Security in the industry H/W

1
Security in the industry H/W S/W

• What is AMDs
• enhanced virus protection
• all about?
• Whats coming next?
• Presented by Micha Moffie

2
Outline

• Security Objectives
• Happening now
• AMD Solution enhanced virus protection
• WinXP support in SP2
• Coming soon
• Intel LaGrande technology
• Windows Palladium/NGSCB

3
Security - Objectives

• Protect
• User Confidential Data
• From
• Attacks on executing software
• Software vulnerabilities
• Attacks from malicious software
• Viruses/worms/Trojan horses
• Attacks on hardware
• Access to keyboard mouse data / screen output

4
AMDs Enhanced Virus Protection

• Hardware support against stack smashing
• Stack smashing attack - reminder
• Hardware implements
• NX bit - No eXecution on predefined pages.
• Each page in the translation pages has a new NX
  bit, when the instruction TLB is loaded with a
  new page, this bit is checked. if the bit is set
  (we are trying to execute from a non executable
  page) we will get a page fault exception.
• this applied to all privilege levels (from AMD
  manual)

5
The OS role

• Window XP (Service Pack 2)
• Microsoft uses NX bit to prevents the execution
  of code in memory regions that are marked as data
  storage
• This will NOT prevent an attacker from
  overrunning the data buffer, but will prevent him
  from executing his attack (generate an exception)
• Some problems with legitimate code
• a Data Execution Prevention" error message for
  legitimate code
• Workaround - Microsoft allow exceptions, per
  application. (I.e. turn DEP off for specific
  apps.)

6
Who else?

• Transmeta
• already supported
• Intel
• Itanium supports this bit
• Intel Pentium in the near future
• Linux
• a patch to the Linux kernel exists that supports
  the NX bit
• http//www.uwsg.indiana.edu/hypermail/linux/kernel
  /0406.0/0497.html

7
Outline

• Security Objectives
• Happening now
• AMD Solution enhanced virus protection
• WinXP support in sp2
• Coming soon
• Intel LaGrande technology
• Windows Palladium

8
Intel LaGrange Technology (LT)

• New Hardware Components complemented with New OS
  New applications
• protect data from software attacks
• protect data confidentiality integrity
• Hardware Capabilities
• Isolated execution
• Protected memory pages
• Sealed storage (TPM)
• Protected I/O (keyboard/mouse/graphics)
• Attestation (Proof of current protected
  environment)

9
LT Hardware enhancements
10
LT Protection Model

• Standard partition
• execute
• legacy code,
• non secure portion of new code
• provides
• regular IA32 semantics

• Protected partition
• execute
• new security modules services
• Provides
• execution isolation
• sealed storage
• Protected I/O
• Attestation

11
LT Protection Model - Cont
12
Microsoft Palladium ? NGSCB

• Next Generation Secure Computing Base
• security technology for the Microsoft Windows
  platform,
• will be included in Longhorn
• Includes a new operating system module Nexus
• enable secure interaction with applications,
  peripheral hardware, memory and storage

13
Microsoft NGSCB

• Four key features
• Strong process isolation
• even against attacks from the kernel
• Sealed storage
• accessible only to program, nexus machine
• Secure path to/from user
• Attestation

14
The nexus

• Essentially the kernel of an isolated software
  stack
• runs alongside the existing OS software stack.
• not underneath it
• Provides a limited set of APIs and services for
  applications, including sealed storage and
  attestation functions.
• Special processes that work with nexus are called
  Agents
• Can run different nexuses on a machine
• But only one nexus at a time

15
NGSCB - run time environment
16
References

• AMD64 Architecture Programmer's Manual Volume 2
  System Programming, 3.09 edition, Sep. 2003.
  Publication No. 24593.
• Microsoft Knowledge Base Articles 875352 875351
  
• Intel, LaGrande Technology Architectural
  Overview, 252491-001, September 2003
• Microsoft The Next-Generation Secure Computing
  Base Four Key Features, June 2003
• Microsoft Next-Generation Secure Computing Base -
  Technical FAQ, July 2003
• Microsoft "Palladium" A Business Overview,
  August 2002
• TPM Main Part 1 Design Principles, Specification
  Version 1.2 Revision 62 2 October 2003 Published
• ARM, A New Foundation for CPU Systems Security,
  Security Extensions to the ARM Architecture,
  Richard York, May 2003
• A wooden fence in Kyoto, http//www.gastric.com
  /mari/54.htm

17
The End

• Thanks, ?
• Questions ?

18
Backup links
19
Stack Smashing Attack
main(int argc, char argv)
foo(argv1, 10) void foo(int i, char
s) char b16 strcpy(b, s)
20
Stack Smashing Attack - II
Stack
Stack grows
Attacker code executed in Stack Segment..
attack code
attack code
attack code
12
start of attack code
0x0012ff12
0x0012ff08
0x0012ff12
8
0x0012ff04
0x0012ff12
4
0
0x0012ff00
0x0012ff12

-4
b3
return addr of foo( ) Has changed! it will
return to 0x0012ff12, the attacker code

-8
b2

-12
b1

-16
b0
Buffer grows
21
TPM

• Trusted Platform Module
• also called SSC - Security Support Component
• Stores hardware secret key
• Base of trust
• Cryptographic co-processor
• more

22
TPM architecture
23
Transitive Trust
24
ARM TrustZone

• Extending the CPU to enable more security
• Main problem with current OS
• It is huge, millions of code lines - Complex
• difficult to establish a trusted code base
• A rich API - Open
• enables widespread access to OS from non-secure
  code
• Main idea
• establishing a trusted code base
• using a hardware enforced security domain to
  systemize the implementation of secure systems

25
ARM - cont

• Current typical security structure

26
ARM - Cont

• New security structure

27
ARM - Cont

• Introduce an NS-bit
• use this bit to identify secure data throughout
  system
• cache
• pages
• Monitor
• manages the NS-bit
• manages transition in out of security mode
• Small fixed API