The Trusted Computing Group has released a draft version of the new Trusted Platform Module specification for public review and comment: TPM 2.0. Five years+ in development, the spec contains a lot of new material to allow for hash and algorithm agility and enhanced authorization support. (Details of what is included in this new version can be found in the FAQ.) Comments can be submitted to a mailing address created especially for this review which can be found on the first page of each part of the specification. Weighing in at 1,397 pages, you better get started now, if you want to have any chance of completing your review before TPM 3.0 comes out. That reminds me… I have some work that I have to go do.
The local chapters of OWASP and ISSA jointly sponsored a 1/2 day Metasploit Training session taught by Raphael Mudge. It was held one Friday afternoon about 10 days ago at the Microsoft campus here in Austin which is a super nice facility and well set up for this type of class.
Metasploit is one of those technologies that is always near the top of my list to try out, but never quite takes that top spot, so I jumped at the chance to take this seminar. It sold out in less than 2 days, so it would seem that a lot of people felt the same way.
Raphael Mudge is the author of the Armitage front-end to Metasploit so he was a great choice to teach the class. He is a very high energy speaker and sprinkles anecdotes and experiences throughout, so the seminar never dragged. The seminar was an excellent mix of labs and presentation. The labs started with the exercise of installing metasploit and Armitage which was provided on a DVD. Virtual images which were vulnerable to attack were also provided and these were the targets of the exercises. Throughout the class, Raphael offered his experience on which exploits were typically the most successful, which payloads are the most valuable and other nuggets of information which are gained through experience. Armitage itself does a great job of lowering the barrier to entry and makes metasploit much easier to use.
This seminar was a great introduction to Armitage and metasploit, enough to make it useful for personal use of metasploit, but it is clear that I could spend many fun hours experimenting with the various exploits and payloads. Raphael made it clear throughout that he was not training crackers. The seminar succeeded brilliantly and so I would like to again thank Raphael Mudge, OWASP Austin and ISSA for making this seminar possible.
My first experience with Gnome 3 is that it frowns at me for not living up to its expectations.
There must be millions of corporate security presentations that start off with the premise that the security apocalypse will soon be upon us if security doesn’t receive premium investment. It feels to me as if the security apocalypse long promised has now arrived. Whether these events are coordinated or independent, whether they are script kiddie cracking or cyber warfare, does this harald a new dawn? The risks which were once deemed remote have now been exploited multiple times. Is this a wake-up call or is everyone still yawning when security is mentioned?
Time reports that Bin Laden’s computer contains a “mother lode of intel“. The article ends with the question: “The official posed the same question that’s likely on plenty of other people’s minds: ‘Can you imagine what’s on Osama bin Laden’s hard drive?’”
The question on my mind is rather, with so much to lose, why wasn’t it all encrypted?
by George Wilson, IBM Linux Technology Center
I was recently reading through the NIST “Draft Guide to Security for Full Virtualization Technologies” (SP 800-125 draft) [http://csrc.nist.gov/publications/drafts/800-125/Draft-SP800-125.pdf]. It discusses various considerations relating to hypervisor security. One section that particularly struck me was the comparison of bare metal vs hosted hypervisors. These are also known as Type I and Type II hypervisors, respectively. The document states that choosing between them is a critical security decision. That started me wondering if it is actually true that Type I hypervisors offer superior security to Type II hypervisors. While a Type I hypervisor may have a small kernel, it relies on and trusts an entire OS instance in the resource-owning partition (Dom0 in Xen parlance) for device access. So while it might at first blush appear that a Type I hypervisor has a much smaller TCB than a Type II, the TCB is really just in a different place. Given imperfect knowledge of the implementations and similar size, complexity, and maturity, it would seem that Type I and Type II hypervisors would in general offer similar security. I can’t find any solid evidence to the contrary. I’d love to hear from someone who can clarify why the Type I vs Type II distinction is in any way a major factor in hypervisor security analysis.
by Rajiv Andrade, Linux Technology Center
Since the foundation of the Trusted Computing Group, previously named Trusted Computing Platform Alliance, the pillars required to win most of today’s security challenges have been heavily developed.
The Trusted Platform Module and the Trusted Software Stack are two of these. Now that we have in our hands the required enablement, the next expected step is to come up with the development of detailed and implementable use cases that were originally envisioned when starting the Trusted Computing Initiative.
The use case presented in this newly published Blueprint exploits the integrity measurement capability that the TPM provides. Other than using a passphrase as an authorization token, it describes how to use a machine’s integrity to authorize access to sensitive files, by means of a key sealed to those integrity parameters.
The parameters include the loaded kernel image, the bootloader and its configuration file, and the BIOS. Thus, if one tries to load a different flawed kernel image, those sensitive files won’t be accessible. It’s also worth mentioning that the bootloader used is able also to measure critical system files (e.g. the libraries placed at /lib), making the job of a rootkit even harder.
The next step is to attest a machine’s integrity using the Integrity Measurements Architecture (IMA) logs that contain a list of measurements of all files accessed by the root user during runtime.
By Bryan Jacobson, Linux Technology Center.
While Virtualization offers many benefits, there can also be increased security risks. For example, consider a system running two hundred virtual images. All two hundred images are at risk if a flaw in the hypervisor (or configuration) allows any virtual guest to “break out” into the host environment and affect other virtual guests.
sVirt is a project to improve the security of Linux virtualization. Svirt applies the Mandatory Access Control (MAC) features of SELinux to strengthen the isolation between virtual images. Svirt works with KVM/QEMU and other Linux virtualization systems where the virtual image runs as a Linux user space process.
sVirt is a community project, with founding authors from Red Hat: Daniel Berrange, James Morris, and Dan Walsh. sVirt is integrated with libvirt.
One of my favorite sVirt use cases is: “Strongly isolating desktop applications by running them in separately labeled VMs (e.g. online banking in one VM and World of Warcraft in another; opening untrusted office documents in an isolated VM for view/print only).” (From the 8/11/2008 sVirt project announcement at www.redhat.com/archives/libvir-list/2008-August/msg00255.html).
The project announcement also identifies an excellent design goal: “Initially, sVirt should “just work” as a means to isolate VMs, with minimal administrative interaction. e.g. an option is added to virt-manager which allows a VM to be designated as “isolated”, and from then on, it is automatically run in a separate security context, with policy etc. being generated and managed by libvirt.”.
You can find a 48 minute video of James Morris’s February 2009 presentation on sVirt at Linux.conf.au: video.google.com/videoplay?docid=5750618585157629496#
Slides from that presentation are at: namei.org/presentations/svirt-lca-2009.pdf
Steve Hanna has written an excellent cloud security overview article A Security Analysis of Cloud Computing which talks about how trusted computing can help solve some of the cloud security problems.
Privacy concerns for the ages, is anonymity sufficient? Facebook and Google: Contrasts in Privacy Is privacy an illusion or a social contract? Blakley’s blog post Gartner gets privacy dead wrong debates the issue. Will Facebook users go along with Facebook’s new policies and the sense that their privacy was an illusion, or will they revolt, pile on EFF’s FTC complaint and leave Facebook in droves?
This article covers a lot of ground on the impact to security of virtualization and cloud adoption. I like it right up the the abrupt ending. Virtualization Adoption Slips.
Three just for fun:
SearchEnterpriseLinux.com has a 2009 retrospective of Linux activity: A look at Linux in the recession. Somehow I missed the news about Hannah Montana Linux.
An octopus and its travel trailer: Tool Use Found in Octopuses.
There is a new specialty of female bodyguards in Egypt.
Here are seven links that are worth the time that it takes to read them if you are interested in systems security.
The Evil Maid attacks again:
- ITPro article: Researchers break into Windows encryption feature,
- the original research behind the attack,
- article about Microsoft’s response.
Two Trusted Computing articles:
- “openSUSE is now the first operating system to offer full TC support” (from 11/24/2009)
- Trusted Computing in the Cloud: Towards Trusted Cloud Computing (from Hot Topics June 2009).
An introduction to Tin Hat Linux which is a Linux distribution based on hardened Gentoo which “was conceived as a challenge to the old mantra that physical access to a system means full access to the data”.
Everybody is talking about the botnet on AWS: Zeus botnet finds hold in Amazon cloud. From now on, I fully expect that stories about botnets controlled from within a cloud will become a footnote, rather than noteworthy and they will be served with standard takedown notices.