BIOS chronomancy: fixing the core root of trust for measurement

Authors:
John Butterworth;Corey Kallenberg;Xeno Kovah;Amy Herzog
Affiliations:
The MITRE Corporation, Bedford, Massachusetts, USA;The MITRE Corporation, Bedford, Massachusetts, USA;The MITRE Corporation, Bedford, Massachusetts, USA;The MITRE Corporation, Bedford, Massachusetts, USA
Venue:
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Year:
2013

Citing 12
Cited 0

Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems

Proceedings of the twentieth ACM symposium on Operating systems principles
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Remote Attestation on Legacy Operating Systems With Trusted Platform Modules

Electronic Notes in Theoretical Computer Science (ENTCS)
OSLO: improving the security of trusted computing

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks

Proceedings of the 2009 ACM workshop on Scalable trusted computing
A software primitive for externally-verifiable untampered execution and its applications to securing computing systems

A software primitive for externally-verifiable untampered execution and its applications to securing computing systems
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity

Proceedings of the 17th ACM conference on Computer and communications security
SBAP: software-based attestation for peripherals

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
HyperCheck: a hardware-assisted integrity monitor

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
VIPER: verifying the integrity of PERipherals' firmware

Proceedings of the 18th ACM conference on Computer and communications security
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms

Proceedings of the 18th ACM conference on Computer and communications security
New Results for Timing-Based Attestation

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we look at the implementation of the Core Root of Trust for Measurement (CRTM) from a Dell Latitude E6400 laptop. We describe how the implementation of the CRTM on this system doesn't meet the requirements set forth by either the Trusted Platform Module(TPM)PC client specification or NIST 800-155 guidance. We show how novel tick malware, a 51 byte patch to the CRTM, can replay a forged measurement to the TPM, falsely indicating that the BIOS is pristine. This attack is broadly applicable, because all CRTMs we have seen to date are rooted in mutable firmware. We also show how flea malware can survive attempts to reflash infected firmware with a clean image. To fix the untrustworthy CRTM we ported an open source "TPM-timing-based attestation" implementation from running in the Windows kernel, to running in an OEM's BIOS and SMRAM. This created a new, stronger CRTM that detects tick, flea, and other malware embedded in the BIOS. We call our system "BIOS Chronomancy", and we show that it works in a real vendor BIOS, with all the associated complexity, rather than in a simplified research environment.