physical privilege escalation and mitigation in the x86 world
TRANSCRIPT
Oded Horovitz
Why physical security?
* Assumes hardware has no backdoor
Public IaaS
Bare metal
private cloud
• Drivers trust devices
• 50% of sampled drivers
13961 {
13964 u32 vpdlen;
13966
13968 if (!vpd_data)
13969 goto out_no_vpd;
13972 if (i < 0)
13977 i += PCI_VPD_LRDT_TAG_SIZE;
13983 PCI_VPD_RO_KEYWORD_MFR_ID);
13986
13989 memcmp(&vpd_data[j], "1028", 4))
13990 goto partno;
13993 PCI_VPD_RO_KEYWORD_VENDOR0);
13998
14001 goto partno;
14004 strncat(tp->fw_ver, " bc ", vpdlen - len - 1);
14005 }
14006
System Memory
PCI Bus
S e
a rc
• Protects against DMA
• Not universally enabled
• LFSR for power noise suppression
32
34
Encoding
• Physical memory can lie to software
• Manufacturing should be “simple”
41
• Must authenticate and measure software
• Must defend against hardware
• Run unmodified server applications
Intel CPU
WWW DB
System Design
spaces Reduced attack
• Mitigations:
Many research opportunities
Thank you!
Understanding DMA Malware.
Low temperature data remanence in static RAM
Hardware Involved Software Attacks.
How to develop a rootkit for Broadcom NetExterme network cards
I/O Attacks in Intel-PC Architectures and Countermeasures.
What if you can’t trust your network card?.
Firmware-assisted Memory Acquisition and Analysis Tools for Digital Forensics.
Memory Forensics over the IEEE 1394 Interface.
The Jedi Packet Trick takesover the Deathstar.
Can you still trust your network card?.
Encrypting Technologies for the Forensic Investigator.
ArxCis-NVTM - Non-Volatile Cache Module.
SMM Cache Fun - final.
A Hardware-Based Memory Acquisition Procedure for Digital Investigations.
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud
TRESOR-HUNT: Attacking CPU-Bound Encryption.
Protecting Cryptographic Keys From Memory Disclosure Attacks
Security Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk Encryption.
TRESOR Runs Encryption Securely Outside RAM.
AESSE: A Cold-boot Resistant Implementation of AES.
Defending Against Attacks on Main Memory Persistence.
Securing Non-Volatile Main Memory.
Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems
VIPER: Verifying the Integrity of PERipherals’ Firmware.
Trusted Execution Technology (Intel).
Embedded Security with Innovation: Boot Authentication Technologies.
Software-Based AttestationSoftware-Root of Trust.
Trusted virtual Security Module.
Principles of Remote Attestation.
A Logic of Secure Systems and its Application to Trusted Computing.
Trusted Boot: Verifying the Xen Launch
SWATT: SoftWare-based ATTestation for Embedded Devices.
New Results for Timing-Based Attestation.
Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems
VIPER: Verifying the Integrity of PERipherals’ Firmware.
Trusted Execution Technology (Intel).
Embedded Security with Innovation: Boot Authentication Technologies.
Software-Based AttestationSoftware-Root of Trust.
Trusted virtual Security Module.
53
Attacking Intel TXT.
Analyzing trusted platform communication.
SplitX: Split Guest/Hypervisor Execution on Multi-Core.
TrustVisor: Efficient TCB Reduction and Attestation.
SafeMem: Exploiting ECC-Memory for Detecting Memory Leaks and Memory Corruption During Production Runs.
ChipLock: Support for Secure Microarchitectures
Improving Cost, Performance, and Security of Memory Encryption and Authentication.
Memory Predecryption: Hiding the Latency Overhead of Memory Encryption.
Delusional Boot: Securing Cloud Hypervisors without Massive Re-engineering.
Architectural Support for Hypervisor-Secure Virtualization.
Certifying Program Execution with Secure Processors.
SSLShader: Cheap SSL Acceleration with Commodity Processors.
HyperSentry
Making secure processors OS- and performance-friendly.
Operating System Controlled Processor–Memory Bus Encryption.
A Framework for Using Processor Cache as RAM (CAR).
CryptoPage: an Efficient Secure Architecture with Memory Encryption, Integrity and Information Leakage Protection.
A Parallelized Way to Provide Data Encryption and Integrity Checking on a Processor-Memory Bus.
Architecture for Protecting Critical Secrets in Microprocessors.
Networked cryptographic devices resilient to capture.
55
Security Risks & Migration Strategy For Cloud Sourcing: A Government Perspective.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.
Physical Attack Protection with Human-Secure Virtualization in Data Centers.
What’s Holding Back the Cloud?.
When The Cloud Goes Bust: Data Breaches In The Cloud.
AWS Security Whitepaper.
The Data Furnace: Heating Up with Cloud Computing.
Let There Be light!.
Deactivate the Rootkit.
IQ80303 Evaluation Platform.
56
Relevant NIST Docs & Other Specs
Final Public Draft Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.
NIST SP 800-145, The NIST Definition of Cloud Computing.
Guidelines onSecurity and Privacy in Public Cloud Computing.
NIST SP 500-292.
Intel(R) 64 and IA-32 Architectures Software Developer's Manual, Combined Volume.
Virtualization Technology for Directed I/O.
PCI-SIG SR-IOV Primer.
57
Block I/O Layer Tracing:blktrace.
ESG Research 2010 Cyber Supply Chain Security Report v3 10-11-2010.
Investigative Report on the U.S. National Security Issues Posed by Chinese Teleco Companies Huawei and ZTE.
Supply chain
Why physical security?
* Assumes hardware has no backdoor
Public IaaS
Bare metal
private cloud
• Drivers trust devices
• 50% of sampled drivers
13961 {
13964 u32 vpdlen;
13966
13968 if (!vpd_data)
13969 goto out_no_vpd;
13972 if (i < 0)
13977 i += PCI_VPD_LRDT_TAG_SIZE;
13983 PCI_VPD_RO_KEYWORD_MFR_ID);
13986
13989 memcmp(&vpd_data[j], "1028", 4))
13990 goto partno;
13993 PCI_VPD_RO_KEYWORD_VENDOR0);
13998
14001 goto partno;
14004 strncat(tp->fw_ver, " bc ", vpdlen - len - 1);
14005 }
14006
System Memory
PCI Bus
S e
a rc
• Protects against DMA
• Not universally enabled
• LFSR for power noise suppression
32
34
Encoding
• Physical memory can lie to software
• Manufacturing should be “simple”
41
• Must authenticate and measure software
• Must defend against hardware
• Run unmodified server applications
Intel CPU
WWW DB
System Design
spaces Reduced attack
• Mitigations:
Many research opportunities
Thank you!
Understanding DMA Malware.
Low temperature data remanence in static RAM
Hardware Involved Software Attacks.
How to develop a rootkit for Broadcom NetExterme network cards
I/O Attacks in Intel-PC Architectures and Countermeasures.
What if you can’t trust your network card?.
Firmware-assisted Memory Acquisition and Analysis Tools for Digital Forensics.
Memory Forensics over the IEEE 1394 Interface.
The Jedi Packet Trick takesover the Deathstar.
Can you still trust your network card?.
Encrypting Technologies for the Forensic Investigator.
ArxCis-NVTM - Non-Volatile Cache Module.
SMM Cache Fun - final.
A Hardware-Based Memory Acquisition Procedure for Digital Investigations.
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud
TRESOR-HUNT: Attacking CPU-Bound Encryption.
Protecting Cryptographic Keys From Memory Disclosure Attacks
Security Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk Encryption.
TRESOR Runs Encryption Securely Outside RAM.
AESSE: A Cold-boot Resistant Implementation of AES.
Defending Against Attacks on Main Memory Persistence.
Securing Non-Volatile Main Memory.
Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems
VIPER: Verifying the Integrity of PERipherals’ Firmware.
Trusted Execution Technology (Intel).
Embedded Security with Innovation: Boot Authentication Technologies.
Software-Based AttestationSoftware-Root of Trust.
Trusted virtual Security Module.
Principles of Remote Attestation.
A Logic of Secure Systems and its Application to Trusted Computing.
Trusted Boot: Verifying the Xen Launch
SWATT: SoftWare-based ATTestation for Embedded Devices.
New Results for Timing-Based Attestation.
Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems
VIPER: Verifying the Integrity of PERipherals’ Firmware.
Trusted Execution Technology (Intel).
Embedded Security with Innovation: Boot Authentication Technologies.
Software-Based AttestationSoftware-Root of Trust.
Trusted virtual Security Module.
53
Attacking Intel TXT.
Analyzing trusted platform communication.
SplitX: Split Guest/Hypervisor Execution on Multi-Core.
TrustVisor: Efficient TCB Reduction and Attestation.
SafeMem: Exploiting ECC-Memory for Detecting Memory Leaks and Memory Corruption During Production Runs.
ChipLock: Support for Secure Microarchitectures
Improving Cost, Performance, and Security of Memory Encryption and Authentication.
Memory Predecryption: Hiding the Latency Overhead of Memory Encryption.
Delusional Boot: Securing Cloud Hypervisors without Massive Re-engineering.
Architectural Support for Hypervisor-Secure Virtualization.
Certifying Program Execution with Secure Processors.
SSLShader: Cheap SSL Acceleration with Commodity Processors.
HyperSentry
Making secure processors OS- and performance-friendly.
Operating System Controlled Processor–Memory Bus Encryption.
A Framework for Using Processor Cache as RAM (CAR).
CryptoPage: an Efficient Secure Architecture with Memory Encryption, Integrity and Information Leakage Protection.
A Parallelized Way to Provide Data Encryption and Integrity Checking on a Processor-Memory Bus.
Architecture for Protecting Critical Secrets in Microprocessors.
Networked cryptographic devices resilient to capture.
55
Security Risks & Migration Strategy For Cloud Sourcing: A Government Perspective.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.
Physical Attack Protection with Human-Secure Virtualization in Data Centers.
What’s Holding Back the Cloud?.
When The Cloud Goes Bust: Data Breaches In The Cloud.
AWS Security Whitepaper.
The Data Furnace: Heating Up with Cloud Computing.
Let There Be light!.
Deactivate the Rootkit.
IQ80303 Evaluation Platform.
56
Relevant NIST Docs & Other Specs
Final Public Draft Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.
NIST SP 800-145, The NIST Definition of Cloud Computing.
Guidelines onSecurity and Privacy in Public Cloud Computing.
NIST SP 500-292.
Intel(R) 64 and IA-32 Architectures Software Developer's Manual, Combined Volume.
Virtualization Technology for Directed I/O.
PCI-SIG SR-IOV Primer.
57
Block I/O Layer Tracing:blktrace.
ESG Research 2010 Cyber Supply Chain Security Report v3 10-11-2010.
Investigative Report on the U.S. National Security Issues Posed by Chinese Teleco Companies Huawei and ZTE.
Supply chain