Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers , livre ebook

Association for Computing Machinery and Morgan & Claypool Publishers - Bryan Jeffrey Parno

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

122 pages

English

Vous pourrez modifier la taille du texte de cet ouvrage

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

As society rushes to digitize sensitive information and services, it is imperative to adopt adequate security protections. However, such protections fundamentally conflict with the benefits we expect from commodity computers. In other words, consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively low costs. Meanwhile, attempts to build secure systems from the ground up typically abandon such goals, and hence are seldom
adopted.
In this book, I argue that we can resolve the tension between security and features by leveraging the trust a user has in one device to enable her to securely use another commodity device or service, without sacrificing the performance and features expected of commodity systems. At a high level, we support this premise by developing techniques to allow a user to employ a small, trusted, portable device to securely learn what code is executing on her local computer. Rather than entrusting her data to the mountain of buggy code likely running on her computer, we construct an on-demand secure execution environment which can perform security-sensitive tasks and handle private data in complete isolation from all other software (and most hardware) on the system. Meanwhile, non-security-sensitive software retains the same abundance of features and performance it enjoys today.
Having established an environment for secure code execution on an individual computer, we then show how to extend trust in this environment to network elements in a secure and efficient manner. This allows us to reexamine the design of network protocols and defenses, since we can now execute code on endhosts and trust the results within the network. Lastly, we extend the user's trust one more step to encompass computations performed on a remote host (e.g., in the cloud). We design, analyze, and prove secure a protocol that allows a user to outsource arbitrary computations to commodity computers run by an untrusted remote party (or parties) who may subject the computers to both software and hardware attacks. Our protocol guarantees that the user can both verify that the results returned are indeed the correct results of the specified computations on the inputs provided, and protect the secrecy of both the inputs and outputs of the computations. These guarantees are provided in a non-interactive, asymptotically optimal (with respect to CPU and bandwidth) manner.
Thus, extending a user's trust, via software, hardware, and cryptographic techniques, allows us to provide strong security protections for both local and remote computations on sensitive data, while still preserving the performance and features of commodity computers.

Sujets

Computer Science

Computers

Informatique

Informations

Publié par	Association for Computing Machinery and Morgan & Claypool Publishers
Date de parution	01 juin 2014
Nombre de lectures	0
EAN13	9781627054799
Langue	English
Poids de l'ouvrage	1 Mo

Informations légales : prix de location à la page 0,2450€. Cette information est donnée uniquement à titre indicatif conformément à la législation en vigueur.

Extrait

Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers
ACM Books
Editor in Chief
M. Tamer zsu, University of Waterloo
ACM Books is a new series of high-quality books for the computer science community, published by ACM in collaboration with Morgan Claypool Publishers. ACM Books publications are widely distributed in both print and digital formats through booksellers and to libraries (and library consortia) and individual ACM members via the ACM Digital Library platform.
This book by Bryan Parno is a revised version of the dissertation that won the 2010 ACM Doctoral Dissertation Award. Other books in the series include those listed below.
Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers
Bryan Jeffrey Parno, Microsoft Research
2014
Embracing Interference in Wireless Systems
Shyamnath Gollakota, University of Washington
2014
A Framework for Scientific Discovery through Video Games
Seth Cooper, Microsoft Research
2014
Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers
Bryan Jeffrey Parno
Microsoft Research
ACM Books #2
Copyright 2014 by the Association for Computing Machinery and Morgan Claypool Publishers
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means-electronic, mechanical, photocopy, recording, or any other except for brief quotations in printed reviews-without the prior permission of the publisher.
Designations used by companies to distinguish their products are often claimed as trademarks or registered trademarks. In all instances in which Morgan Claypool is aware of a claim, the product names appear in initial capital or all capital letters. Readers, however, should contact the appropriate companies for more complete information regarding trademarks and registration.
Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers
Bryan Jeffrey Parno
books.acm.org www.morganclaypool.com
ISBN: 978-1-62705-477-5 print ISBN: 978-1-62705-478-2 ebook ISBN: 978-1-62705-479-9 ePub Series ISSN: (to come)
DOIs: 10.1145/2611399 Book
10.1145/2611399.2611400 Preface
10.1145/2611399.2611401 Chapter 1
10.1145/2611399.2611402 Chapter 2
10.1145/2611399.2611403 Chapter 3
10.1145/2611399.2611404 Chapter 4
10.1145/2611399.2611405 Chapter 5
10.1145/2611399.2611406 Chapter 6
10.1145/2611399.2611407 Chapter 7
10.1145/2611399.2611408 Bibliography
A publication in the ACM Books series, #2 Editor in Chief: M. Tamer zsu, University of Waterloo
First Edition
10 9 8 7 6 5 4 3 2 1
Dedicated to Diana for 101 reasons
Contents
Preface
Chapter 1 Introduction
1.1 Insecure Computers in a Hostile World
1.2 A Vision for a Better World
1.3 Overview: Building Up from a Firm Foundation
1.4 Bootstrapping Trust in a Commodity Computer
1.5 Securely Executing Code on a Commodity Computer
1.6 Leveraging Secure Code Execution to Improve Network Protocols
1.7 Secure Code Execution Despite Untrusted Software and Hardware
1.8 Summary of Contributions
Chapter 2 Background and Related Work in Trust Establishment
2.1 What Do We Need to Know? Techniques for Recording Platform State
2.1.1 Recording Code Identity
2.1.2 Recording Dynamic Properties
2.1.3 Which Property is Necessary?
2.2 Can We Use Platform Information Locally?
2.2.1 Secure Boot
2.2.2 Storage Access Control Based on Code Identity
2.3 Can We Use Platform Information Remotely?
2.3.1 Prerequisites
2.3.2 Conveying Code Measurement Chains
2.3.3 Privacy Concerns
2.4 How Do We Make Sense of Platform State?
2.4.1 Coping With Information Overload
2.4.2 Focusing on Security-Relevant Code
2.4.3 Conveying Higher-Level Information
2.5 Roots of Trust
2.5.1 General-Purpose Tamper-Resistant and Tamper-Responding Devices
2.5.2 General-Purpose Devices Without Dedicated Physical Defenses
2.5.3 Special-Purpose Minimal Devices
2.5.4 Research Solutions Without Hardware Support
2.5.5 Cryptographic Protocols
2.6 Validating the Process
2.7 Applications
2.7.1 Real World
2.7.2 Research Proposals
2.8 Human Factors and Usability
2.8.1 Trustworthy Verifier Device
2.8.2 Using Your Brain to Check a Computer
2.8.3 Pairing Two Trustworthy Devices
2.9 Limitations
2.9.1 Load-Time vs. Run-Time Guarantees
2.9.2 Hardware Attacks
2.10 Additional Reading
2.11 Summary
Chapter 3 Bootstrapping Trust in a Commodity Computer
3.1 Problem Definition
3.1.1 Informal Problem Description
3.1.2 Formal Model
3.2 Potential Solutions
3.2.1 Removing Network Access
3.2.2 Eliminating Malware
3.2.3 Establishing a Secure Channel
3.3 Preferred Solutions
3.4 Summary
Chapter 4 On-Demand Secure Code Execution on Commodity Computers
4.1 Problem Definition
4.1.1 Adversary Model
4.1.2 Goals
4.2 Flicker Architecture
4.2.1 Flicker Overview
4.2.2 Isolated Execution
4.2.3 Multiple Flicker Sessions
4.2.4 Interaction With a Remote Party
4.3 Developer s Perspective
4.3.1 Creating a PAL
4.3.2 Automation
4.4 Flicker Applications
4.4.1 Stateless Applications
4.4.2 Integrity-Protected State
4.4.3 Secret and Integrity-Protected State
4.5 Performance Evaluation
4.5.1 Experimental Setup
4.5.2 Microbenchmarks
4.5.3 Stateless Applications
4.5.4 Integrity-Protected State
4.5.5 Secret and Integrity-Protected State
4.5.6 Impact on Suspended Operating System
4.5.7 Major Performance Problems
4.6 Architectural Recommendations
4.6.1 Launching a PAL
4.6.2 Hardware Memory Isolation
4.6.3 Hardware Context Switch
4.6.4 Improved TPM Support for Flicker
4.6.5 PAL Exit
4.6.6 PAL Life Cycle
4.6.7 Expected Impact
4.6.8 Extensions
4.7 Summary
Chapter 5 Using Trustworthy Host-Based Information in the Network
5.1 Problem Definition
5.1.1 Architectural Goals
5.1.2 Assumptions
5.2 The Assayer Architecture
5.2.1 Overview
5.2.2 Assayer Components
5.2.3 Protocol Details
5.2.4 User Privacy and Client Revocation
5.3 Potential Attacks
5.3.1 Exploited Clients
5.3.2 Malicious Clients
5.3.3 Rogue Verifiers
5.3.4 Rogue Filters
5.4 Case Studies
5.4.1 Spam Identification
5.4.2 Distributed Denial-of-Service (DDoS) Mitigation
5.4.3 Super-Spreader Worm Detection
5.5 Implementation
5.5.1 Client Architecture
5.5.2 Client Verification
5.5.3 Traffic Annotation
5.5.4 Filter
5.6 Evaluation
5.6.1 Client Verification
5.6.2 Client Annotations
5.6.3 Filter Throughput
5.6.4 Internet-Scale Simulation
5.7 Potential Objections
5.7.1 Why Not Collect Information on the Local Router?
5.7.2 Is This Really Deployable Incrementally?
5.8 Summary
Chapter 6 Verifiable Computing: Secure Code Execution Despite Untrusted Software and Hardware
6.1 Overview
6.2 Cryptographic Background
6.2.1 Yao s Garbled Circuit Construction
6.2.2 The Security of Yao s Protocol
6.2.3 Fully Homomorphic Encryption
6.3 Problem Definition
6.3.1 Basic Requirements
6.3.2 Input and Output Privacy
6.3.3 Efficiency
6.4 An Efficient Verifiable-Computation Scheme with Input and Output Privacy
6.4.1 Protocol Definition
6.4.2 Proof of Security
6.4.3 Proof of Input and Output Privacy
6.4.4 Efficiency
6.5 How to Handle Cheating Workers
6.6 Summary
Chapter 7 Conclusion
Bibliography
Author s Biography
Preface
As society rushes to digitize sensitive information and services, it is imperative that we adopt adequate security protections. However, such protections fundamentally conflict with the benefits we expect from commodity computers. In other words, consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively low costs. Meanwhile, attempts to build secure systems from the ground up typically abandon such goals, and hence are seldom adopted [ Karger et al. 1991, Gold et al. 1984, Ames 1981 ].
In this book, a revised version of my doctoral dissertation, originally written while studying at Carnegie Mellon University, I argue that we can resolve the tension between security and features by leveraging the trust a user has in one device to enable her to securely use another commodity device or service, without sacrificing the performance and features expected of commodity systems. We support this premise over the course of the following chapters.
Introduction. This chapter introduces the notion of bootstrapping trust from one device or service to another and gives an overview of how the subsequent chapters fit together.
Background and related work. This chapter focuses on existing techniques for bootstrapping trust in commodity computers, specifically by conveying information about a computer s current execution environment to an interested party. This would, for example, enable a user to verify that her computer is free of malware, or that a remote web server will handle her data responsibly.
Bootstrapping trust in a commodity computer. At a high level, this chapter develops techniques to allow a user to employ a small, trusted, portable device to securely learn what code is executing on her local computer. While the problem is simply stated, finding a solution that is both secure and usable with existing hardware proves quite difficult.
On-demand secure code execution. Rather than entrusting a user s data to the mountain of buggy code likely running on her computer, in this chapter, we construct an on-demand secure execution environment which can perform security-sensitive tasks and handle private data in complete isolation from all other software (and most hardware) on the system. Meanwhile, non-security-sensitive software retains the same abundance of features and performance it enjoys today.
Using trustworthy host data in the network. Having established an environment for secure code execution on an individual computer, this chapter shows how to extend trust in this enviro