Bryan Parno Jonathan McCune Adrian Perrig 1 Carnegie Mellon University 2 A Travel Story Trust is Critical 3 Will I regret having done this Bootstrapping Trust What F will this machine compute ID: 501682
Download Presentation The PPT/PDF document "Bootstrapping Trust in Commodity Compute..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Bootstrapping Trust in Commodity Computers
Bryan Parno, Jonathan McCune, Adrian Perrig
1
Carnegie Mellon UniversitySlide2
2
A Travel StorySlide3
Trust is Critical
3
Will I regret
having done this?Slide4
Bootstrapping Trust
What F will this machine compute?
4
F
X
Alice
Y
Alice
Y
Other
X
Other
Bootstrapping Trust
:
What F will this machine compute?
Software Engineering
&
Programming Languages
:
Is F what the programmer intended?
Does program P compute F?Slide5
H( )
^
H( )
Bootstrapping Trust is
Hard
!
5
OS
App
1
App
2
App
3
App
4
App
N
Module 1
Module 3
Module 2
Module 4
App
5
Challenges:
Hardware assurance
Ephemeral software
User Interaction
Safe?
Yes!
S
1
( )
S
2
( )
S
3
( )
S
4
( )
S
5
( )
S
6
( )
S
7
( )
S
8
( )
S
9
( )
S
10
( )
S
11
( )
S
12
( )
S
13
( )
S
14
( )
S
15
( )Slide6
Evil
App
Evil
OS
Bootstrapping Trust is
Hard
!
6
Challenges:
Hardware assurance
Ephemeral software
User Interaction
Safe?
Yes!Slide7
In the paper…7
Bootstrapping foundations
Transmitting bootstrap data
Interpretation
Validation
Applications
Human factors
Limitations
Future directions
… and much more!
What do we need to know?
How can we use it locally?
How can we use it remotely?
How do we interpret it?
What serves as a foundation of trust?
How can we validate the bootstrapping?
Applications
Human factors
Limitations
Future directionsSlide8
1) Establish Trust in HardwareHardware is
durableEstablish trust via:Trust in the manufacturerPhysical security
8
Open Question
:
Can we do better?Slide9
2) Establish Trust in Software9
OS
App
1
App
N
…
Software is
ephemeral
We care about the software
currently
in control
Many properties matter:
Proper control flow
Type safety
Correct information flow
…
Which property matters most?Slide10
A Simple Thought ExperimentImagine a perfect algorithm for analyzing control flow
Guarantees a program always follows intended control flowDoes this suffice to bootstrap trust?
10
No!
P
Respects control flow
Type Safe
We want code
identitySlide11
What is Code Identity?An attempt to capture the behavior of a program
Current state of the art is the collection of:Program binaryProgram librariesProgram configuration filesInitial inputs
Often condensed into a hash of the above
11
Function
f
Inputs to
f
Attempt to capture the
f
computed by a program
Current state of the art is the collection of:
Program binary
Program libraries
Program configuration files
Program inputs
Often condensed into a hash of the aboveSlide12
Code Identity as Trust FoundationFrom code identity, you may be able to infer:
Proper control flowType safetyCorrect information flow…Reverse is not true!
12Slide13
What Can Code Identity Do For You?13
Research applicationsCommercial applications
Thwart insider attacks
Protect passwords
Create a Trusted Third Party
Secure the boot process
Count-limit objects
Improve security of network protocols
Secure disk encryption (e.g.,
Bitlocker
)
Improve network access control
Secure boot on mobile phones
Validate cloud computing platformsSlide14
14Establishing Code Identity
[Gasser et al. ‘89], [
Arbaugh et al. ‘97], [
Sailer
et al. ‘04], [
Marchesini
et al. ‘04],…
F
X
Alice
X
Other
Y
Alice
Y
OtherSlide15
15Establishing Code Identity
[Gasser et al. ‘89], [
Arbaugh et al. ‘97], [
Sailer
et al. ‘04], [
Marchesini
et al. ‘04],…
X
Alice
X
Other
f
1
f
2
f
N
Y
Alice
Y
Other
…Slide16
Software
N
SoftwareN-1
Software
1
Establishing Code Identity
16
. . .
?
Root of
Trust
Chain of Trust
[Gasser et al. ‘89], [
Arbaugh
et al. ‘97], [
Sailer
et al. ‘04], [
Marchesini
et al. ‘04],…Slide17
Software
N
SoftwareN-1
Software
1
Trusted Boot: Recording Code Identity
17
. . .
Root of
Trust
SW
1
SW
N
SW
N-1
SW
2
[Gasser et al. ’89], [England et al. ‘03], [
Sailer
et al. ‘04],…Slide18
Attestation: Conveying Records to an External Entity
18
Software
N
Software
N-1
Software
1
. . .
SW
1
SW
N
SW
N-1
SW
2
[Gasser et al. ‘89], [
Arbaugh
et al. ‘97], [England et al. ‘03], [
Sailer
et al. ’04]…
random #
Sign
(
)
K
priv
random #
SW
1
SW
2
SW
N-1
SW
N
Controls
K
privSlide19
Interpreting Code Identity19
BIOS
Bootloader
Drivers 1…N
App 1…N
OS
Option ROMs
[Gasser et al. ‘89], [
Sailer
et al. ‘04]
Traditional
[
Marchesini
et al. ‘04], [Jaeger et al. ’06]
Policy EnforcementSlide20
Interpreting Code Identity20
BIOS
Bootloader
Virtual Machine Monitor
Option ROMs
Virtual
Machine
Traditional
[
Marchesini
et al. ‘04], [Jaeger et al. ’06]
Policy Enforcement
[England et al. ‘03], [
Garfinkel
et al. ‘03]
Virtualization
[Gasser et al. ‘89], [
Sailer
et al. ‘04]Slide21
Interpreting Code Identity21
BIOS
Bootloader
Virtual Machine Monitor
Option ROMs
OS
Late
Launch
VMM
Virtual
Machine
Traditional
[
Marchesini
et al. ‘04], [Jaeger et al. ’06]
Policy Enforcement
[England et al. ‘03], [
Garfinkel
et al. ‘03]
Virtualization
Late Launch
[
Kauer
et al. ‘07], [
Grawrock
‘08]
[Gasser et al. ‘89], [
Sailer
et al. ‘04]Slide22
Interpreting Code Identity22
Traditional
[
Marchesini
et al. ‘04], [Jaeger et al. ’06]
Policy Enforcement
[England et al. ‘03], [
Garfinkel
et al. ‘03]
Virtualization
Late Launch
[
Kauer
et al. ‘07], [
Grawrock
‘08]
Targeted Late Launch
[McCune et al. ‘07]
OS
Late
Launch
Flicker
Flicker
S
Attested
[Gasser et al. ‘89], [
Sailer
et al. ‘04]Slide23
Interpreting Code Identity23
BIOS
Bootloader
Drivers 1…N
App 1…N
OS
Option ROMs
Flicker
SSlide24
Load-Time vs. Run-Time PropertiesCode identity provides load-time guaranteesWhat about run time?
Approach #1: Static transformation24
Code
Compiler
Run-Time Policy
Code’
Attested
[
Erlingsson
et al. ‘06]Slide25
Load-Time vs Run-Time PropertiesCode identity provides load-time guarantees
What about run time?Approach #1: Static transformationApproach #2: Run-Time Enforcement layer
25
Code
Enforcer
Attested
Run Time
Load Time
[
Erlingsson
et al. ‘06]
[
Haldar
et al. ‘04], [
Kil
et al. ‘09]
Open Question
:
How can we get complete run-time properties?Slide26
Roots of Trust
26
0
0
4
2
General purpose
Tamper responding
General purpose
No physical defenses
Special
purpose
Timing-based
attestation
Require detailed
HW knowledge
[Chun et al. ‘07]
[Levin et al. ‘09]
[
Spinellis
et al. ‘00]
[Seshadri et al. ‘05]
…
[ARM
TrustZone
‘04]
[TCG ‘04]
[
Zhuang
et al. ‘04]
…
[
Weingart
‘87]
[White et al. ‘91]
[Yee ‘94]
[Smith et al. ‘99]
…
Cheaper
Open Question
:
What functionality do we need in hardware?Slide27
Human Factors27
SW
1
SW
2
SW
N-1
SW
N
Open Questions
:
How should be communicated to Alice?
What does Alice do with a failed attestation?
How can Alice trust her device?
SW
1
SW
2
SW
N-1
SW
N
Open Question
:
What does Alice do with a failed attestation?
Open Question
:
How can Alice trust her device?Slide28
Conclusions
Code identity is critical to bootstrapping trust Assorted hardware roots of trust available
Many open questions remain!
28
Thank you!
parno@cmu.edu