A Secure and Reliable Bootstrap Architecture - AEGIS William A. Arbaugh David J. Farber Jonathan M. Smith Presented by Vytautas Valancius Claims Assumptions • Secure bootstrap will • BIOS is not work on commodity compromised hardware • There is signature for • Failed software will be every component in a restored system • Boot process is • Every component is guaranteed to end up able to check its in secure state children • There is connectivity to trusted network host Secure Boot Process Applications • Level 0 is trusted Level 5 • Level n checks Level OS Level 4 n+1 • Level n needs to store Boot Block Level 3 hashes for Level n+1 Expanssion Expanssion ROMs • Level n does not ROMs Level 2 check Level n-1! BIOS2 Level 1 AEGIS ROM + BIOS Level 0 Processor Reset Vector Flaws (or Features?) • Level n does not check Level n-1 – User trusts the hardware but how about OS? • Why asymmetric keys are not used? • How do we manage hashes? – How do we make such management secure? • How do we make network recovery secure? • Where do we go next? Trusted Computing Platform • Explored by Michael a week ago • PKI has taken a tangible role • Level n checks Level n-1 • Uses: – Sealing, Binding • Windows Vista Bitlocker, Linux Enforcer – Remote Attestation • Microsoft Next-Generation Secure Computing Base Trusted Computing • Possible uses: – MS Office can encrypt your files • So that only trusted software can open them – Data sent by you is read only by trusted entities • Or entities that your employer trusts – Content can be revoked • Injunctions can be easily enforced – Sure, movies can be sold securely online Discussion TPM • What are the possible use of TPM? • What uses are dangerous and what can we do about them? • What should be management interfaces to TPM? • How do we ensure freedom of choice? Discussion -AEGIS • Where are the public/private keys gone? • Can OS be sure it was booted securely? • How do we manage hashes? • How do we know hash management is secure? • What if software has a bug? Can we exploit it automatically every time we load system? • Do you like recovery without user intervention?
Pages to are hidden for
"A Secure and Reliable Bootstrap Architecture - AEGIS"Please download to view full document