11 research outputs found
Master of Science
thesisHealthcare organizations heavily rely on networked applications. Many applications used in healthcare settings have different security, privacy, and regulatory requirements. At the same time, users may use their devices with medical applications for non-medical-related purposes. Running arbitrary applications on the same device may affect the healthcare applications in a way that violates their requirements. The ability of using the same device for multiple purposes in an enterprise network presents a challenge to healthcare IT operations. To allow the users to use the same device for both medical and non-medical-related purposes while meeting the set of requirements for medical applications, we present the design and implementation of the SeaCat, an SDN End-to-end Application Containment ArchitecTure, and evaluate the system in a testbed environment. SeaCat has two major components. First is the container technology used in the client device to securely isolate any application. Second is the software-defined networking (SDN) that provides isolated secure network resource access for each application
Practical assessment of Biba integrity for TCG-enabled platforms
Checking the integrity of an application is necessary to determine if the latter will behave as expected.
The method defined by the Trusted Computing Group consists in evaluating the fingerprints of the platform hardware and software components required for the proper functioning of the application to be assessed.
However, this only ensures that a process was working correctly at load-time but not for its whole life-cycle.
Policy-Reduced Integrity Measurement Architecture (PRIMA) addresses this problem by enforcing a security policy that denies information flows from potentially malicious processes to an application target of the evaluation and its dependencies (requirement introduced by CW-Lite, an evolution of the Biba integrity model).
Given the difficulty of deploying PRIMA (as platform administrators have to tune their security policies to satisfy the CW-Lite requirements) we propose in this paper Enhanced IMA, an extended version of the Integrity Measurement Architecture (IMA) that, unlike PRIMA, works almost out of the box and just reports information flows instead of
enforcing them.
In addition, we introduce a model to evaluate the information reported by Enhanced IMA with existing technique
Reactive attestation : automatic detection and reaction to software tampering attacks
Anti-tampering is a form of software protection conceived to detect and avoid the execution of tampered programs. tamper detection assesses programs’ integrity with load- or execution-time checks. Avoidance reacts to tampered programs by stopping or rendering them unusable. General purpose reactions (such as halting the execution)
stand out like a lighthouse in the code and are quite easy to defeat by an attacker. More sophisticated reactions, which degrade the user experience or the quality of service, are less easy to locate and remove but are too tangled with the program’s business logic, and are thus difficult to automate by a general purpose protection tool. In the present paper, we propose a novel approach to antitampering that (i) fully automatically applies to a target program, (ii) uses Remote Attestation for detection purposes and (iii) adopts a server-side reaction that is difficult to block by an attacker. By
means of Client/Server Code Splitting, a crucial part of the program is removed from the client and executed on a remote trusted server in sync with the client. If a client program provides evidences of its integrity, the part moved to the server is executed. Otherwise, a server-side reaction logic may (temporarily or definitely) decide to stop serving it. Therefore, a tampered client application can not continue its execution. We assessed our automatic protection tool
on a case study Android application. Experimental results show that all the original and tampered executions are correctly detected, reactions are promptly applied, and execution overhead is on an acceptable level
Blockchain-Based Services Implemented in a Microservices Architecture Using a Trusted Platform Module Applied to Electric Vehicle Charging Stations
Microservice architectures exploit container-based virtualized services, which rarely use
hardware-based cryptography. A trusted platform module (TPM) offers a hardware root for trust
in services that makes use of cryptographic operations. The virtualization of this hardware module
offers high usability for other types of service that require TPM functionalities. This paper proposes
the design of TPM virtualization in a container. To ensure integrity, different mechanisms, such as
attestation and sealing, have been developed for the binaries and libraries stored in the container
volumes. Through a REST API, the container offers the functionalities of a TPM, such as key
generation and signing. To prevent unauthorized access to the container, this article proposes an
authentication mechanism based on tokens issued by the Cognito Amazon Web Service. As a proof
of concept and applicability in industry, a use case for electric vehicle charging stations using a
microservice-based architecture is proposed. Using the EOS.IO blockchain to maintain a copy of
the data, the virtualized TPM microservice provides the cryptographic operations necessary for
blockchain transactions. Through a two-factor authentication mechanism, users can access the data.
This scenario shows the potential of using blockchain technologies in microservice-based architectures,
where microservices such as the virtualized TPM fill a security gap in these architectures.Infineon TechnologiesProgram “Digitalisierung der EnergiewendeBundesministeriums für
Wirtschaft und EnergieTrusted Blockchains fur das offene, intelligente
Energienetz der Zukunft (tbiEnergy)FKZ 03EI6029DEuropean Health and Digital Executive Agency (HaDEA) program under Grant
Agreement No 101092950 (EDGELESS project)FEDER/Junta de
Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades under
Project B-TIC-588-UGR20
Remote Attestation on Function Execution
Singapore Management Universit
On Trustworthiness of CPU Usage Metering and Accounting
Abstract—In the envisaged utility computing paradigm, a user taps a service provider’s computing resources to accom-plish her tasks, without deploying the needed hardware and software in her own IT infrastructure. To make the service profitable, the service provider charges the user based on the resources consumed. A commonly billed resource is CPU usage. A key factor to ensure the success of such a business model is the trustworthiness of the resource metering scheme. In this paper, we provide a systematic study on the trustworthiness of CPU usage metering. Our results show that the metering schemes in commodity operating systems should not be used in utility computing. A dishonest server can run various attacks to cheat the users. Many of the attacks are surprisingly simple and do not even require high privileges or sophisticated techniques. To demonstrate that, we experiment with several types of attacks on Linux and show their adversarial effects. We also suggest that source integrity, execution integrity and fine-grained metering are the necessary properties for a trustworthy metering scheme in utility computing. Keywords-CPU time metering; attack; utility computing I
Behavior Compliance Control for More Trustworthy Computation Outsourcing
Computation outsourcing has become a hot topic in both academic research and industry.
This is because of the benefits accompanied with outsourcing, such as cost reduction,
focusing on core businesses and possibility for benefiting from modern payment
models like the pay-per-use model.
Unfortunately, outsourcing to potentially untrusted third parties' hosting
platforms requires a lot of trust. Clients need assurance that the intended
code was loaded and executed, and that the application behaves correctly and
trustworthy at runtime. That is, techniques from Trusted Computing which
are used to allow issuing evidence about the execution of binaries and reporting it
to a challenger are not sufficient. Challengers are more interested
in evidence which allows detecting misbehavior while the outsourced
computation is running on the hosting platform.
Another challenging issue is providing a secure data storage for collected
evidence information. Such a secure data storage is provided by
the Trusted Platform Module (TPM). In outsourcing scenarios where
virtualizations technologies are applied, the use of virtual TPMs (vTPMs)
comes into consideration. However, researcher identified some drawbacks
and limitations of the use of TPMs. These problems include privacy and maintainability
issues, problems with the sealing functionality and the high communication
and management efforts. On the other hand, virtualizing TPMs, especially virutalizing the Platform
Configuration Registers (PCRs), strikes against one of the core principles of
Trusted Computing, namely the need for a hardware-based secure storage.
In this thesis, we propose different approaches and architectures which
can be used to mitigate the problems above. In particular, in the first
part of our thesis we propose an approach called Behavior Compliance
Control (BCC) to defines architectures to describe how the behavior of
such outsourced computations is captured and controlled as well as how to
judge the compliance of it compared to a trusted behavior model. We present
approaches for two abstraction levels; one on a program code level and the
other is on the level of abstract executable business processes.
In the second part of this thesis, we propose approaches to solve
the aforementioned problems related to TPMs and vTPMs, which are used
as storage for evidence data collected as assurance for behavior compliance. In particular,
we recognized that the use of the SHA-1 hash to measure system components requires
maintenance of a large set of hashes of presumably trustworthy
software; furthermore, during attestation, the full configuration of the
platform is revealed. Thus, our approach shows how the use of chameleon hashes allows
to mitigate the impact of these two problems. To increase the security of vTPM,
we show in another approach how strength of hardware-based security can be gained in
virtual PCRs by binding them to their corresponding hardware PCRs. We propose two approaches
for such a binding. For this purpose, the first variant uses binary hash trees, whereas the other
variant uses incremental hashing.
We further provide implementations of the proposed approach and evaluate
their impact in practice. Furthermore, we empirically evaluate the
relative efficacy of the different behavioral abstractions of BCC that we define
based on different real world applications. In particular, we examined
the feasibility, the effectiveness, the scalability and efficiency of the
approach. To this end, we chose two kinds of applications, a web-based
and a desktop application, performing different attacks on them, such
as malicious input attach and SQL injection attack. The results show
that such attacks can be detected so that the application of our approach
can increase the protection against them
Enabling Usable and Performant Trusted Execution
A plethora of major security incidents---in which personal identifiers belonging to hundreds of millions of users were stolen---demonstrate the importance of improving the security of cloud systems. To increase security in the cloud environment, where resource sharing is the norm, we need to rethink existing approaches from the ground-up. This thesis analyzes the feasibility and security of trusted execution technologies as the cornerstone of secure software systems, to better protect users' data and privacy.
Trusted Execution Environments (TEE), such as Intel SGX, has the potential to minimize the Trusted Computing Base (TCB), but they also introduce many challenges for adoption. Among these challenges are TEE's significant impact on applications' performance and non-trivial effort required to migrate legacy systems to run on these secure execution technologies. Other challenges include managing a trustworthy state across a distributed system and ensuring these individual machines are resilient to micro-architectural attacks.
In this thesis, I first characterize the performance bottlenecks imposed by SGX and suggest optimization strategies. I then address two main adoption challenges for existing applications: managing permissions across a distributed system and scaling the SGX's mechanism for proving authenticity and integrity.
I then analyze the resilience of trusted execution technologies to speculative execution, micro-architectural attacks, which put cloud infrastructure at risk. This analysis revealed a devastating security flaw in Intel's processors which is known as Foreshadow/L1TF. Finally, I propose a new architectural design for out-of-order processors which defeats all known speculative execution attacks.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/155139/1/oweisse_1.pd