Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Remote Attestation on Legacy Operating Systems With Trusted Platform Modules
Electronic Notes in Theoretical Computer Science (ENTCS)
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Proceedings of the 2009 ACM workshop on Scalable trusted computing
A software primitive for externally-verifiable untampered execution and its applications to securing computing systems
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
SBAP: software-based attestation for peripherals
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
HyperCheck: a hardware-assisted integrity monitor
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
VIPER: verifying the integrity of PERipherals' firmware
Proceedings of the 18th ACM conference on Computer and communications security
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
New Results for Timing-Based Attestation
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
In this paper we look at the implementation of the Core Root of Trust for Measurement (CRTM) from a Dell Latitude E6400 laptop. We describe how the implementation of the CRTM on this system doesn't meet the requirements set forth by either the Trusted Platform Module(TPM)PC client specification or NIST 800-155 guidance. We show how novel tick malware, a 51 byte patch to the CRTM, can replay a forged measurement to the TPM, falsely indicating that the BIOS is pristine. This attack is broadly applicable, because all CRTMs we have seen to date are rooted in mutable firmware. We also show how flea malware can survive attempts to reflash infected firmware with a clean image. To fix the untrustworthy CRTM we ported an open source "TPM-timing-based attestation" implementation from running in the Windows kernel, to running in an OEM's BIOS and SMRAM. This created a new, stronger CRTM that detects tick, flea, and other malware embedded in the BIOS. We call our system "BIOS Chronomancy", and we show that it works in a real vendor BIOS, with all the associated complexity, rather than in a simplified research environment.