Upload File

© 2007 the mitre corporation. all rights reserved measured boot model jon millen, joshua guttman,...

  • Home
  • Documents
  • © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay
7
© 2007 The MITRE Corporation. All rights reserve Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay Spriggs MITRE November, 2007

Upload: jean-brown

Post on 06-Jan-2018

220 views

Category:

Documents


1 download

Report

DESCRIPTION

© 2007 The MITRE Corporation. All rights reserved 3 TPM Chain of Trust The TPM (standard v. 1.2) has Platform Configuration Registers Each component may measure the next (SHA-1 hash) Signed "TPM quote" reports PCR contents SINIT BIOS VMM PCR 0PCR 17PCR 18 TPM: Trusted Platform Module PCR: Platform Configuration Register launch sequence CRTM

TRANSCRIPT

Page 1: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay

© 2007 The MITRE Corporation. All rights reserved

Measured Boot Model

Jon Millen, Joshua Guttman, John Ramsdell,Justin Sheehy, Brian Sniffen, Lindsay Spriggs

MITRENovember, 2007

Page 2: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay

2

© 2007 The MITRE Corporation. All rights reserved

Boot Analysis

• Context– Design study for trust research platform– Use of Trusted Platform Module, domain separation VMM

• Objective– Verify evidence of proper system initialization

Page 3: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay

3

© 2007 The MITRE Corporation. All rights reserved

TPM

Chain of Trust

• The TPM (standard v. 1.2) has Platform Configuration Registers• Each component may measure the next (SHA-1 hash)• Signed "TPM quote" reports PCR contents

SINIT

BIOS

VMM

PCR 0 PCR 17 PCR 18

TPM: Trusted Platform ModulePCR: Platform Configuration Register

launch sequence

CRTM

http://www.bergernovelties-awards.com/RIBBON.GIF
Page 4: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay

4

© 2007 The MITRE Corporation. All rights reserved

Modeling Idea

• Each component has a binary "good" state variable– iff it has an expected (symbolic) measurement hash

• A "good" component behaves as expected for– measurement of target component into PCR– transfer of control to next component ("program counter" update)

• A "not-good" component is unpredictable (non-deterministic)– It could be malicious and falsify measurements!

• TPM properties limit consequences of misbehavior– Extend and Reset operations have access control

1

0

good

Page 5: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay

5

© 2007 The MITRE Corporation. All rights reserved

xgood

exec[CRTM]

xgood

exec[BIOS]

execs

CRTMBIOS

good[ ]

goodness

cur_pcrcur_cmd

cur_localitytarget_meas

main

pc

protect_control

pcr

pcr0_val

pcr17_val

pcr18_val

system = execs || goodness || main || pcr

Page 6: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay

6

© 2007 The MITRE Corporation. All rights reserved

Specifications

• The main objective is to show that enough good measurements imply that the measured components are good.

• Example spec, for VMM:

spec: CLAIM system |-G(pcr17_val = SINITm AND pcr18_val = VMMmAND pc = VMM => G(good[VMM]));

Page 7: © 2007 The MITRE Corporation. All rights reserved Measured Boot Model Jon Millen, Joshua Guttman, John Ramsdell, Justin Sheehy, Brian Sniffen, Lindsay

7

© 2007 The MITRE Corporation. All rights reserved

Model Checking Experience

• Started with SMV

• Tried SAL for language benefits (types, arrays)

• As models got bigger, SAL model ran much faster than SMV– Specs take from a few seconds to a few minutes to verify– Some style adjustments were needed


WOMEN IN SANCTIFIED HOMES INC. W.I.S.H 27 Ramsdell Ave Roslindale, MA 02131 WOMEN HELPING WOMEN

TrustEconomiesintheFreeHavenProject BrianT.Sni engroups.csail.mit.edu/cis/theses/sniffen-bachelors.pdfTrustEconomiesintheFreeHavenProject by BrianT.Sni en SubmittedtotheDepartmentofElectricalEngineeringandComputerScience

Evaluating a proposed modification of the Guttman rule for ...€¦ ·

Internet Engineering Task Force (IETF) B. Ramsdell · Internet Engineering Task Force (IETF) B. Ramsdell Request for Comments: 5751 Brute Squad Labs

In This Issue - Guttman Development Strategies, Inc.€¦ · Guttman holds forth on lessons from the conflict in the Citigroup boardroom, and Guttman consultant John Hughes discusses

NIST Voting Program Barbara Guttman 12/6/07

Jack Guttman vs Warren Diamond John Delmonaco, Jacob Frydman

Bridges from all over the World! By: Maria Peloro & Christine Sniffen Bridges powerpoint project 2 nd period science

April 1999 Quarterly Monitoring Report, Ramsdell Quarry ...Ramsdell Quarry Landfill, dated January 1999. Data from the second quarterly sampling event (October 1998) and the scheduled

Ags002 Ramsdell 091707

Summer Camp Overview David Wick & Michael Ramsdell Clarkson University (Physics) Katie Fowler & Peter Turner Clarkson University (Mathematics)

Aquatic Connectivity: Benefitting Streams and Communities-Ramsdell, 2012

Tormafton durlng the late By Capt. Steven U. Ramsdell · 2014-05-16 · Tormafton durlng the late 1930s. By Capt. Steven U. Ramsdell n September 1, 1939, the Ger- man blitzkrieg thundered

School Bus Driver Training Bob Ramsdell NSTA April 9, 2015

ADV420 Amanda Guttman Final Presentation

RTrees Guttman 84

Revit API Techniques for Managing Building Data Mario Guttman

3 - Ramsdell - Technical Inputs to Dredging Cost Estimates

The Online Home of Arielle Guttman, Astrologer - Healing … · 2021. 3. 9. · with Arielle Guttman and Alexandra Karacostas September 19-October 4, 2021 Athens ... Arielle will

Circulation and Advertising Director- Lauren Ramsdell Marketing Director- Deborah Taft

Guttman Mendelssohn and Spinoza

Computer & Mobile Forensics Standards Barbara Guttman [email protected] October 1, 2009

In This Issue - Guttman Dev · Guttman Insights June 2013 01 John Charles Webb is senior vice president of people and organization for the Wm. Wrigley Jr. Co., a leader in confections,

Student Success by Design CUNY’s Guttman Community College

Establishing and Preserving Protocol Security Goalsweb.cs.wpi.edu/~guttman/pubs/goals_and_transformations...Establishing and Preserving Protocol Security Goals Joshua D. Guttman November

Zoltán Patai, Andras Guttman, Endre G. Mikus

Jeff Ramsdell, Ph.D., P.E. Appalachian State University Barry B. Edwards, P.E

Guttman & Kellman - Contour Interpolation (VR 2004)

Topographic Map of Ramsdell

Stella and Charles Guttman Community Collegeknowledgecenter.csg.org/kc/system/files/Guttman CC.pdf · • High impact practices to scale: learning communities, service learning during

Escalograma de guttman

Print Service - Mollusk Conservation No.2... · 2015. 6. 12. · David J. Berg, Wendell R. Haag, Sheldon I. Guttman Wendell Haag David Berg and Sheldon Guttman Forest Hydrology Laboratory

Guttman Community College Academic University Report

R-Trees: A Dynamic Index Structure For Spatial Searching Antonin Guttman

REINVENTING “GUTTMAN SCALING”