Menu
▾
▴
tboot-devel
|
From: Hal F. <hal...@gm...> - 2009-07-12 23:04:52
|
I recently learned about Intel's P-MAPS research project which provides an alternative way of using TPM+TXT to provide attestations and sealing in the context of a standard OS. Here is a link to the Intel Research blog post: http://blogs.intel.com/research/2009/04/p-maps_an_on-demand_hardware-r.php and here is an article in Dr Dobbs Journal which goes into more detail: http://www.ddj.com/mobile/218401423 The goal is to allow applications running in a standard OS like Linux or Windows to be able to gain hardware protection from corruption of other processes or of the OS. This is a hard problem to solve due to the complexity of modern OS's. P-MAPS bypasses the OS by loading a Measured Virtual Machine Monitor (MVMM) which runs the OS as a VM. Then a P-MAPS aware application can make special VM calls directly into P-MAPS, going around the OS, to request protection. P-MAPS monitors and virtualizes the OS's page tables and is able to protect all of the application's pages from rogue access, either from the OS or other processes. Because P-MAPS mostly confines its attention to memory management, it can be relatively small for a VMM. It doesn't have to worry about virtualizing devices or networks or I/O or having to load lots of different drivers. It mostly just manages page tables. This means that the OS is removed from the Trusted Computing Base (TCB) which greatly reduces the amount of code which has to be correct in order to achieve security. P-MAPS is also able to perform attestation ("Quote") and sealing on behalf of protected applications, allowing apps to protect secrets from other applications and from the OS, and to attest to outside parties that their data is safe. Among other nice features, P-MAPS uses smart loading, such that when no applications are currently requesting P-MAPS services, it unloads itself completely and switches the OS from being in a VM back to being in a normal, non-virtualized mode. Then when a process requests P-MAPS protection, it re-virtualizes the OS, including doing a TXT launch of the P-MAPS MVMM. All in all this sounds like an amazing range of functionality, a real tour de force to get all of these technologies (TPM, TXT, VM) working together successfully. But the net result is a tremendously useful package that neatly bypasses the dilemma of security vs complexity. Most solutions today either provide potentially high security with relatively limited functionality, like Jon McCune's Flicker, or provide a much wider set of functions, like TBOOT+XEN, at the expense of a large TCB which inherently undercuts security goals. P-MAPS appears to be the first solution I've seen that could provide high security via a small TCB, while retaining the functionality provided by a standard OS. Unfortunately, as a research project it does not sound like something which is likely to be made available to experimenters any time soon. I hope Intel will find a way to make the code available as it has done with TBOOT. P-MAPS is IMO even better suited as a framework for providing meaningful TXT based protections to today's application developers. Hal Finey |
|
From: Lil E. <Lil...@gm...> - 2009-07-21 13:21:04
|
There are many different projects with similar goals out there: BitVisor(sourcecode available somewhere) or Daonity and of course flickr, probably more that I am not aware of. They all seem to target a particular use case and scenario. Cutting out Operating System is certainly an elegant and interesting solution. However, I think in its current form and function it is limited. You cannot use shared libraries and there is still the issue with the trusted graphics to be solved. Just some thoughts .... lIl -------- Original-Nachricht -------- > Datum: Sun, 12 Jul 2009 16:04:43 -0700 > Von: Hal Finney <hal...@gm...> > An: tbo...@li... > Betreff: [tboot-devel] Intel\'s P-MAPS research project > I recently learned about Intel's P-MAPS research project which > provides an alternative way of using TPM+TXT to provide attestations > and sealing in the context of a standard OS. Here is a link to the > Intel Research blog post: > > http://blogs.intel.com/research/2009/04/p-maps_an_on-demand_hardware-r.php > > and here is an article in Dr Dobbs Journal which goes into more detail: > > http://www.ddj.com/mobile/218401423 > > The goal is to allow applications running in a standard OS like Linux > or Windows to be able to gain hardware protection from corruption of > other processes or of the OS. This is a hard problem to solve due to > the complexity of modern OS's. P-MAPS bypasses the OS by loading a > Measured Virtual Machine Monitor (MVMM) which runs the OS as a VM. > Then a P-MAPS aware application can make special VM calls directly > into P-MAPS, going around the OS, to request protection. P-MAPS > monitors and virtualizes the OS's page tables and is able to protect > all of the application's pages from rogue access, either from the OS > or other processes. > > Because P-MAPS mostly confines its attention to memory management, it > can be relatively small for a VMM. It doesn't have to worry about > virtualizing devices or networks or I/O or having to load lots of > different drivers. It mostly just manages page tables. This means that > the OS is removed from the Trusted Computing Base (TCB) which greatly > reduces the amount of code which has to be correct in order to achieve > security. > > P-MAPS is also able to perform attestation ("Quote") and sealing on > behalf of protected applications, allowing apps to protect secrets > from other applications and from the OS, and to attest to outside > parties that their data is safe. > > Among other nice features, P-MAPS uses smart loading, such that when > no applications are currently requesting P-MAPS services, it unloads > itself completely and switches the OS from being in a VM back to being > in a normal, non-virtualized mode. Then when a process requests P-MAPS > protection, it re-virtualizes the OS, including doing a TXT launch of > the P-MAPS MVMM. > > All in all this sounds like an amazing range of functionality, a real > tour de force to get all of these technologies (TPM, TXT, VM) working > together successfully. But the net result is a tremendously useful > package that neatly bypasses the dilemma of security vs complexity. > Most solutions today either provide potentially high security with > relatively limited functionality, like Jon McCune's Flicker, or > provide a much wider set of functions, like TBOOT+XEN, at the expense > of a large TCB which inherently undercuts security goals. P-MAPS > appears to be the first solution I've seen that could provide high > security via a small TCB, while retaining the functionality provided > by a standard OS. > > Unfortunately, as a research project it does not sound like something > which is likely to be made available to experimenters any time soon. I > hope Intel will find a way to make the code available as it has done > with TBOOT. P-MAPS is IMO even better suited as a framework for > providing meaningful TXT based protections to today's application > developers. > > Hal Finey > > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited time, > vendors submitting new applications to BlackBerry App World(TM) will have > the opportunity to enter the BlackBerry Developer Challenge. See full > prize > details at: http://p.sf.net/sfu/Challenge > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel -- Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02 |
|
From: Hal F. <hal...@gm...> - 2009-07-22 17:28:42
|
On Tue, Jul 21, 2009 at 6:20 AM, Lil Evil<Lil...@gm...> wrote: > There are many different projects with similar goals out there: > BitVisor(sourcecode available somewhere) or Daonity and of course flickr, probably more that I am not aware of. > They all seem to target a particular use case and scenario. > > Cutting out Operating System is certainly an elegant and interesting solution. However, I think in its current form and function it is limited. > You cannot use shared libraries and there is still the issue with the trusted graphics to be solved. > > Just some thoughts .... > lIl Hi Lil, thank you for the pointers to those other projects, I will look at them more. I was a little confused about the mention of flickr, the photo sharing site, not where you'd expect to find the cutting edge of hypervisor research. But then I realized you meant Jon McCune's Flicker, which I agree is a very advanced implementation along these lines. I have the impression that P-MAPS can handle shared libraries. Reading some of the older papers by the same author(s), which used a variety of technologies to provide "ring -1" protection to application data, there is discussion of a signed "manifest" which describes what should be in an executable, and which includes relocation information necessary because the dynamic loader will move things around in memory. I think this would be specific to shared libraries, but I'm not sure. Unfortunately it appears that the Intel research blog site I linked to is kind of inactive, with no posts or updates for a month. Comments have to be approved; mine hasn't appeared after more than a week, and in fact no comments have been approved for the past month. Maybe the site administrator is on vacation, or maybe all of Intel shuts down during July? :) Hal |
|
From: Lil E. <Lil...@gm...> - 2009-07-25 16:32:26
|
Sorry for the confusion here, just missed the e (willingly or subconscious, who knows :)) Of course I meant Flicker. It reads as if it would include shared libraries. And certainly they need to address this issue some way or another. However, for my understanding the manifest is a payload in the applications header, which contains a signed list of integrity values of the applications data and code. It further states in http://www.ddj.com/mobile/218401423?pgno=3 : "If there are relocation symbols in the application (for example, a dynamically loadable library) then those are captured in the manifest to aid in runtime measurement." So I assume you need a DLL which in itself has a manifest. But I suspect that this potentially could would snowball until almost the whole OS is "sucked" into the p-map environment. Maybe someone with better knowledge of the project could clarify here? Also, I was wondering if there is any isolation of simultaneously running protected applications? Assuming any developer could deliver an application and or library with a manifest, a malicious and a protected application would potentially run in the same "protected" environment! Well and the consequences are obvious.. cheers lIl -------- Original-Nachricht -------- > Datum: Wed, 22 Jul 2009 10:28:37 -0700 > Von: Hal Finney <hal...@gm...> > An: Lil Evil <Lil...@gm...> > CC: tbo...@li... > Betreff: Re: [tboot-devel] Intel\'s P-MAPS research project > On Tue, Jul 21, 2009 at 6:20 AM, Lil Evil<Lil...@gm...> wrote: > > There are many different projects with similar goals out there: > > BitVisor(sourcecode available somewhere) or Daonity and of course > flickr, probably more that I am not aware of. > > They all seem to target a particular use case and scenario. > > > > Cutting out Operating System is certainly an elegant and interesting > solution. However, I think in its current form and function it is limited. > > You cannot use shared libraries and there is still the issue with the > trusted graphics to be solved. > > > > Just some thoughts .... > > lIl > > Hi Lil, thank you for the pointers to those other projects, I will > look at them more. I was a little confused about the mention of > flickr, the photo sharing site, not where you'd expect to find the > cutting edge of hypervisor research. But then I realized you meant Jon > McCune's Flicker, which I agree is a very advanced implementation > along these lines. > > I have the impression that P-MAPS can handle shared libraries. Reading > some of the older papers by the same author(s), which used a variety > of technologies to provide "ring -1" protection to application data, > there is discussion of a signed "manifest" which describes what should > be in an executable, and which includes relocation information > necessary because the dynamic loader will move things around in > memory. I think this would be specific to shared libraries, but I'm > not sure. > > Unfortunately it appears that the Intel research blog site I linked to > is kind of inactive, with no posts or updates for a month. Comments > have to be approved; mine hasn't appeared after more than a week, and > in fact no comments have been approved for the past month. Maybe the > site administrator is on vacation, or maybe all of Intel shuts down > during July? :) > > Hal > > ------------------------------------------------------------------------------ > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel -- Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02 |
Thanks for helping keep SourceForge clean.
X