Transcript Document
Security in the industry
H/W & S/W
What is AMD’s
”enhanced virus protection”
all about?
What’s coming next?
Presented by: Micha Moffie
Outline
• Security Objectives
• Happening now…
AMD Solution – ‘enhanced virus protection’
WinXP support in SP2
• Coming soon …
Intel LaGrande technology
Windows Palladium/NGSCB
NUCAR
2
Security - Objectives
• Protect
User Confidential Data
• From:
Attacks on executing software
• Software vulnerabilities
Attacks from malicious software
• Viruses/worms/Trojan horses
Attacks on hardware
• Access to keyboard & mouse data / screen
output
NUCAR
3
AMD’s ‘Enhanced Virus
Protection’
• Hardware support against stack smashing
Stack smashing attack - reminder
• Hardware implements
NX bit - No eXecution on predefined pages.
Each page in the translation pages has a new NX
bit, when the instruction TLB is loaded with a new
page, this bit is checked. if the bit is set (we are
trying to execute from a non executable page) we
will get a page fault exception.
this applied to all privilege levels (from AMD
manual)
NUCAR
4
The OS role
• Window XP (Service Pack 2)
• Microsoft uses NX bit to: ”prevents the
execution of code in memory regions that are
marked as data storage”
This will NOT prevent an attacker from
overrunning the data buffer, but will prevent him
from executing his attack (generate an exception)
• Some problems with legitimate code
a ”Data Execution Prevention" error message – for
legitimate code
Workaround - Microsoft allow exceptions, per
application. (I.e. turn DEP off for specific apps.)
NUCAR
5
Who else?
• Transmeta
already supported
• Intel
Itanium supports this bit
Intel Pentium … in the near future
• Linux
a patch to the Linux kernel exists that supports the
NX bit
http://www.uwsg.indiana.edu/hypermail/linux/kernel/0406.0/0497.html
NUCAR
6
Outline
• Security Objectives
• Happening now…
AMD Solution – ‘enhanced virus protection’
WinXP support in sp2
• Coming soon …
Intel LaGrande technology
Windows Palladium
NUCAR
7
Intel LaGrange Technology
(LT)
• New Hardware Components complemented
with New OS & New applications:
protect data from software attacks
protect data confidentiality & integrity
• Hardware Capabilities
Isolated execution
• Protected memory pages
Sealed storage (TPM)
Protected I/O (keyboard/mouse/graphics)
Attestation (Proof of current protected environment)
NUCAR
8
LT Hardware enhancements
NUCAR
9
LT Protection Model
• Standard partition
execute:
• Protected partition
execute
• legacy code,
• non secure portion of
new code
provides
• new security modules
& services
Provides
• regular IA32
semantics
•
•
•
•
NUCAR
execution isolation
sealed storage
Protected I/O
Attestation
10
LT Protection Model - Cont
NUCAR
11
Microsoft
Palladium NGSCB
• Next Generation Secure Computing Base
• security technology for the Microsoft®
Windows® platform,
will be included in “Longhorn”
• Includes a new operating system module:
“Nexus”
enable secure interaction with applications,
peripheral hardware, memory and storage
NUCAR
12
Microsoft NGSCB
• Four key features:
Strong process isolation
• even against attacks from
the kernel
Sealed storage
• accessible only to program,
nexus & machine
Secure path to/from user
Attestation
NUCAR
13
The nexus
• Essentially the kernel of an isolated software
stack
• runs alongside the existing OS software stack.
not underneath it
• Provides a limited set of APIs and services for
applications, including sealed storage and
attestation functions.
• Special processes that work with nexus are
called “Agents”
• Can run different nexuses on a machine
But only one nexus at a time
NUCAR
14
NGSCB - run time
environment
NUCAR
15
References
• AMD64 Architecture Programmer's Manual Volume 2: System
Programming, 3.09 edition, Sep. 2003. Publication No. 24593.
• Microsoft Knowledge Base Articles 875352 & 875351
• Intel, LaGrande Technology Architectural Overview, 252491-001,
September 2003
• Microsoft The Next-Generation Secure Computing Base: Four
Key Features, June 2003
• Microsoft Next-Generation Secure Computing Base - Technical
FAQ, July 2003
• Microsoft "Palladium": A Business Overview, August 2002
• TPM Main Part 1 Design Principles, Specification Version 1.2
Revision 62 2 October 2003 Published
• ARM, A New Foundation for CPU Systems Security, Security
Extensions to the ARM Architecture, Richard York, May 2003
• A wooden fence in Kyoto, http://www.gastric.com /mari/54.htm
NUCAR
16
The End
• Thanks,
• Questions ?
NUCAR
17
Backup & links
NUCAR
18
Stack Smashing Attack
Stack
main(int argc, char **argv)
{
…
foo(argv[1], 10);
…
}
void foo(int i, char *s) {
char b[16];
strcpy(b, s);
……
}
Stack grows
main( ) auto
variables
+12
+8
Frame ptr +4
0
10
ptr to input string
return addr of foo( )
frame ptr of foo( )
-4
-8
dddd
b[3]
cccc
b[2]
-12
bbbb
b[1]
-16
aaaa
b[0]
Stack ptr
Buffer grows
NUCAR
19
Stack Smashing Attack - II
Stack grows
Stack
attack code
attack code
attack code
+12
+8
+4
0
start of attack code
0x0012ff12
0x0012ff12
0x0012ff08
0x0012ff12
0x0012ff04
0x0012ff12
0x0012ff00
-4
-8
****
b[3]
****
b[2]
-12
****
b[1]
-16
****
b[0]
Buffer grows
NUCAR
Attacker code
executed in
Stack
Segment..
return addr of foo( )
Has changed!
it will return to
0x0012ff12, the
attacker code
20
TPM
• Trusted Platform Module
• also called SSC - Security Support Component
•
•
•
•
Stores hardware secret key
Base of trust
Cryptographic co-processor
more…
NUCAR
21
TPM architecture
NUCAR
22
Transitive Trust
NUCAR
23
ARM – TrustZone
• Extending the CPU to enable more security
• Main problem with current OS
It is huge, millions of code lines - Complex
• difficult to establish a ‘trusted code base’
A rich API - Open
• enables widespread access to OS from non-secure code
• Main idea:
establishing a trusted code base
using a hardware enforced security domain to
systemize the implementation of secure systems
NUCAR
24
ARM - cont
• Current typical security structure
NUCAR
25
ARM - Cont
• New security structure
NUCAR
26
ARM - Cont
• Introduce an NS-bit
use this bit to identify secure data throughout
system
• cache
• pages
• Monitor
manages the NS-bit
manages transition in & out of security mode
Small fixed API
NUCAR
27