-
Second Year ReviewWP4 overview
“Trust and Security Analysis”
Trento – October 17th, 2008
-
2
Objectives of WP4•To present “trust” and “security”
analysis of tamper resistance techniques introduced in WP2 and
WP3
•To provide feedback to the overall solution architecture given
in WP1
•To identify analysis tools to evaluate the results delivered
within the project
-
WP4 Tasks• Note that the specific solutions in WP2 and WP3
contain some analysis that will be
partially repeated in the following.
• T4.1: Trust and security analysis of the various SW-based
methods [SPIIRAS, POLITO] – M6 – 36
• T4.2: Trust analysis of combined HW/SW-based and HW-based
methods [POLITO, UNITN, GEM] – M12 – 36
• T4.3: Analysis of reverse engineering complexity [UNITN,
POLITO] – M0 – 36
• T4.4: Comparative analysis of TC from OS perspective [UNITN,
KUL] – M12 – 36
• T4.5: Remote entrusting and Internet secure protocols
[SPIIRAS, UNITN] – M6 – 30
-
4
WP4 TasksM1 M2 M3 M4 M5 M6 M7 M8 M9 M10 M11 M12 M13 M14 M15 M16
...
T4.1T4.1
T4.2T4.2
T4.3T4.3
T4.4T4.4
T4.5T4.5
-
5
WP4 TasksM17 M18 M19 M20 M21 M22 M23 M24 M25 M26 M27 M28 M29
M30 M31 M32 ...
T4.3T4.3
T4.2T4.2
T4.4T4.4
T4.5T4.5
T4.1T4.1
-
6
Trust Vs. Security• What is Trust?• “An evolving contextual and
composite belief that one
principal (trustor) will perform certain actions with certain
expected results with another principal (trustee)” [S. Presti, M.
Butler, M. Leuschel, and C. Booth, “A Trust Analysis Methodology
for Pervasive Computing Systems” in proceedings of Trusting Agents
for Trusting Electronic Societies, LNAI, 2005]
• The context could include: the legal system (the law, legal
entities, contractual agreements); the social environment
(non-legal entities, rules of communication and etiquette, culture,
norms, social expectations); the material environment
(technologies, costs, limitations).
• However, the RE-TRUST project focuses on machine-to-machine
trust - informally:“A software (code/protocol) is deemed
authentic/trusted “A software (code/protocol) is deemed
authentic/trusted if and if and only if its functionality has not
been altered/tampered by an only if its functionality has not been
altered/tampered by an untrusted/unauthorized
entityuntrusted/unauthorized entity prior to or during
execution”prior to or during execution”
• What is Security?• Security is the prevention of, or
protection against:
• Access to information by unauthorized recipients, and •
Intentional but unauthorized destruction or alteration of that
information
-
7
Task 4.1Trust Analysis SW-based
Method(Primarily done during the 1st year
see D4.1)•Goal:Trust and Security Analysis of the various
SW-based methods
•Deliverables: •D4.1 in M12 (POLITO, SPIIRAS, UNITN)•D4.2 in M24
(UNITN)
T4.1T4.1
-
8
Analyzed the following proposed solutions … (1st
year)•Checksum based techniques (POLITO) • Invariants monitoring
(POLITO, SPIIRAS)•Assertions based techniques (UNITN)•Barrier
slicing (UNITN, SPIIRAS)•Code obfuscation (KUL, GEM)•Dynamic
replacement (UNITN, POLITO,
SPIIRAS)•Obfuscated virtual machine (UNITN, KUL)
T4.1/D4.1T4.1/D4.1
-
9
… against the following possible attacks
•Reverse engineering and direct modification of the code of
program
•Modification of the execution environment (e.g., Emulators,
debuggers)
•Dynamic change of program’s state without modifying program
•Cloning•Intercept/modify network messages
T4.1/D4.1T4.1/D4.1
-
10
Trust analysis of SW-based methods (preliminary D4.2)•Trust as
we know is context-sensitive
belief which says that trusted and untrusted entities would
perform certain actions with certain expected results.
•Extended the existing remote trusting paradigm by incorporating
the concept of “interlocking”.
• Interlocking is an assumption that states that no client
application can be executed in isolation on the untrusted host.
T4.1/D4.2T4.1/D4.2
-
11
Trust analysis of SW-based methods (preliminary)•This
interlocking assumption makes some of the existing solutions, such
as
barrier slicing and orthogonal client replacement, more
resilient to certain dynamic analysis attacks.
•D4.2 argued, that in order to detect dynamic analysis attacks,
the (trusted) server has to be able to distinguish a correct
execution of the (untrusted) client from an incorrect one – by
analyzing the sequence of messages received from the client.
•Laid down a prospective attack model for evaluating the
strength of protected applications.
T4.1/D4.2T4.1/D4.2
-
12
Task 4.2 Trust Analysis HW/SW-based
Method•Goal:
Trust Analysis of existing HW/SW-based methods
•Responsible: UNITN and GEM•Deliverable: D3.2 – Annex 3
(UNITN)•Delivery Date: M24
T4.2T4.2
-
13
Distributed Trust Verification (D3.2 – Annex
3)• Barrier slicing – proposed as a software only solution.
Identifies the security sensitive parts of an application and
slices away the sensitive part to the server.
• However, barrier slicing is a performance intensive solution –
both in terms of memory usage and server load.
• Proposed improvement by incorporating smart cards in the
system that interact with the client as well as the server.
• Observed significant improvement in performance and security
and decrease in memory usage and server load.
T4.2/D3.2T4.2/D3.2
-
14
Empirical results
Memory
NetworkThreads
Original client
Barrier slice
858 120
14%
T4.2/D3.2T4.2/D3.2
-
15
Empirical results
• Barrier slicing is used to separate the security sensitive
part of the application• Both centralized and distributed
architectures are able to verify the client healthy execution• The
distributed architecture has better scalability
15% memory25% threads8% network
• The slice is small and can fit in a smart card (14% of the
application)
T4.2/D3.2T4.2/D3.2
-
16
Task 4.3Reverse Engineering
Complexity•Goal:To analyze the complexity (difficulty) of
reverse engineering programs after some obfuscating transformations
are applied to it
•Responsible: UNITN and POLITO•Deliverable:
D4.3-Preliminary•Delivery Date: M24
T4.3/D4.3T4.3/D4.3
-
17
Reverse Engineering•Objectives of reverse engineering:•Learning
the algorithm (intellectual
secret)•Extracting embedded
(cryptographic) key•Removing a watermark (license
check)•Discovering some property of the
code, e.g., “Is this code watermarked ?”
•The ultimate objective could be to tamper the code in a
meaningful way.
T4.3/D4.3T4.3/D4.3
-
18
Reverse Engineering(Analysis)• The basis is code comprehension.
Does obfuscation help?
• Conducted an human-factors experiment on a small pool of 8
graduate students well versed in Java.
• Results were analyzed with advanced statistical
derivations.
•Observed that even simple obfuscation techniques such as
identifier renaming can significantly deter code comprehension and
meaningful modification tasks.
• Currently working on expanding the pool of human candidates
and testing more obfuscation techniques (this will form the basis
for D4.3 Final)
T4.3/D4.3T4.3/D4.3
-
19
T4.3/D4.3T4.3/D4.3
1624812812Obfuscated2610153117Clear
CorrectWrongCorrectWrongCorrectWrongTreatmentOverallAttackComprehension
-
20
T4.4T4.4Task 4.4 Comparative Analysis with TC•Goal:
Comparative analysis of remote entrusting methods with TC, with
particular emphasis on the role of the OS (operating system).
•Responsible: KUL and UNITN•Deliverable: D3.2 – Annex 2 (KUL)
•Delivery Date: M24
-
21
T4.4/D3.2T4.4/D3.2 Remote Attestation on Legacy operating
systems
with TPM (D3.2 – Annex 3)• Attestations – proofs of trustworthy
execution that are
sent from the untrusted host to the trusted server. Typically,
these are signed in some way, to prove their authenticity. The
trusted server wishes to rely upon them to reach a verdict of
correct execution.
• Difficult to generate remote attestations since they are
computed on the compromised host.
• Both Trusted Computing and Software-only approaches have pros
and cons. These were identified.
• This approach proposes a mixed solution for availing the
advantages of both TC and SW approaches – uses minimal hardware
(trusted clock of TPM) and incurs no invasive modification of the
operating system.
-
22
Task 4.5 Remote entrusting and Internet secure
protocols •Goal:
Analysis of interaction of RE-TRUST solutions with security
protocols.
•Responsible: SPIIRAS and UNITN•Deliverable: D4.5 •Delivery
Date: M30
T4.5T4.5
-
23
Security Protocols• WP2 and WP3 provide the basic software and
hardware based solutions to the remote entrusting problem. But:• It
is insufficient to prove the security of
each of these individual solutions. • Communication protocol
analysis will be
required to investigate the security of the complete system.
• The remote entrusting solutions address man-in-the-end attacks
but not man-in-the-middle attacks.
• SPIIRAS investigating the following:• Conventional TCP and UDP
for theoretical
basis.• Two other secure protocols TLS and IPSec.
T4.5/D4.5T4.5/D4.5
