BIND: A fine-grained attestation service for secure Distributed Systems [Shi, Perrig, Doorn]
BIND stands for Binding Instructions aNd Data. As the title of the paper suggests, it is an application and data attestation service. It performs fine-grained attestation: attesting only designated code segments, rather than coarse-grained attestation: attesting the entire platfrom , as is common with TCG style attestation. There are two problems with coarse-grained attestation,
- Difficult to Manage: Operating System contains many hardware-dependent modules, a lot of software and sometimes many different versions of the same software; even small differences in code executing result in a different hash value.
- Load time guarantee only: The attestation hash value reflects the state of the system right after boot. Any run-time software changes after that are not captured, such as, software that is compromised by a buffer overflow.
BIND requires some hardware support such as the Secure Kernel (SK) and Secure Execution Mode (SEM) mode on AMD chips. BIND is then run as part of the SK and can therefore be trusted. BIND offers the following benefits:
- Fine-grained attestation: Attest only critcal piece of code. Programmer annotates the piece of code that needs to be attested.
- Secure runtime environment: The critical piece of code is always attested right before it’s executed. The execution of the process is then carried out in a sand-boxed environment protected from external interference. This requires memory protection (e.g. by using AMD’s Secure Execution Mode mode) and secure restoration of execution environment after an interrupt (e.g. SK creates a shadow interrupt descriptor table that overrieds the one the OS uses and then saves the protected program’s state. It also inserts a SK interrupt at the same place execution is going to resume. Then, when the OS resumes execution of the protected program, the SK gets called first. It compares the saved copy of the execution state to the one the OS resotred. If they match it allows the program to continue.)
- Narrow gap between time of attestatoin and time of use: The critical piece of code is always attested right before execution, and then, execution is carried out in a tamper-proof sandboxed environment.
- Data integrity: The attestation guarantees the integrity of the input data, the program receiving the input data, and the output data from that process. This is done efficiently by using transitive integrity verification, which requires verifying only one signature to guarantee the entire chain of programs transforming that data.
Conceptual model for distributed systems using BIND:
- Primitive data is the data supplied by the user, this includes the command itself and the IP address. Primitive data is not attested by BIND.
- Derived data are the ping-pong messages. Derived data is attested by BIND.
- Process: Pa, Pb, Pc. Processes are attested by BIND
- Intermediary: The OS and the medium through which the messages are transmitted. BIND does not trust intermidearies. Protecting data from intermediaries can be done using standard cryptographic techniques and is not addressed by BIND.
Notice that a chain of trust is created because of BIND using transitvie integrity verification. For example, assume in the above figure that user input is trusted. Then, BIND attests to the input data along with process Pa and its output data which is the ping message. The result of this attestation is a single hash value. When Pb receives the message and the hash. It verifies its authenticity and the value of the hash itself. This single verfication process guarantees both data integrity and process integrity. The chain of trust continues when BIND attests the integirty of process Pb and its output data.