DOCSLIB.ORG

Ptrsplit: Supporting General Pointers in Automatic Program Partitioning

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ptrsplit: Supporting General Pointers in Automatic Program Partitioning PtrSplit: Supporting General Pointers in Automatic Program Partitioning Shen Liu Gang Tan Trent Jaeger The Pennsylvania State University The Pennsylvania State University The Pennsylvania State University University Park, PA University Park, PA University Park, PA [email protected] [email protected] [email protected] ABSTRACT these programs are prone to attacks (e.g., attacks enabled by mem- Partitioning a security-sensitive application into least-privileged ory vulnerabilities). For instance, OpenSSH was refactored by Provos components and putting each into a separate protection domain et al. to have unprivileged monitor processes for handling user con- have long been a goal of security practitioners and researchers. nections and one privileged server process [28]. Another example However, a stumbling block to automatically partitioning C/C++ is the microkernel operating-system design, in which a minimum applications is the presence of pointers in these applications. Point- amount of code is kept in the kernel and most OS functionalities ers make calculating data dependence, a key step in program par- are pushed outside. Yet another example is Google’s Chromium titioning, difficult and hard to scale; furthermore, C/C++ pointers browser, which isolates each tab into a sandboxed process [1, 29]. do not carry bounds information, making it impossible to automat- These manual restructuring efforts have significantly improved ically marshall and unmarshall pointer data when they are sent the security of the relevant software; however, they are labor inten- across the boundary of partitions. In this paper, we propose a set of sive and sometimes error-prone. techniques for supporting general pointers in automatic program Several systems [3, 5, 21, 32] have been proposed to apply pro- partitioning. Our system, called PtrSplit, constructs a Program De- gram analysis to separate C/C++ applications automatically into pendence Graph (PDG) for tracking data and control dependencies partitions, from a small number of user annotations about sensitive in the input program and employs a parameter-tree approach for data. These systems demonstrate automatic program partitioning representing data of pointer types; this approach is modular and can be practical. However, one major limitation of these systems is avoids global pointer analysis. Furthermore, it performs selective that they lack good support for pointer data, which are prevalent pointer bounds tracking to enable automatic marshalling/unmar- in C/C++ applications. In particular, shalling of pointer data, even when there is circularity and arbitrary • C-style pointers do not carry bounds information; when aliasing. As a result, PtrSplit can automatically generate executable a pointer needs to be sent across the partition boundary partitions for C applications that contain arbitrary pointers. in an RPC call, marshalling does not know the size of the KEYWORDS underlying buffer and consequently cannot marshall the buffer automatically. Some systems adopt heuristics when Automatic program partitioning; bounds tracking; data marshalling marshalling pointer data (e.g., a “char *” pointer is assumed to point to a null-terminated string); however, programmers 1 INTRODUCTION are often required to write marshalling and unmarshalling code manually for pointer data, especially for pointers that Following the principle of least privilege, privilege separation in point to dynamically allocated buffers. Some systems avoid software refers to separating a software application into multiple the problem by restricting the partitioning algorithm to not partitions, each with its own set of privileges. Partitions are isolated create partitions that require pointer passing; this design, so that the compromise of one partition does not directly lead to the however, limits the flexibility of where partitions can be compromise of other partitions. Function calls between partitions created. are realized by Remote-Procedure Calls (RPCs); data for an RPC • A program-partitioning algorithm needs to reason about are marshalled and sent to the callee, which unmarshalls the data, dependence in a program to decide where to split. When the performs its computation, and sends the result back to the caller. program has pointers, a global pointer analysis is typically Privilege separating programs in low-level, type-unsafe lan- required to understand aliasing and how data flow in mem- guages such as C/C++ is especially beneficial to security because ory. However, global pointer analysis is often complex and does not scale to large programs. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation In this paper, we propose a series of techniques that enable the on the first page. Copyrights for components of this work owned by others than the support of pointers in automatic program partitioning. These tech- author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or niques are implemented and evaluated in a system called PtrSplit. republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. Its major techniques and contributions are as follows: CCS ’17, October 30-November 3, 2017, Dallas, TX, USA © 2017 Copyright held by the owner/author(s). Publication rights licensed to Associa- • Taking source code as input, PtrSplit constructs a static tion for Computing Machinery. Program-Dependence Graph (PDG) for the program. A fea- ACM ISBN 978-1-4503-4946-8/17/10...$15.00 https://doi.org/10.1145/3133956.3134066 ture in PtrSplit’s PDG that distinguishes it from previous PDGs for imperative programs is a technique called parame- with sensitive information and an unprivileged slave process. Pro- ter trees. It provides a modular way of constructing the PDG gramCutter [32] collects a dynamic dependence graph via profiling for a program with pointers; as a result, only an intraproce- and performs graph partitioning to produce partitions that bal- dural pointer analysis is needed, instead of a global pointer ance performance and security using a multi-terminal minimal cut analysis. Our tree representation generalizes the object-tree algorithm. SeCage [21] employs hybrid static/dynamic analysis approach in prior work [19], which discussed a tree repre- to compute a set of functions that can access secrets and isolates sentation for objects in object-oriented languages and did the sensitive partition via hardware virtualization support. Jif/s- not cover pointers at the language level; our system uses the plit [33, 35] automatically partitions a Java source program based tree representation for representing pointers in imperative on security-label annotations and a description of trust relation- languages and deals with circular data structures resulting ships between protection domains. Swift [7] generalizes Jif/split from pointers. for the development of web applications by exploring general al- Based on the PDG, PtrSplit performs a standard reachability- gorithms for improving both security and performance. With the based program-partitioning algorithm that separates the emergence of Trusted Execution Environments (TEEs), there have program into a partition that accesses sensitive data and also been program-partitioning frameworks that target Intel’s SGX a partition for the rest of the code. or ARM’s TrustZone. For instance, Rubinov et al. [30] proposed a • To marshall pointers, PtrSplit instruments the program so static-analysis framework that partitions an Android application that pointers carry bounds information. However, prior work into one component that runs in TrustZone’s secure world and one shows that full pointer bounds tracking incurs significant that runs in TrustZone’s normal world. A similar system called performance overhead. PtrSplit makes the critical observa- Glamdring [20] targets Intel’s SGX. tion that program partitioning does not need full pointer All the aforementioned automatic program partitioning frame- tracking—it is sufficient to track the bounds of pointers that works, either partition programs in languages that do not have cross the partitioning boundary. Therefore, given an arbi- explicit pointers (e.g., Java) or require programmers to manually trary partitioning of the program, PtrSplit computes a set of write marshalling and unmarshalling code for pointer data [5, 32]; pointers that require bounds information and instruments furthermore, data dependence computed by these frameworks that the program to track the bounds of only those pointers. We partition C/C++ application are incomplete in the presence of point- call this selective pointer bounds tracking. ers and can lead to incorrect partitioning results. In contrast, Ptr- • PtrSplit generates code that performs marshalling and un- Split uses a PDG representation that soundly represents pointer marshalling for data sent over an RPC call. This is auto- data as parameter trees, and tracks pointer bounds for automatic matic even for pointer data because all pointers that cross marshalling and unmarshalling without user involvement. the partition boundary carry bounds information. We de- PtrSplit partitions programs so that sensitive data within the scribe a type-based algorithm for performing deep copies of sensitive partition
Load more

Recommended publications
  • CHERI C/C++ Programming Guide
    UCAM-CL-TR-947 Technical Report ISSN 1476-2986 Number 947 Computer Laboratory CHERI C/C++ Programming Guide Robert N. M. Watson, Alexander Richardson, Brooks Davis, John Baldwin, David Chisnall, Jessica Clarke, Nathaniel Filardo, Simon W. Moore, Edward Napierala, Peter Sewell, Peter G. Neumann June 2020 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 https://www.cl.cam.ac.uk/ c 2020 Robert N. M. Watson, Alexander Richardson, Brooks Davis, John Baldwin, David Chisnall, Jessica Clarke, Nathaniel Filardo, Simon W. Moore, Edward Napierala, Peter Sewell, Peter G. Neumann, SRI International This work was supported by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (“CTSRD”) and HR0011-18-C-0016 (“ECATS”). The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government. This work was supported in part by the Innovate UK project Digital Security by Design (DSbD) Technology Platform Prototype, 105694. This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 789108), ERC Advanced Grant ELVER. We also acknowledge the EPSRC REMS Programme Grant (EP/K008528/1), Arm Limited, HP Enterprise, and Google, Inc. Approved for Public Release, Distribution Unlimited. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: https://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 3 Abstract This document is a brief introduction to the CHERI C/C++ programming languages.
    [Show full text]
  • Optimizing the Use of High Performance Software Libraries
    Optimizing the Use of High Performance Software Libraries Samuel Z. Guyer and Calvin Lin The University of Texas at Austin, Austin, TX 78712 Abstract. This paper describes how the use of software libraries, which is preva- lent in high performance computing, can benefit from compiler optimizations in much the same way that conventional computer languages do. We explain how the compilation of these informal languages differs from the compilation of more conventional computer languages. In particular, such compilation requires precise pointer analysis, requires domain-specific information about the library’s seman- tics, and requires a configurable compilation scheme. Finally, we show that the combination of dataflow analysis and pattern matching form a powerful tool for performing configurable optimizations. 1 Introduction High performance computing, and scientific computing in particular, relies heavily on software libraries. Libraries are attractive because they provide an easy mechanism for reusing code. Moreover, each library typically encapsulates a particular domain of ex- pertise, such as graphics or linear algebra, and the use of such libraries allows program- mers to think at a higher level of abstraction. In many ways, libraries are simply in- formal domain-specific languages whose only syntactic construct is the procedure call. This procedural interface is significant because it couches these informal languages in a familiar form, which is less imposing than a new computer language that introduces new syntax. Unfortunately, while libraries are not viewed as languages by users, they also are not viewed as languages by compilers. With a few exceptions, compilers treat each invocation of a library routine the same as any other procedure call.
    [Show full text]
  • SSC Reference Manual SDK 2017-1-17, Version 170
    SSC Reference Manual SDK 2017-1-17, Version 170 Aron Dobos and Paul Gilman January 13, 2017 The SSC (SAM Simulation Core) software library is the collection of simu- lation modules used by the National Renewable Energy Laboratory’s System Advisor Model (SAM). The SSC application programming interface (API) al- lows software developers to integrate SAM’s modules into web and desktop applications. The API includes mechanisms to set input variable values, run simulations, and retrieve values of output variables. The SSC modules are available in pre-compiled binary dynamic libraries minimum system library de- pendencies for Windows, OS X, and Linux operating systems. The native API language is ISO-standard C, and language wrappers are available for C#, Java, MATLAB, Python, and PHP. The API and model implementations are thread- safe and reentrant, allowing the software to be used in a parallel computing environment. This document describes the SSC software architecture, modules and data types, provides code samples, introduces SDKtool, and describes the language wrappers. Contents 2 Contents 1 Overview4 1.1 Framework Description.............................. 4 1.2 Modeling an Energy System........................... 4 2 An Example: Running PVWatts5 2.1 Write the program skeleton ........................... 6 2.2 Create the data container ............................ 6 2.3 Assign values to the module input variables.................. 7 2.4 Run the module.................................. 7 2.5 Retrieve results from the data container and display them.......... 8 2.6 Cleaning up.................................... 8 2.7 Compile and run the C program ........................ 9 2.8 Some additional comments............................ 9 3 Data Variables9 3.1 Variable Names.................................. 10 3.2 Variable Types .................................
    [Show full text]
  • Pygtk 2.0 Tutorial
    PyGTK 2.0 Tutorial John Finlay October 7, 2012 PyGTK 2.0 Tutorial by John Finlay Published March 2, 2006 ii Contents 1 Introduction 1 1.1 Exploring PyGTK . .2 2 Getting Started 5 2.1 Hello World in PyGTK . .7 2.2 Theory of Signals and Callbacks . .9 2.3 Events . 10 2.4 Stepping Through Hello World . 11 3 Moving On 15 3.1 More on Signal Handlers . 15 3.2 An Upgraded Hello World . 15 4 Packing Widgets 19 4.1 Theory of Packing Boxes . 19 4.2 Details of Boxes . 20 4.3 Packing Demonstration Program . 22 4.4 Packing Using Tables . 27 4.5 Table Packing Example . 28 5 Widget Overview 31 5.1 Widget Hierarchy . 31 5.2 Widgets Without Windows . 34 6 The Button Widget 35 6.1 Normal Buttons . 35 6.2 Toggle Buttons . 38 6.3 Check Buttons . 40 6.4 Radio Buttons . 42 7 Adjustments 45 7.1 Creating an Adjustment . 45 7.2 Using Adjustments the Easy Way . 45 7.3 Adjustment Internals . 46 8 Range Widgets 49 8.1 Scrollbar Widgets . 49 8.2 Scale Widgets . 49 8.2.1 Creating a Scale Widget . 49 8.2.2 Methods and Signals (well, methods, at least) . 50 8.3 Common Range Methods . 50 8.3.1 Setting the Update Policy . 50 8.3.2 Getting and Setting Adjustments . 51 8.4 Key and Mouse Bindings . 51 8.5 Range Widget Example . 51 9 Miscellaneous Widgets 57 9.1 Labels . 57 9.2 Arrows . 60 9.3 The Tooltips Object .
    [Show full text]
  • A Proposal for a Revision of ISO Modula-2 2
    A Proposal for a Revision of ISO Modula-2 Benjamin Kowarsch, Modula-2 Software Foundation ∗ May 2020 (arXiv.org preprint) Abstract The Modula-2 language was first specified in [Wir78] by N. Wirth at ETH Z¨urich in 1978 and then revised several times. The last revision [Wir88] was published in 1988. The resulting language reports included ambiguities and lacked a comprehensive standard library. To resolve the ambiguities and specify a comprehensive standard library an ISO/IEC working group was formed and commenced work in 1987. A base standard was then ratified and published as IS 10514-1 in 1996 [JTC96]. Several conforming compilers have since been developed. At least five remain available of which at least three are actively maintained and one has been open sourced. Meanwhile, various deficiencies of the standard have become apparent but since its publication, no revision and no maintenance has been carried out. This paper discusses some of the deficiencies of IS 10514-1 and proposes a limited revision that could be carried out with moderate effort. The scope of the paper has been deliberately limited to the core language of the base standard and therefore excludes the standard library. 1 ISO/IEC Standardisation [II20] describes ISO/IEC standardisation procedures, summarised in brief below. 1.1 Organisational Overview The International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) operate a joint technical committee (JTC1) to develop, publish and maintain information technology standards. JTC1 is organised into subcommittees (SC) and working groups (WG). The subcommittee for programming languages is JTC1/SC22. The working group that developed the ISO Modula-2 standard was JTC1/SC22/WG13.
    [Show full text]
  • Finding What C++ Lost: Tracking Referent Objects with GCC
    MEng Project Report Finding What C++ Lost: Tracking Referent Objects with GCC Alexander Lamaison Department of Computing Imperial College London <[email protected]> Supervisor: Paul H. J. Kelly <[email protected]> 16th June 2007 ii Abstract Pointer arithmetic in C and C++, though powerful, is inherently dangerous and a constant source of program flaws. Technologies exist to reduce these risks, one of which is Mudflap: an extension to GCC 4 that performs runtime bounds-checking. This has an number of weak- nesses, notably its inability to detect the case of pointers that stray between objects allocated adjacently. We have created MIRO, an improved version which uses the stricter approach of referent object tracking. As well as increasing the effectiveness of the checking, this allows us to provide more useful debugging information when violations occur. It requires no changes to existing C and C++ programs including non-compliant, but common, calculations involving invalid pointer values. Code compiled with MIRO can be mixed freely with unchecked code combining safety with performance and reducing the threshold to adoption. Acknowledgements I would like to thank, firstly, my supervisor and mentor Paul Kelly for guiding me through this project as well as the last four years of study and for always listening to my ramblings without complaint. Steven Lovegrove, my friend, in particular for helping me track down the source of the C++ STL problem but for help with many other problems too. Also John Wilander, Mariam Kamkar, Michael Zhivich, Tim Leek and Richard Lippmann for kindly donating the source code to their testbeds that were so invaluable throughout this project.
    [Show full text]
  • TCG TSS 2.0 TPM Command Transmission Interface (TCTI) API Specification
    TCG TSS 2.0 TPM Command Transmission Interface (TCTI) API Specification Family "2.0" Version 1.0, Revision 12 8 April 2019 Contact: [email protected] TCG PUBLISHED Copyright © TCG 2019 TCG Disclaimers, Notices, and License Terms Copyright Licenses: Trusted Computing Group (TCG) grants to the user of the source code in this specification (the “Source Code”) a worldwide, irrevocable, nonexclusive, royalty free, copyright license to reproduce, create derivative works, distribute, display and perform the Source Code and derivative works thereof, and to grant others the rights granted herein. The TCG grants to the user of the other parts of the specification (other than the Source Code) the rights to reproduce, distribute, display, and perform the specification solely for the purpose of developing products based on such documents. Source Code Distribution Conditions: Redistributions of Source Code must retain the above copyright licenses, this list of conditions and the following disclaimers. Redistributions in binary form must reproduce the above copyright licenses, this list of conditions and the following disclaimers in the documentation and/or other materials provided with the distribution. Disclaimers: THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. Contact TCG Administration ([email protected]) for information on specification licensing rights available through TCG membership agreements. THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.
    [Show full text]
  • Abstract Data Types (Adts), After More on the Heap Preparing for The
    Preparing for the Midterm Exam • Exam logistics o Date/time: Thursday October 26 in lecture o Open books, open notes, open mind, but not open laptop/PDA Abstract Data Types (ADTs), o Covering material from lecture, precept, and reading, but not tools After More on the Heap • Preparing for the midterm o Lecture and precept materials available online o Course textbooks, plus optional books on reserve Prof. David August o Office hours and the course listserv o Old midterm exams on the course Web site COS 217 1 2 A Little More About the Heap… Example: Read a Line (or URL) • Memory layout of a C program • Write a function that reads a word from stdin o Text: code, constant data o Read from stdin until encountering a space, tab, ‘\n’, or EOF o Data: initialized global & static variables o Output a pointer to the sequence of characters, ending with ‘\0’ BSS: uninitialized global & static variables 0 o Text • Example code (very, very buggy) o Heap: dynamic memory Stack: local variables Data o #include <stdio.h> • Purpose of the heap BSS o Memory allocated explicitly by the programmer Heap int main(void) { o Using the functions malloc and free char* buf; • But, why would you ever do this??? scanf(“%s”, buf); o Glutton for punishment??? printf(“Hello %s\n”, buf); return 0; } Stack 0xffffffff 3 4 Problem: Need Storage for String Problem: Input Longer Than Array • Improving the code • Improving the code o Allocate storage space for the string o Don’t allow input that exceeds the array size Example: define an array o • Example (better, but not perfect)
    [Show full text]
  • CPSC 213: Assignment 7
    CPSC 213: Assignment 7 Due: Monday, March 12, 2012 at 6pm. Late assignments are accepted until Wednesday, March 14 at 6pm with a 25% penalty per day (or fraction of a day) past the due date. This rule is strictly applied and there are no exceptions. Goal In this assignment you will investigate interrupts and asynchronous programming by reading and modifying a program that uses signals to trigger asynchronous actions. This assignment is closely modeled on the asynchronous disk read example discussed in the lecture and gives you a chance to experience this sort of programming first hand, using a software environment that mimics hardware interrupts. Interrupts, Signals and Asynchronous Programming Included with this assignment is a small C program called async.c. This program uses a Unix OS feature called “signals” to mimic hardware interrupts. In the boot procedure, the program registers interruptServiceRoutine as a signal handler for the SIGALRM signal and then tells the OS to deliver this signal to the program once every second. The program includes a method called doAsync that schedules an asynchronous event, sort of like a disk-read request. These events complete in order, one at a time, each time the SIGALRM is delivered to the program. The doAsync procedure enqueues events on a circular completion queue and interruptServiceRoutine dequeues these completion events when SIGALRMs arrive and delivers the completion by calling the completion routine with two parameters, a pointer and an int, whose meaning is determined by the completion routine. You will note the use of the type void*. This type is called an “opaque pointer” and is used to store pointers of any type.
    [Show full text]
  • DDL: Extending Dynamic Linking for Program Customization, Analysis, and Evolution
    DDL: Extending Dynamic Linking for Program Customization, Analysis, and Evolution Sumant Tambe Navin Vedagiri Naoman Abbas Jonathan E. Cook Department of Computer Science New Mexico State University Las Cruces, NM 88003 USA [email protected] Abstract methods, global data) to the runtime of the program. While new software languages and environments An extra module, the dynamic linker, is loaded with have moved towards richer introspective and manip- the program, and accomplishes the dynamic link- ulatable runtime environments, there is still much ing necessary for the program to complete its execu- traditional software that is compiled into platform- tion. Since symbols are not yet bound, a dynamic specific executables and runs in a context that does linker could allow a tool builder access to the bind- not easily offer such luxuries. Yet even in these ing operation, and allow the tool to take a variety environments, mechanisms such as dynamic link li- of actions. Inserting wrappers for tracing, security, braries do offer the potential of building more con- assertion checks, and many other uses ought to be trol over the deployed and running system, and can possible. Redirecting a binding to another symbol offer opportunities for supporting dynamic evolu- should be supported. Even run-time modification tion of such systems. Indeed, the basic dynamic of bindings should be possible. All of this is feasible linking mechanisms can be exploited to offer a rich without any modification or translation of the object component-based execution environment. code of the application. In this paper, we present our initial explorations Current dynamic linkers do allow rudimentary into building such support.
    [Show full text]
  • TCG Published
    TSS System Level API and TPM Command Transmission Interface Specification Family "2.0" Level 00, Revision 01.00 26 January 2015 Contact: [email protected] TCG Published TCG Copyright © TCG 2013 - 2015 Family "2.0" TSS System Level API and TCTI Specification Disclaimers, Notices, and License Terms THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Without limitation, TCG disclaims all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification and to the implementation of this specification, and TCG disclaims all liability for cost of procurement of substitute goods or services, lost profits, loss of use, loss of data or any incidental, consequential, direct, indirect, or special damages, whether under contract, tort, warranty or otherwise, arising in any way out of use or reliance upon this specification or any information herein. This document is copyrighted by Trusted Computing Group (TCG), and no license, express or implied, is granted herein other than as follows: You may not copy or reproduce the document or distribute it to others without written permission from TCG, except that you may freely do so for the purposes of (a) examining or implementing TCG specifications or (b) developing, testing, or promoting information technology standards and best practices, so long as you distribute the document with these disclaimers, notices, and license terms. Contact the Trusted Computing Group at www.trustedcomputinggroup.org for information on specification licensing through membership agreements.
    [Show full text]
  • Public Review
    TCG TSS 2.0 TPM Command Transmission Interface (TCTI) API Specification Family "2.0" Version 1.0 Revision 17 19 August 2019 Copyright © TCG 2013-2019 Contact: [email protected] Work in Progress This document is an intermediate draft for comment only and is subject to change without notice. Readers should not design products based on this document. TCG PUBLIC REVIEW TCG TSS 2.0 TPM Command Transmission Interface (TCTI) API Specification Disclaimers, Notices, and License Terms Copyright Licenses: • Trusted Computing Group (TCG) grants to the user of the source code in this specification (the “Source Code”) a worldwide, irrevocable, nonexclusive, royalty free, copyright license to reproduce, create derivative works, distribute, display and perform the Source Code and derivative works thereof, and to grant others the rights granted herein. • The TCG grants to the user of the other parts of the specification (other than the Source Code) the rights to reproduce, distribute, display, and perform the specification solely for the purpose of developing products based on such documents. Source Code Distribution Conditions: • Redistributions of Source Code must retain the above copyright licenses, this list of conditions and the following disclaimers. • Redistributions in binary form must reproduce the above copyright licenses, this list of conditions and the following disclaimers in the documentation and/or other materials provided with the distribution. Disclaimers: • THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.
    [Show full text]