Skip to main content
Springer Nature Link
Log in

TOCTOU, Traps, and Trusted Computing

  • Conference paper
Trusted Computing - Challenges and Applications (Trust 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4968))

Included in the following conference series:

  • 934 Accesses

Abstract

The security of the standard TCG architecture depends on whether the values in the PCRs match the actual platform configuration. However, this design admits potential for time-of-check time-of-use vulnerabilities: a PCR reflects the state of code and data when it was measured, not when the TPM uses a credential or signs an attestation based on that measurement. We demonstrate how an attacker with sufficient privileges can compromise the integrity of a TPM-protected system by modifying critical loaded code and static data after measurement has taken place. To solve this problem, we explore using the MMU and the TPM in concert to provide a memory event trapping framework, in which trap handlers perform TPM operations to enforce a security policy. Our framework proposal includes modifying the MMU to support selective memory immutability and generate higher granularity memory access traps. To substantiate our ideas, we designed and implemented a software prototype system employing the monitoring capabilities of the Xen virtual machine monitor.

This work was supported in part by the U.S. Department of Homeland Security under Grant Award Number 2006-CS-001-000001, and the Institute for Security Technology Studies, under Grant number 2005-DD-BX-1091 awarded by the Bureau of Justice Assistance. The views and conclusions do not necessarily represent those of the sponsors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Trusted Computing Group: Homepage, http://www.trustedcomputinggroup.org

  2. Proudler, G.: Concepts of Trusted Computing. In: Mitchell, C. (ed.) Trusted Computing, IET, pp. 11–27 (2005)

    Google Scholar 

  3. Bratus, S., Ferguson, A., McIlroy, D., Smith, S.: Pastures: Towards Usable Security Policy Engineering. In: ARES 2007: Proceedings of the The Second International Conference on Availability, Reliability and Security, Washington, DC, USA, pp. 1052–1059. IEEE Computer Society, Los Alamitos (2007)

    Chapter  Google Scholar 

  4. Sadeghi, A.R., Stüble, C.: Property-Based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In: New Security Paradigms Workshop (2004)

    Google Scholar 

  5. Arce, I.: The Kernel Craze. IEEE Security and Privacy 2(3), 79–81 (2004)

    Article  Google Scholar 

  6. Franklin, M., Mitcham, K., Smith, S.W., Stabiner, J., Wild, O.: CA-in-a-Box. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 180–190. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  7. Xen: Virtual Machine Monitor, http://www.cl.cam.ac.uk/Research/SRG/netos/xen/

  8. Bochs: IA-32 Emulator Project, http://bochs.sourceforge.net/

  9. QEMU: Open Source Processor Emulator, http://www.qemu.com/

  10. Strasser, M.: Software-based TPM Emulator for Linux. Department of Computer Science. Swiss Federal Institute of Technology Zurich (2004)

    Google Scholar 

  11. Berger, S., Caceres, R., Goldman, K., Perez, R., Sailer, R., van Doorn, L.: vTPM – Virtualizing the Trusted Platform Module. In: 15th Usenix Security Symposium, pp. 305–320 (2006)

    Google Scholar 

  12. D’Cunha, N.: Exploring the Integration of Memory Management and Trusted Computing. Technical Report TR2007-594, Dartmouth College, Computer Science, Hanover, NH (May 2007)

    Google Scholar 

  13. Kursawe, K., Schellekens, D., Preneel, B.: Analyzing trusted platform communication (2005), http://www.esat.kuleuven.be/cosic/

  14. Sadeghi, A.R., Selhorst, M., Stüble, C., Wachsmann, C., Winandy, M.: TCG Inside - A Note on TPM Specification Compliance.

    Google Scholar 

  15. Kauer, B.: OSLO: Improving the security of Trusted Computing. Technical report, Technische Universitat Dresden, Department of Computer Science (A later version appeared at USENIX Security 2007) (2007)

    Google Scholar 

  16. Sparks, E.: TPM Reset Attack, http://www.cs.dartmouth.edu/~pkilab/sparks/

  17. Greene, T.: Integrity of hardware-based computer security is challenged. NetworkWorld (June 2007)

    Google Scholar 

  18. Sparks, E.: A Security Assessment of Trusted Platform Modules. Technical Report TR2007-597, Dartmouth College, Computer Science, Hanover, NH (June 2007)

    Google Scholar 

  19. Boneh, D., Brumley, D.: Remote Timing Attacks are Practical. In: Proceedings of the 12th USENIX Security Symposium (2003)

    Google Scholar 

  20. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: USENIX Security Symposium, pp. 223–238 (2004)

    Google Scholar 

  21. Marchesini, J., Smith, S.W., Wild, O., Stabiner, J., Barsamian, A.: Open-Source Applications of TCPA Hardware. In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol. 3189, pp. 294–303. Springer, Heidelberg (2004)

    Google Scholar 

  22. Marchesini, J., Smith, S.W., Wild, O., MacDonald, R.: Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear. Technical Report TR2003-476, Dartmouth College, Computer Science, Hanover, NH (December 2003)

    Google Scholar 

  23. Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing. In: USENIX Virtual Machine Research and Technology Symposium (2004)

    Google Scholar 

  24. Petrom Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor. In: 13th USENIX Security Symposium, pp. 179–194 (2004)

    Google Scholar 

  25. Shi, E., Perrig, A., van Doorn, L.: BIND: A Fine-Grained Attestation Service for Secure Distributed Systems. In: IEEE Symposium on Security and Privacy, pp. 154–168 (2005)

    Google Scholar 

  26. Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In: Proceedings of the 13th international conference on Architectural support for programming languages and operating systems, pp. 2–13. ACM, New York (2008)

    Chapter  Google Scholar 

  27. Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: SOSP 2007: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, pp. 335–350. ACM, New York (2007)

    Chapter  Google Scholar 

  28. Cabuk, S., Plaquin, D., Dalton, C.I.: A Dynamic Trust Management Solution for Platform Security Using Integrity Measurements. Technical report, Hewlett-Packard Laboratories (April 2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dartmouth College, Hanover, New Hampshire,  

    Sergey Bratus, Nihal D’Cunha, Evan Sparks & Sean W. Smith

Authors
  1. Sergey Bratus
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nihal D’Cunha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Evan Sparks
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sean W. Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Peter Lipp Ahmad-Reza Sadeghi Klaus-Michael Koch

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bratus, S., D’Cunha, N., Sparks, E., Smith, S.W. (2008). TOCTOU, Traps, and Trusted Computing. In: Lipp, P., Sadeghi, AR., Koch, KM. (eds) Trusted Computing - Challenges and Applications. Trust 2008. Lecture Notes in Computer Science, vol 4968. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68979-9_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-68979-9_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68978-2

  • Online ISBN: 978-3-540-68979-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics