BATTLE OF SKM AND IUM

More documents

Recommendations

Info

VIRTUAL MACHINE SECURE WORKER PROCESS • Hyper-V architecture separates the work required to perform VM emulation for each partition into two categories • Enlightened I/O which is handled by VSP and VSC pairs (Virtualization Service Providers/Clients) that are typically kernel-mode drivers on both the host and the client • Legacy I/O which is handled by Virtual Machine Worker Processes (VMWP.EXE) • Emulates standard i440BX motherboard legacy devices • Also handles services such as RDP, clipboard, etc… • With vTPM, a partition has a Truslet process as well – VMSP.EXE • Its agent is the VMWP.EXE process mentioned above • VMSP Uses the Mailbox and Secure Storage interface to store and encrypt TPM secrets using the IDK • Mailbox provides things like a “Security Cookie” to authenticate communications • Secure Storage is used for Ingress, Egress and other cryptographic keys for vTPM
LOADING A TRUSTLET • Ldr, or the Windows Loader (inside of NTDLL.DLL), will load a Trustlet just like any other process, with a few changes in behavior • These are detected through the PEB’s Process Parameter Flags (0x80000000 == RTL_USER_PROC_SECURE) and stored in LdrpIsSecureProcess • No per-user Application Verifier support • System-wide settings still respected • No Image File Execution Options (IFEO) if queried by LdrQueryImageFileExecutionOptions • RtlQueryImageFileExecutionOptions still respected (but no registry APIs) • No DLL Redirection (Side-by-Side Manifest File Support, SxS, Fusion) • No communication with CSRSS (Windows Subsystem) allowed • No Safer (Authz) / Software Restriction Policies enforced • This allows Trustlets not to have to share other data with Normal Mode (such as CSRSS data) or to have their behavior influenced by it • Like the Shim Engine
Page 1 and 2: BATTLE OF SKM AND IUM HOW WINDOWS 1
Page 3 and 4: PRESENTATION OVERVIEW • Microsoft
Page 5 and 6: VBS FEATURES IN WINDOWS 10 / SERVER
Page 7 and 8: ENABLING VBS
Page 9 and 10: HOW DOES IT ALL WORK? • Hyperviso
Page 11 and 12: SEPARATION OF ROLES • Instead of
Page 13 and 14: PLATFORM REQUIREMENTS • The Boot
Page 15 and 16: HARD CODE GUARANTEES • When hard
Page 17 and 18: VIRTUAL SECURE MODE (VSM) BOOTSTRAP
Page 19 and 20: SKM LAUNCH • To initialize VTL 1,
Page 21 and 22: BCD VSM POLICY OPTIONS • The poli
Page 23 and 24: SKM INTERNALS
Page 25 and 26: SKM STRUCTURES • SKM has a PCR at
Page 27 and 28: SKM CAPABILITIES • The SkCapabili
Page 29 and 30: SECURE MODE CALLS • Secure Mode C
Page 31 and 32: SPECIALIZED SECURE MORE SERVICE CAL
Page 33 and 34: NORMAL MODE SERVICE CALLS • SK ne
Page 35 and 36: IUM INTERNALS
Page 37 and 38: SECURE SYSTEM CALLS • SKM exposes
Page 39 and 40: SECURE BASE API • Trustlets shoul
Page 41 and 42: NOTABLY MISSING… • Trustlets ca
Page 43 and 44: NORMAL MODE SYSTEM CALL PROXYING Th
Page 45 and 46: LAUNCHING A TRUSTLET • Process At
Page 47 and 48: EXAMPLE IUM-COMPLIANT SIGNED BINARY
Page 49 and 50: TRUSTLET INSTANCE GUID • Trustlet
Page 51: LSA TRUSTLET • One of the two inb
Page 55 and 56: TRUSTLET TO NORMAL WORLD COMMUNICAT
Page 57 and 58: CAN WE BUILD OUR OWN TRUSTLETS? •
Page 59 and 60: CONCLUSION RISKS AND THOUGHTS
Page 61 and 62: SECURE KERNEL COMPLEXITY / ATTACK S
Page 63 and 64: VSM WITHOUT SECUREBOOT • What’s
Page 65: YOU HAVE QUESTIONS? I HOPEFULLY HAV

BATTLE OF SKM AND IUM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?