Embed Size (px)
Citation preview
Hardware-Assisted Isolated Computing Environments
Instructor: Kun Sun, Ph.D.
Introduction Related Work Our Work on Hardware-assisted ICE
x86 platform SecureSwitch: OS level isolation [NDSS12]
ARM platform TrustICE: Flexible ICE [under submission]
Summary
Outline
2
Bring your own device (BYOD) Risk of data breaches Require an ICE to separate
sensitive code and data Suspicious code or data
Trojan, e.g., BitCoinMiner, Keylogger
Run the code in an ICE to protect the host environment
Malware analysis Rootkits compromises OS Protect the analysis tools in an
ICE
Why Isolated Computing Environment?
3
http://www.technologyreview.com/sites/default/files/legacy/belt_b_x220.jpg
http://b.vimeocdn.com/ts/419/611/419611391_640.jpg
Lampson Red/Green System Model
4
Red/Green system: Policy + Isolation + Accountability +Freedom* Butler Lampson, Accountability and Freedom Slides, Microsoft, Sept.,2005
Introduction Related Work Our Work on Hardware-assisted ICE
x86 platform SecureSwitch: OS level isolation [NDSS12]
ARM platform TrustICE: Flexible ICE [under submission]
Summary
Outline
5
Software-based ICE Solutions
6
VMM-based OS-based Browser-based
Isolation Level
OS level User/Process level Applet level
Example Xen, VMware, QEMU, UML
FreeBSD Jail, Linux OpenVZ, Solaris Container
Adobe Flash, Java applets, Silverlight
Security concerns
VMM vulnerabilities*,Covert Channel
VMM vulnerabilities,OS vulnerabilities
VMM vulnerabilities,OS vulnerabilities,Browser vulnerabilities
* From 1999 to 2009, 373 vulnerabilities affecting virtualization solutions. --- “IBM X-Force 2010 Mid-year trend and risk report”
Multiple Computers
Multi-boot VT-x / SVM(DRTM)
SMM
Isolation Level
Whole physical computer
OS level; Instruction level;
Instruction level;
Examples Bootloader:LILO, Grub
Flicker [2],TrustVisor [3]
SICE [5],HyperCheck [6]
Problems Cost, inflexible
Long switching time
Software compatibility
Software compatibility
Hardware-based ICE Solutions
7
Introduction Related Work Our Work on Hardware-assisted ICE
x86 platform SecureSwitch: OS level isolation [NDSS12]
ARM platform TrustICE: Flexible ICE [under submission]
Summary
Outline
8
BIOS-assistant OS Level Isolation
no data leakage between two OS environments
without using any mutable software layer (e.g., hypervisor)
no changes of the OS source code
fast switching time, around 6 seconds
SecureSwitch Architecture
9
App3App2App3App2
Trusted OS
BIOS CPU, VGA, NIC, I/O
App1
Untrusted OS
App1
Trusted Computing Base (TCB) only contains the BIOS.
Basic Input/Output System (BIOS) Initializing hardware components. Stored in non-volatile ROM chips.
Unified Extensible Firmware Interface (UEFI) A new software interface between OS and
firmware. Partially open source
Coreboot (formerly as LinuxBIOS) Similar functionality as UEFI Open source
BIOS, UEFI, and Coreboot
10
Advanced Configuration and Power Interface (ACPI) OS-directed configuration; Power/thermal management
Global System States G0 --- Working (System Operational) G1---Sleeping (CPU stopped) G2 ---Soft Off G3 ---Mechanical off (Physical off switch)
Sleeping States in G1: S0 – S5 S3: also called Standby, Suspend to RAM
DRAM still maintained S4: also called Hibernation or Suspend to Disk
DRAM not maintained Device Power States: D0 – D3
D0 - Fully-On D3 -- Power off to device
ACPI Sleeping States
Assumption BIOS and option ROM on devices can be trusted. No physical access to the protected machine
Attacks from the untrusted OS Spoofing Trusted OS attacks: faking trusted OS Data exfiltration attacks: stealing sensitive data Cache-based side channel attacks: extracting sensitive
data
Out of the scope Denial of Service attacks Network attacks on trusted OS
Attack Model
12
Secure Switching State Machine
13
Protect against Spoofing trusted OS attacks by assuring users that they are working with the OS they intend to use.
1. Protecting system variables OS_Flag: records which OS should be woken next Where to save it?
2. Untrusted OS should be truly suspended. hardware controlled power LED lights up when
system is powered on, and blinks in the sleep mode.
3. BIOS should be entered. Press the power button.
Trusted Path
OS_Flag: physical jumper, e.g., Parallel port connector
Secure Switching Process
15
Untrusted OS(running)
Trusted OS(ACPI S3 sleep)
(1) Suspend
Trusted OS(ACPI S3 sleep)
Untrusted OS(ACPI S3 sleep)
Power Button
(2) press button
(4) hardware configuration
CPU, RAM, Hard Disk
(5) wake up trusted OS
Trusted OS(running)
Untrusted OS(ACPI S3 sleep)
(6) wake up
BIOS
OS_FLAG
(3) read OS_FLAG
CPU Isolation: two OSes never run concurrently. Memory Isolation: physical-level isolation Hard disk isolation: encrypted hard disk, RAM disk Other I/O isolation: clean the buffers/states in
devices.
System Isolation
16
CPU Memory Hard Disk VGA NIC
ACPI S3
BIOS
A motherboard may have more than one dual in-line memory module (DIMM) slot.
DIMM Mask and DQS Setting BIOS uses “DIMM_MASK”variable to
control which DIMMs to be enabled. BIOS sets “data strobes”(DQS)
parameters to enable DDR RAM memory access.
Memory Isolation
Physical-level memory isolation ensured by BIOS Two OS environments run in separate DIMMS.
BIOS only enables one DIMM for each OS. Two DQS settings for two OSes “DIMM_MASK” controlled by the physical jumper.
System software, except the BIOS, cannot initialize or enable DIMMs after the system boots up Transient state of DQS setting If “DIMM_MASK”has conflicts with DQS setting,
system crashes
Memory Isolation
18
Hard disk encryption Two hard disks, one for each OS Disk lock in ATA specification Need TPM to save the encryption key
RAM disk For browser-based application, save a small
amount of temporary data in the RAM
Hard Drive Isolation
19
> Hardware> Motherboard: ASUS M2V-MX_SE> CPU: AMD Sempron 64 LE-1300> DDR2: Kingston HyperX 1GB> HDD: Seagate 500GB
> Software> BIOS: Coreboot + SeaBIOS> Trusted OS: Linux (Centos 5.5)> Untrusted OS: Windows XP
Prototype
20
Performance Analysis
21
Linux Suspend Time Breakdown
22
User Space : 1517.33 ms Kernel Space: 1590.14 ms
Linux Wakeup Time Breakdown
23
User Space: 621.04 ms Kernel Space: 1537.22 ms
Introduction Related Work Our Work on Hardware-assisted ICE
x86 platform SecureSwitch: OS level isolation [NDSS12]
ARM platform TrustICE: Flexible ICE [under submission]
Summary
Outline
24
Two isolated domains Secure/un-secure CPU States Virtual MMU/Secure Memory TrustZone-Aware interrupt
controller Traditional solutions
Rich OS and un-secure apps in normal domain
Secure OS and secure apps in secure domain
Limitations Trusted Computing Base (TCB) is
large No flexible
No isolation between secure Apps.
No protection on non-secure Apps.
ARM TrustZone
25
Traditional Solutions
Basic Idea: Create ICEs in normal domain, instead of secure domain
A Trusted Domain Controller (TDC) enforces the isolation and secures the switching
Benefits: Small TCB: TDC + Secure boot Multiple ICEs
Self-contained code Microkenel with necessary modules full-featured OS
Flexible Easy to deploy third-party software Vendor Apps still in secure domain
TrustICE: Flexible ICEs
26
Introduction Related Work Our Work on Hardware-assisted ICE
x86 platform SecureSwitch: OS level isolation [NDSS12]
ARM platform TrustICE: Flexible ICE [under submission]
Summary
Outline
27
Our Work on Hardware-assisted ICE SecureSwitch: BIOS-based ICE on x86
platform OS level isolation with small TCB Small switching time
TrustICE: TrustZone-based ICE on arm platform
Flexible multiple ICEs Small TCB
Summary
28
1. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In SOSP ’03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 164–177, New York, NY, USA, 2003. ACM Press.
2. J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pages 315–328. ACM, 2008.
3. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the IEEE Symposium on Security and Privacy, 2010.
4. Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, Adrian Perrig. Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms. TRUST 2012.
5. Ahmed Azab, Peng Ning, Xiaolan Zhang, SICE: A Hardware-Level Strongly Isolated Computing Environment for x86 Multi-core Platforms, in Proceedings of 18th ACM Conference on Computer and Communications Security (CCS11), October 2011.
6. Fengwei Zhang, Jiang Wang, Kun Sun, Angelos Stavrou, "HyperCheck: A Hardware-Assisted Integrity Monitor," IEEE Transactions on Dependable and Secure Computing, 17 Dec. 2013. IEEE computer Society Digital Library.
7. Kun Sun, Jiang Wang, Fengwei Zhang, and Angelos Stavrou, SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes. In the Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS), San Diego, California, 5-8 February 2012.
8. Y. Fu and Z. Lin. Space Traveling across VM: Automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, 2012.
9. X. Jiang, X. Wang, and D. Xu. Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction. In Proceedings of the 14th ACM conference on CCS, 2007.
10. T. Leek, M. Zhivich, J. Gin, and W. Lee. Virtuoso: Narrowing the semantic gap in virtual machine introspection. In Proceedings of the 32nd IEEE Symposium on Security and Privacy, 2011.
References
29
