Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Second Year ReviewWP4 overview
“Trust and Security Analysis”
Trento – October 17th, 2008
2
Objectives of WP4•To present “trust” and “security”
analysis of tamper resistance techniques introduced in WP2 and WP3
•To provide feedback to the overall solution architecture given in WP1
•To identify analysis tools to evaluate the results delivered within the project
WP4 Tasks• Note that the specific solutions in WP2 and WP3 contain some analysis that will be
partially repeated in the following.
• T4.1: Trust and security analysis of the various SW-based methods [SPIIRAS, POLITO] – M6 – 36
• T4.2: Trust analysis of combined HW/SW-based and HW-based methods [POLITO, UNITN, GEM] – M12 – 36
• T4.3: Analysis of reverse engineering complexity [UNITN, POLITO] – M0 – 36
• T4.4: Comparative analysis of TC from OS perspective [UNITN, KUL] – M12 – 36
• T4.5: Remote entrusting and Internet secure protocols [SPIIRAS, UNITN] – M6 – 30
4
WP4 TasksM1 M2 M3 M4 M5 M6 M7 M8 M9 M10 M11 M12 M13 M14 M15 M16 ...
T4.1T4.1
T4.2T4.2
T4.3T4.3
T4.4T4.4
T4.5T4.5
5
WP4 TasksM17 M18 M19 M20 M21 M22 M23 M24 M25 M26 M27 M28 M29
M30 M31 M32 ...
T4.3T4.3
T4.2T4.2
T4.4T4.4
T4.5T4.5
T4.1T4.1
6
Trust Vs. Security• What is Trust?• “An evolving contextual and composite belief that one
principal (trustor) will perform certain actions with certain expected results with another principal (trustee)” [S. Presti, M. Butler, M. Leuschel, and C. Booth, “A Trust Analysis Methodology for Pervasive Computing Systems” in proceedings of Trusting Agents for Trusting Electronic Societies, LNAI, 2005]
• The context could include: the legal system (the law, legal entities, contractual agreements); the social environment (non-legal entities, rules of communication and etiquette, culture, norms, social expectations); the material environment (technologies, costs, limitations).
• However, the RE-TRUST project focuses on machine-to-machine trust - informally:“A software (code/protocol) is deemed authentic/trusted “A software (code/protocol) is deemed authentic/trusted if and if and only if its functionality has not been altered/tampered by an only if its functionality has not been altered/tampered by an untrusted/unauthorized entityuntrusted/unauthorized entity prior to or during execution”prior to or during execution”
• What is Security?• Security is the prevention of, or protection against:
• Access to information by unauthorized recipients, and • Intentional but unauthorized destruction or alteration of that
information
7
Task 4.1Trust Analysis SW-based
Method(Primarily done during the 1st year
see D4.1)•Goal:Trust and Security Analysis of the various SW-based methods
•Deliverables: •D4.1 in M12 (POLITO, SPIIRAS, UNITN)•D4.2 in M24 (UNITN)
T4.1T4.1
8
Analyzed the following proposed solutions … (1st
year)•Checksum based techniques (POLITO) • Invariants monitoring (POLITO, SPIIRAS)•Assertions based techniques (UNITN)•Barrier slicing (UNITN, SPIIRAS)•Code obfuscation (KUL, GEM)•Dynamic replacement (UNITN, POLITO,
SPIIRAS)•Obfuscated virtual machine (UNITN, KUL)
T4.1/D4.1T4.1/D4.1
9
… against the following possible attacks
•Reverse engineering and direct modification of the code of program
•Modification of the execution environment (e.g., Emulators, debuggers)
•Dynamic change of program’s state without modifying program
•Cloning•Intercept/modify network messages
T4.1/D4.1T4.1/D4.1
10
Trust analysis of SW-based methods (preliminary D4.2)•Trust as we know is context-sensitive
belief which says that trusted and untrusted entities would perform certain actions with certain expected results.
•Extended the existing remote trusting paradigm by incorporating the concept of “interlocking”.
• Interlocking is an assumption that states that no client application can be executed in isolation on the untrusted host.
T4.1/D4.2T4.1/D4.2
11
Trust analysis of SW-based methods (preliminary)•This interlocking assumption makes some of the existing solutions, such as
barrier slicing and orthogonal client replacement, more resilient to certain dynamic analysis attacks.
•D4.2 argued, that in order to detect dynamic analysis attacks, the (trusted) server has to be able to distinguish a correct execution of the (untrusted) client from an incorrect one – by analyzing the sequence of messages received from the client.
•Laid down a prospective attack model for evaluating the strength of protected applications.
T4.1/D4.2T4.1/D4.2
12
Task 4.2 Trust Analysis HW/SW-based
Method•Goal:
Trust Analysis of existing HW/SW-based methods
•Responsible: UNITN and GEM•Deliverable: D3.2 – Annex 3 (UNITN)•Delivery Date: M24
T4.2T4.2
13
Distributed Trust Verification (D3.2 – Annex
3)• Barrier slicing – proposed as a software only solution. Identifies the security sensitive parts of an application and slices away the sensitive part to the server.
• However, barrier slicing is a performance intensive solution – both in terms of memory usage and server load.
• Proposed improvement by incorporating smart cards in the system that interact with the client as well as the server.
• Observed significant improvement in performance and security and decrease in memory usage and server load.
T4.2/D3.2T4.2/D3.2
14
Empirical results
Memory
NetworkThreads
Original client
Barrier slice
858 120
14%
T4.2/D3.2T4.2/D3.2
15
Empirical results
• Barrier slicing is used to separate the security sensitive part of the application• Both centralized and distributed architectures are able to verify the client healthy execution• The distributed architecture has better scalability
15% memory25% threads8% network
• The slice is small and can fit in a smart card (14% of the application)
T4.2/D3.2T4.2/D3.2
16
Task 4.3Reverse Engineering
Complexity•Goal:To analyze the complexity (difficulty) of reverse engineering programs after some obfuscating transformations are applied to it
•Responsible: UNITN and POLITO•Deliverable: D4.3-Preliminary•Delivery Date: M24
T4.3/D4.3T4.3/D4.3
17
Reverse Engineering•Objectives of reverse engineering:•Learning the algorithm (intellectual
secret)•Extracting embedded
(cryptographic) key•Removing a watermark (license
check)•Discovering some property of the
code, e.g., “Is this code watermarked ?”
•The ultimate objective could be to tamper the code in a meaningful way.
T4.3/D4.3T4.3/D4.3
18
Reverse Engineering(Analysis)• The basis is code comprehension. Does obfuscation help?
• Conducted an human-factors experiment on a small pool of 8 graduate students well versed in Java.
• Results were analyzed with advanced statistical derivations.
•Observed that even simple obfuscation techniques such as identifier renaming can significantly deter code comprehension and meaningful modification tasks.
• Currently working on expanding the pool of human candidates and testing more obfuscation techniques (this will form the basis for D4.3 Final)
T4.3/D4.3T4.3/D4.3
19
T4.3/D4.3T4.3/D4.3
1624812812Obfuscated2610153117Clear
CorrectWrongCorrectWrongCorrectWrongTreatmentOverallAttackComprehension
20
T4.4T4.4Task 4.4 Comparative Analysis with TC•Goal:
Comparative analysis of remote entrusting methods with TC, with particular emphasis on the role of the OS (operating system).
•Responsible: KUL and UNITN•Deliverable: D3.2 – Annex 2 (KUL) •Delivery Date: M24
21
T4.4/D3.2T4.4/D3.2 Remote Attestation on Legacy operating systems
with TPM (D3.2 – Annex 3)• Attestations – proofs of trustworthy execution that are
sent from the untrusted host to the trusted server. Typically, these are signed in some way, to prove their authenticity. The trusted server wishes to rely upon them to reach a verdict of correct execution.
• Difficult to generate remote attestations since they are computed on the compromised host.
• Both Trusted Computing and Software-only approaches have pros and cons. These were identified.
• This approach proposes a mixed solution for availing the advantages of both TC and SW approaches – uses minimal hardware (trusted clock of TPM) and incurs no invasive modification of the operating system.
22
Task 4.5 Remote entrusting and Internet secure
protocols •Goal:
Analysis of interaction of RE-TRUST solutions with security protocols.
•Responsible: SPIIRAS and UNITN•Deliverable: D4.5 •Delivery Date: M30
T4.5T4.5
23
Security Protocols• WP2 and WP3 provide the basic software and hardware based solutions to the remote entrusting problem. But:• It is insufficient to prove the security of
each of these individual solutions. • Communication protocol analysis will be
required to investigate the security of the complete system.
• The remote entrusting solutions address man-in-the-end attacks but not man-in-the-middle attacks.
• SPIIRAS investigating the following:• Conventional TCP and UDP for theoretical
basis.• Two other secure protocols TLS and IPSec.
T4.5/D4.5T4.5/D4.5