Replies to post #218178 on Wave Systems Corp. (fka WAVXQ)

[wavxmaster]

'Trusted roots' could hold key to info system security
October 24, 2011 — 11:44am ET | By David Perera
Tools



WILLIAMSBURG, VA - Information systems security could be systematically improved through implementation of a "roots of trust" model that has at its bottom hardware or software built to security design specifications, a National Institute of Standards and Technology official told an industry audience Oct. 24.

Tim Polk, who heads up NIST's cryptographic technologies group, said during an ACT/IAC Executive Leadership Conference 2011 panel the trusted roots model builds on a component operating in a known state. The base component ideally should be hardware, Polk said, but it could be firmware or software.


As an example, he cited BIOS software; NIST released in April a special publication (.pdf) detailing security features that manufactures could bake into future BIOS systems, including an authenticated-update mechanism and integrity protection features.

"If you're trying to make your security evaluation using an application that's running on top of your operating system, your operating system could be lying to the application. Somewhere you have to have something that you can trust," Polk said.

NIST is investigating how it might extend the trusted roots model detailed in the BIOS special publication to other firmware interfaces, he added.

It's also examining how trusted roots might operate at a system level--should there be a hierarchical roots of trust, or could a core trusted component measure the trust quotient of other components are questions being debated now, Polk said.

"Exactly how you're going to expand this and be able to build out that system level understanding of trust--we don't have all the pieces work out yet."

Just because a component is trusted doesn't necessarily mean it's secure, however. All it does "is ensure the software you intended to load is actually the software you loaded," noted Carl Landwehr, director of the National Science Foundation's trustworthy computing program. Vulnerabilities in the software would remain regardless of the level of authentication.

For more:
- download NIST SP 800-147 on BIOS protection guidelines (.pdf)

Read more: 'Trusted roots' could hold key to info system security - FierceGovernmentIT http://www.fiercegovernmentit.com/story/trusted-roots-could-hold-key-info-system-security/2011-10-24#ixzz1edh8lJtH
Subscribe: http://www.fiercegovernmentit.com/signup?sourceform=Viral-Tynt-FierceGovernmentIT-FierceGovernmentIT

[wavxmaster]

http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf

2.4 Importance of BIOS Integrity
As the first code that is executed by the main CPU, the system BIOS is a critical security component of a
computer system. While the system BIOS, possibly with the use of a Trusted Platform Module (TPM),
can verify the integrity of firmware and software executed later in the boot process, typically all or part of
the system BIOS is implicitly trusted.
The system BIOS is a potentially attractive target for attack. Malicious code running at the BIOS level
could have a great deal of control over a computer system. It could be used to compromise any
components that are loaded later in the boot process, including the SMM code, boot loader, hypervisor,
BIOS PROTECTION GUIDELINES
2- 6
and operating system. The BIOS is stored on non-volatile memory that persists between power cycles.
Malware written into a BIOS could be used to re-infect machines even after new operating systems have
been installed or hard drives replaced. Because the system BIOS runs early in the boot process with very
high privileges on the machine, malware running at the BIOS level may be very difficult to detect.
Because the BIOS loads first, there is no opportunity for anti-malware products to authoritatively scan the
BIOS.
BIOS exploits would likely be highly system-specific—directed at a specific version of a system BIOS or
certain hardware components (e.g., a particular motherboard chipset). In contrast, most malware targets
software executing at or above the operating system kernel, where it is easier to develop and can attack
larger classes of machines. BIOS-level malware may be more likely employed in targeted attacks on
high-value computer systems. The move to UEFI-based BIOS may make it easier for malware to target
the BIOS in a widespread fashion, as these BIOS implementations are based on a common specification.
For the reasons outlined above, there are few known instances of BIOS-level malware. At this time, the
only publicly known malware targeting the system BIOS that has infected a significant number of
computers is the CIH virus, also known as the Chernobyl virus [Sym02], first discovered in 1998. One
element of the payload of this virus attempted to overwrite the BIOS on systems using a specific chipset
that was widely deployed at the time. This malware relied on several vulnerabilities that are not present
in modern machines.
Security researchers have demonstrated other potential attacks on conventional BIOS and EFI/UEFI
firmware. Proof-of-concept attacks have been demonstrated that allow for the insertion of malicious code
into conventional BIOS implementations that permit unsigned updates [SaOr09]. Other researchers have
discovered a buffer-overflow vulnerability in the EFI BIOS on a modern platform. Although this EFI
BIOS write-protects firmware early in the boot process and only flashes signed updates to firmware, the
buffer overflow allowed the researchers to bypass the secure update process by executing an unsigned
portion of the firmware update package before write protections were applied [WoTe09].
Vulnerabilities such as these could allow attackers to create stealthy malware that operate with very high
privileges on a system. The system BIOS loads SMI handlers before passing control of the computer to
the operating system. Malicious code written into a BIOS could modify the SMI handlers to create
malware that would run in SMM [EmSp08]. This would give the malware unrestricted access to physical
memory and peripherals connected to the host machine, and it would be very difficult for software
running on the operating system to detect.

[awk]

800-147 mandatory starting 01.01.2012

http://dodcio.defense.gov/docs/Signed_Memo_NII001001-11[1].pdf

800-147 mandatory within DoD starting 01.01.2012

[wavxmaster]

'internet'

http://youtubebestproxy.info/browse.php?u=Oi8vaWFzZS5kaXNhLm1pbC9kb3dubG9hZHMvU2lnbmVkX01lbW9fTklJMDAxMDAxLTExLnBkZg%3D%3D&b=13

2nd paragraph?