Nighthawk: Transparent System Introspection from Ring -3
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Intel's SL Enhanced Intel486(TM) Microprocessor Family
Intel's SL Enhanced Intel486(TM) Microprocessor Family http://www.intel.com/design/intarch/applnots/7014.htm Intel's SL Enhanced Intel486(TM) Microprocessor Family Intel's SL Enhanced Intel486™ Microprocessor Family Technical Backgrounder June 1993 Intel's SL Enhanced Intel486™ Microprocessor Family With the announcement of the SL Enhanced Intel486™ microprocessor family, Intel Corporation brings energy efficiency to its entire line of Intel486™ microprocessors. SL Technology, originally developed for mobile PCs, now provides superior power-management features for desktop computer systems. Such energy-efficient systems will be designed to meet or exceed the Energy Star guidelines set by the Environmental Protection Agency. The EPA's Energy Star program is aimed at reducing power consumption of desktop computer systems, thereby reducing their impact on the environment. In addition, SL Enhanced Intel486™ microprocessors will enable a new class of notebook systems -- high-performance Intel486™ DX2 CPU-based notebooks with color displays that do not sacrifice battery life. The SL Enhanced Intel486™ microprocessor family is available in a complete range of price/performance, package and voltage options. This flexibility allows PC makers to develop products that meet the mobile and desktop needs of all their customers in the mobile and desktop markets, from low-cost, entry-level Intel486™ SX microprocessor-based systems to high-performance, high-end Intel486™ DX2 microprocessor-based systems. Since the SL Technology in SL Enhanced Intel486™ microprocessors is the same as in Intel SL CPUs, computer manufacturers with prior experience developing systems based on existing SL BIOS will be able to incorporate System Management Mode's (SMM) power-management features into new systems. -
Iocheck: a Framework to Enhance the Security of I/O Devices at Runtime
IOCheck: A Framework to Enhance the Security of I/O Devices at Runtime Fengwei Zhang Center for Secure Information Systems George Mason University Fairfax, VA 22030 [email protected] Abstract—Securing hardware is the foundation for implement- Management Mode (SMM), a CPU mode in the x86 archi- ing a secure system. However, securing hardware devices remains tecture, to quickly check the integrity of I/O configurations an open research problem. In this paper, we present IOCheck, and firmware. Unlike previous systems [11], [12], IOCheck a framework to enhance the security of I/O devices at runtime. enumerates all of the I/O devices on the motherboard, and It leverages System Management Mode (SMM) to quickly check checks the integrity of their corresponding configurations and the integrity of I/O configurations and firmware. IOCheck does not rely on the operating system and is OS-agnostic. In our firmware. IOCheck does not rely on the operating system, preliminary results, IOCheck takes 4 milliseconds to switch to which significantly reduces the Trust Computing Base (TCB). SMM which introduces low performance overhead. In addition, IOCheck is able to achieve better performance compared to TXT or SVM approaches. For example, the SMM Keywords—Integrity, Firmware, I/O Configurations, SMM switching time is much faster than the late launch method in Flicker [10], [13]. We will demonstrate that IOCheck is able to check the integrity of array of I/O devices including the BIOS, I. INTRODUCTION IOMMU, network card, video card, keyboard, and mouse. With the increasing complexity of hardware devices, Contributions. The purpose of this work is to make the firmware functionality is expanding, exposing new vulner- following contributions: abilities to attackers. -
Inspecting Data from the Safety of Your Trusted Execution Environment
Inspecting data from the safety of your trusted execution environment John Williams johnwwil [at] u.washington.edu June, 2015 Abstract: This paper presents a proof of concept that uses ARM TrustZone to perform introspection of a Linux kernel running in the normal world from within a secure-world system. Techniques from existing volatile-memory analysis applications are repurposed for application in real-time through asynchronous introspection of the normal world. The solution presented here leverages open-source software that is actively being developed to support additional architectures. 1 INTRODUCTION As technology becomes more prevalent in our day-to-day lives, we increasingly rely on mobile devices for both business and personal purposes. Emerging security threats, such as rootkits that can scan memory for protected PCI information, have been responsible for large-scale breaches. It has been predicted that targeted exploit kits and attack services will soon exist for mobile platforms, which could enable the exploitation of mobile devices on an unprecedented scale [1]. Techniques for mitigating such threats to mobile devices have largely evolved in parallel with industry demand for them. While some companies have indeed made progress through continued addition of product features that increase the security of devices, other companies have simply pivoted their marketing efforts to emphasize or recast certain aspects of their existing capabilities. In order to select the right products and features for protecting sensitive data and activities, effective segmentation is key. While segmentation within devices has traditionally been implemented at the operating system level, in recent years architectural modification at the chip level has emerged as a way to provide hard segmentation between execution environments. -
Leveraging ARM Trustzone and Verifiable Computing to Provide Auditable Mobile Functions Nuno O
Leveraging ARM TrustZone and Verifiable Computing to Provide Auditable Mobile Functions Nuno O. Duarte Sileshi Demesie Yalew INESC-ID / IST, University of Lisbon KTH Royal Institute of Technology [email protected] [email protected] Nuno Santos Miguel Correia INESC-ID / IST, University of Lisbon INESC-ID / IST, University of Lisbon [email protected] [email protected] ABSTRACT 1 INTRODUCTION The increase of personal data on mobile devices has been fol- For over 30 years [5], an important problem that has fasci- lowed by legislation that forces service providers to process nated the research community is about trusting the result of and maintain users’ data under strict data protection policies. computations performed on untrusted platforms. Since the In this paper, we propose a new primitive for mobile applica- advent of cloud computing, this interest has further grown tions called auditable mobile function (AMF) to help service in obtaining proofs of code execution on untrusted clouds. providers enforcing such policies by enabling them to process An approach to address this problem that has garnered sensitive data within users’ devices and collecting proofs of particular attention is verifiable computing. At a high-level, function execution integrity. We present SafeChecker, a com- verifiable computing consists of studying how a prover can putation verification system that provides mobile application convince a verifier of a mathematical assertion. The main support for AMFs, and evaluate the practicality of different obstacle faced by this field has been practicality, as the costs usage scenario AMFs on TrustZone-enabled hardware. of computing and verifying proofs over general computa- tions tend to be very high [21]. -
Coreboot - the Free Firmware
coreboot - the free firmware vimacs <https://vimacs.lcpu.club> Linux Club of Peking University May 19th, 2018 . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 1 / 77 License This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/. You can find the source code of this presentation at: https://git.wehack.space/coreboot-talk/ . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 2 / 77 Index 1 What is coreboot? History Why use coreboot 2 How coreboot works 3 Building and using coreboot Building Flashing 4 Utilities and Debugging 5 Join the community . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 3 / 77 Index 6 Porting coreboot with autoport ASRock B75 Pro3-M Sandy/Ivy Bridge HP Elitebooks Dell Latitude E6230 7 References . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 4 / 77 1 What is coreboot? History Why use coreboot 2 How coreboot works 3 Building and using coreboot Building Flashing 4 Utilities and Debugging 5 Join the community . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 5 / 77 What is coreboot? coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology. The word ’coreboot’ should always be written in lowercase, even at the start of a sentence. vimacs (LCPU) coreboot - the free firmware May 19th, 2018 6 / 77 History: from LinuxBIOS to coreboot coreboot has a very long history, stretching back more than 18 years to when it was known as LinuxBIOS. -
Trusted Computing Serving an Anonymity Service
Trusted Computing Serving an Anonymity Service Alexander Böttcher Bernhard Kauer Hermann Härtig Technische Universität Dresden Department of Computer Science Operating Systems Group {boettcher, kauer, haertig}@os.inf.tu-dresden.de Abstract [15] in the authors’ group, will show. An unknown crim- inal to be investigated was supposed to use an anonymity We leveraged trusted computing technology to service. The police and later on the German Federal Bu- counteract certain insider attacks. Furthermore, we reau of Criminal Investigation (FBCI) required to investi- show with one of the rare server based scenarios that gate a criminal that uses a known URL. In order to enable an anonymity service can profit from trusted comput- criminal prosecution by a given warrant the software was ing. We based our design on the Nizza Architecture extended to log connection data [6, 5]. This function of [14] with its small kernel and minimal multi-server the anonymity software [3] was used only with a warrant OS. We even avoided Nizza’s legacy container and but without directly notifying the users. After the warrant got a much smaller, robust and hopefully more secure was reversed the FBCI showed up with a delivery warrant system, since we believe that minimizing the trusted for a log record (which were later on reversed illegal [4]), computing base is an essential requirement for trust first at the institute and later on at the institute’s directors into software. private home. This incident shows a whole class of attacks on the 1 Introduction anonymity and more general every computing service. Vendor and providers under constraint can reveal the ser- Anonymity while using the Internet is widely considered vice because of insider knowledge and physical access a legitimate and - for many use cases - essential require- to those services. -
The Nizza Secure-System Architecture
Appears in the proceedings of CollaborateCom 2005, San Jose, CA, USA The Nizza Secure-System Architecture Hermann Härtig Michael Hohmuth Norman Feske Christian Helmuth Adam Lackorzynski Frank Mehnert Michael Peter Technische Universität Dresden Institute for System Architecture D-01062 Dresden, Germany [email protected] Abstract rely on a standard OS (including the kernel) to assure their security properties. The trusted computing bases (TCBs) of applications run- To address the conflicting requirements of complete ning on today’s commodity operating systems have become functionality and the protection of security-sensitive data, extremely large. This paper presents an architecture that researchers have devised system architectures that reduce allows to build applications with a much smaller TCB. It the system’s TCB by running kernels in untrusted mode is based on a kernelized architecture and on the reuse of in a secure compartment on top of a small security kernel; legacy software using trusted wrappers. We discuss the de- security-sensitive services run alongside the OS in isolated sign principles, the architecture and some components, and compartments of their own. This architecture is widely re- a number of usage examples. ferred to as kernelized standard OS or kernelized system. In this paper, we describe Nizza, a new kernelized- system architecture. In the design of Nizza, we set out to answer the question of how small the TCB can be made. 1 Introduction We have argued in previous work that the (hardware and software) technologies needed to build small secure-system Desktop and hand-held computers are used for many platforms have become much more mature since earlier at- functions, often in parallel, some of which are security tempts [8]. -
Embedded Intel486™ Processor Hardware Reference Manual
Embedded Intel486™ Processor Hardware Reference Manual Release Date: July 1997 Order Number: 273025-001 The embedded Intel486™ processors may contain design defects known as errata which may cause the products to deviate from published specifications. Currently characterized errata are available on request. Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or oth- erwise, to any intellectual property rights is granted by this document. Except as provided in Intel’s Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel retains the right to make changes to specifications and product descriptions at any time, without notice. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an ordering number and are referenced in this document, or other Intel literature, may be obtained from: Intel Corporation P.O. Box 7641 Mt. Prospect, IL 60056-7641 or call 1-800-879-4683 or visit Intel’s web site at http:\\www.intel.com Copyright © INTEL CORPORATION, July 1997 *Third-party brands and names are the property of their respective owners. CONTENTS CHAPTER 1 GUIDE TO THIS MANUAL 1.1 MANUAL CONTENTS .................................................................................................. -
Sok: Hardware Security Support for Trustworthy Execution
SoK: Hardware Security Support for Trustworthy Execution Lianying Zhao1, He Shuang2, Shengjie Xu2, Wei Huang2, Rongzhen Cui2, Pushkar Bettadpur2, and David Lie2 1Carleton Universityz, Ottawa, ON, Canada 2University of Toronto, Toronto, ON, Canada Abstract—In recent years, there have emerged many new hard- contribute to lowering power consumption, which is critical ware mechanisms for improving the security of our computer for resource-constrained devices. systems. Hardware offers many advantages over pure software Furthermore, hardware is the Root of Trust (RoT) [48], as approaches: immutability of mechanisms to software attacks, better execution and power efficiency and a smaller interface it bridges the physical world (where human users reside) and allowing it to better maintain secrets. This has given birth to the digital world (where tasks run as software). To securely a plethora of hardware mechanisms providing trusted execution perform a task or store a secret, the user trusts at least part of environments (TEEs), support for integrity checking and memory the computer hardware. safety and widespread uses of hardware roots of trust. Dedicated hardware security support has seen its prolif- In this paper, we systematize these approaches through the lens eration since the early days of computers. It can take a of abstraction. Abstraction is key to computing systems, and the interface between hardware and software contains many abstrac- straightforward form as discrete components to assist the tions. We find that these abstractions, when poorly designed, can CPU, ranging from the industrial-grade tamper-responding both obscure information that is needed for security enforcement, IBM Cryptocards (e.g., 4758 [37]), Apple’s proprietary secure as well as reveal information that needs to be kept secret, leading enclave processor (SEP [84]) for consumer electronics, to the to vulnerabilities. -
Reducing TCB Size by Using Untrusted Components — Small Kernels Versus Virtual-Machine Monitors
To be published in Proceedings of the 11th ACM SIGOPS European Workshop, Leuven, Belgium, 2004 Reducing TCB size by using untrusted components — small kernels versus virtual-machine monitors Michael Hohmuth Michael Peter Hermann Hartig¨ Jonathan S. Shapiro Technische Universitat¨ Dresden Johns Hopkins University Department of Computer Science Department of Computer Science Operating Systems Group Systems Research Laboratory hohmuth,peter,haertig ¡ @os.inf.tu-dresden.de [email protected] Abstract tems, such as message passing and memory sharing, the overall size of the TCB (which includes all components an Secure systems are best built on top of a small trusted oper- application relies on) can actually be reduced for a large class ating system: The smaller the operating system, the easier it of applications. can be assured or verified for correctness. Another assumption we address in this paper is that all In this paper, we oppose the view that virtual-machine components on which an application has operational depen- monitors (VMMs) are the smallest systems that provide se- dencies must be in this application’s TCB. This presumption cure isolation because they have been specifically designed leads to the unnecessary inclusion of many (protocol and de- to provide little more than this property. The problem with vice) drivers into the TCB. this assertion is that VMMs typically do not support inter- The basic idea for reducing TCB size is to extract sys- process communication, complicating the use of untrusted tem components from the TCB and consider them as un- components inside a secure systems. trusted without violating the security requirements of user We propose extending traditional VMMs with features for applications. -
A MICROCHIP TECHNOLOGY INC. PUBLICATION Intruder Proof
A MICROCHIP TECHNOLOGY INC. PUBLICATION SEPT/OCT 2015 Intruder Proof Driving the 8-bit Bidirectional 6 19 MCU Evolution 27 IoT A MICROCHIP TECHNOLOGY INC. PUBLICATION SEPT/OCT 2015 COVER STORY NEW TOOLS Driving the 8-bit MCU Evolution 4 Satisfy Your Curiosity 19 New Development Board Provides Cost-Effective and Fully Integrated Entry into Designing with Microchip’s 8-bit PIC® Microcontrollers TECHNOLOGY 21 MOST® Technology in the News NEW PRODUCTS 6 Intruder Proof Latest Family of eXtreme Low Power PIC Microcontrollers DESIGN CORNER Offers Double the Flash Memory and New Security Options 23 Tired of Embedded Design Bottlenecks? 8 More to Love New Additions to Popular PIC32MX and PIC32MZ 25 Overcoming a Noisy World Families Offer Wide Variety of Features for Designers of Next-Generation Embedded Systems 27 Bidirectional IoT 10 A Connector Revolution 29 Blast Off! Cost-Effective UTC2000 Supports Radically Updated USB-C™ Connector 32 Defying the Odds 11 Seamless Migration New Family of Highly Configurable, Low-Power Embedded DEV TOOL DEALS Controllers Allows Mobile Computing Designers to Easily A Harvest of Savings Reuse IP Across Multiple x86 Platforms 22 13 Advanced Industrial Connectivity Enhanced Industrial Ethernet Switches Feature IEEE 1588-2008 Precision Time Protocol and Low-Power Options Is it Hot in Here? 15 contents Save Design Effort, Space and Cost with the New MCP9600 Integrated Thermocouple to Degrees Celsius Converter 17 Simple Solution Industry’s First MOST150 Coaxial Transceiver Enables Powerful, Robust and Cost-Efficient Automotive Infotainment Networks The Microchip name and logo, the Microchip logo, dsPIC, FlashFlex, KEELOQ, KEELOQ logo, MOST, MPLAB, mTouch, PIC, PICmicro, PICSTART, PIC32 logo, rfPIC, SST, SST Logo, SuperFlash and UNI/O are registered trademarks of Microchip Technology Incorporated in the U.S.A. -
Trusted Computer System Evaluation Criteria
DoD 5200.28-STD Supersedes CSC-STD-00l-83, dtd l5 Aug 83 Library No. S225,7ll DEPARTMENT OF DEFENSE STANDARD DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA DECEMBER l985 December 26, l985 Page 1 FOREWORD This publication, DoD 5200.28-STD, "Department of Defense Trusted Computer System Evaluation Criteria," is issued under the authority of an in accordance with DoD Directive 5200.28, "Security Requirements for Automatic Data Processing (ADP) Systems," and in furtherance of responsibilities assigned by DoD Directive 52l5.l, "Computer Security Evaluation Center." Its purpose is to provide technical hardware/firmware/software security criteria and associated technical evaluation methodologies in support of the overall ADP system security policy, evaluation and approval/accreditation responsibilities promulgated by DoD Directive 5200.28. The provisions of this document apply to the Office of the Secretary of Defense (ASD), the Military Departments, the Organization of the Joint Chiefs of Staff, the Unified and Specified Commands, the Defense Agencies and activities administratively supported by OSD (hereafter called "DoD Components"). This publication is effective immediately and is mandatory for use by all DoD Components in carrying out ADP system technical security evaluation activities applicable to the processing and storage of classified and other sensitive DoD information and applications as set forth herein. Recommendations for revisions to this publication are encouraged and will be reviewed biannually by the National Computer Security Center through a formal review process. Address all proposals for revision through appropriate channels to: National Computer Security Center, Attention: Chief, Computer Security Standards. DoD Components may obtain copies of this publication through their own publications channels.