Protecting Data In-Use from Firmware and Physical Attacks
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
A Complete Bibliography of ACM Transactions on Computer Systems
A Complete Bibliography of ACM Transactions on Computer Systems Nelson H. F. Beebe University of Utah Department of Mathematics, 110 LCB 155 S 1400 E RM 233 Salt Lake City, UT 84112-0090 USA Tel: +1 801 581 5254 FAX: +1 801 581 4148 E-mail: [email protected], [email protected], [email protected] (Internet) WWW URL: http://www.math.utah.edu/~beebe/ 10 August 2021 Version 1.75 Title word cross-reference Accelerating [BJS01]. Accelerator [CZL+15]. Accelerators [LAB+13]. Accent [FR86]. Access [AT83, LZCZ86, LP93, Smi84b, GB01]. arc [GS93]. N [SHG95, Mae85]. Access/Execute [Smi84b]. Accesses [AJ19, HY92, Kel00]. accessing [ACM04]. -Body [SHG95]. accounting [EV03]. accuracy [Jim05]. Accurate [GVM+11, NTW09]. Ace [RR99]. 11/780 [Cla83, CE85]. 1988 [ACM88]. Achieve [LLL+16]. ACM [Jha20]. ACM/SIGOPS [ACM88]. Action [Sch84]. + 2.6 [PTS 14]. 2011 [Mow12]. 2019 [MT20]. Actions [Ree83]. Activations [ABLL92]. active [SJS+00]. Activity 36 [Jha20]. [IRH86, MSB+06]. Ad [BYFK08, FKA10]. Adaptable [AC92]. Adaptation 4 [Jha20]. 432 [CGJ88, CCLP83]. [BS91, AD03, FS04]. Adaptive [ALHH08, AS95, MLS97, CT01]. Address 780 [Cla83, CE85]. [CLFL94, SV99]. Adrenaline [HZL+17]. Affected [IRH86]. Aggregate [AB83]. Abstract [Her86, SS84]. abstraction aggregation [JMB05]. Aggressive [CRL03, Kel00]. Abstractions [SKH+16]. 1 2 [GWSU13]. AI [RDB+21]. Air [CDD96]. al [HKS+83]. Arrays [SHCG94]. Article [Jha20]. Algorithm [Jha20]. Asbestos [VEK+07]. [Bad86, DC85, HBAK86, Lam87, Mae85, Assignments [BGM86]. Assistant Ray89, SK85, Zha91]. Algorithms [HLZ+16]. Assisting [KMG16]. [CM86, GD87, GLM91, KS91, KH92, LA93, Associative [SA95]. Astrolabe [VBV03]. MCS91, San87, Sau83a, Sau83b, TS89, KY04]. Asymmetric [SFKP12]. At-Most-Once allergies [QTZS07]. Allocation [LSW91]. ATC [MT20]. -
CIS 4360 Secure Computer Systems Attacks Against Boot And
CIS 4360 Secure Computer Systems Attacks against Boot and RAM Professor Qiang Zeng Spring 2017 Previous Class • BIOS-MBR: Generation I system boot – What BIOS and MBR are? – How does it boot the system? // Jumping to MBR – How does multi-boot work? // Chain-loading • The limitations of BIOS and MBR – Disk, memory, file system, multi-booting, security, … • UEFI-GPT: Generation II system boot – What UEFI and GPT are? – How does it boot the system? // UEFI boot manager – How does multi-boot work? // separate dirs in ESP CIS 4360 – Secure Computer Systems 2 Limitations of BIOS-MBR • MBR is very limited – Support ~2TB disk only – 4 primary partitions at most (so four OSes at most) – A MBR can store only one boot loader • BIOS is very restrictive – 16-bit processor mode; 1MB memory space (little spare space to accommodate a file system driver) – Blindly executes whatever code on MBR CIS 4360 – Secure Computer Systems 3 UEFI vs. BIOS • Disk partitioning schemes – GPT (GUID Partition Table): part of UEFI spec.; to replace MBR – MBR supports disk size 232 x 512B = 2TB, while UEFI supports much larger disks (264 x 512B = 8,000,000,000 TB) – MBR supports 4 partitions, while GPT supports 128 • Memory space – BIOS: 20-bit addressing; UEFI: 32-bit or 64-bit • Pre-OS environment – BIOS only provides raw disk access, while UEFI supports the FAT file system (so you can use file names to read files) • Booting – BIOS supports boot through boot sectors (MBR and VBR) – UEFI provides a boot partition of hundreds of megabytes (and boot manager and secure boot) CIS 4360 – Secure Computer Systems 4 Previous Class How does dual-boo-ng of Linux and Windows work in UEFI-GPT? Each vendor has a separate directory storing its own boot loader code and configuraon files in the ESP (EFI System Par--on). -
Low-Cost Mitigation Against Cold Boot Attacks for an Authentication Token
Low-cost Mitigation against Cold Boot Attacks for an Authentication Token Ian Goldberg?1, Graeme Jenkinson2, and Frank Stajano2 1 University of Waterloo (Canada) 2 University of Cambridge (United Kingdom) Abstract. Hardware tokens for user authentication need a secure and usable mechanism to lock them when not in use. The Pico academic project proposes an authentication token unlocked by the proximity of simpler wearable devices that provide shares of the token’s master key. This method, however, is vulnera- ble to a cold boot attack: an adversary who captures a running Pico could extract the master key from its RAM and steal all of the user’s credentials. We present a cryptographic countermeasure—bivariate secret sharing—that protects all the credentials except the one in use at that time, even if the token is captured while it is on. Remarkably, our key storage costs for the wearables that supply the cryp- tographic shares are very modest (256 bits) and remain constant even if the token holds thousands of credentials. Although bivariate secret sharing has been used before in slightly different ways, our scheme is leaner and more efficient and achieves a new property—cold boot protection. We validated the efficacy of our design by implementing it on a commercial Bluetooth Low Energy development board and measuring its latency and energy consumption. For reasonable choices of latency and security parameters, a standard CR2032 button-cell battery can power our prototype for 5–7 months, and we demonstrate a simple enhancement that could make the same battery last for over 9 months. -
Defeating Invisible Enemies:Firmware Based
Defeating Invisible Enemies: Firmware Based Security in OpenPOWER Systems — Linux Security Summit 2017 — George Wilson IBM Linux Technology Center Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation Agenda Introduction The Case for Firmware Security What OpenPOWER Is Trusted Computing in OpenPOWER Secure Boot in OpenPOWER Current Status of Work Benefits of Open Source Software Conclusion Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 2 Introduction Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 3 Disclaimer These slides represent my views, not necessarily IBM’s All design points disclosed herein are subject to finalization and upstream acceptance The features described may not ultimately exist or take the described form in a product Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 4 Background The PowerPC CPU has been around since 1990 Introduced in the RS/6000 line Usage presently spans embedded to server IBM PowerPC servers traditionally shipped with the PowerVM hypervisor and ran AIX and, later, Linux in LPARs In 2013, IBM decided to open up the server architecture: OpenPOWER OpenPOWER runs open source firmware and the KVM hypervisor with Linux guests Firmware and software designed and developed by the IBM Linux Technology Center “OpenPOWER needs secure and trusted boot!” Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 5 The Case for Firmware Security Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 6 Leaks Wikileaks Vault 7 Year 0 Dump NSA ANT Catalog Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 7 Industry Surveys UEFI Firmware Rootkits: Myths and Reality – Matrosov Firmware Is the New Black – Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities – Branco et al. -
Iocheck: a Framework to Enhance the Security of I/O Devices at Runtime
IOCheck: A Framework to Enhance the Security of I/O Devices at Runtime Fengwei Zhang Center for Secure Information Systems George Mason University Fairfax, VA 22030 [email protected] Abstract—Securing hardware is the foundation for implement- Management Mode (SMM), a CPU mode in the x86 archi- ing a secure system. However, securing hardware devices remains tecture, to quickly check the integrity of I/O configurations an open research problem. In this paper, we present IOCheck, and firmware. Unlike previous systems [11], [12], IOCheck a framework to enhance the security of I/O devices at runtime. enumerates all of the I/O devices on the motherboard, and It leverages System Management Mode (SMM) to quickly check checks the integrity of their corresponding configurations and the integrity of I/O configurations and firmware. IOCheck does not rely on the operating system and is OS-agnostic. In our firmware. IOCheck does not rely on the operating system, preliminary results, IOCheck takes 4 milliseconds to switch to which significantly reduces the Trust Computing Base (TCB). SMM which introduces low performance overhead. In addition, IOCheck is able to achieve better performance compared to TXT or SVM approaches. For example, the SMM Keywords—Integrity, Firmware, I/O Configurations, SMM switching time is much faster than the late launch method in Flicker [10], [13]. We will demonstrate that IOCheck is able to check the integrity of array of I/O devices including the BIOS, I. INTRODUCTION IOMMU, network card, video card, keyboard, and mouse. With the increasing complexity of hardware devices, Contributions. The purpose of this work is to make the firmware functionality is expanding, exposing new vulner- following contributions: abilities to attackers. -
Using Registers As Buffers to Resist Memory Disclosure Attacks Yuan Zhao, Jingqiang Lin, Wuqiong Pan, Cong Xue, Fangyu Zheng, Ziqiang Ma
RegRSA: Using Registers as Buffers to Resist Memory Disclosure Attacks Yuan Zhao, Jingqiang Lin, Wuqiong Pan, Cong Xue, Fangyu Zheng, Ziqiang Ma To cite this version: Yuan Zhao, Jingqiang Lin, Wuqiong Pan, Cong Xue, Fangyu Zheng, et al.. RegRSA: Using Registers as Buffers to Resist Memory Disclosure Attacks. 31st IFIP International Information Security and Privacy Conference (SEC), May 2016, Ghent, Belgium. pp.293-307, 10.1007/978-3-319-33630-5_20. hal-01369563 HAL Id: hal-01369563 https://hal.inria.fr/hal-01369563 Submitted on 21 Sep 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Distributed under a Creative Commons Attribution| 4.0 International License RegRSA: Using Registers as Buffers to Resist Memory Disclosure Attacks Yuan Zhao1;2;3?, Jingqiang Lin1;2, Wuqiong Pan1;2??, Cong Xue1;2;3, Fangyu Zheng1;2;3, and Ziqiang Ma1;2;3 1 State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, China 2 Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China 3 University of Chinese Academy of Sciences, China {yzhao,linjq,wqpan,cxue13,fyzheng,zqma13}@is.ac.cn Abstract. -
IOMMU-Resistant DMA Attacks
IOMMU-resistant DMA attacks Gil Kupfer Technion - Computer Science Department - M.Sc. Thesis MSC-2018-21 - 2018 Technion - Computer Science Department - M.Sc. Thesis MSC-2018-21 - 2018 IOMMU-resistant DMA attacks Research Thesis Submitted in partial fulfillment of the requirements for the degree of Master of Science in Computer Science Gil Kupfer Submitted to the Senate of the Technion | Israel Institute of Technology Sivan 5778 Haifa May 2018 Technion - Computer Science Department - M.Sc. Thesis MSC-2018-21 - 2018 Technion - Computer Science Department - M.Sc. Thesis MSC-2018-21 - 2018 This research was carried out under the supervision of Prof. Dan Tsafrir and Dr. Nadav Amit, in the Faculty of Computer Science. Acknowledgements who passed ,ז"ל This work is dedicated to my grandfather, Tuvia Kupfer away during the writing of this work. I would like to thank my wife, Odeya, for helping and supporting when needed. Also, I would like to thank all the friends who have been there. Finally, thanks to my advisors, Prof. Dan Tsafrir and Dr. Nadav Amit, for their help and guidance along the way. The generous financial help of the Technion is gratefully acknowledged. Technion - Computer Science Department - M.Sc. Thesis MSC-2018-21 - 2018 Technion - Computer Science Department - M.Sc. Thesis MSC-2018-21 - 2018 Contents List of Figures Abstract 1 Abbreviations and Notations3 1 Introduction5 2 Background9 2.1 DMA Attacks.................................9 2.1.1 Classic DMA Attacks........................9 2.1.2 IOMMU Protection......................... 10 2.1.3 Circumventing the IOMMU..................... 11 2.2 FireWire.................................... 12 3 Attack Mechanics 15 3.1 Sub-Page Granularity Vulnerability.................... -
Lest We Remember: Cold Boot Attacks on Encryption Keys
Lest We Remember: Cold Boot Attacks on Encryption Keys J. Alex Halderman*, Seth D. Schoen†, Nadia Heninger*, William Clarkson, William Paul‡, Joseph A. Calandrino*, Ariel J. Feldman*, Jacob Appelbaum and Edward W. Felten* *Princeton University †Electronic Frontier Foundation ‡Wind River Systems USENIX Security Symposium, 2008 Presented by: Andra-Maria Ilieș Seminar in Computer Architecture 1 Executive summary ■ Problem: DRAMs lose their data gradually after the power is cut ■ Goal: Present a new type of attack which exploits remanence effect ■ Method: ■ Acquire usable full-system memory image ■ Extract cryptographic key ■ Gain access to secret data ■ Evaluation: succeeded on most popular disk encryption systems 2 Background, Problem & Goal 3 DRAM ■ A DRAM cell consists of a capacitor and an access transistor. ■ It stores data in terms of change in the capacitor. wordline access transistor bitline bitline storage bitline capacitor 4 DRAM refresh ■ DRAM capacitor charge leaks over time ■ Each DRAM row is refreshed periodically to restore charge ■ Period usually is 64 ms ■ Retention time: maximum time a cell can go without being refreshed while maintaining its stored data ■ Decay: bit flips caused by charge leak ■ Cell leak = cell decays to ground state ■ When powered off DRAM loses its data completely 5 Retention time and temperature ■ Contents survive at some extent even at room temperature ■ LINK, W., AND MAY, H. Eigenschaften von MOS - Ein Transistorspeicherzellen bei tiefen Temperaturen. Archiv fur Elekotronik und Ubertragungstechnik 33 (June 1979), 229–235 ■ DRAM showed no data loss for a full week without refresh when cooled with liquid nitrogen ■ Retention time can be increased by cooling 6 Retention time and booting ■ Chow, Jim & Pfaff, Ben & Garfinkel, Tal & Rosenblum, Mendel. -
Bypassing IOMMU Protection Against I/O Attacks Benoît Morgan, Eric Alata, Vincent Nicomette, Mohamed Kaâniche
Bypassing IOMMU Protection against I/O Attacks Benoît Morgan, Eric Alata, Vincent Nicomette, Mohamed Kaâniche To cite this version: Benoît Morgan, Eric Alata, Vincent Nicomette, Mohamed Kaâniche. Bypassing IOMMU Protection against I/O Attacks. 7th Latin-American Symposium on Dependable Computing (LADC’16), Oct 2016, Cali, Colombia. pp.145-150, 10.1109/LADC.2016.31. hal-01419962 HAL Id: hal-01419962 https://hal.archives-ouvertes.fr/hal-01419962 Submitted on 20 Dec 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Bypassing IOMMU protection against I/O Attacks Benoˆıt Morgan, Eric´ Alata, Vincent Nicomette, Mohamed Kaanicheˆ LAAS-CNRS, Universite´ de Toulouse, CNRS, INSA, Toulouse, France 7 Avenue du Colonel Roche 31000 Toulouse Email: [email protected], [email protected], [email protected], [email protected] Abstract—Attacks targeting computer systems become more and RAM memory segments. These communication channels and more complex and various. Some of them, so-called I/O raise serious concerns about the security of such architectures, attacks, are performed by malicious peripherals that make read since they open some opportunities to attackers to compromise or write accesses to DRAM memory or to memory embedded in other peripherals, through DMA (Direct Memory Access) the system and hosted applications using some malicious requests. -
Encrypted Execution and You
1 Assured Information Security (@ainfosec) Encrypted Execution and You @JacobTorrey DayCon 9 { October 2015 @JacobTorrey | HARES Outline 2 Introduction Background HARES Details Results Implications Conclusions @JacobTorrey | HARES Amp Up! 3 I was pretty nervous presenting here in front of all of you, luckily one of my idols gave me the courage to stand up here in front of you all! @JacobTorrey | HARES Who am I? 4 I Advising Research Engineer at Assured Information Security (words are my own) I Site lead for Denver, CO office; provides InfoSec strategy consulting I Leads low-level Computer Architectures research group I Plays in Intel privilege rings ≤ 0 I Ultra-runner, ultra-cyclist & mountaineer @JacobTorrey | HARES Overview 5 I Encrypted (non-reversable) execution is coming I HARES provides the ability to execute fully-encrypted binaries with minimal performance impact (~2%) I Intel Software Guard Extensions (SGX) provides support for encrypted enclaves I How will this impact attackers vs. defenders? @JacobTorrey | HARES Impact 6 I Provides a secure execution capability for running sensitive applications in contested environments I Could integrate with cloud-computing offerings to minimize trust placed in cloud provider I Security of solution dependent on encryption, not security-through-obscurity I Provides technology, does not enforce usage based on \morals" @JacobTorrey | HARES Problem Statement 7 I Algorithms exposed to copying or theft I Application code can be used to develop attacks I Code can be reused for unintended purposes (ROP) -
İSTİHBARATIN TEŞKİLATLANMA Ve YÖNETİM SORUNSALI: A.B.D. ÖRNEĞİ
T.C. İSTANBUL ÜNİVERSİTESİ SOSYAL BİLİMLER ENSTİTÜSÜ SİYASET BİLİMİ VE KAMU YÖNETİMİ ANABİLİM DALI YÜKSEK LİSANS TEZİ İSTİHBARATIN TEŞKİLATLANMA ve YÖNETİM SORUNSALI: A.B.D. ÖRNEĞİ Fatih TÜRK 2501110836 TEZ DANIŞMANI DOÇ. DR Pelin Pınar GİRİTLİOĞLU İSTANBUL - 2019 ÖZ İSTİHBARATIN TEŞKİLATLANMA ve YÖNETİM SORUNSALI: A.B.D. ÖRNEĞİ Fatih TÜRK Günümüzde teknolojinin gelişimi ve küreselleşme dünyayı uçtan uca değiştirdi. Toplumlar ve ülkeler birbiri ile etkileşime geçtikçe bireysel özgürlükler ve demokrasi konusunda hassas alanlar giderek artmaktadır. Bu etkileşim ülkelerin güvenliğini ve bireysel özgürlük alanlarınıda etkilemektedir. Bu hızlı değişime karşın ülkeler geçmişin soğuk savaş anlayışı ve güvenlik hassasiyetlerini de aynı zamanda taşımaya devam etmektedirler. Gelişmiş demokrasilere sahip ülkelerin başında gelen Amerika Birleşik Devletleri’nde (ABD) mevcut güvenlik ve istihbarat anlayışı, faaliyetleri ve denetimi işte bu çatışmanın uzun sürede meydana geldiği denge üzerine kuruludur. ABD açısından istihbarat teşkilatlanma süreci yeni problemler, hak arayışları, çatışma ve çözümler doğurmaktadır. Tüm bunların ışığında bu tezin temel amacı istihbarat problemlerini ABD istihbarat teşkilatlanma süreci üzerinden analiz edip karşılaşılan problemleri neden sonuç ilişkisi içerisinde tespit etmektir. Bu çalışmada Amerika Birleşik Devletleri’nde istihbaratın yönetim modeli, teşkilatlanması ve hukuki alt yapısı incelenmiştir. Birinci bölümde kavramsal anlamda istihbarat incelemesi literatüre önemli bir katkı olarak görülebilir. İkinci bölümde -
COMITÉ DE TRANSPARENCIA ACTA DE LA SESIÓN ORDINARIA 17/2020 DEL 28 DE MAYO DE 2020 a Las Trece Horas Del Veintiocho De Mayo De
COMITÉ DE TRANSPARENCIA ACTA DE LA SESIÓN ORDINARIA 17/2020 DEL 28 DE MAYO DE 2020 A las trece horas del veintiocho de mayo de dos mil veinte, participan en la presente sesión a través de medios electrónicos de comunicación, Erik Mauricio Sánchez Medina, Director Jurídico; Víctor Manuel De La Luz Puebla, Director de Seguridad y Organización de la Información; y Rodrigo Villa Collins, Gerente de Análisis y Promoción de Transparencia, en su carácter de integrante suplente del Titular de la Unidad de Transparencia; todos ellos integrantes del Comité de Transparencia de este Instituto Central, así como Sergio Zambrano Herrera, Gerente de Gestión de Transparencia, en su carácter de Secretario de este órgano colegiado, de conformidad con los párrafos segundo, tercero, cuarto y quinto de la Quinta de las Reglas de Operación del Comité de Transparencia del Banco de México, publicadas en el Diario Oficial de la Federación el siete de mayo de dos mil veinte (Reglas). Acto seguido, quien ejerce en este acto las funciones de Secretariado del Comité de Transparencia manifestó que existe quórum para la celebración de la presente sesión, de conformidad con lo previsto en los artículos 43 de la Ley General de Transparencia y Acceso a la Información Pública (LGTAIP); 64, párrafos segundo y tercero, de la Ley Federal de Transparencia y Acceso a la Información Pública (LFTAIP); 83 de la Ley General de Protección de Datos Personales en Posesión de Sujetos Obligados (LGPDPPSO); 4o. del Reglamento Interior del Banco de México (RIBM); así como Quinta y Sexta de las Reglas. Por lo anterior, se procedió en los términos siguientes: ---------------------------------------------------------------------------------------------------------------------------- APROBACIÓN DEL ORDEN DEL DÍA.