Hardware-Assisted Isolated Computing Environments Overview

hardware assisted isolated computing environments n.w
1 / 29
Embed
Share

Explore the concept of Hardware-Assisted Isolated Computing Environments (ICE) and the importance of implementing them to safeguard against data breaches and malicious attacks. Learn about software-based and hardware-based solutions, their advantages, and their applications in creating secure computing environments.

  • Computing Environments
  • Data Security
  • Hardware-Assisted
  • Software Solutions
  • ICE
rayaanacharya
aren_ete Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Hardware-Assisted Isolated Computing Environments Instructor: Kun Sun, Ph.D.

  2. Outline Introduction Related Work Our Work on Hardware-assisted ICE x86 platform SecureSwitch: OS level isolation [NDSS12] ARM platform TrustICE: Flexible ICE [under submission] Summary 2

  3. Why Isolated Computing Environment? Bring your own device (BYOD) Risk of data breaches Require an ICE to separate sensitive code and data Suspicious code or data http://www.technologyreview.com/sites/default/files/legacy/b elt_b_x220.jpg Trojan, e.g., BitCoinMiner, Keylogger Run the code in an ICE to protect the host environment Malware analysis Rootkits compromises OS Protect the analysis tools in an ICE http://b.vimeocdn.com/ts/419/611/419611391_640.jpg 3

  4. Lampson Red/Green System Model Red/Green system: Policy + Isolation + Accountability +Freedom * Butler Lampson, Accountability and Freedom Slides, Microsoft, Sept.,2005 4

  5. Outline Introduction Related Work Our Work on Hardware-assisted ICE x86 platform SecureSwitch: OS level isolation [NDSS12] ARM platform TrustICE: Flexible ICE [under submission] Summary 5

  6. Software-based ICE Solutions VMM-based OS-based Browser-based OS level User/Process level Applet level Isolation Level Example Xen, VMware, QEMU, UML FreeBSD Jail, Linux OpenVZ, Solaris Container Adobe Flash, Java applets, Silverlight VMM vulnerabilities*, Covert Channel VMM vulnerabilities, OS vulnerabilities VMM vulnerabilities, OS vulnerabilities, Browser vulnerabilities Security concerns * From 1999 to 2009, 373 vulnerabilities affecting virtualization solutions. --- IBM X-Force 2010 Mid-year trend and risk report 6

  7. Hardware-based ICE Solutions Multiple Computers Multi-boot VT-x / SVM (DRTM) SMM Whole physical computer OS level; Instruction level; Instruction level; Isolation Level Bootloader: LILO, Grub Flicker [2], TrustVisor [3] SICE [5], HyperCheck [6] Examples Cost, inflexible Long switching time Software compatibility Software compatibility Problems 7

  8. Outline Introduction Related Work Our Work on Hardware-assisted ICE x86 platform SecureSwitch: OS level isolation [NDSS12] ARM platform TrustICE: Flexible ICE [under submission] Summary 8

  9. SecureSwitch Architecture BIOS-assistant OS Level Isolation no data leakage between two OS environments without using any mutable software layer (e.g., hypervisor) no changes of the OS source code fast switching time, around 6 seconds App1 App1 App2 App2 App3 App3 Untrusted OS Trusted OS BIOS CPU, VGA, NIC, I/O Trusted Computing Base (TCB) only contains the BIOS. 9

  10. BIOS, UEFI, and Coreboot Basic Input/Output System (BIOS) Initializing hardware components. Stored in non-volatile ROM chips. Unified Extensible Firmware Interface (UEFI) A new software interface between OS and firmware. Partially open source Coreboot (formerly as LinuxBIOS) Similar functionality as UEFI Open source 10

  11. ACPI Sleeping States Advanced Configuration and Power Interface (ACPI) OS-directed configuration; Power/thermal management Global System States G0 --- Working (System Operational) G1---Sleeping (CPU stopped) G2 ---Soft Off G3 ---Mechanical off (Physical off switch) Sleeping States in G1: S0 S5 S3: also called Standby, Suspend to RAM DRAM still maintained S4: also called Hibernation or Suspend to Disk DRAM not maintained Device Power States: D0 D3 D0 - Fully-On D3 -- Power off to device

  12. Attack Model Assumption BIOS and option ROM on devices can be trusted. No physical access to the protected machine Attacks from the untrusted OS Spoofing Trusted OS attacks: faking trusted OS Data exfiltration attacks: stealing sensitive data Cache-based side channel attacks: extracting sensitive data Out of the scope Denial of Service attacks Network attacks on trusted OS 12

  13. Secure Switching State Machine 13

  14. Trusted Path Protect against Spoofing trusted OS attacks by assuring users that they are working with the OS they intend to use. Protecting system variables OS_Flag: records which OS should be woken next 1. Where to save it? OS_Flag: physical jumper, e.g., Parallel port connector Untrusted OS should be truly suspended. hardware controlled power LED lights up when system is powered on, and blinks in the sleep mode. BIOS should be entered. Press the power button. 1. 2.

  15. Secure Switching Process Untrusted OS (running) Trusted OS (ACPI S3 sleep) Power Button (1) Suspend (5) wake up trusted OS Trusted OS (ACPI S3 sleep) Untrusted OS (ACPI S3 sleep) (2) press button BIOS (3) read OS_FLAG (4) hardware configuration (6) wake up OS_FLAG CPU, RAM, Hard Disk Trusted OS (running) Untrusted OS (ACPI S3 sleep) 15

  16. System Isolation CPU Isolation: two OSes never run concurrently. Memory Isolation: physical-level isolation Hard disk isolation: encrypted hard disk, RAM disk Other I/O isolation: clean the buffers/states in devices. CPU Memory Hard Disk VGA NIC ACPI S3 BIOS 16

  17. Memory Isolation A motherboard may have more than one dual in-line memory module (DIMM) slot. DIMM Mask and DQS Setting BIOS uses DIMM_MASK variable to control which DIMMs to be enabled. BIOS sets data strobes (DQS) parameters to enable DDR RAM memory access.

  18. Memory Isolation Physical-level memory isolation ensured by BIOS Two OS environments run in separate DIMMS. BIOS only enables one DIMM for each OS. Two DQS settings for two OSes DIMM_MASK controlled by the physical jumper. System software, except the BIOS, cannot initialize or enable DIMMs after the system boots up Transient state of DQS setting If DIMM_MASK has conflicts with DQS setting, system crashes 18

  19. Hard Drive Isolation Hard disk encryption Two hard disks, one for each OS Disk lock in ATA specification Need TPM to save the encryption key RAM disk For browser-based application, save a small amount of temporary data in the RAM 19

  20. Prototype > Hardware > Motherboard: ASUS M2V-MX_SE > CPU: AMD Sempron 64 LE-1300 > DDR2: Kingston HyperX 1GB > HDD: Seagate 500GB > Software > BIOS: Coreboot + SeaBIOS > Trusted OS: Linux (Centos 5.5) > Untrusted OS: Windows XP 20

  21. Performance Analysis 21

  22. Linux Suspend Time Breakdown User Space : 1517.33 ms Kernel Space: 1590.14 ms 22

  23. Linux Wakeup Time Breakdown Kernel Space: 1537.22 ms User Space: 621.04 ms 23

  24. Outline Introduction Related Work Our Work on Hardware-assisted ICE x86 platform SecureSwitch: OS level isolation [NDSS12] ARM platform TrustICE: Flexible ICE [under submission] Summary 24

  25. ARM TrustZone Two isolated domains Secure/un-secure CPU States Virtual MMU/Secure Memory TrustZone-Aware interrupt controller Traditional solutions Rich OS and un-secure apps in normal domain Secure OS and secure apps in secure domain Limitations Trusted Computing Base (TCB) is large No flexible No isolation between secure Apps. No protection on non-secure Apps. Traditional Solutions 25

  26. TrustICE: Flexible ICEs Basic Idea: Create ICEs in normal domain, instead of secure domain A Trusted Domain Controller (TDC) enforces the isolation and secures the switching Benefits: Small TCB: TDC + Secure boot Multiple ICEs Self-contained code Microkenel with necessary modules full-featured OS Flexible Easy to deploy third-party software Vendor Apps still in secure domain 26

  27. Outline Introduction Related Work Our Work on Hardware-assisted ICE x86 platform SecureSwitch: OS level isolation [NDSS12] ARM platform TrustICE: Flexible ICE [under submission] Summary 27

  28. Summary Our Work on Hardware-assisted ICE SecureSwitch: BIOS-based ICE on x86 platform OS level isolation with small TCB Small switching time TrustICE: TrustZone-based ICE on arm platform Flexible multiple ICEs Small TCB 28

  29. References P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In SOSP 03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 164 177, New York, NY, USA, 2003. ACM Press. 1. J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pages 315 328. ACM, 2008. 2. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the IEEE Symposium on Security and Privacy, 2010. 3. Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, Adrian Perrig. Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms. TRUST 2012. 4. Ahmed Azab, Peng Ning, Xiaolan Zhang, SICE: A Hardware-Level Strongly Isolated Computing Environment for x86 Multi-core Platforms, in Proceedings of 18th ACM Conference on Computer and Communications Security (CCS11), October 2011. 5. Fengwei Zhang, Jiang Wang, Kun Sun, Angelos Stavrou, "HyperCheck: A Hardware-Assisted Integrity Monitor," IEEE Transactions on Dependable and Secure Computing, 17 Dec. 2013. IEEE computer Society Digital Library. 6. Kun Sun, Jiang Wang, Fengwei Zhang, and Angelos Stavrou, SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes. In the Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS), San Diego, California, 5-8 February 2012. 7. Y. Fu and Z. Lin. Space Traveling across VM: Automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, 2012. 8. X. Jiang, X. Wang, and D. Xu. Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction. In Proceedings of the 14th ACM conference on CCS, 2007. 9. T. Leek, M. Zhivich, J. Gin, and W. Lee. Virtuoso: Narrowing the semantic gap in virtual machine introspection. In Proceedings of the 32nd IEEE Symposium on Security and Privacy, 2011. 10. 29

Related


Computer Organization and Architecture

Computer Organization and Architecture

alexei
This is What Awesome Dad Looks Like Tshirt, Father's Day Tshirt

This is What Awesome Dad Looks Like Tshirt, Father's Day Tshirt

Festival
Hold Down and Release Mechanism Hardware Simulator for Ground Deployment Testing

Hold Down and Release Mechanism Hardware Simulator for Ground Deployment Testing

aurelia
Overview of Computer Hardware Components and Software Functions

Overview of Computer Hardware Components and Software Functions

ainhoa
Integrity in Attestation and Isolation by Luca Wilke

Integrity in Attestation and Isolation by Luca Wilke

alianna
Diploma in Hardware & Networking: Upgrade Your IT Skills

Diploma in Hardware & Networking: Upgrade Your IT Skills

melia
Anatomy of a Computer System: Hardware Components and Functions

Anatomy of a Computer System: Hardware Components and Functions

alaiya
Computer Hardware Components

Computer Hardware Components

kasper
Elk Grove Village Youth Baseball 2014 Skills & Concepts for Ages 6-8

Elk Grove Village Youth Baseball 2014 Skills & Concepts for Ages 6-8

zaniyah
I GET DRESSED AND I EAT YOU - A Creative Sequence of Dressing Up

I GET DRESSED AND I EAT YOU - A Creative Sequence of Dressing Up

jerry
Exciting Achievement Levels Unlocked!

Exciting Achievement Levels Unlocked!

constantine
Optimizing DNN Pruning for Hardware Efficiency

Optimizing DNN Pruning for Hardware Efficiency

vinicius
Overview of Fly and Trajectory Scans in Data Acquisition

Overview of Fly and Trajectory Scans in Data Acquisition

ciha
Hardware Design Languages in Advanced Computer Architecture

Hardware Design Languages in Advanced Computer Architecture

tcorl
Y86-64 Instruction Set and Hardware Control Language

Y86-64 Instruction Set and Hardware Control Language

mcill
Architectural Hardware Support for Operating Systems in ECE344 Lecture

Architectural Hardware Support for Operating Systems in ECE344 Lecture

lashawnd
NJ District 12 Little League - January 2021 Presidents Meeting Highlights

NJ District 12 Little League - January 2021 Presidents Meeting Highlights

brealynn
Distributed Consensus and Coordination in Hardware Birds of a Feather Session

Distributed Consensus and Coordination in Hardware Birds of a Feather Session

daedal
Virtualization: Hardware Abstraction and Hypervisor Concepts

Virtualization: Hardware Abstraction and Hypervisor Concepts

myon
Operating Systems: An Introduction and Overview

Operating Systems: An Introduction and Overview

linh_706
Hardware-Assisted Page Walks for Virtualized Systems

Hardware-Assisted Page Walks for Virtualized Systems

mzia
Approximate Computing in Hardware Design: A Comprehensive Overview

Approximate Computing in Hardware Design: A Comprehensive Overview

ebel

More Related Content