SlideShare une entreprise Scribd logo

Patterns for Secure Boot and Secure Storage in Computer Systems

Marcel Winandy
Marcel Winandy
1  sur  27
Télécharger pour lire hors ligne
RuhR-University Bochum System Security Lab Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security Ruhr-University Bochum Germany SPattern '10 (co-located with ARES 2010) 4th International Workshop on Secure Systems Methodologies Using Patterns Krakow, Poland, 18 February 2010
RuhR-University Bochum System Security Lab Motivating Example ● Password wallet for web authentication Client PC Web Server passwords Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 2
RuhR-University Bochum System Security Lab Motivating Example ● Password wallet for web authentication Client PC Web Server How do you know that your trusted system has started? passwords Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 3
RuhR-University Bochum System Security Lab Motivating Example ● Password wallet for web authentication Client PC Web Server How do you know that your trusted system has started? passwords How do you ensure that only your wallet application can access the stored passwords? Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 4
Secure Boot Pattern Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 5
RuhR-University Bochum System Security Lab Context ● Users want to be sure about operational integrity of applications and OS ● Unauthorized changes may lead to security violation ● Users trust the hardware – But need to verify integrity status of loaded software ● Users can be local or remote Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 6
RuhR-University Bochum System Security Lab Problem ● Software can be manipulated or exchanged ● Malware can register itself within any stage of the boot process ● Forces: – You want to ensure integrity of loaded software – You want the computer to always boot in a well- defined secure state – You want to allow modifications of the system (e.g. updates, additional software) Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 7
RuhR-University Bochum System Security Lab Solution ● Chain of trust – Each boot stage verifies integrity of next stage ● using cryptographically secure methods (hash functions, digital signature) – Only if check ok, control is transferred to next stage otherwise: system is halted ● Root of trust – Whole process depends on integrity of first module – First module therefore protected by hardware ● Including the integrity verification data (hashs, keys) Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 8
RuhR-University Bochum System Security Lab Solution ● Structure: Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 9
RuhR-University Bochum System Security Lab Variants ● Authenticated Boot – Does not halt if integrity verification fails – But allows (remote) party to verify the system state – Integrity measurement results are recorded securely for later inspection (e.g. in protected hardware registers) – Trusted (hardware) module vouches for stored results (e.g. via digital signature) Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 10
RuhR-University Bochum System Security Lab Consequences ● Benefits: – Software integrity state is verified at boot time – System starts only if integrity is OK – Authenticated boot: more flexible, check later ● Liabilities: – Setup/update of integrity verification data securely – Specific mechanisms needed for software updates – Integrity checks are only load-time, not runtime – Adds complexity and overhead Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 11
RuhR-University Bochum System Security Lab Known Uses ● Cell BE processor Sony PlayStation3 ● Trusted Platform Module (TPM) PCs, Laptops (Authenticated Boot) ● Open Mobile Terminal Platform (OMTP) specs Mobile phones (Abstract definition, different implementations) Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 12
Secure Storage Pattern Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 13
RuhR-University Bochum System Security Lab Context ● Provide storage that protects confidentiality and integrity of stored data for software applications ● Grant software to access the clear data only if the software has not been tampered with ● Hardware is trusted Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 14
RuhR-University Bochum System Security Lab Problem ● Cryptographic methods protect confidentiality and integrity (encryption, digital signatures) ● But software that has access to the keys could be manipulated ● Forces: – You need to protect confidentiality/integrity of data – You need to protect secret keys from unauthorized access and usage – You want to allow modifications/updates of software Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 15
RuhR-University Bochum System Security Lab Solution Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 16
RuhR-University Bochum System Security Lab Consequences ● Benefits: – Software can access protected data only if integrity verification of the software has succeeded – Data can be protected such that only authorized software (OS and applications) can access it ● Liabilities: – Backup strategy needed (hardware failures result in data loss because of hardware-protected keys) – Software updates more difficult (mechanism needed for updating integrity verification data) – Adds complexity and overhead Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 17
RuhR-University Bochum System Security Lab Known Uses ● Cell BE processor Sony PlayStation3 ● Trusted Platform Module (TPM) PCs, Laptops ● Open Mobile Terminal Platform (OMTP) specs Mobile phones (Abstract definition, different implementations) Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 18
Conclusion Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 19
RuhR-University Bochum System Security Lab Example Resolved ● Password wallet for web authentication Client PC Web Server How do you know that your trusted system has started? passwords How do you ensure that only your wallet application can access the stored passwords? Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 20
RuhR-University Bochum System Security Lab Example Resolved ● Password wallet for web authentication Client PC Web Server How do you know that your trusted Secure Boot system has started? passwords How do you ensure that only your wallet application can access the stored passwords? Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 21
RuhR-University Bochum System Security Lab Example Resolved ● Password wallet for web authentication Client PC Web Server How do you know that your trusted Secure Boot system has started? passwords How do you ensure that only your wallet application can access the Secure Storage stored passwords? Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 22
RuhR-University Bochum System Security Lab Summary and Conclusion ● Secure Boot describes how to start a system in known secure state (or how to verify it later) ● Secure Storage describes how to bind the access to data to the integrity state of software (and protect data even when system is offline) ● Both are fundamental concepts of trusted computing ● Valuable addition to OS security patterns Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 23
RuhR-University Bochum System Security Lab Summary and Conclusion ● Secure Boot describes how to start a system in known secure state (or how to verify it later) ● Secure Storage describes how to bind the access to data to the integrity state of software (and protect data even when system is offline) Questions? ● Both are fundamental concepts of trusted computing ● Valuable addition to OS security patterns Marcel Winandy Ruhr-University Bochum marcel.winandy@trust.rub.de Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 24
BACKUP Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 25
RuhR-University Bochum System Security Lab Related Patterns ● Secure Boot: – Boot Loader ● Emphasis on error correction; no root of trust – Authenticator ● Creates proof of identity of subjects; no chain of trust Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 26
RuhR-University Bochum System Security Lab Related Patterns ● Secure Storage: – needs Secure Boot – needs Controlled Virtual Address Space ● Providing process isolation – Information Obscurity ● Encryption, hide encryption keys in protected location – Controlled Execution Environment ● Control access to protected resources; only runtime – Reference Monitor ● Access control enforcement; no offline enforcement Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 27

Recommandé

Mathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.SrinivasanMathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasanmunicsaa
 
ECC vs RSA: Battle of the Crypto-Ninjas
ECC vs RSA: Battle of the Crypto-NinjasECC vs RSA: Battle of the Crypto-Ninjas
ECC vs RSA: Battle of the Crypto-NinjasJames McGivern
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms OverviewEL Bachir Nouni
 
JTAG Interface (Intro)
JTAG Interface (Intro)JTAG Interface (Intro)
JTAG Interface (Intro)Nitesh Bhatia
 
Elliptic Curve Cryptography for those who are afraid of maths
Elliptic Curve Cryptography for those who are afraid of mathsElliptic Curve Cryptography for those who are afraid of maths
Elliptic Curve Cryptography for those who are afraid of mathsMartijn Grooten
 
Elliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofElliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofArunanand Ta
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEELinaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
 

Recommandé

Mathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.SrinivasanMathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasanmunicsaa
 
ECC vs RSA: Battle of the Crypto-Ninjas
ECC vs RSA: Battle of the Crypto-NinjasECC vs RSA: Battle of the Crypto-Ninjas
ECC vs RSA: Battle of the Crypto-NinjasJames McGivern
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms OverviewEL Bachir Nouni
 
JTAG Interface (Intro)
JTAG Interface (Intro)JTAG Interface (Intro)
JTAG Interface (Intro)Nitesh Bhatia
 
Elliptic Curve Cryptography for those who are afraid of maths
Elliptic Curve Cryptography for those who are afraid of mathsElliptic Curve Cryptography for those who are afraid of maths
Elliptic Curve Cryptography for those who are afraid of mathsMartijn Grooten
 
Elliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofElliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofArunanand Ta
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEELinaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
 
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationTruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationMarcel Winandy
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsMarcel Winandy
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)David Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner David Sweigert
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
 
13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber SecurityCedar Consulting
 
Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted ComputingMaksim Djackov
 
Ch11
Ch11Ch11
Ch11Raja Waseem Akhtar
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration Raja Waseem Akhtar
 
PROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxPROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxDHANUSH447825
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of SystemsJamal Jamali
 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)David Sweigert
 
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...eSAT Journals
 
The samsung knox platform 0
The samsung knox platform 0The samsung knox platform 0
The samsung knox platform 0Javier Gonzalez
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An IntroductionMarcel Winandy
 
Security testing in mobile applications
Security testing in mobile applicationsSecurity testing in mobile applications
Security testing in mobile applicationsJose Manuel Ortega Candel
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceMarcel Winandy
 

Contenu connexe

Similaire à Patterns for Secure Boot and Secure Storage in Computer Systems

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationTruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationMarcel Winandy
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsMarcel Winandy
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)David Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner David Sweigert
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
 
13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber SecurityCedar Consulting
 
Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted ComputingMaksim Djackov
 
PROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxPROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxDHANUSH447825
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of SystemsJamal Jamali
 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)David Sweigert
 
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...eSAT Journals
 
The samsung knox platform 0
The samsung knox platform 0The samsung knox platform 0
The samsung knox platform 0Javier Gonzalez
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An IntroductionMarcel Winandy
 

Similaire à Patterns for Secure Boot and Secure Storage in Computer Systems (20)

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationTruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface Systems
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security Practitioner
 
13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security13. Neville Varnham - PeopleSoft Cyber Security
13. Neville Varnham - PeopleSoft Cyber Security
 
Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted Computing
 
Ch11
Ch11Ch11
Ch11
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 
PROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxPROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptx
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
 
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
 
The samsung knox platform 0
The samsung knox platform 0The samsung knox platform 0
The samsung knox platform 0
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An Introduction
 
Security testing in mobile applications
Security testing in mobile applicationsSecurity testing in mobile applications
Security testing in mobile applications
 

Plus de Marcel Winandy

Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceMarcel Winandy
 
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...Marcel Winandy
 
A Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardA Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardMarcel Winandy
 
Securing the E-Health Cloud
Securing the E-Health CloudSecuring the E-Health Cloud
Securing the E-Health CloudMarcel Winandy
 
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsTrusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsMarcel Winandy
 
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Marcel Winandy
 
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Marcel Winandy
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM VirtualizationMarcel Winandy
 
Compartmented Security for Browsers
Compartmented Security for BrowsersCompartmented Security for Browsers
Compartmented Security for BrowsersMarcel Winandy
 

Plus de Marcel Winandy (10)

Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
 
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
 
A Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardA Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health Card
 
Securing the E-Health Cloud
Securing the E-Health CloudSecuring the E-Health Cloud
Securing the E-Health Cloud
 
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsTrusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
 
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
 
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM Virtualization
 
Compartmented Security for Browsers
Compartmented Security for BrowsersCompartmented Security for Browsers
Compartmented Security for Browsers
 

Patterns for Secure Boot and Secure Storage in Computer Systems

  • 1. RuhR-University Bochum System Security Lab Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security Ruhr-University Bochum Germany SPattern '10 (co-located with ARES 2010) 4th International Workshop on Secure Systems Methodologies Using Patterns Krakow, Poland, 18 February 2010
  • 2. RuhR-University Bochum System Security Lab Motivating Example ● Password wallet for web authentication Client PC Web Server passwords Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 2
  • 3. RuhR-University Bochum System Security Lab Motivating Example ● Password wallet for web authentication Client PC Web Server How do you know that your trusted system has started? passwords Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 3
  • 4. RuhR-University Bochum System Security Lab Motivating Example ● Password wallet for web authentication Client PC Web Server How do you know that your trusted system has started? passwords How do you ensure that only your wallet application can access the stored passwords? Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 4
  • 5. Secure Boot Pattern Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 5
  • 6. RuhR-University Bochum System Security Lab Context ● Users want to be sure about operational integrity of applications and OS ● Unauthorized changes may lead to security violation ● Users trust the hardware – But need to verify integrity status of loaded software ● Users can be local or remote Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 6
  • 7. RuhR-University Bochum System Security Lab Problem ● Software can be manipulated or exchanged ● Malware can register itself within any stage of the boot process ● Forces: – You want to ensure integrity of loaded software – You want the computer to always boot in a well- defined secure state – You want to allow modifications of the system (e.g. updates, additional software) Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 7
  • 8. RuhR-University Bochum System Security Lab Solution ● Chain of trust – Each boot stage verifies integrity of next stage ● using cryptographically secure methods (hash functions, digital signature) – Only if check ok, control is transferred to next stage otherwise: system is halted ● Root of trust – Whole process depends on integrity of first module – First module therefore protected by hardware ● Including the integrity verification data (hashs, keys) Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 8
  • 9. RuhR-University Bochum System Security Lab Solution ● Structure: Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 9
  • 10. RuhR-University Bochum System Security Lab Variants ● Authenticated Boot – Does not halt if integrity verification fails – But allows (remote) party to verify the system state – Integrity measurement results are recorded securely for later inspection (e.g. in protected hardware registers) – Trusted (hardware) module vouches for stored results (e.g. via digital signature) Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 10
  • 11. RuhR-University Bochum System Security Lab Consequences ● Benefits: – Software integrity state is verified at boot time – System starts only if integrity is OK – Authenticated boot: more flexible, check later ● Liabilities: – Setup/update of integrity verification data securely – Specific mechanisms needed for software updates – Integrity checks are only load-time, not runtime – Adds complexity and overhead Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 11
  • 12. RuhR-University Bochum System Security Lab Known Uses ● Cell BE processor Sony PlayStation3 ● Trusted Platform Module (TPM) PCs, Laptops (Authenticated Boot) ● Open Mobile Terminal Platform (OMTP) specs Mobile phones (Abstract definition, different implementations) Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 12
  • 13. Secure Storage Pattern Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 13
  • 14. RuhR-University Bochum System Security Lab Context ● Provide storage that protects confidentiality and integrity of stored data for software applications ● Grant software to access the clear data only if the software has not been tampered with ● Hardware is trusted Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 14
  • 15. RuhR-University Bochum System Security Lab Problem ● Cryptographic methods protect confidentiality and integrity (encryption, digital signatures) ● But software that has access to the keys could be manipulated ● Forces: – You need to protect confidentiality/integrity of data – You need to protect secret keys from unauthorized access and usage – You want to allow modifications/updates of software Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 15
  • 16. RuhR-University Bochum System Security Lab Solution Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 16
  • 17. RuhR-University Bochum System Security Lab Consequences ● Benefits: – Software can access protected data only if integrity verification of the software has succeeded – Data can be protected such that only authorized software (OS and applications) can access it ● Liabilities: – Backup strategy needed (hardware failures result in data loss because of hardware-protected keys) – Software updates more difficult (mechanism needed for updating integrity verification data) – Adds complexity and overhead Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 17
  • 18. RuhR-University Bochum System Security Lab Known Uses ● Cell BE processor Sony PlayStation3 ● Trusted Platform Module (TPM) PCs, Laptops ● Open Mobile Terminal Platform (OMTP) specs Mobile phones (Abstract definition, different implementations) Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 18
  • 19. Conclusion Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 19
  • 20. RuhR-University Bochum System Security Lab Example Resolved ● Password wallet for web authentication Client PC Web Server How do you know that your trusted system has started? passwords How do you ensure that only your wallet application can access the stored passwords? Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 20
  • 21. RuhR-University Bochum System Security Lab Example Resolved ● Password wallet for web authentication Client PC Web Server How do you know that your trusted Secure Boot system has started? passwords How do you ensure that only your wallet application can access the stored passwords? Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 21
  • 22. RuhR-University Bochum System Security Lab Example Resolved ● Password wallet for web authentication Client PC Web Server How do you know that your trusted Secure Boot system has started? passwords How do you ensure that only your wallet application can access the Secure Storage stored passwords? Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 22
  • 23. RuhR-University Bochum System Security Lab Summary and Conclusion ● Secure Boot describes how to start a system in known secure state (or how to verify it later) ● Secure Storage describes how to bind the access to data to the integrity state of software (and protect data even when system is offline) ● Both are fundamental concepts of trusted computing ● Valuable addition to OS security patterns Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 23
  • 24. RuhR-University Bochum System Security Lab Summary and Conclusion ● Secure Boot describes how to start a system in known secure state (or how to verify it later) ● Secure Storage describes how to bind the access to data to the integrity state of software (and protect data even when system is offline) Questions? ● Both are fundamental concepts of trusted computing ● Valuable addition to OS security patterns Marcel Winandy Ruhr-University Bochum marcel.winandy@trust.rub.de Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 24
  • 25. BACKUP Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 25
  • 26. RuhR-University Bochum System Security Lab Related Patterns ● Secure Boot: – Boot Loader ● Emphasis on error correction; no root of trust – Authenticator ● Creates proof of identity of subjects; no chain of trust Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 26
  • 27. RuhR-University Bochum System Security Lab Related Patterns ● Secure Storage: – needs Secure Boot – needs Controlled Virtual Address Space ● Providing process isolation – Information Obscurity ● Encryption, hide encryption keys in protected location – Controlled Execution Environment ● Control access to protected resources; only runtime – Reference Monitor ● Access control enforcement; no offline enforcement Marcel Winandy Patterns for Secure Boot and Secure Storage (SPattern '10) Krakow, 2010-02-18 27