Dartmouth College Dartmouth Digital Commons Dartmouth College Ph.D Dissertations Theses and Dissertations 5-1-2020 Defense in Depth of Resource-Constrained Devices Ira Ray Jenkins Dartmouth College Follow this and additional works at: https://digitalcommons.dartmouth.edu/dissertations Part of the Computer Sciences Commons Recommended Citation Jenkins, Ira Ray, "Defense in Depth of Resource-Constrained Devices" (2020). Dartmouth College Ph.D Dissertations. 59. https://digitalcommons.dartmouth.edu/dissertations/59 This Thesis (Ph.D.) is brought to you for free and open access by the Theses and Dissertations at Dartmouth Digital Commons. It has been accepted for inclusion in Dartmouth College Ph.D Dissertations by an authorized administrator of Dartmouth Digital Commons. For more information, please contact [email protected]. Defense in Depth of Resource-Constrained Devices Dartmouth Computer Science Technical Report TR2020-879 A Thesis Submitted to the Faculty in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science by Ira Ray Jenkins Guarini School of Graduate and Advanced Studies Dartmouth College Hanover, New Hampshire May 2020 Examining Committee: (chair) Sean W. Smith Sergey Bratus Xia Zhou Guerney D. H. Hunt F. Jon Kull, Ph.D. Dean of the Guarini School of Graduate and Advanced Studies c 2020 Ira Ray Jenkins Abstract The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-const- rained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the con- sumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a mul- titude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers’ homes and industrial settings. From smart toast- ers and personal health monitors to industrial controls in energy deliv- ery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet- connected things are highly valuable and vulnerable targets for exploita- tion. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to pre- venting and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure mem- ory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware–software stack, we seek to establish a trustworthy system that extends from power-on through application runtime. ii Acknowledgments This work represents seven years of foot-dragging and kicking at the goads: mental toil, insomnia, emotional conflict, and perseverance. However, the effort is not mine alone, but rests upon a foundation built by countless others, for me, over the last three decades. A wholly separate dissertation would be required to thank everyone who has supported, encouraged, and contributed to this work and my success through the years. I can only express my sincere gratitude and continuing debt. However, there are those, without which this could not have been accomplished, who deserve abounding thanks for their help. Chief among these is my advisor, Sean Smith, for asking me to TA for him during our first meeting, adopting me into the Trust Lab, and for his assistance, instruction, and willingness to indulge my ideas. Sean is an exceptional advisor but a better human being. He has shown me that it is possible to be intelligent, humble, curious, gracious, as well as faithful. I would also like to express my most profound appreciation to the other members of my committee—Sergey Bratus, Xia Zhou, and Guerney Hunt—for their patience, support, and thoughtful advice. A special thanks to Sergey for inviting me into the Trust Lab and the world of security research. Aside from the many Russian parables, Sergey introduced me to the hacker community and culture, sent me all over the world, and taught me that plenty of good folks make significant security contributions outside of the ivory tower. My graduate studies have blessed me with remarkable mentors. I am deeply in- debted to Charles and Elaine Palmer for their personal interest and great faith in me. Charles has become like a Southern uncle to me in the frigid North. His wisdom, encouragement, and backing have been indispensable to my pursuits. Elaine opened the door for my two internships at IBM’s Thomas J. Watson Research Center. Her knowledge and supervision were instrumental in substantial portions of this thesis. iii I am also grateful to the excellent researchers with which I worked in the Systems and Cloud Security group—particularly, Kenneth Goldman, David Safford, and Mimi Zohar—for many great conversations, debates, and ideas. During my time at Dartmouth and in the Trust Lab, I have had the privilege and honor of working with excellent and talented colleagues and, now, several gener- ations of labbies—Anya Shubina, Peter Johnson, Rebecca Shapiro, Jason Reeves, Ryan Speers, Vijay Kothari, Prashant Anantharaman, Pete Brady, and numerous others, including those outside the lab, like Travis Goodspeed and Jacob Torrey. I am particularly grateful to Tim Pierson as a dependable wingman, champion of my ideas and abilities, as well as a friend. I appreciate all of the yak shaving, grousing, commiserating, and pontificating that we all shared. My work has been made better through their insights and collaborations. I also want to thank Bill Nisen and the Institute for Security, Technology, and Society for facilitating the many lab lunches, lectures, and discussions that contributed to my nourishment and edification. I am tremendously thankful for the Dartmouth Woodshop and the (probably too much) time I spent there. Greg Elder and Janet Collins provided the tools and knowledge I needed to furnish my home, as well as realize and sustain a creative passion outside of research. To my lifelong friends—Mark Hodge, Chuck Bryant, and Trey Paul—maybe we should have played less, but I could not ask for more. Most of all, to my family, I cannot begin to express my gratitude for the years of love, encouragement, prayers, and laughs. To Nana Bo, the surest of hind catchers, I can never repay all she has given. My sons, Judah and Sweet Baby J, have taught me a love I did not know and given me a reason I could not imagine. Lastly, my wife Candice endured the trials of graduate school by my side with an indomitable grace and faith in me when I had none. She deserves all the honor worthy of her sacrifices because, without her, none of this would have been possible. I love you all. This research was supported in part by the United States Department of Energy Office of Electricity Delivery and Energy Reliability and the Department of Homeland Security Science and Technology Directorate under Award Numbers DE-OE0000097 and DE-OE0000780. The views and opinions of the authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof. iv Contents Abstract ii Acknowledgments iii List of Figures viii List of Tables x List of Code xi 1 Introduction 1 1.1 Contributions . .3 1.2 Outline . .4 1.3 Previous Publications . .5 1.4 Prerequisites . .6 2 Background 9 2.1 Introduction . .9 2.2 System Security . 11 2.3 Defense in Depth . 17 2.4 Trusted Computing . 18 2.5 Laws and Regulations . 22 2.6 Conclusions . 27 3 Secure Boot 28 3.1 Introduction . 28 3.2 Related Work . 29 3.2.1 Bootstrapping . 29 3.2.2 Pre-boot Vulnerabilities . 30 v 3.2.3 Secure Boot . 31 3.2.4 Trusted Platform Module . 35 3.3 OpenPOWER Bootstrapping . 37 3.3.1 Security Domains . 40 3.3.2 Firmware Secure Boot on OpenPOWER . 41 3.4 Secure Boot Without Secure Memory . 42 3.4.1 OS Secure Boot Key Management . 43 3.5 Conclusions . 50 4 Remote Attestation 51 4.1 Introduction . 51 4.2 Background . 52 4.2.1 Trusted Computing . 52 4.2.2 Blockchain . 53 4.2.3 IoT Challenges . 55 4.3 Distributed Attestation via Blockchain . 56 4.3.1 System Model . 56 4.3.2 Threat Model . 56 4.3.3 System Design . 57 4.3.4 Use Cases . 60 4.4 Implementation . 62 4.5 Evaluation . 63 4.5.1 Quantitative Analysis . 63 4.5.2 Qualitative Analysis . 65 4.6 Discussion . 68 4.7 Related Work . 69 4.8 Conclusions . 71 5 Intraprocess Memory Isolation 72 5.1 Introduction . 72 5.2 Related Work . 73 5.2.1 Reinventing the Privilege Drop . 74 5.2.2 Executable and Linkable Format . 76 5.2.3 ELF-based access control . 77 5.2.4 Memory Architecture . 79 5.2.5 How ELFbac interacts with the Architecture .
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages183 Page
-
File Size-