What is AMD’s ”enhanced virus protection” all about?
What’s coming next?
Presented by: Micha Moffie

• • • Security Objectives Happening now…  AMD Solution – ‘enhanced virus protection’  WinXP support in SP2 Coming soon …  Intel LaGrande technology  Windows Palladium/NGSCB
NUCAR
2

• • Protect  User Confidential Data From:  Attacks on executing software • Software vulnerabilities  Attacks from malicious software • Viruses/worms/Trojan horses  Attacks on hardware • Access to keyboard & mouse data / screen output
NUCAR
3

• • Hardware support against stack smashing  Stack smashing attack - reminder Hardware implements  NX bit - No eXecution on predefined pages.
 Each page in the translation pages has a new NX bit, when the instruction TLB is loaded with a new page, this bit is checked. if the bit is set (we are trying to execute from a non executable page) we will get a page fault exception.
 this applied to all privilege levels (from AMD manual)
NUCAR
4

• • • Window XP (Service Pack 2) Microsoft uses NX bit to: ”prevents the
execution of code in memory regions that are
marked as data storage”  This will NOT prevent an attacker from overrunning the data buffer, but will prevent him from executing his attack (generate an exception) Some problems with legitimate code  a ”Data Execution Prevention" error message – for legitimate code  Workaround - Microsoft allow exceptions, per application. (I.e. turn DEP off for specific apps.)
NUCAR
5

• • Transmeta  already supported Intel  Itanium supports this bit  Intel Pentium … in the near future • Linux   a patch to the Linux kernel exists that supports the NX bit http://www.uwsg.indiana.edu/hypermail/linux/kernel/0406.0/0497.html
NUCAR
6

• • • Security Objectives Happening now…  AMD Solution – ‘enhanced virus protection’  WinXP support in sp2 Coming soon …  Intel LaGrande technology  Windows Palladium
NUCAR
7

• • New Hardware Components complemented with New OS & New applications:  protect data from software attacks  protect data confidentiality & integrity Hardware Capabilities  Isolated execution • Protected memory pages  Sealed storage (TPM)  Protected I/O (keyboard/mouse/graphics)  Attestation (Proof of current protected environment)
NUCAR
8

NUCAR
9

• Standard partition  execute: • • legacy code, non secure portion of new code • Protected partition  execute • new security modules & services  provides • regular IA32 semantics  Provides • • • • execution isolation sealed storage Protected I/O Attestation
NUCAR
10

NUCAR
11

• • Next Generation Secure Computing Base security technology for the Microsoft® Windows® platform,  will be included in “Longhorn” • Includes a new operating system module: “Nexus”  enable secure interaction with applications, peripheral hardware, memory and storage
NUCAR
12

• Four key features:  Strong process isolation • even against attacks from the kernel  Sealed storage • accessible only to program, nexus & machine  Secure path to/from user  Attestation
NUCAR
13

• • • • • Essentially the kernel of an isolated software stack runs alongside the existing OS software stack.  not underneath it Provides a limited set of APIs and services for applications, including sealed storage and attestation functions.
Special processes that work with nexus are called “Agents” Can run different nexuses on a machine  But only one nexus at a time
NUCAR
14

NUCAR
15

• • • • • • • • • AMD64 Architecture Programmer's Manual Volume 2: System Programming, 3.09 edition, Sep. 2003. Publication No. 24593.
Microsoft Knowledge Base Articles 875352 & 875351 Intel, LaGrande Technology Architectural Overview, 252491-001, September 2003 Microsoft The Next-Generation Secure Computing Base: Four Key Features, June 2003 Microsoft Next-Generation Secure Computing Base - Technical FAQ, July 2003 Microsoft "Palladium": A Business Overview, August 2002 TPM Main Part 1 Design Principles, Specification Version 1.2 Revision 62 2 October 2003 Published ARM, A New Foundation for CPU Systems Security, Security Extensions to the ARM Architecture, Richard York, May 2003 A wooden fence in Kyoto, http://www.gastric.com /mari/54.htm
NUCAR
16

• Thanks,  • Questions ?
NUCAR
17

NUCAR
18

} { main(int argc, char **argv) … foo(argv[1], 10); … } void foo(int i, char *s) { char b[16]; strcpy(b, s); ……
Stack grows Stack
main( ) auto variables
Frame ptr
+12 +8 +4 0
Stack ptr
-4 -8 -12 -16 10 ptr to input string return addr of foo( ) frame ptr of foo( ) dddd cccc bbbb aaaa
b[3] b[2] b[1] b[0] NUCAR Buffer grows
19

Stack Stack grows
+12 +8 +4 0 -4 -8 -12 -16 attack code attack code attack code start of attack code 0x0012ff12 0x0012ff12 0x0012ff12 **** **** **** **** 0x0012ff12 0x0012ff08 0x0012ff04 0x0012ff00
b[3] b[2] b[1] b[0]
Attacker code executed in Stack Segment..
return addr of foo( ) Has changed!
it will return to 0x0012ff12, the attacker code NUCAR
20
Buffer grows

• Trusted Platform Module • also called SSC - Security Support Component • • • • Stores hardware secret key Base of trust Cryptographic co-processor more…
NUCAR
21

NUCAR
22

NUCAR
23

• Extending the CPU to enable more security • • Main problem with current OS  It is huge, millions of code lines - Complex • difficult to establish a ‘trusted code base’  A rich API - Open • enables widespread access to OS from non-secure code Main idea:  establishing a trusted code base  using a hardware enforced security domain to systemize the implementation of secure systems
NUCAR
24

• Current typical security structure
NUCAR
25

• New security structure
NUCAR
26

• • Introduce an NS-bit  use this bit to identify secure data throughout system • cache • pages Monitor  manages the NS-bit  manages transition in & out of security mode  Small fixed API
NUCAR
27