Computer Security at the Low, Hardware/Process/Memory Level Nicolas T. Courtois - University College London

Computer Security at the Low,

Hardware/Process/Memory Level

Nicolas T. Courtois - University College London

Reading

Nicolas T. Courtois, January 20092

Home reading

Sections 6.3. – 6.5.

CompSec COMPGA01

Nicolas T. Courtois, updated 20113

Where Does Computer Security Come From?

CompSec COMPGA01


More PreciselySome Things You Wanted to Know but Were Afraid To

Ask…

CompSec COMPGA01


Do You Know…Q1.Can in Windows/Linux a process run by an

administrator access the system/kernel memory?

Q2. Why do we must press Ctrl+Alt+Del when we log to a

PC under many versions of Windows?

Q3. Why more than half of large banks in London bought

PCs with a pre-installed hardware Rootkit?

CompSec COMPGA01


PC Software Security:

bound to be bad?

CompSec COMPGA01


Bottom LineCan we rely on obscurity?• only for very limited time, few months.

Software can hardly be protected by software.• TRUE.

=> some hardware mechanisms are needed.

CompSec COMPGA01


Remark:Some industries historically cared MUCH MORE about user’s security than

the Wintel guys…

See Applied Cryptography (COMPGA12) module.

Examples: SIM cards, bank cards, building access cards, etc…

CompSec COMPGA01


Key RemarkSoftware CANNOT be protected by software.

CompSec COMPGA01


Bottom Line – Not So BadWe don’t need to have a dedicated certified tamper-

proof hardware module for everything we want to do on a PC…

Good News:

Actually software can be protected by software with a little bit of hardware support…

=> this is the objective of today’s lecture.

CompSec COMPGA01


Taxonomy of Threats to Software and OS

CompSec COMPGA01


Taxonomy of Software Threats [Microsoft]Spoofing = pretending to be someone else

Tampering = altering data or settings

Repudiation = user denies it was him that did of didn’t do sth.

Information disclosure = leak of personal information

Denial of service = preventing normal operation

Elevation of privilege = e.g. gaining the powers of root

• Remark: to know this by heart will NOT be on the Remark: to know this by heart will NOT be on the exam, hard to remember, even for meexam, hard to remember, even for me

CompSec COMPGA01


Impact of Software Threats [Microsoft]Damage potential - $$$ lost

Reproducibility of the threat (hardness)

Exploitability = expertise and resources needed for attack

Affected Users = how many users

Discoverability = is attack likely to be detected?

CompSec COMPGA01


Overview

CompSec COMPGA01


HistoryPCs are open source platform based on a set of industry-wide standards.

=> Only very recently there is an evolution towards more closed source, and more fragmentation (competing standards)

1981. Designed by a team of 12 people.

Key decisions they took: • Build the machine with "off-the-shelf" parts from a variety of different

OEMs. Previously IBM had developed their own components. • An open architecture so that other manufacturers could produce and

sell compatible machines.

Businesses liked this: no lock-in. They bought PCs. They knew that they They knew that they wouldn’t be a slave of one vendor selling replacement parts.wouldn’t be a slave of one vendor selling replacement parts.

The DDOS was developed by a small company without importance, Microsoft... IBM never made any substantial profits…

Reading

Nicolas T. Courtois, January 200916

Home Reading

pages 1-12:

short history of Computer Security

CompSec COMPGA01


Standard PC

except it never except it never was multi-user was multi-user

CompSec COMPGA01


Bottom LineHardware security is better than software.

Actually software-only security will never exist without some hardware that helps it.

=> in the sense that it provides

some security functionality.

Example: memory protection.

A lot of cooperation and support on the OS side need to exist as well. 1. A security system that Microsoft with Intel wouldn’t embrace can

probably not exist. 2. As for Linux systems, they never got into the process of industrial

innovation. And never wanted to secure Hollywood studio movies…

CompSec COMPGA01


Least Privilege [or Limitation] Principle

Every “module” (such as a process, a user or a program) should be able to access only such information and resources

that are necessary to its legitimate purpose.

CompSec COMPGA01


Main Security Goals For the OS+Hardware

(Goal 0.)

Allowing reliable operation and business continuity.

Goal 1A.

Allowing multiple users securely share a computer.

Goal 1B.

Allowing multiple processes securely share a computer.

Goal 2.

Allow secure operation in a networked environment.

CompSec COMPGA01


Goal 1 – Means to Achieve It

Goal 1A+B.

Allowing multiple users / processes securely share a computer.

• memory protection (possibly memory encryption)• processor modes• authentication• file access control and (drive/file) encryption and auth.

• logging & auditing

CompSec COMPGA01


Goal 2 – Means to Achieve It

Goal 2.

Allow secure operation in a networked environment.

• authentication• encryption• resource access control• intrusion prevention, detection and recovery

• logging & auditing

secure channels: encrypted and authenticated

CompSec COMPGA01


Basic Hardware Mechanisms

CompSec COMPGA01


Memory Protection

CompSec COMPGA01


Memory Protection

Allows to implement memory access rights for processes.

• Goal: One process should not access other’s memory.

• Prerequisite: Operating system and user processes need to have different privileges

CompSec COMPGA01


1) Pre-history of Memory Protection

• Fence Register – (OS+1 program)

• Base + Bound – (OS + several programs)

OS

User

0

Fence

Problems:-multi-user-multi-tasking-flexibility-sharing

Program1

Shared

2 registers for each program

-flexibilitylater base+bound for each segment but still not good enough

-performance

Runtime checks by CPU

CompSec COMPGA01


*****Evolution on 1 Slide

1. Fence: Kernel vs. 1 user

2. Base+Bound registers for each program

3. Segments + rights rwx, each program different table

4. Segments + Paging

5. Paging only, rwx per page and per program Modern PCsaround 200X

OS

User

0

Fence

-multi-task-multi-user-flexibility-sharing

Program1

Shared

CompSec COMPGA01


Memory Protection History

• In Windows 9x, user processes COULD access system memory.

• Though CPUs would allow the separation… capacity not used!

• Used in:– Most UNIX and Linux systems– Mac OS X [2001]– Windows NT since NT3.1.– Windows XP [2001] and ever since.

CompSec COMPGA01


*OLD OUTDATED Memory Protection Methods

• Fence Register – (OS+1 program)

• Base + Bound – (OS + several programs)

• Base+Bound On Per Segment Basis– (enough flexibility

but not efficient and not scalable)

30

Fence Register @CPU

Operating System

User Program

0

n

n+1

Addresses

high

OK

XFence

Problems:-Flexibility-Sharing

CompSec COMPGA01


Base + Bound Registers

Operating System

User Program

A

User Program

B

basebound

A’s registers B’s registers

basebound

Shared

CompSec COMPGA01


1

Segments

Operating System

User Program

A

User Program

B

Fetch <1,7>

Error

>

<

n+8

Split address into two fields

– <seg, offset>

Each segment has a base & bound

Seg Base Bnd

0 a b

1 n+1 m

+

7

<>

n+8

CompSec COMPGA01


Segments: Sharing & Protection

Operating System

User Program

A

User Program

B

Seg Base Bnd Prot

0 a n rwx

1 n+1 m rw {Shared{ Seg Base Bnd Prot

0 m+1 high

rwx

1 n+1 m r

}

}

different table in each program

34

Working With Segments?

Q1: Are we inside the segment?Q2: Do we have the right to write?

– checked at runtime– costly checks at each memory access

And how do we manage all this?

35

Memory Management

Methods further evolved into having:– A hardware memory management unit (MMU) and

a lot of special circuits in the CPU and chipset.– A lot of support functions done by the OS.– A more abstract view where the

programmer and the compiler would see a simple linear address space. Will be achieved with paging…

CompSec COMPGA01


*Process Memory Layout

Stack

Grows toward low memory

Heap

Grows toward high memory

Text

• Text: loaded from exec code and read-only datasize fixed at size fixed at compilationcompilation

• Heap: runtime allocated objects, large (2 Gb)large (2 Gb)

• Stack: LIFO, holds function arguments and local variables, small size (256 K)small size (256 K)

0xC0000000

0x40000000

0x08048000

CompSec COMPGA01


Modern Memory Protection Methods

1. Segmentation: used until recently, no longer used

2. Paging: the dominant method in 2012

3. Capability-based addressing• the closest to “least-privilege” ideal.

But not used in Windows/Linux PCs.

CompSec COMPGA01


Capability Based Addressing

• Not used in commercial PCs

• In Java Virtual Machines• Also in CapROS (open source, US DARPA-funded successor of

the defunct Extremely Reliable Operating System, supports x86 and ARM)

• How does it work?• pointers are replaced by special objects called

capabilities• only the kernel and special authorized processes can

create these objects. • other programs can only use them.

CompSec COMPGA01


Mechanisms Used in Modern PCs

• Segmentation

• Paging

Work together, though totally independent.

Each could (only in theory) be disabled.

CompSec COMPGA01


Virtual Memory History

• This architecture exists since i386.

• Later CPUs added more performance and more complexity with legacy code compatibility etc…

CompSec COMPGA01


**Memory Segmentation1. Each memory address is a pair of (segment,

offset)2. The translation is done by a [paged] memory

management unit (MMU).

CompSec COMPGA01


Segmentation + Paging Combined• Before 200X segmentation + paging worked

together, e.g. Intel x32+early Windows XP

• However until very recently (even in say 2009) there was a big loophole in cheap commercial PCs: – no x protection at page level, only at segment level

CompSec COMPGA01


Segments - Security• Each segment had permissions R/W/X.• If the program uses pointer such that

– it would jump to a segment for which has no X right– it would read memory for which he has no R right– the offset is outside the allowed range, – all this is checked by the CPU at runtime

• with help of MMU = memory management unit

a HARDWARE exception 0xEh is raised will be handled by OS Kernel

CompSec COMPGA01


PagingVirtual Memory, typically 2,3 or 4 Gbytes

for a 32-bit process in Windows. Each block is mapped either– somewhere into memory – or there is a page fault (OS handles it)

– in the swap (security risk on its own!)– or not used.Some security: a page not previously used, can automatically generate a page fault error.

Paging is implemented in hardware+software (part of OS).Pages are typically 4K bytes.

Security: each block can be marked as protected. (Kernel/OS)

CompSec COMPGA01


Paging

CompSec COMPGA01


Basic Security:Linux: Kernel pages are never swapped to disk.

Windows: similar and more complex.

CompSec COMPGA01


General Protection Fault (GPF)It is a hardware mechanism! Exception 0xD.Occurs when the program does violate the CPU security rules

(they are VERY numerous). Examples:– using an instruction which can ONLY be used at ring 0 by the OS

Kernel…– accessing special types of registers and Descriptor Tables…– etc…

The OS is expected to catch it and close the process: XP: XXX has encountered a problem and needs to close.

We are sorry for the inconvenience. Vista/7: XXX has stopped working.

If not, if GPF occurs 3 times, (exception within exception handler routine) even the OS Kernel cannot recover from it.

=> Must reboot CPU and OS.

CompSec COMPGA01


Segmentation Fault a.k.a. Bus ErrorOne example program in C:char *s=“abcd”;*s=0;//change ‘a’ to ‘\0’This will cause segmentation fault,

both in Unix/Windowsbecause compilers allocate “abcd”

in a segment marked as “read only”.Software mechanism, but hardware detection by the CPU. How does this happen? How does this happen? In Linux typically the CPU will notify the OS, and the OS will In Linux typically the CPU will notify the OS, and the OS will

send the SIGBUS signal. Then the OS notifies the process send the SIGBUS signal. Then the OS notifies the process which caused the exception. which caused the exception.

Under windows goes through exceptions which are handled by Under windows goes through exceptions which are handled by the code itself…the code itself…

CompSec COMPGA01


Page Protections and Permissions

• Historically, in Intel 32-bit CPUs, permissions (R/W/X) exist at segment level, hard to use and wasteful.

• Since i386, W/R permissions exist at the page table entry level, 4 K pages typically – implemented in combination of hardware / OS kernel

with the “page descriptors” • ONLY since Pentium 4, X (execution) can also be

disabled with DEP (later about it)

• BTW: No problem ever with i64. R/W/X at page level.

CompSec COMPGA01


Vista and Encrypted PagingWhat about memory used for operations on protected

audio/video content in Vista? – For example a graphics card using RAM for its real-time working data?

Vista activates a special protection bit indicating that they must be encrypted before being paged out to the disk, and decrypted back again after being paged in.

But Vista doesn’t provide any other page file encryption, that programmers could use to But Vista doesn’t provide any other page file encryption, that programmers could use to protect their credit card details or Aes keys or so… protect their credit card details or Aes keys or so…

=> Microsoft only cares about Hollywood studios.=> Microsoft only cares about Hollywood studios.

CompSec COMPGA01


*Kernel or Memory DumpsIf Windows XP crashes …– it will write either a full memory dump, or just a Kernel dump into the

page file (pagefile.sys). – temporary.

– after reboot it will be copied to a separate file.

CompSec COMPGA01


****ASLR = Address Space Layout RandomisationAlso covered later, see buffer overflow. SOFTWARE, not hardware.

Techniques to randomize at the runtime the layout of various pieces of data in memory. Makes it much harder for the attacker to predict where the data is.

Example: the attacker injects some “shellcode” in a buffer stored on the process stack and overwrites some pointers. In his exploit he expects consecutive locations. The exploit does not work anymore (or with low probability).

– OpenBSD (enabled by default)

– Linux – weak form of ASLR by default since kernel 2.6.12. (much better with the Exec Shield patch for Linux).

– Windows Vista and Windows Server 2008: – ASLR enabled by default, although only for those executables and dynamic link

libraries specifically linked to be ASLR-enabled. So only very few programs such as Internet Explorer 8 enable these protections…

CompSec COMPGA01


WX Page Protections – in Linux

• What is W X? – Each page should be either writable or executable,

but not both: Exclusive OR

Applications:– Exe part of the program space (a.k.a. text) pages: X, not W– Data pages (stack, heap): mark them as W, not X

Implementation of W X in Linux:• In Linux 32-bit, and with 64-bit CPU, in hardware, since Kernel

2.6.8.• In other cases, mechanism can be implemented in software.

– In OpenBSD since version 3.3. May 2003.– In Linux PaX patch (optional), for 32-bit x86 processors,

Tricky way based on segment limit registers and segment R/W/X/ permissions=> memory x2, really negligible performance degradation.

CompSec COMPGA01


Windows DEP = Data Execution PreventionOld “X” idea: must allow explicitly, current OS+programs would stop working.

The “NX” idea: Never Xecute = can forbid. Easier to make compatible systems.

Hardware mechanism. Both Intel and AMD implement it but Intel was the last to deliver this benefit to large-public CPUs, since P4 Prescott.

– Windows - Since XP SP2. • Not active by default. Choice dictated by legacy programs…

• PAE mode needed: 64-bit page tables. Bit 63 is used.

• Compatibility problems with older processors and old motherboards

– Also active in Linux, mostly only on 64-bit CPUs, but also with 32-bit Linux, • in Linux kernel since release 2.6.8 of August 2004.

• Again can also be enforced purely in software, for example in Linux PaX patch (optional Kernel patch).

CompSec COMPGA01


Future: Curtained MemoryNot used (as far as I know).

Expected to work with TP.

Full isolation of sensitive areas of memory—for example, locations containing cryptographic keys.

Even the OS does not have full access to curtained memory.

Implementation:

Intel's Trusted Execution Technology

CompSec COMPGA01


CPU Security Features

CompSec COMPGA01


Unique Serial Number• Routine mechanism in most industries.

Unique serial number cannot be changed (fixed by the manufacturer)

• Example: Oyster card, building passes block 0.

• Introduced by Intel since P3.– can be disabled too, due to privacy advocates

outcry…

CompSec COMPGA01


CPU Protection – Hardware Side

CompSec COMPGA01


Rings – Hardware @ CPU

Different CPU architectures define several Rings.

CompSec COMPGA01


Transition Calls (Transition Gates)

• Transition only through special “system calls”– transfers control to a predefined entry point in more privileged code; – the more privileged code does specify and checks

• where it can be entered, • in which prior processor state one can enter.• Privileged code, from the processor state and the stack left by the less

privileged code, determines what is requested and allows it or not.

Implementation: • “call gates” (old): calling directly a Kernel function, slow• INT – hardware interruption, saves and restores the CPU state,

still slow• Intel and AMD now introduced special faster instructions:

SYSCALL/SYSENTER, SYSRET/SYSEXIT

CompSec COMPGA01


How to Penetrate to Ring 0?

Whatever you do, it is always possible to get there through the boot loader.

• Critical and privileged access point in all PCs.– Would allow to disable some hardware securities such as

DEP…– Could allow a virus to be so stealth that no anti-virus would

detect it.• Beware of boot sector viruses!• Good news: most motherboards have a hardware

mechanism that prevents the OS from writing the boot sector of the hard drive. No access from the O/S level. – Problem: this can be disabled in BIOS.

• which is looking for trouble: – IF this mechanism is totally usable: like it makes sounds and asks

the user to press Y on the keyboard, and there is no bug/problem – THEN it is a bad idea to allow people to disable it.

CompSec COMPGA01


How to Still Penetrate to Ring 0?

More HW mechanisms…

Furthermore, the BIOS has a password (and usually also an admin password). But all NVM can be reset by a jumper, so it is easy to hack…

Some computer motherboards designed for high security customers/applications and certified by the government will have better security… such as

• WORM* mechanisms = Write Once, Read Many

• unhackable BIOS… (more about BIOS sec later)

CompSec COMPGA01


Can We Defend Against Such Threats?Yes, or partly so, through logging helped by hardware.

Example 1: a motherboard can have a log of events that cannot be erased (WORM).

• Sandisk recently started commercializing WORM memory cards (with very large capacity) – the data can be written but cannot be erased.

Example 2: Hard disk hardware can make it impossible to modify the file creation and modification dates of files.

Then the virus can be detected (removal is another story).

This type of technology is used for forensic purposes much more This type of technology is used for forensic purposes much more frequently than we think. We are just not informed about these frequently than we think. We are just not informed about these extra (hidden) features.extra (hidden) features.

CompSec COMPGA01


CPU Protection (3)Hardware + OS

CompSec COMPGA01


CPU Modes vs. Modern OS

• DOS: the kernel, drivers and applications typically run on ring DOS: the kernel, drivers and applications typically run on ring 3, whereas only the 386 memory manager such as EMM386 3, whereas only the 386 memory manager such as EMM386 run at ring 0run at ring 0

• OS/2 used 3 rings!OS/2 used 3 rings!• the Multics system had 8 ringsthe Multics system had 8 rings……

• most current OS and Windows XP use only two rings • ring 0 == kernel mode• ring 3 == user mode• only recently Microsoft have added some ring 1 code…• there also is a SMM mode, on every PC,

– 16-bit powerful close to ring 0, – used by the BIOS NOT the OS,

• prevents CPU from overheat etc..– later about it,

CompSec COMPGA01


CPU Modes = Processor Modes = Privilege Levels

Hardware mechanisms that allow the OS to run with much more privileges than any process.

• System mode = privileged mode = master mode = supervisor mode = kernel mode = unrestricted mode.

• User mode • Transition only through special “system calls” or

privileged instructions or hardware interruptions which can only be executed in system mode.which can only be executed in system mode.

In theory, only highly-trusted kernel code should run in the unrestricted way.

In practice… Real time code such as drivers are allowed to also run in the system mode.

CompSec COMPGA01


system mode = privileged mode = master mode = supervisor mode = kernel mode = unrestricted mode

– can execute any instruction – access any memory location– access hardware devices– can change a number of special processor features:

• enable/disable interrupts, • special registers, • descriptor tables, • change privileged/not processor state,• access memory management units,

user mode – access only the “usual” CPU resources:

computations+registers• access to memory is limited,

– cannot access MMUs• cannot execute certain special instructions,• cannot disable interrupts, go to privileged state, change special

registers/tables, etc..

CompSec COMPGA01


Virtual PCs

CompSec COMPGA01


Virtual PCs – VirtualBox, VMWare etc

• recall: most current OS:– ring 0 == kernel mode– ring 3 == user mode

• using Virtual Box in software mode– Hosted OS kernel runs at ring 1 replacing 0

• has a real-time code recompiler which replaces some instructions• also does real-time code patching• cannot run VirtualBox or VMWare inside it because cannot create virtual

machines– Hosted OS apps run at ring 3

• but it also can do a hardware –assisted mode: – ring 0 is run as ring 0 with isolated memory– possible only on very recent CPUs:

CompSec COMPGA01


Virtualisation: Intel VT = AMD-V

CompSec COMPGA01


Intel-VT, a.k.a. Vanderpool• Main function: each virtual Machine running on the same

CPU has access to all 4 privilege rings.• Required and used by Windows 7 XP Mode.• So for example a virtual PC+OS cannot detect it is a virtual machine

by trying CPU instructions such as SYSENTER etc.

• Also speeds up running virtual PCs, – they run much more like a real PC

• better CPU hardware support for paging => better memory isolation• the difference between real and virtual PCs will tend to disappear in the near

future…

– supported by most but not all current CPUs, – Intel Atom Z5X0 are OK, Atom 2X0 are NOT OK – in some motherboards it must be switched on in BIOS

– a PC compatible with Intel-VT can run Windows, Linux and Mac-OS AT THE SAME TIME as native, no need to emulate ring 0 , no need to emulate ring 0 anymoreanymore.

CompSec COMPGA01


BIOS and BOOT security

CompSec COMPGA01


Firmware

Def: a tiny ‘master’ program included in our PC– runs first when you switch it on / or reset– in old times stored in a ROM (Read-Only

Memory), • nowadays most firmware is stored in NOR flash

devices • can be updated

CompSec COMPGA01


Traditional BIOSBIOS def. = a firmware in your PCBasic Input/Output System, 25 years old

Responsible for (picture next slide):1. initialization of much of the system, including important

components such as video, RAM, keyboards and mice. – POST = Power-On Self Test, (NOT hard drives or media)

2. responsible for finding and loading the OS Boot – from a number of different types of media, ranging from hard

disks to USB and LAN devices [can load option ROMs]

3. cooperates with the OS load further parts of the operating system before the operating system completely takes over.

CompSec COMPGA01


Traditional BIOS and Boot [source: NIST SP800-147]

can be needed to boot over the network

1st device

SMI Handlers = Part of BIOS

runs in the background

16-bit insecure mode

CompSec COMPGA01


Threats and AttacksFirmware update: if a virus does it, it can circumvent all the

OS security… Pre-OS attacks = before the OS loads. Malicious updates can enter as:– user-initiated from a bootable disk– runtime software exploits – managed BIOS updates inside a company– new vectors? - self-updating BIOS rootkits? Maybe.

Payload:– Roll-back to old insecure version of BIOS (with attacks)– Install a Firmware Rootkit– Install a virtualization virus

CompSec COMPGA01


Firmware Rootkits

Firmware Rootkit = def: uses device or platform firmware to create a persistent malware image in hardware, such as a network card hard drive, or the system BIOS. The rootkit hides in firmware, because firmware is not usually inspected for code integrity.

At BlackHat 2006 Heasman demonstrated the viability of firmware rootkits in both ACPI firmware routines and in a PCI expansion card ROM.

CompSec COMPGA01


Virtualization Attacks on BIOS

Virtualization viruses: – e.g. Blue Pill,

run whole OS as a virtual machine, some physical RAM is invisible, rootkit claimed impossible to detect

code released by Joanna Rutkowska c. 2010

CompSec COMPGA01


SMM mode Viruses?

SMI Handlers = part of BIOS

•runs in special System Management Mode

16-bit insecure mode

CompSec COMPGA01


SMI Handlers

SMI Handlers = part of BIOS, used for: – invented to manage CPU temperature, fan control

etc…

– also used for emulating hardware such as floppy disk

Security– runs in special System Management Mode (SMM)

– super-privileged, very similar to ring 0– 16-bit yet able to access 4G of RAM– can access all I/O ports and peripherals

– implemented through a System Management Interrupt (SMI): – triggered by a physical PIN on the CPU socket– transitions: next slide

CompSec COMPGA01


**** x86 CPU transitions w.r.t. SMI mode [Duflot et al.]

switched on by a PIN on the CPU

socket, 386 and above

16-bit start-up

32-bit

CompSec COMPGA01


Improved BIOS

BIOS is not modular.In some recent computers the BIOS has two parts:

1. BIOS boot block, cannot be updated, • in ROM preferably

– checks the integrity of the second block 2. • for this it can cooperate with special chip (Trusted Platform chip)

– has recovery mechanisms • dual BIOS, restore last BIOS etc..

2. Main block, can be updated• in Flash memory

CompSec COMPGA01


2006: Bill Gates / Intel

If we think about boot, we're finally moving away from the old BIOS to this

UEFI interface

[…] gives us new

flexibility and capability, and it's got a rich API set to build on […]

CompSec COMPGA01


New Vocab

EFI, = Extensible Firmware Interface, UEFI = Unified EFIAn industry group (Intel, Lenovo, Microsoft etc etc)

PI = Platform Initialization process and specs..

CompSec COMPGA01


Key Features of EFI

– authenticated BIOS updates using digital signatures– protections against changing the BIOS already

installed – modular design, with added functionality in BIOS,

– for example support of FAT files system in firmware through “EFI drivers”

Reading: NIST BIOS protection guidelines: SP800-147

CompSec COMPGA01


Improved EFI BIOS and Boot [cf. NIST]

Checks the digital signature, root of trust

CompSec COMPGA01


***Optional Reading: “A Tale of Two Standards”

CompSec COMPGA01


Enterprise Remote IT Management

CompSec COMPGA01


Couple = AMT + vPro• AMT = Active Management Technology – software

part.• Works with HARDWARE Intel vPro support on CPU and

motherboard and the network adapter.A very impressive set of out-of-band techniques to

remotely connect to PCs, even without knowledge or permission of the OS and the user that physically controls the PC.– Remote power up– Remote configuration, including access to BIOS– Encrypted network boot– Programmable hardware-based network filters and alerts– Remotely limit network traffic of infected PCs– Persistent logs stored in protected hardware

CompSec COMPGA01


Intel Anti-Theft Technology(2010)

CompSec COMPGA01


Statistics

10 % of all laptops are stolen during 1 year

97 % are never found / recovered [source: FBI]

CompSec COMPGA01


Intel Anti-Theft Technology [2010]Tamper-resistant HARDWARE protections:• Allows encryption solutions to store and manage cryptographic keys in CPU

hardware.• Ability to disable your PC with a local or remote poison pill if the system is lost or

stolen. The poison pill can then delete essential cryptographic keys in CPU hardware.

• The PC will refuse to boot– works even if the OS is reimaged, the boot order is changed, a new hard-drive is installed,

or the laptop is disconnected from the network.– supports outgoing SMS (alert) and incoming SMS (poison pill) through an optional 3G card

built-in. – can display a message to the thief:

• like laptop reported missing, 100 $ reward if you find it, call this number etc.

• Customize the policy to respond to events – invalid login attempts– failure to check-in to company network – tamper detection

• Has a reactivation capacity: restore to normal. – Secondary long pass phrase to unlock– Unlock code can be transmitted by phone by the company’s IT service.

CompSec COMPGA01


Anti-Theft Software and Support/Server Infrastructure

CompSec COMPGA01


Location Tracing of a PC

CompSec COMPGA01


Key Functionalities – iPad example

• An app which can be triggered remotely by the owner

• Display a message+sound for the thief

• Remote lock

• Remote wipe of all the data

• Use the iPad Camera to collect crucial evidence

• Tamper-proof application.

CompSec COMPGA01


Remark: PC versus iPad

• An app which can be triggered remotely by the owner

• Display a message+sound for the thief

• Remote lock

• Remote wipe of all the data

• Use the iPad Camera to collect crucial evidence

• Tamper-proof application.

Out of band channels / BIOS

rootkitsnot needed (cf.

PCs): Apple is in controlTamper-proof OS

CompSec COMPGA01


Another Example for iPad

an app which can be triggered remotely by the owner

CompSec COMPGA01


CompuTrace:

Computrace® Track Locate Recover

• embedded in laptops and some expensive Dell workstations. One needs to pay a subscription with this company.

• intended to trace lost/stolen PCs without the knowledge of the thief– for for legallegal reasons, apparently only available in reasons, apparently only available in

US,UK,Canada and AUS.US,UK,Canada and AUS.

CompSec COMPGA01


CompuTrace as a RootKit• also known as “a legitimate BIOS rootkit”.

– upon activation it will HACK/MODIFY the Windows partition:• add a new service!• modify several system files and the registry• modify self-healing mechanisms such as Autochk.exe so it CANNOT be

detected or repaired(!)

• can be enabled or disabled or killed – in the BIOS, appears as a PCI device 1917:1234, can be enabled– in theory cannot be reactivated…

• can be hacked/subverted, cf. Sacco-Ortega attacks, BlackHat 2009,

• redirection of communications… changing the URL/IP address• lack of authentication of code, could be replaced by malicious code...• Rootkit CAN be re-set to default settings and re-activated by software

only• maybe can download unauthorized code during updates?

CompSec COMPGA01


I/O Protection

CompSec COMPGA01


In Both Unix and Windows NT• I/O devices are usually NOT accessible in user

mode!

I/O device

driver

processkernel

shared RAM

protected mode

IPC

user space

CompSec COMPGA01


Example:

In Linux, ONLY a process with effective UID = 0 (and 0==root)

can open TCP ports with numbers <1024.

CompSec COMPGA01


***In Both Unix and Windows NT

There are two main methods for accessing I/O:– mapping I/O to RAM,

• access as shared memory• data written will be interpreted as commands

– dedicated I/O instructions, • available only in the supervisor mode (!)

CompSec COMPGA01


***How Devices Communicate with Drivers?3 techniques:1. Programmed I/O == periodic polling

– the I/O device, such as mouse, writes periodically some information at a certain location…

2. Interrupt-driven I/O: • uses hardware interrupts to tell the CPU data is here…

3. DMA = Direct Memory Access, – independent of CPU, but it can be stalled when transfer but it can be stalled when transfer

is activeis active– CPU controls the DMA– there are complications because of CPU cache! there are complications because of CPU cache!

• usually CPU will flush the cache manuallyusually CPU will flush the cache manually…… complicated complicated

CompSec COMPGA01


OS Design

CompSec COMPGA01


Kernel space vs. User spaceTwo separate “memory zones”.• Kernel space: the OS kernel, some kernel extensions, some device

drivers– run in the most privileged CPU mode, system mode.– this memory usually cannot be swapped out.

• User space, Userland: other parts of the OS that run as processes or services/daemons in the user mode. – I/O and components– manipulating the filesystem– shellWindows: – system processes will be running as system, so user space is a

confusing name!– user processes will be running as user.

Depending on systems we can have system = root = super-user = administrator or all these will be distinct...

CompSec COMPGA01


Kernel Space vs. User Space

Hardware (disks, network interfaces, etc.)

The Kernel

Process 1 Process 2 Process n

CompSec COMPGA01


Kernel Design

CompSec COMPGA01


Big Kernels vs. Micro Kernels

CompSec COMPGA01


Big (Monolithic) Kernels• The entire OS runs in system mode.• Big kernel has all services:

– file system, – network services, – device drivers, etc.

• Security: all kernel code run in one address space and can directly affect each other.– Example: Linux 2.6 kernel = 6 millions lines of code

• fast• less robust, less secure

Kernels with loadable kernel modules are still monolithic

CompSec COMPGA01


Microkernels• A minimal kernel which provides only the mechanisms needed to

implement OS services, – Kernel provides:

• low-level memory space management, • thread and process management, • inter-process communication (IPC).

– Operating-system services are provided by user-mode server modules. • device drivers, • protocol stacks, • file systems • user-interface code.

– More secure(better achieves least privilege), more robust w.r.t. failures and bugs.

– Slower

CompSec COMPGA01


Hybrid or Mixed• Mix of both worlds…

Windows NT family: (NT,XP,Vista).

A hybrid kernel or a monolithic kernel structured like a microkernel

CompSec COMPGA01


Trusted Path

CompSec COMPGA01


Trusted Path

One possible meaning: (also used in Trusted Computing = NGCB)(also used in Trusted Computing = NGCB) • a mechanism that provides confidence that

the user is communicating with the right program/process– attackers should not be able to

• initiate the communication process• snoop on it / modify it

– defense against fake login programs.

• In other words: something close to an “unspoofable” and “incorruptible” channel (for a process in question).

CompSec COMPGA01


**Trusted Path and DRM

The dream of Hollywood studios:A graphics card that decrypts video directly

with AES-128, so that high-quality video cannot be captured…

Implemented in Windows Vista…

CompSec COMPGA01


Secure Attention Key

Def: a special key combination to be entered before a login screen is presented.

• Windows NT, XP and better: Ctrl+Alt+Del• Linux: Ctrl-Alt-Pause or the SysRq-K

CompSec COMPGA01


WinLogon Security

Security:

Remark: Users can be instructed to report login prompts that appear without having pressed this key combination.

It is certainly an attack on their system!

CompSec COMPGA01


WinLogon Security

Windows NT is designed so that only the WinLogon process, a trusted system process, can receive notification of this keystroke combination.

CompSec COMPGA01


**How?

only the WinLogon process can receive this keystroke:

– The kernel remembers the Process ID of this process, and allows only that process to receive this notification.

– No software can intercept this call.– Later, the WinLogon process will instruct GINA library

(MSGINA.dll, Graphical Identification and Authentication) to bring the “Windows Security Dialog”

• It is possible to replace GINA with a third party software: – one that accepts smart card or other tokens (!)– See HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\

CurrentVersion\Winlogon, a string named GinaDLL • In VISTA, GINA was replaced by “Credential Providers”

– significantly increased flexibility in supporting multiple credential collection methods…

CompSec COMPGA01


Security in the User Space

CompSec COMPGA01


Security Mechanisms in the User Space

• User privileges (admin/not admin)• Access Control • Authentication• Logging / Auditing• Intrusion Detection • …

CompSec COMPGA01


Logging

• Both normal and suspicious events, e.g.• Every logon attempt• Every time permissions are changed• Network connection events

• Methods– application logging, – API hooking, – system call interception, – packet sniffing, …

Again, logging can be hidden and use WORM mechanisms (forensic logging).

CompSec COMPGA01


Intrusion Detection

• Some also can and should be implemented by the OS– A lot is done in Vista,

a high level of paranoia in fact… adopted here: “tilt bits” (sth. abnormal is going on, false alarms most of the time, but the diffusion “prime content” will be prevented).

CompSec COMPGA01


Disturbing Questionsand Virusology

CompSec COMPGA01


Disturbing Questions:The OS does have some “file locks”:• It does not allow one to change system files and

things such as file meta-data easily. • Can this be circumvented? Maybe.Idea, through locking the volume(possible) and directly accessing the disk, and directly Idea, through locking the volume(possible) and directly accessing the disk, and directly

communicating with the resources (for this one has to implement an impressive range of communicating with the resources (for this one has to implement an impressive range of things, it is like implementing the OS from the scratch, not impossible but costly… things, it is like implementing the OS from the scratch, not impossible but costly…

Some software, such as real-time disk defrag or real-time partition tools do need to have higher privileges than normal software.

CompSec COMPGA01


Disturbing Questions:The anti-virus software works in the user space?

Not really (try to kill an anti_virus), but even if it has Kernel-level drivers there is a process to install it…

Q: What prevents a virus from installing in the same way? With very high privileges the anti-virus needs to function?

CompSec COMPGA01


Hacking Anti-virus Software

Could one install a slightly modified anti-virus software?

Defences: The process is in fact pre-approved by Microsoft, installation is usually allowed by checking digital signatures of its key component = a Kernel-level driver.

But could we modify the anti-virus code on the fly during this installation process (during which some anti-virus code is promoted to a very high privilege)? Maybe…

CompSec COMPGA01


Jailing Anti-virus Software

Could we put the anti-virus software in jail? Or just alter its communications with the central servers [updates, status/virus reporting, redirection etc]

Maybe.

CompSec COMPGA01


Browser Design

CompSec COMPGA01


Big (Monolithic) Browsers

• Legacy de facto dominant situation, – since NCSA Mosaic program [1993]

• Monolithic architecture:– initially, the browser kernel and the rendering engine

were just single image (one exe file)– later they became modular with dlls, plugins, JVM, etc.– But from the point of view of the security nothing

changed: all code executed in one single protection domain.

• Examples: IE7 under XP, Firefox 3, Safari 3.1.

CompSec COMPGA01


One Single Domain

Everything is run in one single protection domain at the user’s level of privilege, for example as admin. – A single crash crashes everything– Code that comes from the web runs locally at

user’s level of privilege• an un-patched vulnerability in the browser allows to

run any code on the host machine, with the privilege level of the user.

CompSec COMPGA01


One Single Domain – But Which?

This is very insecure if we run the browser as admin.

But what is we run it from a restricted account? Is it OK?

Example: Vista can run IE7 in a “protected mode” which means it is run at a low-integrity level. It implements the Biba’s principle of “no write-up”. Consequences:

• The browser is unable to alter the system. • BUT it can read the user’s files (spyware).

Remember: Integrity and Confidentiality are two totally independent dimensions.

CompSec COMPGA01


Sandboxing - Example

VMWare Browser Appliance:A free Linux VM containing Firefox,

that runs with the VMWare player (also free).

After you use it to browse web, just delete it. And start again…

How cool is that…

Big drawback: complete isolation, the user is NOT able AT ALL to read any of his own files (for example to publish his photos on the web)…

CompSec COMPGA01


**IE8

Does the same as IE7, except that each tab is run as a separate virtual machine.

Still no protection of user’s data.

CompSec COMPGA01


Google Chrome Architecture

Divides the browser application into two protection domains:

• Browser kernel; runs with user’s privileges,• Sandboxed and isolated multiple instances of the

rendering engine run at very low “web” privilege level,

• Chrome is open source.– And highly compatible with existing web sites, unlike

many other existing modular “highly secure” browsers [DarpaBrowser, Tahoma].

CompSec COMPGA01


Chromium Browser Kernel

Browser kernel: responsible for – mediating file and

network access, like a firewall

– displaying bitmaps produced by rendering engine[s] seen as black boxes.

CompSec COMPGA01


Chromium Browser Kernel Privileges

• run at user’s privileges.

• run as a medium-integrity process under Vista, several privileges several privileges explicitly removed, starts with SID=0explicitly removed, starts with SID=0 – as a result, it can be installed without an

admin account (!). Maybe because it is not as dangerous as most other browsers…

CompSec COMPGA01


*****Problems• Problems with Chrome:

– it installs patches silently… (very quick at updates, good point too)(very quick at updates, good point too)

– Java script cannot be disabled

– lack of many user and administrative controls… (like zones)• poor defaults, e.g. for cookies…

– reveals all your passwords in seconds (nobody else allows that)

– embarrassments: • many serious and simple exploits were found already,

– and patched...

CompSec COMPGA01


Rendering Engines

• multiple instances• sandboxed and isolated • each running with DEP and ASLR• all run at very low “web” privilege level,

– at the lowest integrity level in Vistaat the lowest integrity level in Vista

• execute error and exploit-prone tasks of– web parsing, – Java script, – etc.

CompSec COMPGA01


How Does It Protect Our Files?

As with IE7/8 under Vista, the rendering engines run as low integrity processes.

• So no write up is permitted.

• However Chrome also attempts to prevent them from reading up. How?

CompSec COMPGA01


How Does It Protect Our Files!

An engine, accessing URLs outside, is just totally unable of accessing local files file:///

However, of course, one can open a local web page.

• But only in another sandboxed and isolated rendering engine (!).

CompSec COMPGA01


***Small Technicality

Memory isolation – OK.

But many file system isolation features will be ineffective if the file system is FAT32, not NTFS.

Not because Vista is compromised or not able to further ”police” the access (cf. reference Not because Vista is compromised or not able to further ”police” the access (cf. reference monitor, complete mediation), but simply because of lack of support/implementation.monitor, complete mediation), but simply because of lack of support/implementation.

CompSec COMPGA01


Hardware Attacks on PCs

CompSec COMPGA01


High-Level Categories

• Stealing data (removing hard drive, memory chips).– Now hard drives can be encrypted.

• Memory still isn’t.

• Hardware keyboard sniffers.– Optical– Acoustic / mechanical vibrations– EM radiations. PS/2 vs. USB (two wires=).

• Intercepting screen output.– There are TEMPEST machines.

• Side channel attacks focusing on crypto.– Acoustic attack on AES; traditional DPA [oscilloscope]traditional DPA [oscilloscope].– CPU cache attacks on crypto (AES)…

CompSec COMPGA01


Quiz• Can in Windows/Linux a process run by an

administrator access the system/kernel memory?• Explain what is virtual memory and paging?• How one can make a dump of kernel memory?• What is DEP? Which OS has it?• Explain the protected/Kernel mode and user mode

for CPUs. • How can the DEP and the protected/Kernel mode

be circumvented or attacked?

CompSec COMPGA01


Quiz (2)• How can we at the BIOS level make it difficult to

modify the boot sector? (3 things).• What is a monolithic kernel and why it is the least

secure design?• What is the architecture of Google’s Chrome

regarding the privileges to read and write files, access the network, and the screen?

Documents

Computer Security at the Low, Hardware/Process/Memory Level Nicolas T. Courtois - University College London