Monday, June 14, 2010

CyLab's Lorrie Cranor, Virgil Gligor & Lujo Bauer Contribute Support & Share Insights on Access Control at SACMAT 2010

Left to Right: Panelists Mike Reiter, Lorrie Cranor, Ravi Sandhu and Carl Gunter (SACMAT 2010)


CyLab's Lorrie Cranor, Virgil Gligor & Lujo Bauer Contribute Support & Share Insights on Access Control at SACMAT 2010

by Richard Power


Trusted Infrastructure Workshop (TIW) 2010 wasn't the only important research-oriented event that Carnegie Mellon CyLab was integrally involved in last week, it was also making a significant contribution to the 15th Association for Computing Machinery (ACM) Symposium on Access Control Models and Technologies (SACMAT 2010), being held downtown at the Marriott Renaissance Hotel.

Carnegie Mellon CyLab joined with Mobility, Data Mining and Privacy (MODAP), a project funded by the European Union (EU), and University of Pittsburgh Laboratory for Education and Research on Security Assured Information Systems (LERSAIS) to provide invaluable support for the ACM Special Interest Group on Security, Audit and Control (SIGSAC) sponsored event.

In addition to this organizational support, three CyLab team members participated in the SACTMAT program: CyLab Director Virgil Gligor delivered one of the keynotes, "Architectures for Practical Security," Lorrie Cranor, Director of the CyLab Usable Privacy and Security Lab (CUPS) joined in a panel on "Solving the Access-Control Puzzle: Finding the Pieces and Putting Them Together," and CyLab research faculty member Lujo Bauer served as one of the chairs for SACMAT 2010, and as a panel moderator.

CyLab Director Virgil Gligor keynoting at SACMAT 2010

SACMAT 2010 features presentations and discussions on issues and trends in Access Control, from "Towards Analyzing Complex Operating System Access Control Configurations" (Purdue University) to "Stateminer: An Efficient Similarity-Based Approach for Optimal Mining of Role Hierarchy" (University of Pittsburgh), and from "A Card Requirements Language Enabling Privacy-Preserving Access Control" (IBM Research Zurich) to An Access Control Model for Mobile Physical Objects (SAP Research).

In the panel on "Solving the Access-Control Puzzle: Finding the Pieces and Putting Them Together, Dr. Cranor shared her views with three other experts, Carl Gunter, University of Illinois at Urbana Champlain, Mike Reiter, University of North Carolina at Chapel Hill and Ravi Sandhu, University of Texas at San Antonio.

The panel's two moderators, CyLab's Lujo Bauer and Adam J. Lee, University of Pittsburgh, articulated three intriguing questions for the panelists to answer:

1. "What are some new or currently emerging topics that show a lot of promise to shape either practice or research, or both, over the next five to ten years?"

2. "What are a couple of areas that would benefit from interaction, that have typically been studied separately, i.e., pair x and y within Access Control and come up with something greater than the sum of its parts?"

3. "What is something that is getting tired? What have we explored to death."


Here are a few brief excerpts from the panelists' responses:

Mike Reiter: "What I think needs to be done in this field is to provide some way in which the system can assist the user, by leveraging evidence in the system to guide policy management. It shocks me that in all the time we have been working on access control, the process that the average user faces is still remarkably manual."

Ravi Sandhu: "To the first question: in one word, we need more automation ...We need to pay much more attention to automation than we are doing ... Things that have been sufficiently mined, and should be set aside: there was no shortage of things to put up here, but I thought it would be provocative to say SE Linux, on which I believe the US government has wasted a tremendous amount of taxpayer money, and they should stop doing it!"

Carl Gunther: "We have a number of access control models that people are very happy with, that they have done a lot of work with, and that have been shown to have some widespread applicability ... ABAC, RBAC, DTM. Yet, there is another level of work that has fallen short, and that requires more attention, a level that is different from what these models address, I will call it broadly 'process support for identity access management."

Lorrie Cranor: "A research area that requires more attention? Well, I would say that is access control with usability. A research area that has been sufficiently mined, and can be set aside? I would say that would be pretty much anything involving access control without usability. And two research areas that should be studied jointly? Well, pretty much anything you want as long as it is combined with usability."

CyLab's Lujo Bauer, one of the chairs of SACMAT 2010

Saturday, June 12, 2010

Notes on TIW 2010: The Builders & Building Blocks of Trustworthy Infrastructure


Notes on TIW 2010: The Builders & Building Blocks of Trustworthy Infrastructure

by Richard Power


Organized by Carnegie Mellon CyLab, co-sponsored by HP Labs and AMD, and the National Science Foundation (NSF), the second annual Trusted Infrastructure Workshop (TIW) was held on the main Carnegie Mellon campus in Pittsburgh, Pennsylvania (6/7/10-6/11/10).

Attending TIW is not for the faint-hearted, or weak-minded.

For fifty plus hours, over four and a half days, TIW participants were immersed in an ambitious agenda, including both research workshops, ranging from "Trusted Infrastructure Problem Space and Challenges" (led by HP Labs' Boris Balacheff) to “Chains of Trust and Dynamic Measurements (led by CyLab Research Director Adrian Perrig) and practical hands-on laboratory sessions, ranging from “TPM” (led by IBM’s Ken Goldman) to “Dynamic Roots of Trust” (led by CyLab’s Jonathan McCune).


TIW 2010 also featured presentations by experts from government, industry and academia (e.g., Microsoft’s Paul England on “TPM.Next”, HP's Mauricio Sanchez on Trusted Networking for Next Generation Data Center, and Wave's Robert Thibadeau on Storage Security) as well as several “Trustworthy Computing 101” sessions, (e.g., CyLab’s Bryan Parno on Bootstrapping Trust 101”).

Here are some glimpses into the compelling content of TIW 2010:

Notes on TIW 2010: Hands On, Practical Lab Exploring Roots of Dynamic Trust, Spirited Research Workshop on "Chains of Trust & Dynamic Measurement"

Notes on TIW 2010: Q & A with Boris Balacheff of HP Labs & Ron Perez of AMD Articulate the TIW Vision

Notes on TIW 2010: CyLab Director Virgil Gligor Issues "A Challenge for Trustworthy Computing"

Notes on TIW 2010: CyLab's Bryan Parno on Bootstrapping Trust 101

NOTE: We will be posting video from several TIW 2010 sessions to CyBlog, so stay tuned.

Notes on TIW 2010: Hands On, Practical Lab Exploring "Roots of Dynamic Trust," Spirited Research Workshop on "Chains of Trust & Dynamic Measurement"

From left to right: Adrian Perrig, Markus Jakobsson, Yanlin Li and Jonathan McCune


Notes on TIW 2010: Hands On, Practical Lab Exploring "Roots of Dynamic Trust," Spirited Research Workshop on "Chains of Trust & Dynamic Measurement"

By Richard Power


Much of what is most meaningful at TIW takes place beyond the one-dimensional surface of PowerPoint presentations, and outside the limited model of an active speaker and an audience of passive attendees, who are allowed five or ten minutes for Q and A at the end of the session.

Instead, TIW emphasizes practical, hands-on labs and engaging, in-depth research workshops. The labs provide an invaluable opportunity to immerse oneself in not only the lore but the experience of utilizing real-world tools and performing actual tasks. The research workshops encourage lively debate and the free exchange of ideas and insights

For example, in the "Roots of Dynamic Trust" Lab, led by CyLab's Jonathan McCune, TIW participants were provided with instructions on how to enable TX in BIOS, invoke a Flicker session, understand the PCR contents and reconstruct the PCR values, using either one of the HP EliteBook 8530p laptops supplied for the Lab sessions, or if they preferred their own laptops.

McCune also led two Research Workshops, one on "Chains of Trust & Dynamic Measurements" (with Adrian Perrig) and the other on "Toward Practical Attestation."

In "Chains of Trust & Dynamic Measurements," Perrig and McCune offered some insights on "Software-Based Attestation: History, Constructions, Applications, and Current State of Research."

The goal of Software-Based Attestation, as Perrig articulated it in his presentation, is to achieve a dynamic root of trust without hardware support.

McCune elaborated.

"What is the problem we are trying to solve here? Let's take it from the perspective of a user, interacting with a laptop. You ask the question, "Is my computer secure?" When you type in a web site address, and it loads, it is difficult to know with certainty that you are not interacting with some spoofed, or root-kitted, or maliciously virtualized platform that just happens to look like your intended platform. Ultimately, what we would like to achieve is to get a concrete answer, "Yes, my computer is doing what it was intended to be doing.

"So an interesting mechanism that can enable these types of properties is something called a dynamic root of trust. It has been added to some hardware platforms from AMD and Intel over the last few years, and it is realized as a CPU instruction, and it validates the fact that these are complex instruction set computers. But it is intended to create a secure execution environment and enable the bootstrapping of a trustworthy execution environment; a lot of the documentation will suggest that you might load a virtual machine monitor, but really it is fairly unconstrained.

"This instruction does all of these operations atomically, and this is atomically from the perspective of executing software ... We have already heard about the Trusted Platform Module (TPM), and the Platform Configuration Registers (PCR), and their abilities to store measurements of software.

"But we have talked about these measurements as a chain, a long chain beginning at some point in the boot process. But what we are actually going to be able to do with the dynamic root of trust is re-set a select sub-set of the Platform Configuration Registers, and we are going to re-set these to indicate that this special event has taken place, that we have somehow changed the state of the processor in a way that tells us something about the security of the system ..."

In his presentation, Perrig enumerated the "exciting properties" of software-based attestation:

Attestation on legacy systems

Attestation without secrets!

Already applicable in many environments


He also highlighted some open research challenges:

Architecture-independent verification function

Provable properties

High time difference between attack and legitimate function


Next, CyLab's Yanlin Li spoke on "SBAP: Software-Based Attestation for Peripherals,"

After Li, Markus Jakobsson of FatSkunk spoke on "Practical and Provably Secure Software-Based Attestation" for the mobile environment.

Using these three presentations as a starting point, Perrig, McCune, Li and Jakobsson were joined by CyLab Director Virgil Gligor to interact with TIW participants in a rousing dialogue on wide range of issues in Trustworthy Computing in general, and the subject matter of the presentations in particular.

NOTE: We will be posting video from this and a few other TIW 2010 sessions to CyBlog, so stay tuned.

Notes on TIW 2010: Q & A with Boris Balacheff of HP Labs & Ron Perez of AMD Articulate the TIW Vision


Notes on TIW 2010: Q & A with Boris Balacheff of HP Labs & Ron Perez of AMD Articulate the TIW Vision

By Richard Power


What do you see as the purpose and significance of TIW?

Ron Perez, AMD: “Cybersecurity education is increasingly recognized as a critical requirement at every level of the public and private sector. You have to look no further than the White House and its Comprehensive National Cybersecurity Initiative, which calls for expanded cybersecurity education. The focus of TIW is on education, cybersecurity education. We explore and introduce students and participants from both industry and government to the existing body of research and solution building blocks in the trusted infrastructure space, as well as the significant challenges that remain to be solved. The goal is of course is to spread knowledge and encourage further research and development in this very important area which includes everything from securing your personal computing devices all the way to securing the critical infrastructure which provides services to billions of people and is increasingly the foundation on which national economies depend. The significance of this event will ultimately be measured in the reliability and resiliency of our information technology infrastructure, and our ability to use technology to serve our needs and make our lives better and safer.”

Boris Balacheff, HP Labs: "The Trusted Infrastructure Workshop (TIW) is intended as an open collaboration, education and innovation platform to bring together researchers and expert technologists from across industry, academia, and government alike. Research in Trusted Infrastructure is key to addressing today's need for information system security that we can trust in a global connected world. But one major challenge in this field lies in the interdisciplinary nature of the research involved to truly advance our ability to build secure, manageable and assured IT infrastructure solutions: from distributed systems to software engineering and software assurance, from hardware architectures to operating systems design, from information management to network design, from user studies to man-machine interface design, the field of trusted infrastructure research requires expertise from across the traditional computing community. It has been a very rich experience to found TIW with CyLab and other partners, and I am very excited to see it flourish. HP Labs Systems Security Lab is committed to rising to these challenges for trusted infrastructure innovation, and my involvement in founding the European Trusted Infrastructure summer school (ETISS - www.etiss.org), and now the TIW, reflect that commitment.”

How would you articulate the big issues that TIW 2010 addressed?

Perez: “Although we have been working in this problem space for decades, there remain many significant security related challenges to be addressed. The ability to establish trust in computers which you do not control and sometimes cannot even see is central to addressing many of these challenges. Whether it is having confidence in the security and privacy of data that is stored or processed in the cloud, the security and privacy of your own medical records and financial accounts, or securely interacting and conducting business with remote colleagues and businesses over the internet, establishing and maintaining trust that these systems are secure and perform only the functions for which they were designed is critical for continued progress and prosperity.”

Could you give me a brief description of the concept and format of the lab portions of the workshop?

Balacheff: “A challenge for TIW is to cater to multiple constituencies, and be attractive to both graduate students, researcher, and expert technologists. I think that TIW, like ETISS, are unique in the way that they offer a mix of research workshops, birds of a feather sessions, advanced lectures, as well as hands-on practical labs in a very focused week. Our goal is to support and bring together experts and newcomers in the different research domains whose collaboration are key to Trusted Infrastructure innovation. After five years of ETISS summer schools, and the second year of running the TIW workshop, I am excited to see the community come together and open collaboration in research develop between academia and industry around those events."

Perez: “TIW is designed to introduce participants to wide range of research and technologies encompassing the entire information technology space in a one week immersive setting. This includes exploration of security for the hardware and software stacks of common computing systems as well as the interaction of those systems in a distributed environment. We include lectures from leading researchers and technologists in various fields including secure hardware, storage, networking, operating systems, virtualization and cloud computing. We conduct laboratory exercises with existing technology building blocks, designed to give participants hands-on experience with existing technologies. We also have several sessions set aside to discuss challenges and promising research in a format that includes short presentations and interactive panel discussions designed to stimulate the workshop participants and encourage them to explore on their own after the workshop. And finally, we provide an environment where students from over twenty five different educational institutions can meet, get to know, and exchange ideas with each other as well as with many others from various companies and government agencies. It is our hope that the networks and relationships formed or started at TIW will result in innovative breakthroughs down the road.

What do you think is/are the most important take-away(s)from this workshop?

Perez: There are many important take-aways from this workshop, so it's difficult to identify the most important. For example, it's important that the students and other participants know that industry and government care about research and development that advances progress in this very critical area. It's important that they understand the bigger picture and how their own interests and research fits into the overall goals. It's important for them to know that the research opportunity space is large and growing, and there is plenty of room for them to make a significant difference and have positive impact on the current state. And it's important for them to know about the existing body of knowledge so that their own research leverages the work of others that came before them and they don't have to spend valuable time and effort re-inventing the wheel or discovering principles that are already well understood by other communities.”

Notes on TIW 2010: CyLab Director Virgil Gligor Issues "A Challenge for Trustworthy Computing"



TIW 2010: CyLab Director Virgil Gligor Issues "A Challenge for Trustworthy Computing"

By Richard Power


After the Trustworthy Computing 101 sessions were concluded, CyLab Director Virgil Gligor led off the main body of TIW 2010, with a provocative talk, offering personal perspectives and insights, based on work done in collaboration with Jonathan McCune, Bryan Parno, Adrian Perrig, Amit Vasudevan and Z. Zhou.

Gligor's compelling remarks were organized around four themes:

Axioms of (in)Security

Axioms Human-Usable Security

(Ir)relevancy of Fashionable Security Architecture

Relevancy: A Challenge for Trustworthy Computing


Here are a couple of excerpts:

Axioms of (in)Security

"There will always be bugs and operator errors that will lead to security vulnerabilities; and these bugs and operator errors will be taken advantage of by adversaries who are always willing to exploit the vulnerabilities caused by these bugs. So we will live with adversaries forever.
(By the way, I put 'axioms' in quotes; these are observations, of course, but I expect them to be true for a long time, so when I say 'always,' I mean fifteen plus years.)
There will always be rapid innovation in information technology, and what this means it that there will be rapid change, as we have witnessed already, in the boundaries of the trusted computing base, however that is defined. The immediate implication is that unless we do something about it, we will have a high degree of uncertainty of assurances in the trusted base. Unless we really architect systems differently, this is going to be with us.
The next implication of this rapid innovation is that operating systems and applications will compromise components of diverse provenance; which means at best, we will have non-uniform security assurances, because different components are going to be provided by different suppliers, using different assurance techniques, possibly non-uniform and even non-compatible with each other.
Also, there will be more attack surfaces. If you build applications out of different components, well, the components that are on the interior of an application will still have an interface, which might be discovered by an outside adversary ... So we are not just talking about a single application interface, but multiple interfaces, including interfaces of the components used in the applications.
"Finally, there will always be large, complex systems in which security is not fully understood by most users. To quote Butler Lampson, in different context, in software,'only the giants survive.' In other words, what you see now, in terms of giants, you will see in the future as well; it may be different giants, but they will be giants nevertheless."

Relevancy: A Challenge for Trustworthy Computing

“I would like to issue a challenge for Trustworthy Computing, namely, relevance; that is, relevance to practice. In particular, I emphasize two things: first, the trustworthy computing base has to be immutable, i.e., it has to be as stable as the hardware itself, in order to make a difference in practice; and second, that all the security properties of the trusted base have to be understandable to human users, not just to developers. Without these two things, Trustworthy Computing will see much of the same fate as Trustworthy Computing has seen for roughly last thirty years, it won’t be usable.”

NOTE: We will be posting video from this and other CyLab's contributions to the TIW 2010 program to CyBlog, so stay tuned.

Notes on TIW 2010: CyLab's Bryan Parno on Bootstrapping Trust 101


TIW 2010: CyLab's Bryan Parno on Bootstrapping Trust 101

By Richard Power


CyLab’s Bryan Parno spoke on Bootstrapping Trust 101, from a paper written with Adrian Perrig and Jon McCune.

In our increasingly mobile and global computing environment, Parno explained, bootstrapping trust is both necessary and difficult; Parno also identified three challenges in endeavoring to bootstrap trust: hardware assurance, ephemeral software and user interaction.

“Hardware is durable, but can we do better?” “We care about the software currently in control.

Many properties matter. But which property matters most?”

Human factors include: “How can the user trust the device? How should attestation be communicated to the user? What does a user do with failed attestation?”

To illustrate some of the issues involved in bootstrapping trust, Parno suggested a “simple thought experiment.”

“Let’s imagine that tomorrow, one of you develops the perfect algorithm for determining control flow. So any program, you could output yes or no whether or not this program reflects its control flow, or ever deviates from what you intended it to do. And the question is, ‘Is that enough to bootstrap trust?’ Can we use that magic program to decide if we want to trust a particular computer? I would argue that the answer is “No,” because all that does is takes the entire space of programs divides them into a smaller subset, and this smaller subset is of those programs who respect the control flow. And so all we learn from the algorithm is that the program we are about to give our information to falls somewhere within the subset. The problem is that there are good programs that respect the control flow, and there are some good programs that don’t respect the control flow (i.e., that are badly designed). There are also malicious programs that are badly designed, and but there are also some that are well designed. I have downloaded some malware examples that compile better than some open source products that are available. Just the fact that it is designed well does not tell us what it is intended to do …

So what you actually care about is the identity of the particular piece of code that you are running, not one of these higher level properties, like type safety or control flow. Those properties are nice, but what you really care about is which particular program you are running.

What do we mean by ‘code identity’? Some high level attempt to capture this particular program, and differentiate it from all other possible programs. State of the art trust combines a number of factors: the binary you are actually going to run, maybe libraries that it loads … and then we also care about any configuration files or inputs it was given when it first started, because that two can influence its behavior … all this information is condensed down into a hash, so you take something like SHA-1 and run it over all of this information, and you end up with one nice value that you can use to represent this particular program.

How can we use code identity as a trust foundation? Well, given that you know what program is going to run, because you have been given its binaries and its inputs, you may be able to compute some of these additional properties. So you can run that magic algorithm and decide if control flow is respected, you can run a type checker and decide is this type safe. And so, just knowing code identity, you can infer all of these other properties, where as I argued earlier, you can’t go the other way.

What can this do for you, at a high level? Well, there have been a number of applications … from a research perspective, there have been techniques to secure the boot process of your computer, so as your computer boots up you can check the identity of piece of code and make sure that it is the correct one, so you will never use unintended code, there is also work concerning trusted third parties; a lot of protocols require the trust of third parties so that two individuals can exchange secrets and other information, and with the ability to know what code is running, you can have sort of a stronger notion of trust, rather than trusting, let’s say Verisign or Microsoft, you check the code and say, ‘OK, this is the code they are supposed to be running, we can trust them to perform whatever task …”

Parno went on to explore how to establish code identity, how to use it as a basis for secure booting, how to record code identity, and how to attest and interpret. He also examined load-time versus run-time properties, and other issues.
In conclusion, Parno asserted that code identity is critical to bootstrapping trust, that there are assorted roots of trust available, and that many open questions remain.