View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Birmingham Research Archive, E-theses Repository TRUSTED EXECUTION: APPLICATIONS AND VERIFICATION by IAN GILBERT BATTEN Athesis submitted to the University of Birmingham for the degree of DOCTOROF PHILOSOPHY School of Computer Science University of Birmingham March 2016 University of Birmingham Research Archive e-theses repository This unpublished thesis/dissertation is copyright of the author and/or third parties. The intellectual property rights of the author or third parties in respect of this work are as defined by The Copyright Designs and Patents Act 1988 or as modified by any successor legislation. Any use made of information contained in this thesis/dissertation must be in accordance with that legislation and must be properly acknowledged. Further distribution or reproduction in any format is prohibited without the permission of the copyright holder. Abstract Useful security properties arise from sealing data to specific units of code. Modern proces- sors featuring Intel’s TXT and AMD’s SVM achieve this by a process of measured and trusted execution. Only code which has the correct measurement can access the data, and this code runs in an environment trusted from observation and interference. We discuss the history of attempts to provide security for hardware platforms, and re- view the literature in the field. We propose some applications which would benefit from use of trusted execution, and discuss functionality enabled by trusted execution. We present in more detail a novel variation on Diffie-Hellman key exchange which removes some reliance on random number generation. We present a modelling language with primitives for trusted execution, along with its se- mantics. We characterise an attacker who has access to all the capabilities of the hardware. In order to achieve automatic analysis of systems using trusted execution without attempting to search a potentially infinite state space, we define transformations that reduce the num- ber of times the attacker needs to use trusted execution to a pre-determined bound. Given reasonable assumptions we prove the soundness of the transformation: no secrecy attacks are lost by applying it. We then describe using the StatVerif extensions to ProVerif to model the bounded invocations of trusted execution. We show the analysis of realistic systems, for which we provide case studies. Acknowledgements I would first and foremost like to thank my wife Sue and daughters Sarah and Ruth, and my parents Geof and Margaret, for their support in my move from industry to academia. In the School of Computer Science at the University of Birmingham, my supervisor Profes- sor Mark Ryan welcomed me and gave me invaluable support and guidance, and Professor Achim Jung extended the kind invitation to return to the school. Dr Shiwei Xu was generous with his time and ideas and provided deep insights into ProVerif. Within the school I received valuable support from Mr Bob Hendley, who was both my undergraduate tutor and more than thirty years later chaired my viva. Drs Chris Novakovic, Peter Lewis and Catherine Harris, amongst many others, welcomed me as a fellow postgraduate and refrained from pointing out that I was twice their age. At my former employer Fujitsu Telecommunications Europe, my various line managers Andy Stevenson, Tony Oppenheim, Marc Curtis and Phil Chater supported my decision to move, and my erstwhile colleagues Neil Prentice and Simon Parsons provided much appreci- ated injections of hardware and advice. Again at FTEL Dr Nigel Garnham and at the University of Birmingham Dr Rosamund Moon convinced me that doing a PhD after a previous career was possible. And last but not least, I’d like to thank Jenny Marris of the Open University who as my tutor on AA100 Arts Foundation made a valiant attempt to improve my writing skills; the failings in the writing are, of course, all my own. i Contents 1Introduction,motivation and background 1 1.1 The problem .................................... 1 1.2 The current position ................................ 2 1.3 Contribution .................................... 4 1.4 Research questions addressed .......................... 4 1.5 Scope and limitations ............................... 5 1.6 Prior publication .................................. 6 1.7 Structure of thesis ................................. 6 2Background to trusted execution 7 2.1 What is trusted execution? ............................ 7 2.2 What problems does trusted execution address? ................ 7 2.3 Security considerations for personal devices .................. 8 2.4 Security considerations in operating systems .................. 9 2.5 Security considerations in the cloud ....................... 12 2.6 A brief history of hardware security ........................ 13 2.6.1 Before the PC era ............................. 14 2.6.2 After PCs arrive .............................. 18 2.7 Overview of TPM .................................. 19 2.7.1 Booting ................................... 20 2.7.2 Attestation ................................. 21 2.7.3 Sealing and binding ............................ 21 2.8 Summary of chapter ................................ 21 3Prior work and literature survey 23 3.1 Cloud security concerns .............................. 24 3.2 Hardware isolation ................................. 25 3.3 Security benefits of virtualisation ......................... 28 3.4 Other software techniques ............................ 29 3.5 Formal analysis of TPM-based systems ..................... 32 3.6 Virtual TPMs .................................... 34 3.7 Trusted databases ................................. 36 3.8 Summary of literature review ........................... 38 ii 4Applications for trusted execution 39 4.1 Certification Authorities .............................. 39 4.2 Password authentication ............................. 40 4.3 Random number generators ........................... 41 4.3.1 The TCP ISN problem ........................... 46 4.3.2 Diffie-Hellman security ........................... 48 4.3.3 A rôle for trusted execution ........................ 50 4.3.4 Session key generation .......................... 51 4.3.5 Attestation ................................. 52 4.3.6 Generating the initial secret ........................ 55 4.3.7 Security properties ............................. 56 4.4 Summary of chapter ................................ 56 5An approach to trusted execution and its modelling 57 5.1 Background ..................................... 57 5.1.1 Trusted computing ............................. 57 5.1.2 Verification tools .............................. 59 5.2 A model of trusted execution ........................... 60 5.2.1 Simplifications and abstractions ..................... 60 5.2.2 An introductory example ......................... 61 5.2.3 Trusted Execution Modelling Language ................. 61 5.3 Proof of Theorem 1 ................................. 68 5.4 Compiling TXML to StatVerif ........................... 69 5.4.1 The actions of the compiler ........................ 69 5.4.2 Experiments with the compiler ...................... 70 5.5 Tooling support ................................... 70 5.5.1 Generating StatVerif from TXML ..................... 70 5.5.2 StatVerif options .............................. 71 5.5.3 Optimising StatVerif ............................ 73 5.5.4 Modifying the generated Horn clauses .................. 73 5.6 Results ....................................... 74 5.7 Password authentication ............................. 74 5.7.1 Description ................................. 75 5.7.2 Modelling .................................. 75 5.7.3 Analysis in StatVerif ............................ 76 5.7.4 Result of our analysis ........................... 76 5.8 A Certification Authority .............................. 76 5.8.1 Description ................................. 76 5.8.2 Modelling .................................. 77 5.8.3 Analysis in StatVerif ............................ 77 5.8.4 Result of our analysis ........................... 78 5.9 Counter-results ................................... 78 5.10 Weaknesses in the verifications .......................... 79 5.11 Summary of chapter ................................ 80 iii 6Summary,conclusions and future directions 81 6.1 Achievements .................................... 81 6.2 Limitations ..................................... 81 6.3 Lessons learned .................................. 82 6.4 Research directions ................................ 83 6.5 Alternative architectures and developments ................... 84 6.5.1 Intel Server Guard Extensions (SGX) ................... 84 6.5.2 Trustzone .................................. 87 6.5.3 Cloud TPM ................................. 88 6.5.4 Research possibilities ........................... 88 iv List of Figures 5.1 Additional Constructors and Reductions ..................... 59 5.2 The StatVerif calculus ............................... 60 5.3 Syntax of TXML .................................. 62 5.4 The relation C ................................... 63 −→ 5.5 Transformation of strategies ............................ 66 5.6 Mapping of TXML into StatVerif .......................... 71 5.7 Inserted lines for password authentication .................... 74 5.8 Inserted lines for the CA example ......................... 78 v Chapter 1 Introduction, motivation and background 1.1 The problem The correct behaviour of a computer