Saturday, June 12, 2010

Notes on TIW 2010: Hands On, Practical Lab Exploring "Roots of Dynamic Trust," Spirited Research Workshop on "Chains of Trust & Dynamic Measurement"

From left to right: Adrian Perrig, Markus Jakobsson, Yanlin Li and Jonathan McCune

Notes on TIW 2010: Hands On, Practical Lab Exploring "Roots of Dynamic Trust," Spirited Research Workshop on "Chains of Trust & Dynamic Measurement"

By Richard Power

Much of what is most meaningful at TIW takes place beyond the one-dimensional surface of PowerPoint presentations, and outside the limited model of an active speaker and an audience of passive attendees, who are allowed five or ten minutes for Q and A at the end of the session.

Instead, TIW emphasizes practical, hands-on labs and engaging, in-depth research workshops. The labs provide an invaluable opportunity to immerse oneself in not only the lore but the experience of utilizing real-world tools and performing actual tasks. The research workshops encourage lively debate and the free exchange of ideas and insights

For example, in the "Roots of Dynamic Trust" Lab, led by CyLab's Jonathan McCune, TIW participants were provided with instructions on how to enable TX in BIOS, invoke a Flicker session, understand the PCR contents and reconstruct the PCR values, using either one of the HP EliteBook 8530p laptops supplied for the Lab sessions, or if they preferred their own laptops.

McCune also led two Research Workshops, one on "Chains of Trust & Dynamic Measurements" (with Adrian Perrig) and the other on "Toward Practical Attestation."

In "Chains of Trust & Dynamic Measurements," Perrig and McCune offered some insights on "Software-Based Attestation: History, Constructions, Applications, and Current State of Research."

The goal of Software-Based Attestation, as Perrig articulated it in his presentation, is to achieve a dynamic root of trust without hardware support.

McCune elaborated.

"What is the problem we are trying to solve here? Let's take it from the perspective of a user, interacting with a laptop. You ask the question, "Is my computer secure?" When you type in a web site address, and it loads, it is difficult to know with certainty that you are not interacting with some spoofed, or root-kitted, or maliciously virtualized platform that just happens to look like your intended platform. Ultimately, what we would like to achieve is to get a concrete answer, "Yes, my computer is doing what it was intended to be doing.

"So an interesting mechanism that can enable these types of properties is something called a dynamic root of trust. It has been added to some hardware platforms from AMD and Intel over the last few years, and it is realized as a CPU instruction, and it validates the fact that these are complex instruction set computers. But it is intended to create a secure execution environment and enable the bootstrapping of a trustworthy execution environment; a lot of the documentation will suggest that you might load a virtual machine monitor, but really it is fairly unconstrained.

"This instruction does all of these operations atomically, and this is atomically from the perspective of executing software ... We have already heard about the Trusted Platform Module (TPM), and the Platform Configuration Registers (PCR), and their abilities to store measurements of software.

"But we have talked about these measurements as a chain, a long chain beginning at some point in the boot process. But what we are actually going to be able to do with the dynamic root of trust is re-set a select sub-set of the Platform Configuration Registers, and we are going to re-set these to indicate that this special event has taken place, that we have somehow changed the state of the processor in a way that tells us something about the security of the system ..."

In his presentation, Perrig enumerated the "exciting properties" of software-based attestation:

Attestation on legacy systems

Attestation without secrets!

Already applicable in many environments

He also highlighted some open research challenges:

Architecture-independent verification function

Provable properties

High time difference between attack and legitimate function

Next, CyLab's Yanlin Li spoke on "SBAP: Software-Based Attestation for Peripherals,"

After Li, Markus Jakobsson of FatSkunk spoke on "Practical and Provably Secure Software-Based Attestation" for the mobile environment.

Using these three presentations as a starting point, Perrig, McCune, Li and Jakobsson were joined by CyLab Director Virgil Gligor to interact with TIW participants in a rousing dialogue on wide range of issues in Trustworthy Computing in general, and the subject matter of the presentations in particular.

NOTE: We will be posting video from this and a few other TIW 2010 sessions to CyBlog, so stay tuned.