Upload
corey-mathews
View
214
Download
1
Tags:
Embed Size (px)
Citation preview
Security in the industry H/W & S/W
What is AMD’s
”enhanced virus protection”
all about?
What’s coming next?
Presented by: Micha Moffie
NUCAR 2
Outline
• Security Objectives
• Happening now… AMD Solution – ‘enhanced virus protection’ WinXP support in SP2
• Coming soon … Intel LaGrande technology Windows Palladium/NGSCB
NUCAR 3
Security - Objectives
• Protect User Confidential Data
• From: Attacks on executing software
• Software vulnerabilities Attacks from malicious software
• Viruses/worms/Trojan horses Attacks on hardware
• Access to keyboard & mouse data / screen output
NUCAR 4
AMD’s ‘Enhanced Virus Protection’
• Hardware support against stack smashing Stack smashing attack - reminder
• Hardware implements NX bit - No eXecution on predefined pages. Each page in the translation pages has a new NX bit,
when the instruction TLB is loaded with a new page, this bit is checked. if the bit is set (we are trying to execute from a non executable page) we will get a page fault exception.
this applied to all privilege levels (from AMD manual)
NUCAR 5
The OS role
• Window XP (Service Pack 2)• Microsoft uses NX bit to: ”prevents the
execution of code in memory regions that are marked as data storage” This will NOT prevent an attacker from overrunning
the data buffer, but will prevent him from executing his attack (generate an exception)
• Some problems with legitimate code a ”Data Execution Prevention" error message – for
legitimate code Workaround - Microsoft allow exceptions, per
application. (I.e. turn DEP off for specific apps.)
NUCAR 6
Who else?
• Transmeta already supported
• Intel Itanium supports this bit Intel Pentium … in the near future
• Linux a patch to the Linux kernel exists that supports the
NX bit http://www.uwsg.indiana.edu/hypermail/linux/kernel/0406.0/0497.html
NUCAR 7
Outline
• Security Objectives
• Happening now… AMD Solution – ‘enhanced virus protection’ WinXP support in sp2
• Coming soon … Intel LaGrande technology Windows Palladium
NUCAR 8
Intel LaGrange Technology (LT)
• New Hardware Components complemented with New OS & New applications: protect data from software attacks protect data confidentiality & integrity
• Hardware Capabilities Isolated execution
• Protected memory pages
Sealed storage (TPM) Protected I/O (keyboard/mouse/graphics) Attestation (Proof of current protected environment)
NUCAR 10
LT Protection Model
• Standard partition execute:
• legacy code,
• non secure portion of new code
provides • regular IA32
semantics
• Protected partition execute
• new security modules & services
Provides• execution isolation
• sealed storage
• Protected I/O
• Attestation
NUCAR 12
Microsoft Palladium NGSCB
• Next Generation Secure Computing Base
• security technology for the Microsoft® Windows® platform, will be included in “Longhorn”
• Includes a new operating system module: “Nexus” enable secure interaction with applications,
peripheral hardware, memory and storage
NUCAR 13
Microsoft NGSCB
• Four key features: Strong process isolation
• even against attacks from the kernel
Sealed storage• accessible only to
program, nexus & machine
Secure path to/from user Attestation
NUCAR 14
The nexus
• Essentially the kernel of an isolated software stack
• runs alongside the existing OS software stack. not underneath it
• Provides a limited set of APIs and services for applications, including sealed storage and attestation functions.
• Special processes that work with nexus are called “Agents”
• Can run different nexuses on a machine But only one nexus at a time
NUCAR 16
References• AMD64 Architecture Programmer's Manual Volume 2: System
Programming, 3.09 edition, Sep. 2003. Publication No. 24593.• Microsoft Knowledge Base Articles 875352 & 875351 • Intel, LaGrande Technology Architectural Overview, 252491-001,
September 2003• Microsoft The Next-Generation Secure Computing Base: Four Key
Features, June 2003• Microsoft Next-Generation Secure Computing Base - Technical
FAQ, July 2003• Microsoft "Palladium": A Business Overview, August 2002• TPM Main Part 1 Design Principles, Specification Version 1.2
Revision 62 2 October 2003 Published• ARM, A New Foundation for CPU Systems Security, Security
Extensions to the ARM Architecture, Richard York, May 2003• A wooden fence in Kyoto, http://www.gastric.com /mari/54.htm
NUCAR 19
Stack Smashing Attack
main(int argc, char **argv) { … foo(argv[1], 10); …}
void foo(int i, char *s) { char b[16]; strcpy(b, s); ……}
main( ) auto variables
return addr of foo( )
frame ptr of foo( )
Stack ptr
Frame ptr
Stack grows
Buffer grows
10
ptr to input string
0+4
-4
+8
dddd
+12
cccc
bbbb
aaaa
-8
-12
-16 b[0]
b[1]
b[2]
b[3]
Stack
NUCAR 20
0x0012ff12
0x0012ff12
Stack grows
Buffer grows
start of attack code
0x0012ff12
0+4
-4
+8
****
+12
****
****
****
-8
-12
-16 b[0]
b[1]
b[2]
b[3]
Stack
0x0012ff12
0x0012ff08
0x0012ff04
0x0012ff00
attack code
attack code
attack code Attacker code executed in Stack Segment..
Stack Smashing Attack - II
return addr of foo( ) Has changed!
it will return to 0x0012ff12, the attacker code
NUCAR 21
TPM
• Trusted Platform Module • also called SSC - Security Support Component
• Stores hardware secret key
• Base of trust
• Cryptographic co-processor
• more…
NUCAR 24
ARM – TrustZone
• Extending the CPU to enable more security
• Main problem with current OS It is huge, millions of code lines - Complex
• difficult to establish a ‘trusted code base’ A rich API - Open
• enables widespread access to OS from non-secure code
• Main idea: establishing a trusted code base using a hardware enforced security domain to
systemize the implementation of secure systems