TRIE: Runtime Integrity Measurement and Enforcement with Automated Whitelist Generation Anna Kornfeld Simpson1, Nabil Schear2, Thomas Moyer2 1 University of Washington, 2 MIT Lincoln Laboratory TRIE: Taint-based Runtime Integrity Enforcement Background • Need to establish trust in remote systems - Is this the machine I expect? - What is the machine’s integrity state at the time that I communicated with it? Trusted Platform Module (TPM) Approach: Trace all executed code back to source files Enforce or attest system integrity at runtime Learning Phase • Solution: Build from a hardware root of trust Root of Trust (TPM) BIOS Firmware Boot Loader Runtime Phase 1. Keep cryptographic hashes of files on disk 2. Track file I/O per process 3. Trace all executed code back to source files using Dynamic Taint Analysis (DTA) 4. Create whitelist of execution-relevant files (e.g., executables, byte code, scripts) 1. Each component measures (hashes) the next component at load time before transferring control 2. Use measurements to create a hash chain rooted in TPM 3. Present a hash chain signed by the TPM (quote) to other hosts to prove system integrity state App Mem DTA Load-Time Integrity Measurement 1. Track all I/O per process 2. Trace all executed code back to source using Dynamic Taint Analysis (DTA) 3. Check execution sources against whitelist 4. Disallow network and unknown sources (depending on policy) App Mem Whitelist File, Hash File, Hash … Whitelist ? File, Hash File, Hash … DTA Net Configuration Files Application Linux Integrity Measurement Architecture (IMA) [1] System software • Dynamic Taint Analysis (DTA) - Color memory and CPU registers that contain data from file input - Check for taint before JMP/CALL/RET to memory/registers Operating System Firmware Trusted/Secure Boot 0x80eaf = mmap(NULL, “libc.so”,0x82966) Hardware (TPM) read(0xb7548, “app.exe”, 318) • Limitations of load time integrity measurement - Stale measurements for long running processes - Does not detect compromised code created after load time (Just-intime (JIT) compiled code, interpreted scripts ECX = 0xb7548 Mark 0x80eaf-0x103815 as libc.so Mark 0xb7548-0xb7860 as app.exe RET 0x80eb1 Mark ECX register as app.exe Add libc.so to whitelist JMP ECX Add app.exe to whitelist • No general solution to runtime integrity measurement for many common use cases - e.g., Internet services, cloud, critical infrastructure Application File System with SHA-1 file hashes Runtime Integrity Measurement TRIE libdft Linux Kernel Intel PIN IMA Application System software Operating System Firmware Hardware (TPM) LKIM [2] Short lived, N/A General Approach Needed • Execution Coverage - Is there DTA failure due to implicit information flow? - Missed coverage during whitelisting result in false positive at runtime a = tainted_var if (a == 1) b = 0; else b = 1; • Performance of DTA at runtime - What is the added overhead of positive tainting approach of TRIE over standard DTA? Binary # JMP/ /CALL/RET Code Coverage Colors Used empty C prog 1,344 100% 6 cat hello.txt 3,040 100% 11 grep 6,561 100% 17 ls ~ 11,021 100% 26 exec(“ls ~”) 11,021 100% 26 python hello.py 676,201 100% 293 Python prompt 699,352 100% 329 Slowdown (Relative to PIN) 9 8 7 6 5 4 3 2 1 0 • Future Evaluation Plan - Run TRIE on existing testing frameworks from cloud applications (e.g., Apache Web server, MySQL, Hadoop) to learn whitelists - Study applicability of hardware-based DTA for better performance Conclusions • TRIE provides runtime measurement of all executed code - Stand-alone enforcement of allowed execution-relevant files - Integration with trusted computing architecture via IMA • Explicit DTA can provide sufficient coverage to ensure high trust in complex applications at runtime References Configuration Files Targeted solutions [3] Taint lost via implicit information flow • Load time integrity measurement not sufficient for long running or dynamically loaded/compiled applications Implementation Problem Evaluation • TRIE taint tracking engine built on top of libdft [4] and Intel PIN emulator - Tracks taint/color at the byte level through all ISA operations using shadow memory - Hooks relevant system calls (e.g., open, mmap, read) to add or check for taint • Kernel IMA-appraisal provides up to date immutable file hashes in FS extended attributes • TRIE with IMA provides runtime-measurement-based remote attestations - Extend TPM register and kernel measurement list with TRIE measurements - Remote party verifies TRIE measurements with whitelist created during learning phase Contact Information: Anna Kornfeld Simpson: aksimpso@cs.washington,edu, Nabil Schear: nabil@ll.mit.edu, Thomas Moyer: thomas.moyer@ll.mit.edu This work is sponsored by Assistant Secretary of Defense for Research & Engineering under Air Force Contract FA8721-05-C-0002. Opinions, interpretations, conclusions and recommendations are those of the author and are not necessarily endorsed by the United States Government. [1] Sailer et. al. “Design and Implementation of a TCG-based Integrity Measurement Architecture”, USENIX Security 2004. [2] Loscocco et. al. “Linux Kernel Integrity Measurement Using Contextual Inspection”, STC 2007. [3] Davi et. al. “Dynamic Integrity Measurement and Attestation: Towards Defenses Against ROP Attacks”, STC 2009. [4] Kemerlis et. al. “libdft: Practical dynamic data flow tracking for commodity systems”, VEE 2012
© Copyright 2024