© 2007 the mitre corporation. all rights reserved measured boot model jon millen, joshua guttman,...
DESCRIPTION
© 2007 The MITRE Corporation. All rights reserved 3 TPM Chain of Trust The TPM (standard v. 1.2) has Platform Configuration Registers Each component may measure the next (SHA-1 hash) Signed "TPM quote" reports PCR contents SINIT BIOS VMM PCR 0PCR 17PCR 18 TPM: Trusted Platform Module PCR: Platform Configuration Register launch sequence CRTMTRANSCRIPT
![Page 1: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay](https://reader036.vdocuments.us/reader036/viewer/2022082908/5a4d1adf7f8b9ab059976a5b/html5/thumbnails/1.jpg)
© 2007 The MITRE Corporation. All rights reserved
Measured Boot Model
Jon Millen, Joshua Guttman, John Ramsdell,Justin Sheehy, Brian Sniffen, Lindsay Spriggs
MITRENovember, 2007
![Page 2: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay](https://reader036.vdocuments.us/reader036/viewer/2022082908/5a4d1adf7f8b9ab059976a5b/html5/thumbnails/2.jpg)
2
© 2007 The MITRE Corporation. All rights reserved
Boot Analysis
• Context– Design study for trust research platform– Use of Trusted Platform Module, domain separation VMM
• Objective– Verify evidence of proper system initialization
![Page 3: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay](https://reader036.vdocuments.us/reader036/viewer/2022082908/5a4d1adf7f8b9ab059976a5b/html5/thumbnails/3.jpg)
3
© 2007 The MITRE Corporation. All rights reserved
TPM
Chain of Trust
• The TPM (standard v. 1.2) has Platform Configuration Registers• Each component may measure the next (SHA-1 hash)• Signed "TPM quote" reports PCR contents
SINIT
BIOS
VMM
PCR 0 PCR 17 PCR 18
TPM: Trusted Platform ModulePCR: Platform Configuration Register
launch sequence
CRTM
![Page 4: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay](https://reader036.vdocuments.us/reader036/viewer/2022082908/5a4d1adf7f8b9ab059976a5b/html5/thumbnails/4.jpg)
4
© 2007 The MITRE Corporation. All rights reserved
Modeling Idea
• Each component has a binary "good" state variable– iff it has an expected (symbolic) measurement hash
• A "good" component behaves as expected for– measurement of target component into PCR– transfer of control to next component ("program counter" update)
• A "not-good" component is unpredictable (non-deterministic)– It could be malicious and falsify measurements!
• TPM properties limit consequences of misbehavior– Extend and Reset operations have access control
1
0
good
![Page 5: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay](https://reader036.vdocuments.us/reader036/viewer/2022082908/5a4d1adf7f8b9ab059976a5b/html5/thumbnails/5.jpg)
5
© 2007 The MITRE Corporation. All rights reserved
xgood
exec[CRTM]
xgood
exec[BIOS]
execs
CRTMBIOS
good[ ]
goodness
cur_pcrcur_cmd
cur_localitytarget_meas
main
pc
protect_control
pcr
pcr0_val
pcr17_val
pcr18_val
system = execs || goodness || main || pcr
![Page 6: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay](https://reader036.vdocuments.us/reader036/viewer/2022082908/5a4d1adf7f8b9ab059976a5b/html5/thumbnails/6.jpg)
6
© 2007 The MITRE Corporation. All rights reserved
Specifications
• The main objective is to show that enough good measurements imply that the measured components are good.
• Example spec, for VMM:
spec: CLAIM system |-G(pcr17_val = SINITm AND pcr18_val = VMMmAND pc = VMM => G(good[VMM]));
![Page 7: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay](https://reader036.vdocuments.us/reader036/viewer/2022082908/5a4d1adf7f8b9ab059976a5b/html5/thumbnails/7.jpg)
7
© 2007 The MITRE Corporation. All rights reserved
Model Checking Experience
• Started with SMV
• Tried SAL for language benefits (types, arrays)
• As models got bigger, SAL model ran much faster than SMV– Specs take from a few seconds to a few minutes to verify– Some style adjustments were needed