Transcript Document

Security in the industry
H/W & S/W
What is AMD’s
”enhanced virus protection”
all about?
What’s coming next?
Presented by: Micha Moffie
Outline
• Security Objectives
• Happening now…
 AMD Solution – ‘enhanced virus protection’
 WinXP support in SP2
• Coming soon …
 Intel LaGrande technology
 Windows Palladium/NGSCB
NUCAR
2
Security - Objectives
• Protect
 User Confidential Data
• From:
 Attacks on executing software
• Software vulnerabilities
 Attacks from malicious software
• Viruses/worms/Trojan horses
 Attacks on hardware
• Access to keyboard & mouse data / screen
output
NUCAR
3
AMD’s ‘Enhanced Virus
Protection’
• Hardware support against stack smashing
 Stack smashing attack - reminder
• Hardware implements
 NX bit - No eXecution on predefined pages.
 Each page in the translation pages has a new NX
bit, when the instruction TLB is loaded with a new
page, this bit is checked. if the bit is set (we are
trying to execute from a non executable page) we
will get a page fault exception.
 this applied to all privilege levels (from AMD
manual)
NUCAR
4
The OS role
• Window XP (Service Pack 2)
• Microsoft uses NX bit to: ”prevents the
execution of code in memory regions that are
marked as data storage”
 This will NOT prevent an attacker from
overrunning the data buffer, but will prevent him
from executing his attack (generate an exception)
• Some problems with legitimate code
 a ”Data Execution Prevention" error message – for
legitimate code
 Workaround - Microsoft allow exceptions, per
application. (I.e. turn DEP off for specific apps.)
NUCAR
5
Who else?
• Transmeta
 already supported
• Intel
 Itanium supports this bit
 Intel Pentium … in the near future
• Linux
 a patch to the Linux kernel exists that supports the
NX bit

http://www.uwsg.indiana.edu/hypermail/linux/kernel/0406.0/0497.html
NUCAR
6
Outline
• Security Objectives
• Happening now…
 AMD Solution – ‘enhanced virus protection’
 WinXP support in sp2
• Coming soon …
 Intel LaGrande technology
 Windows Palladium
NUCAR
7
Intel LaGrange Technology
(LT)
• New Hardware Components complemented
with New OS & New applications:
 protect data from software attacks
 protect data confidentiality & integrity
• Hardware Capabilities
 Isolated execution
• Protected memory pages
 Sealed storage (TPM)
 Protected I/O (keyboard/mouse/graphics)
 Attestation (Proof of current protected environment)
NUCAR
8
LT Hardware enhancements
NUCAR
9
LT Protection Model
• Standard partition
 execute:
• Protected partition
 execute
• legacy code,
• non secure portion of
new code
 provides
• new security modules
& services
 Provides
• regular IA32
semantics
•
•
•
•
NUCAR
execution isolation
sealed storage
Protected I/O
Attestation
10
LT Protection Model - Cont
NUCAR
11
Microsoft
Palladium  NGSCB
• Next Generation Secure Computing Base
• security technology for the Microsoft®
Windows® platform,
 will be included in “Longhorn”
• Includes a new operating system module:
“Nexus”
 enable secure interaction with applications,
peripheral hardware, memory and storage
NUCAR
12
Microsoft NGSCB
• Four key features:
 Strong process isolation
• even against attacks from
the kernel
 Sealed storage
• accessible only to program,
nexus & machine
 Secure path to/from user
 Attestation
NUCAR
13
The nexus
• Essentially the kernel of an isolated software
stack
• runs alongside the existing OS software stack.
 not underneath it
• Provides a limited set of APIs and services for
applications, including sealed storage and
attestation functions.
• Special processes that work with nexus are
called “Agents”
• Can run different nexuses on a machine
 But only one nexus at a time
NUCAR
14
NGSCB - run time
environment
NUCAR
15
References
• AMD64 Architecture Programmer's Manual Volume 2: System
Programming, 3.09 edition, Sep. 2003. Publication No. 24593.
• Microsoft Knowledge Base Articles 875352 & 875351
• Intel, LaGrande Technology Architectural Overview, 252491-001,
September 2003
• Microsoft The Next-Generation Secure Computing Base: Four
Key Features, June 2003
• Microsoft Next-Generation Secure Computing Base - Technical
FAQ, July 2003
• Microsoft "Palladium": A Business Overview, August 2002
• TPM Main Part 1 Design Principles, Specification Version 1.2
Revision 62 2 October 2003 Published
• ARM, A New Foundation for CPU Systems Security, Security
Extensions to the ARM Architecture, Richard York, May 2003
• A wooden fence in Kyoto, http://www.gastric.com /mari/54.htm
NUCAR
16
The End
• Thanks, 
• Questions ?
NUCAR
17
Backup & links
NUCAR
18
Stack Smashing Attack
Stack
main(int argc, char **argv)
{
…
foo(argv[1], 10);
…
}
void foo(int i, char *s) {
char b[16];
strcpy(b, s);
……
}
Stack grows
main( ) auto
variables
+12
+8
Frame ptr +4
0
10
ptr to input string
return addr of foo( )
frame ptr of foo( )
-4
-8
dddd
b[3]
cccc
b[2]
-12
bbbb
b[1]
-16
aaaa
b[0]
Stack ptr
Buffer grows
NUCAR
19
Stack Smashing Attack - II
Stack grows
Stack
attack code
attack code
attack code
+12
+8
+4
0
start of attack code
0x0012ff12
0x0012ff12
0x0012ff08
0x0012ff12
0x0012ff04
0x0012ff12
0x0012ff00
-4
-8
****
b[3]
****
b[2]
-12
****
b[1]
-16
****
b[0]
Buffer grows
NUCAR
Attacker code
executed in
Stack
Segment..
return addr of foo( )
Has changed!
it will return to
0x0012ff12, the
attacker code
20
TPM
• Trusted Platform Module
• also called SSC - Security Support Component
•
•
•
•
Stores hardware secret key
Base of trust
Cryptographic co-processor
more…
NUCAR
21
TPM architecture
NUCAR
22
Transitive Trust
NUCAR
23
ARM – TrustZone
• Extending the CPU to enable more security
• Main problem with current OS
 It is huge, millions of code lines - Complex
• difficult to establish a ‘trusted code base’
 A rich API - Open
• enables widespread access to OS from non-secure code
• Main idea:
 establishing a trusted code base
 using a hardware enforced security domain to
systemize the implementation of secure systems
NUCAR
24
ARM - cont
• Current typical security structure
NUCAR
25
ARM - Cont
• New security structure
NUCAR
26
ARM - Cont
• Introduce an NS-bit
 use this bit to identify secure data throughout
system
• cache
• pages
• Monitor
 manages the NS-bit
 manages transition in & out of security mode
 Small fixed API
NUCAR
27