A practical approach for updating an integrity-enforced operating system
1. A practical approach for updating an
integrity-enforced operating system
Wojciech Ozga
TU Dresden
Do Le Quoc
TU Dresden
Christof Fetzer
TU Dresden
ACM/IFIP Middleware 2020
6. • con
fi
guration
• executables
• dynamic libraries
• con
fi
guration
• executables
• dynamic libraries
• con
fi
guration
• executables
• dynamic libraries
fi
le contents of executables,
con
fi
guration, dynamic libraries
-Software
state (C)
-
Integrity check by
monitoring systemverify - Adversary
• con
fi
guration
• executables
• dynamic libraries
software
7. fi
le contents of executables,
con
fi
guration, dynamic libraries
-Software
state (C)
-
Integrity check by
monitoring systemverify - Adversary
fi
le (C, H)
C - content
H - hash(C)
file1 = file2 ⇔ hash(file1) = hash(file2)
8. integrity measurement, veri
fi
cation, and enforcement
fi
le contents of executables,
con
fi
guration, dynamic libraries
-Software
state (C)
-
Integrity check by
monitoring systemverify - Adversary
fi
le (C, H)
C - content
H - hash(C)
TPM
2.0IMA trusted
boot
9. integrity measurement, veri
fi
cation, and enforcement
fi
le
(C, H)
verify H = H correct
fi
le contents of executables,
con
fi
guration, dynamic libraries
-Software
state (C)
-
Integrity check by
monitoring systemverify - Adversary
no update
fi
le (C, H)
C - content
H - hash(C)
10. no update
fi
le
(C, H)
fi
le
(C’’, H’’)
verify H = H correct
fi
le contents of executables,
con
fi
guration, dynamic libraries
-Software
state (C)
-
Integrity check by
monitoring systemverify - Adversary
fi
le (C, H)
C - content
H - hash(C)
integrity measurement, veri
fi
cation, and enforcement
modi
fi
es
fi
le’s content
11. no update
fi
le
(C, H)
fi
le
(C’’, H’’)
verify
verify H’’ ≠ H violation
(true positive)
H = H correct
fi
le contents of executables,
con
fi
guration, dynamic libraries
-Software
state (C)
-
Integrity check by
monitoring systemverify - Adversary
fi
le (C, H)
C - content
H - hash(C)
integrity measurement, veri
fi
cation, and enforcement
modi
fi
es
fi
le’s content
12. integrity measurement, veri
fi
cation, and enforcement
no update
fi
le
(C, H)
fi
le
(C’’, H’’)
verify
verify H’’ ≠ H violation
(true positive)
H = H correct
fi
le contents of executables,
con
fi
guration, dynamic libraries
-Software
state (C)
-
Integrity check by
monitoring systemverify - Adversary
update
fi
le
(C’, H’)
fi
le (C, H)
C - content
H - hash(C)
modi
fi
es
fi
le’s content
13. integrity measurement, veri
fi
cation, and enforcement
no update
fi
le
(C, H)
modi
fi
es
fi
le’s content
fi
le
(C’’, H’’)
verify
verify H’’ ≠ H violation
(true positive)
H = H correct
fi
le contents of executables,
con
fi
guration, dynamic libraries
-Software
state (C)
-
Integrity check by
monitoring systemverify - Adversary
update
fi
le
(C’, H’)
verify H’ ≠ H violation
(false positive)
fi
le (C, H)
C - content
H - hash(C)
14. modi
fi
es
fi
le’s content
integrity measurement, veri
fi
cation, and enforcement
no update
fi
le
(C, H)
fi
le
(C’’, H’’)
verify
verify
H = H correct
H’’ ≠ H violation
(true positive)
fi
le contents of executables,
con
fi
guration, dynamic libraries
-Software
state (C)
-
Integrity check by
monitoring systemverify - Adversary
update
fi
le
(C’, H’)
verify H’ ≠ H violation
(false positive)
the problem addressed in this paper
fi
le (C, H)
C - content
H - hash(C)
15. - sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
repository
16. - sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
repository
software package:
apache2-2.4.46.apk
17. - sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
repository
software package:
apache2-2.4.46.apk
OSOS
OS
OS
18. OSOS
package manager
OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
repository
install
OS
package manager
software package:
apache2-2.4.46.apk
19. OSOS
package manager
OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
download
packages
repository
software package:
apache2-2.4.46.apk
20. OSOS
package manager
OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
repository
install
software package:
apache2-2.4.46.apk
23. OSOS
package manager
integrity-enforced OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
repository
install
TPM
2.0
measure
integrity
monitoring system
remote
attestation
integrity-enforced OS
TPM
2.0
24. OSOS
package manager
integrity-enforced OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
install
TPM
2.0
measure
integrity
monitoring system
remote
attestation
Trusted Software
Repository (TSR)
repository
trusted software
repository (TSR)
25. OSOS
package manager
integrity-enforced OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
install
TPM
2.0
measure
integrity
monitoring system
remote
attestation
Trusted Software
Repository (TSR)
repository
trusted software
repository (TSR)
integrity-enforced OS
repository
26. OSOS
package manager
integrity-enforced OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
download
packages
install
TPM
2.0
measure
integrity
monitoring system
remote
attestation
Trusted Software
Repository (TSR)
repository
trusted software
repository (TSR)
sanitization mechanism
27. OSOS
package manager
integrity-enforced OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
download
packages
install
TPM
2.0
measure
integrity
monitoring system
remote
attestation
Trusted Software
Repository (TSR)
Trusted Execution Environment
repository
trusted software
repository (TSR)
28. OSOS
package manager
integrity-enforced OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
download
packages
install
TPM
2.0
measure
integrity
monitoring system
remote
attestation
Trusted Software
Repository (TSR)
Trusted Execution Environment
repository
trusted software
repository (TSR)
Intel SGX
29. OSOS
package manager
integrity-enforced OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
download
packages
install
TPM
2.0
measure
integrity
monitoring system
remote
attestation
Intel SGX
trusted software
repository (TSR)
mirror #1
mirror #2
mirror #3
30. OSOS
package manager
integrity-enforced OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
download
packages
install
TPM
2.0
measure
integrity
monitoring system
remote
attestation
Intel SGX
trusted software
repository (TSR)
mirror #1
software package:
apache-1.0.0.apk
apache-1.0.0
mirror #2
apache2-2.4.46
mirror #3
apache2-2.4.46
replay attack
31. OSOS
package manager
integrity-enforced OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
download
packages
install
TPM
2.0
measure
integrity
monitoring system
remote
attestation
Intel SGX
trusted software
repository (TSR)
mirror #1
apache is up to date
apache2-2.4.46
mirror #2
apache3-3.0.1
mirror #3
apache3-3.0.1
freeze attack
32. OSOS
package manager
integrity-enforced OS
- sanitization process- data
fl
ow -
fi
lesystem- TSR private signing key - TSR public signing key
download
packages
install
TPM
2.0
measure
integrity
monitoring system
remote
attestation
Intel SGX
trusted software
repository (TSR)
quorum
mirror #1
mirror #2
mirror #3
apache-1.0.0
apache2-2.4.46
apache2-2.4.46
software package:
apache2-2.4.46
33. Sanitization
A mechanism inside TSR that modi
fi
es packages to make them safe to be installed in
the integrity-enforced OS. Sanitization
• modi
fi
es installation scripts
• predicts OS con
fi
guration
• issues digital signatures
34. software package
package header
package control
package contents
con
fi
guration
fi
les,
executables, libraries
-
provided by
software maintainers
provided by OS
distribution community
- -
35. software package digital signature: 011011…010101
package header
package control
package contents
con
fi
guration
fi
les,
executables, libraries
-
provided by
software maintainers
provided by OS
distribution community
- -
36. software package certi
fi
es
authenticity
and
integrity
digital signature: 011011…010101
package header
package control
package contents
meta-information:
name: “package”,
version: “0.1”,
dependencies: “openssl”,
…
pre/post installation & update scripts
con
fi
guration
fi
les,
executables, libraries
-
provided by
software maintainers
provided by OS
distribution community
- -
37. software package certi
fi
es
authenticity
and
integrity
digital signature: 011011…010101
meta-information:
name: “package”,
version: “0.1”,
dependencies: “openssl”,
hash: ‘c7a9f84bb5ac…987cce’
pre/post installation & update scripts
software-speci
fi
c
fi
les
certi
fi
es
integrity
package header
package control
package contents
con
fi
guration
fi
les,
executables, libraries
-
provided by
software maintainers
provided by OS
distribution community
- -
38. con
fi
guration
fi
les,
executables, libraries
-
provided by
software maintainers
provided by OS
distribution community
- -
software package certi
fi
es
authenticity
and
integrity
digital signature: 011011…010101
meta-information:
name: “package”,
version: “0.1”,
dependencies: “openssl”,
hash: ‘c7a9f84bb5ac…987cce’
pre/post installation & update scripts
certi
fi
es
integrity
package header
package control
package contents
software-speci
fi
c
fi
lessoftware-speci
fi
c
fi
les
39. software package certi
fi
es
authenticity
and
integrity
digital signature: 011011…010101
meta-information:
name: “package”,
version: “0.1”,
dependencies: “openssl”,
hash: ‘c7a9f84bb5ac…987cce’
software-speci
fi
c
fi
les
certi
fi
es
integrity
package header
package control
package contents
pre/post installation & update scripts
con
fi
guration
fi
les,
executables, libraries
-
provided by
software maintainers
provided by OS
distribution community
- -
pre/post installation & update scripts
40. Number of packages with and without custom con
fi
guration scripts in Alpine Linux main and community repositories.
Some packages (Safe= ) contain scripts that break OS integrity
41. Operations performed by installation scripts located in software packages in Alpine Linux repositories. Some operations (Safe= ) break OS integrity. The last column ("TSR")
indicates which operations are safe after the sanitization. Filesystem changes - add/remove/modify folders, symbolic links, and their permissions. Empty scripts - conditional
checks, display information.
45. Sanitization
1 scan all scripts in all packages
2 extract all user/group creation commands
3 predict con
fi
guration after executing all commands
46. Sanitization
1 scan all scripts in all packages
2 extract all user/group creation commands
3 predict con
fi
guration after executing all commands
4 issue digital signatures of all
fi
les and predicted con
fi
guration
fi
les
47. Sanitization
1 scan all scripts in all packages
2 extract all user/group creation commands
5 modify all scripts so they:
3 predict con
fi
guration after executing all commands
4 issue digital signatures of all
fi
les and predicted con
fi
guration
fi
les
48. Sanitization
1 scan all scripts in all packages
2 extract all user/group creation commands
5 modify all scripts so they:
5a execute commands in the same order
5b install digital signatures
3 predict con
fi
guration after executing all commands
4 issue digital signatures of all
fi
les and predicted con
fi
guration
fi
les
49. Evaluation
• Time to sanitize a single package
• The performance overhead of tolerating compromised mirrors
• Time to sanitize all packages
• Main factors driving the sanitization time
• Impact of sanitization on the repository size
• Package access latency with pre-caching of sanitized packages
• End-to-end latency of software update
• The performance overhead of executing TSR inside SGX
see the paper
for more results
58. what is the overhead of tolerating compromised mirrors?
59. what is the overhead of tolerating compromised mirrors?
60. what is the overhead of tolerating compromised mirrors?
61. Latency of downloading the repository index from TSR. TSR instance is deployed in Europe.
lower is
better
62. Latency of downloading the repository index from TSR. TSR instance is deployed in Europe.
lower is
better
63. Latency of downloading the repository index from TSR. TSR instance is deployed in Europe.
lower is
better
64. Trusted software repository:
• enables software updates for integrity-enforced OS
• introduces the sanitization process that allows supporting 99.76% of packages
available in the Alpine Linux repository
• tolerates a minority of software repository mirrors exhibiting Byzantine behavior
Summary
65. Summary
Thank you
wojciech.ozga@tu-dresden.de
Trusted software repository:
• enables software updates for integrity-enforced OS
• introduces the sanitization process that allows supporting 99.76% of packages
available in the Alpine Linux repository
• tolerates a minority of software repository mirrors exhibiting Byzantine behavior