Trusted Computing Enabled System

Goal

We apply Trusted Computing Group (TCG) technologies as our means to achieving behavior conformity and we do so by working on virtualization in two layers in the software stack: OS layer and Grid middleware layer.

Overview

1. Remote Attenstation

Attestation protocol is an interactive process between a challenger and attesting system platform. Attestation happens in three situations:

 (1) Grid user Alice needs the grid broker to prove to her that it has the correct platform configuration before she submits her job;

 (2) Broker finds an appropriate back-end node to run Alice’s job. The attestation must be done to ensure that the target back-end node is also trusted;

 (3) If one node is overloaded and needs offload some guests by migration, then the broker will exploit attestation to find another trusted back-end node for migration.

2. Trusted Bootstrap

In Daoli architecture, we only measure BIOS, TGrub and VMM. According to TCG spec, the integrity of BIOS is protected by CRTM, and BIOS should measure the first sector which locates in cylinder 0, head 0, sector 1 (i.e. sector’s LBA value is zero). So, we could ignore security of BIOS and OS Loader. Because Fudan university has enhanced the structure of VMM for memory curtain and isolating process, so it should let an entity to protect VMM. According to TXT-tech, it is required that CPU and chipsets measure VMM by using AC (Authenticated Code) module. But in Daoli architecture, the task is handled by Grub which will be replaced by TGrub. However, how to establish code integrity of TGrub is a key to trusted boot for forming concrete trusted chain. In here, we use TPM_SEAL function for binding TGrub entity and TPM. That to say, the sealed TGrub can only be decrypted in specific platform.

* TGRUB – Functions (SETUP phase)
1) Capturing user's privacy by according to detecting setting of BIOS setup.

2) Calculating integrity value of VMM.

3) Creating AES key and binding it with platform environment.

4) Replacing executable stage2 with mess binary

* TGRUB – Functions (Runtime phase)
1) Stage1 loads stage1.5 forcibly.

2) Stage1.5 Checks whether does BIOS-setup setting contains user's privacy.

3) Stage1.5 answers for unsealing blob to get AES key and decrypting stage2.

4) Stage2 measures integrity of vmm (xen), and then loads it.

* User's secret (favor)
1) Different items setting, including startup, chipset, security.

2) CMOS contains specific setting when user enter setup setting.

3) user's secret (favor) → BIOS setting → cmos reg value → hash value.

4) Final hash value reflects user's behavior or privacy.

Features

Following are the main features of trusted computing enabled system:

1. Basic Requirements of Remote Attenstation

We take single direction attestation that is easily implemented in a dual direction mode. Figure 1 summarizes the attestation architecture. An appraiser is a party, such as grid broker, which has need to make an attestation about some other party or parties. A target is a party about which an appraiser needs to make such an attestation. IMRServer (Integrity Measurements Reference Server ) is a party which stores the standard integrity values for different components, such as MVMM and trusted grub. Both target and appraiser have an attestation daemon in Dom0 to finish the attestation process. The target has TSS service in Dom0 provides the TPM function for attestation. The attestation daemon on appraiser Dom0 also has communication with IMRServer to retrieve standard integrity values to make attestation decision. Attestation protocol and integrity measurements protocol will be examined in next section.

2.The way to protect Grub and measure VMM

As to protecting TGrub, we use SRK in TPM to encrypt stage2 of TGrub during installing process, and let encrypted stage2 as a blob to replace original stage2. While TGrub is running, the decrypted code in stage 1.5 is executed for sending blob to TPM internal data buffer. After stage2 is recovered, it should measure integrity of VMM for establishing a secure environment.

Team Members

Huanguo Zhang, Professor
Fei Yan, Lecturer
Mingdi Xu, PH. D. candidate
Shiwei Xu, PH. D. candidate
Lu Chen, PH. D. candidate
Yu Zhang, graduate student
Li Wang, graduate student
Rui Qiao, graduate student

Contact Information

Address
Lab of Information Security and Safety
Computer School, Wuhan University, Wuhan, 430079, China

Homepage
http://liss.whu.edu.cn/