerability in the browser allows to
run any code on the host machine, with the
privilege level of the user.
132
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
One Single Domain – But Which?
This is very insecure if we run the browser as admin.
But what is we run it from a restricted account? Is it OK?
Example: Vista can run IE7 in a “protected mode” which
means it is run at a low-integrity level. It implements the
Biba’s principle of “no write-up”. Consequences:
• The browser is unable to alter the system.
• BUT it can read the user’s files (spyware).
Remember: Integrity and Confidentiality
are two totally independent dimensions.
133
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Sandboxing - Example
VMWare Browser Appliance:
A free Linux VM containing Firefox,
that runs with the VMWare player (also free).
After you use it to browse web, just delete it.
And start again…
How cool is that…
Big drawback:
complete isolation, the user is NOT able AT ALL to read any of his
own files (for example to publish his photos on the web)…
134
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
**IE8
Does the same as IE7, except that each tab
is run as a separate virtual machine.
Still no protection of user’s data.
135
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Google Chrome Architecture
Divides the browser application into two protection
domains:
• Browser kernel; runs with user’s privileges,
• Sandboxed and isolated multiple instances of the
rendering engine run at very low “web” privilege
level,
• Chrome is open source.
– And highly compatible with existing web sites, unlike
many other existing modular “highly secure” browsers
[DarpaBrowser, Tahoma].
136
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Chromium Browser Kernel
Browser kernel:
responsible for
– mediating file and
network access, like a
firewall
– displaying bitmaps
produced by rendering
engine[s] seen as black
boxes.
137
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Chromium Browser Kernel Privileges
• run at user’s privileges.
• run as a medium-integrity process
under Vista, several privileges
explicitly removed, starts with SID=0
– as a result, it can be installed without an
admin account (!).
Maybe because it is not as dangerous as most other browsers…
138
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
*****Problems
• Problems with Chrome:
– it installs patches silently… (very quick at updates, good point too)
– Java script cannot be disabled
– lack of many user and administrative controls… (like zones)
• poor defaults, e.g. for cookies…
– reveals all your passwords in seconds (nobody else allows that)
– embarrassments:
• many serious and simple exploits were found already,
– and patched...
139
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Rendering Engines
•
•
•
•
multiple instances
sandboxed and isolated
each running with DEP and ASLR
all run at very low “web” privilege level,
– at the lowest integrity level in Vista
• execute error and exploit-prone tasks of
– web parsing,
– Java script,
– etc.
140
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
How Does It Protect Our Files?
As with IE7/8 under Vista, the rendering
engines run as low integrity processes.
• So no write up is permitted.
• However Chrome also attempts to prevent
them from reading up. How?
141
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
How Does It Protect Our Files!
An engine, accessing URLs outside, is just
totally unable of accessing local files file:///
However, of course, one can open a local
web page.
• But only in another sandboxed and isolated rendering engine (!).
142
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
***Small Technicality
Memory isolation – OK.
But many file system isolation features will
be ineffective if the file system is FAT32,
not NTFS.
Not because Vista is compromised or not able to further ”police” the access (cf. reference
monitor, complete mediation), but simply because of lack of support/implementation.
143
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Hardware Attacks on PCs
144
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
High-Level Categories
• Stealing data (removing hard drive, memory chips).
– Now hard drives can be encrypted.
• Memory still isn’t.
• Hardware keyboard sniffers.
– Optical
– Acoustic / mechanical vibrations
– EM radiations. PS/2 vs. USB (two wires=).
• Intercepting screen output.
– There are TEMPEST machines.
• Side channel attacks focusing on crypto.
– Acoustic attack on AES; traditional DPA [oscilloscope].
– CPU cache attacks on crypto (AES)…
145
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Quiz
• Can in Windows/Linux a process run by an
administrator access the system/kernel memory?
• Explain what is virtual memory and paging?
• How one can make a dump of kernel memory?
• What is DEP? Which OS has it?
• Explain the protected/Kernel mode and user mode
for CPUs.
• How can the DEP and the protected/Kernel mode
be circumvented or attacked?
146
Nicolas T. Courtois, updated 2011
CompSec COMPGA01
Quiz (2)
• How can we at the BIOS level make it difficult to
modify the boot sector? (3 things).
• What is a monolithic kernel and why it is the least
secure design?
• What is the architecture of Google’s Chrome
regarding the privileges to read and write files,
access the network, and the screen?
147
Nicolas T. Courtois, updated 2011