Oded Horovitz
Why physical security?
* Assumes hardware has no backdoor
Public IaaS
Bare metal
private cloud
• Drivers trust devices
• 50% of sampled drivers
13961 {
13964 u32 vpdlen;
13966
13968 if (!vpd_data)
13969 goto out_no_vpd;
13972 if (i < 0)
13977 i += PCI_VPD_LRDT_TAG_SIZE;
13983 PCI_VPD_RO_KEYWORD_MFR_ID);
13986
13989 memcmp(&vpd_data[j], "1028", 4))
13990 goto partno;
13993 PCI_VPD_RO_KEYWORD_VENDOR0);
13998
14001 goto partno;
14004 strncat(tp->fw_ver, " bc ", vpdlen - len - 1);
14005 }
14006
System Memory
PCI Bus
S e
a rc
• Protects against DMA
• Not universally enabled
• LFSR for power noise suppression
32
34
Encoding
• Physical memory can lie to software
• Manufacturing should be “simple”
41
• Must authenticate and measure software
• Must defend against hardware
• Run unmodified server applications
Intel CPU
WWW DB
System Design
spaces Reduced attack
• Mitigations:
Many research opportunities
Thank you!
Understanding DMA Malware.
Low temperature data remanence in static RAM
Hardware Involved Software Attacks.
How to develop a rootkit for Broadcom NetExterme network
cards
I/O Attacks in Intel-PC Architectures and Countermeasures.
What if you can’t trust your network card?.
Firmware-assisted Memory Acquisition and Analysis Tools for Digital
Forensics.
Memory Forensics over the IEEE 1394 Interface.
The Jedi Packet Trick takesover the Deathstar.
Can you still trust your network card?.
Encrypting Technologies for the Forensic Investigator.
ArxCis-NVTM - Non-Volatile Cache Module.
SMM Cache Fun - final.
A Hardware-Based Memory Acquisition Procedure for Digital
Investigations.
System-Level Protection Against Cache-Based Side Channel Attacks in
the Cloud
TRESOR-HUNT: Attacking CPU-Bound Encryption.
Protecting Cryptographic Keys From Memory Disclosure Attacks
Security Through Amnesia: A Software-Based Solution to the Cold
Boot Attack on Disk Encryption.
TRESOR Runs Encryption Securely Outside RAM.
AESSE: A Cold-boot Resistant Implementation of AES.
Defending Against Attacks on Main Memory Persistence.
Securing Non-Volatile Main Memory.
Pioneer: Verifying Code Integrity and Enforcing Untampered Code
Execution on Legacy Systems
VIPER: Verifying the Integrity of PERipherals’ Firmware.
Trusted Execution Technology (Intel).
Embedded Security with Innovation: Boot Authentication
Technologies.
Software-Based AttestationSoftware-Root of Trust.
Trusted virtual Security Module.
Principles of Remote Attestation.
A Logic of Secure Systems and its Application to Trusted
Computing.
Trusted Boot: Verifying the Xen Launch
SWATT: SoftWare-based ATTestation for Embedded Devices.
New Results for Timing-Based Attestation.
Pioneer: Verifying Code Integrity and Enforcing Untampered Code
Execution on Legacy Systems
VIPER: Verifying the Integrity of PERipherals’ Firmware.
Trusted Execution Technology (Intel).
Embedded Security with Innovation: Boot Authentication
Technologies.
Software-Based AttestationSoftware-Root of Trust.
Trusted virtual Security Module.
53
Attacking Intel TXT.
Analyzing trusted platform communication.
SplitX: Split Guest/Hypervisor Execution on Multi-Core.
TrustVisor: Efficient TCB Reduction and Attestation.
SafeMem: Exploiting ECC-Memory for Detecting Memory Leaks and
Memory Corruption During Production Runs.
ChipLock: Support for Secure Microarchitectures
Improving Cost, Performance, and Security of Memory Encryption and
Authentication.
Memory Predecryption: Hiding the Latency Overhead of Memory
Encryption.
Delusional Boot: Securing Cloud Hypervisors without Massive
Re-engineering.
Architectural Support for Hypervisor-Secure Virtualization.
Certifying Program Execution with Secure Processors.
SSLShader: Cheap SSL Acceleration with Commodity Processors.
HyperSentry
Making secure processors OS- and performance-friendly.
Operating System Controlled Processor–Memory Bus Encryption.
A Framework for Using Processor Cache as RAM (CAR).
CryptoPage: an Efficient Secure Architecture with Memory
Encryption, Integrity and Information Leakage Protection.
A Parallelized Way to Provide Data Encryption and Integrity
Checking on a Processor-Memory Bus.
Architecture for Protecting Critical Secrets in
Microprocessors.
Networked cryptographic devices resilient to capture.
55
Security Risks & Migration Strategy For Cloud Sourcing: A
Government Perspective.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in
Third-Party Compute Clouds.
Physical Attack Protection with Human-Secure Virtualization in Data
Centers.
What’s Holding Back the Cloud?.
When The Cloud Goes Bust: Data Breaches In The Cloud.
AWS Security Whitepaper.
The Data Furnace: Heating Up with Cloud Computing.
Let There Be light!.
Deactivate the Rootkit.
IQ80303 Evaluation Platform.
56
Relevant NIST Docs & Other Specs
Final Public Draft Special Publication 800-53 Revision 4, Security
and Privacy Controls for Federal Information Systems and
Organizations.
NIST SP 800-145, The NIST Definition of Cloud Computing.
Guidelines onSecurity and Privacy in Public Cloud Computing.
NIST SP 500-292.
Intel(R) 64 and IA-32 Architectures Software Developer's Manual,
Combined Volume.
Virtualization Technology for Directed I/O.
PCI-SIG SR-IOV Primer.
57
Block I/O Layer Tracing:blktrace.
ESG Research 2010 Cyber Supply Chain Security Report v3
10-11-2010.
Investigative Report on the U.S. National Security Issues Posed by
Chinese Teleco Companies Huawei and ZTE.
Supply chain