Download Lakshmi Nannapaneni`s presentation on Patterns for Secure Boot

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
Document related concepts

Cryptography wikipedia , lookup

Central pattern generator wikipedia , lookup

Quantum key distribution wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Computer security wikipedia , lookup

Theoretical computer science wikipedia , lookup

Trusted Computing wikipedia , lookup

Pattern recognition wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Pattern language wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

3-D Secure wikipedia , lookup

Transcript 
Patterns for Secure Boot
and Secure Storage in
Computer Systems
By:
Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy
Horst G¨ortz Institute for IT Security, Ruhr-University Bochum,
Germany
•
•
•
•
•
Introduction
Trusted Computing
Trusted Computing also Includes: System state integrity and the
secure link
In this paper, security patterns was introduced for secure boot and
for secure storage.
Secure boot is at the heart.
It ensures that the integrity of software is verified before accessing
stored data.
Introduction (Contd..)
•
•
•
•
We present the patterns underlying two fundamental TC
concepts: Secure boot and Secure storage.
Secure boot :software that violates the integrity properties
cannot be loaded.
A variant of this pattern, termed Authenticated boot.
Secure storage is a crucial application-level requirement in many
scenarios.
SECURE BOOT PATTERN
Intent:
How to ensure that violations of integrity
properties of the software stack.
Example:
How can the user be sure that the system
software is in the intended operational state?
Context: On conventional platforms, software can be
manipulated or exchanged.
SECURE BOOT PATTERN
Problem:
Before applications can be used on a computer system,
the system has to be bootstrapped.
•
•
•
The bootloader loads the operating system kernel, and
the operating system kernel loads system services,
device drivers, and other applications.
At any stage of the bootstrap process, software
components could have been exchanged or modified by
another user or by malicious software that has been
executed before.
SECURE BOOT PATTERN
•
The following forces have to be resolved:
You want to ensure the integrity of the loaded
software on the system.
You want the computer system to always boot in a
welldefined secure state.
You want to allow modifications of the operating
system or application binaries.
SECURE BOOT PATTERN
Solution:
•
•
Every stage is responsible for checking the integrity of
the next stage.
Integrity checking can be performed in different ways
comparing hash values
verifying digital signatures.
SECURE BOOT PATTERN
SECURE BOOT PATTERN
Figure 1. Elements of the Secure Boot pattern.
SECURE BOOT PATTERN
Known Uses:
AEGIS
The Cell Broadband Engine processor
Consequences:
Example Resolved:
Related Patterns:
Boot Loader
Authenticator
•
•
•
•
SECURE STORAGE PATTERN
Intent:
Secure storage provides confidentiality and
integrity for stored data, and additionally enforces
access restrictions on entities that want to access data.
Example: Consider the problem of storing passwords
(e.g., for webservices) securely on a computer.
Context: You need to provide storage that protects the
confidentiality and integrity of stored data.
SECURE STORAGE PATTERN
Problem:
•
Cryptographic techniques exist to
confidentiality and integrity of data.
protect
the
The following forces have to be resolved:
confidentiality and integrity ofdata
secret cryptographic keys
modifications of the operating system or application
binaries
•
•
•
SECURE STORAGE PATTERN
Solution:
•
•
Root Key
Root Key and Root Key Control are both protected by
trusted hardware
SECURE STORAGE PATTERN
Structure:
Figure 2. Elements of the Secure Storage pattern.
SECURE STORAGE PATTERN
Known Uses:
•
The Cell processor features storage that can only be
accessed when the processor is in a “secure state”.
Example Resolved:
Consequences:
•
•
Only software where the integrity verification
succeeded can access the protected data.
Data can be stored on a system, such that it can be
accessed only when the authorized operating system
and software has been started.
SECURE STORAGE PATTERN
Related Patterns:
•
•
•
Secure Storage requires Secure Boot to protect the
integrity verification data
Secure Storage also requires Controlled Virtual Address
Space
Information Obscurity
CONCLUSION
•
Secure boot
•
Secure storage
•
Variety of
requirements
patterns
based
on
implementation
Related documents
Operating Systems Questions
Operating Systems Questions
Operating- System Structures
Operating- System Structures
2.0 Basic OS Concept Management Types of Interfaces
2.0 Basic OS Concept Management Types of Interfaces
2.1 Input Output Control System
2.1 Input Output Control System
Network Management Session 1 Network Basics
Network Management Session 1 Network Basics
Chapter 3 Review
Chapter 3 Review
Guidance for Market Operators
Guidance for Market Operators
Operating Systems CIS 250
Operating Systems CIS 250
Benefits of Memristor
Benefits of Memristor
THE BOOT PROCESS The Forensic Services Group 1.) Initiates
THE BOOT PROCESS The Forensic Services Group 1.) Initiates
Document
Document
Operating Systems
Operating Systems
Exam 1 Study Guide
Exam 1 Study Guide
OOS Chapter 8
OOS Chapter 8
Computer Platforms
Computer Platforms
Lecture10c,Boot,process
Lecture10c,Boot,process
The Boot Process
The Boot Process
wash sale - McGraw Hill Higher Education
wash sale - McGraw Hill Higher Education
Linux+ Guide to Linux Certification Chapter Nine System Initialization
Linux+ Guide to Linux Certification Chapter Nine System Initialization
Forensics Book 2: Investigating Hard Disk and File and Operating
Forensics Book 2: Investigating Hard Disk and File and Operating
Prestaging Client Computers
Prestaging Client Computers
Ignite-UX Administration Guide
Ignite-UX Administration Guide