Embed Size (px)
DESCRIPTION
The Double-System Architecture For Trusted OS. Paper By Yong Zhao, Yu Li and Jing Zhan Presentation By Richa Upadhyaya. Contents. 1. Introduction 2. Related Work 2.1 Flask 2.2 Next Generation Secure Computing Base 2.3 Terra 3. Double-System Architecture 3.1 Trusted System - PowerPoint PPT Presentation
Citation preview
The Double-System Architecture For Trusted OS
Paper ByYong Zhao, Yu Li and Jing Zhan
Presentation ByRicha Upadhyaya
Contents
1. Introduction2. Related Work
2.1 Flask2.2 Next Generation Secure Computing Base2.3 Terra
3. Double-System Architecture3.1 Trusted System3.2 Secure System3.3 DSA Features
Contents
4. Double-system Architecture Implementation4.1 Construction Of Secure System 4.2 Construction Of Trusted System 4.3 Construction Of Trusted Information Channel 4.4 Security Analysis4.5 Performance
5. Conclusion
Introduction
• Double-system Architecture (DSA) is composed of the Trusted System (TS) and the Security System (SS).
• To protect the information flow between Trusted System and Security System there is Trusted Information Channel (TIC).
• Why DSA?• Till now there are no mature, unified architectures for Trusted
Operating System.• DSA can solve this problem.
Related Work
2.1 Flask • Cleanly separates the definition of the policy logic from the enforcement
mechanism• Security server• Object managers
Related Work
2.2 Next Generation Secure Computing Base• Strong process isolation• Sealed storage• Secure path to and from the user • Attestation- assure the recipient that the data was constructed by an
unforgettable, cryptographically identified trusted software stack
Related Work
2.3 Terra• Trusted virtual machine monitor which partitions a tamper-resistant
hardware platform into multiple, isolated virtual machines.
Double-system ArchitectureApplication
Trusted system
(TS)
Secure
System
(SS)
Traditional
OS Kernel
Trusted Platform Module (TPM)
Double-system Architecture
3.1 Trusted system• Trusted Measurement
• Module does the measuring work on the subject, object and on the behavior of the subject
• Trusted Services• Module provides interfaces for encryption and decryption by TPM
• Trusted Report• Module sends the trusted measurement results to Secure system
Double-system Architecture
3.2 Secure System• User Identification• Access control
• Hook - takes the access request and sends to Trusted System.• Decision Mechanism- decides whether the access request is permitted or not.• Security Policy Library- helps Decision Mechanism.
Double-system Architecture
3.2 Secure System• Isolation Mechanism
• Logically isolates traditional OS from DSA• Logically isolates TS and SS
• Audit• Records the access request and the result
Double-system Architecture
3.3 Features• Relationship between Trusted System(TS) and Secure System (SS)
• With the trusted environment provided by TS, the SS confirms the security of OS
• Trusted Information Channel (TIC) • Secure information transmission between TS and SS
• TIC has two functions• Trusted Transmission• Block the unexpected information flow-“Default Deny”
Double-system Architecture Implementation
4.1 Construction of Secure System • Development of file system filter driver and a device filter driver in Windows XP according to the Double-system Architecture.• Hook module hooks the access request
1. Request to load process into the memory 2. Add record3. Get the access request, subject’s ProcessID and full path name of the
process4. Retrieval of the object and the operation type
Double-system Architecture Implementation
4.1 Construction of Secure System • Security Policy Library is recorded in file SecurityPolicy.skr• Decision Mechanism is the return value of the dispatch function.• Audit Module writes the record in file Audit.skr
Double-system Architecture Implementation
4.2 Construction of Trusted System • Use of White-List technology to check the integrity of the executable codes.• Use of ThinkPad X61t Atmel TPM (Trusted Platform Module )• All checksum values of executable codes are collected in file FileInfoList.skr • Trusted system receives information (Sub,Obj,Behavior) from Secure System and
checks the integrity with checksum value.• Trusted Report Module will send the result of the integrity to the Secure System.
Double-system Architecture Implementation
4.2 Construction of Trusted System
Double-system Architecture Implementation
4.3 Construction of Trusted Information Channel • Devise filter driver is developed according to the Double-system architecture.• The information from Secure System is encrypted and integrity check
information is added.• Device filter driver will decrypt the received data and verify the integrity.
Double-system Architecture Implementation
4.4 Security Analysis• Trusted System and Secure System cooperate with each other. • Credibility of subject and object can be ensured.• Check the behavior of the subject.
Double-system Architecture Implementation
4.5 Performance• Testing program ‘Q’ was created
1. Choose a program for test, for example Program o2. Create three treads which complete the operation (Start o, Kill o) 100
times3. Get the time which Q costs
• Efficiency of the Operating system decreased only by 3.2%
Conclusion
• Double-System Architecture can provide reliable protection for the OS.• DSA can check the integrity of the subject, object and the behavior.• Makes clear relationship between the security mechanism and the
trusted mechanism .
References
• http://www.sciencedirect.com/science/article/pii/S1875389212007584 • http://www.cs.utah.edu/flux/fluke/html/flask.html • http://technet.microsoft.com/en-us/library/cc723472.aspx • Trent Jaeger. Operating System Security 2008
The End
Questions
![Trusted Mobile Platform - CoverPagesxml.coverpages.org/TMP-HWADv10.pdf · Trusted Mobile Platform Hardware Architecture Description – Revision 1.0 [22] “Content Protection for](https://img.pdfslide.net/doc/110x75/5e7c33b4c93500161d784dcd/trusted-mobile-platform-trusted-mobile-platform-hardware-architecture-description.jpg)
