Visit to Toronto, CCS/SysTex 2018
Attended ACM CCS and workshop on System software for Trusted Execution, Toronto, Canada
Presented 'Secure compute VM' by Prof. Yoo.
We present a short paper on secure machine learning idea. In any learning
Intl' workshop on Security and Trust Management (STM)
Attended Linux Foundation Security Summit 2018, Barcelona, Spain
Presented 'TUX: Trust Update on Linux Booting' by Suhho.
We present a paper on the integrity checking at Linux booting. The Linux OS uses shim/GRUB boot-loader, of which integrity is difficult to guarantee. In fact, there were several attacks on trusted bootloader (tboot) , based upon compromising the GRUB bootloader, which shows the integrity in booting behavior is critical in managing integrity of the entire system. With the customized TUX, we can measure the integrity of the static code and data of the bootloader as well as the behavior during the Linux booting!
Linux SecuritySummit 2018
Attended Linux Foundation Security Summit 2018, Vancouver, Canada
Presented 'TUX: Trust Update on Linux'
by Suhho from the cool scenery of Vancouver Convention center, Vancouver.
We present the recent study on trusted computing, considering update in particular. Trusted computing assumes that the original software is trusted; however, most software evolves in practice, patching security vulnerabilities, even for Linux kernel.
When we update the kernel, the trust for the kernel should also be updated accordingly. This talk presents TUX, an extension to the current open source integrity management solution, OpenCIT. The TUX makes update visible to the remote attester, which was not true in previous implementation. Moreover, TUX automatically generates the trusted whitelist value, and ships the kernel with it, in a form of digital signature. Thereby, the local machine can verify the integrity of the entire booting process, establishing the initial TCB.
ARM research Summit 2017
Attended ARM research Summit, Robinson college Cambridge University, Cambridge, UK
Presented 'Making ARM devices trustworthy'
With Suhho, Hyunik, on the beautiful campus of the Cambridge University.
ARM devices can be more trustworthy with TrustZone and Virtualization Extension.
Studies proposed Integrity Measurement in TrustZone; we focus on the validation, which needs to be separated from measurement. In addition, ARM's TEE omits launch control policy, and clean launch environment.
The presentation presents how two isolated execution environments in ARM, VE and secure world in TZ could establish the measured launch environment (MLE), compared with Intel TXT.
Attended LinuxCon 2017, Beijing, China
Presented 'Beginning to Harden Linux by secure boot + measured boot'
Our bootloader is named as MS-Boot, measured secure boot. The bootloader conducts TPM-based integrity measurement of the booting process, establishing the initial TCB (trust computing base), and static root-of-trust. At the same time, MS-Boot uses industry-standard secure booting scheme, verifying the integrity of the kernel, with the digital signature of the publisher, making easy update and distribution of new kernels.