Trusted Infrastructure Workshop

June 2 - June 6, 2013
The Pennsylvania State University, University Park, PA



Expected Program

Trusted Infrastructure Workshop


(Please find out reimbursement info at About TIW2013. Contact Yuqiong Sun if you don't already have an expenses form.)


Time Room Speaker and Title Materials
Sunday: (June 2)
1:00pm Registration About TIW2013
2:00pm Room 113 IST(Cybertorium) Andrew Martin: Trusted Computing 101 Slides
4:00pm Room 113 IST(Cybertorium) Allan Tomlinson: Capture the Flag Instructions and Slides
6:00pm Poster Session 1
Monday: (June 3)
9:00am Poster Session 2
10:00am Room 113 IST(Cybertorium) Claire Vishik: Defing Trust Evidence
11:00am Room 113 IST(Cybertorium) David Grawrock: Expressing Trust
12:00pm Lunch
1:00pm Room 113 IST(Cybertorium) David Challener: TPM 2.0 Slides
2:00pm Room 113 IST(Cybertorium) David Challener: Trusted Computing Lab VMWare Player 4.01 build-528992 and VM Image
3:30pm Break
4:00pm Room 113 IST(Cybertorium) Allan Tomlinson: Capture the Flag nmap_cheat_sheet
6:30pm Atherton HotelReception and Dinner
Tuesday: (June 4)
8:30am Room 113 IST(Cybertorium) Andrew Regenscheid: Mobile Device Challenges Slides
9:30am Break
10:00am Room 113 IST(Cybertorium) Hadi Nahari: A Technical Introduction to TrustZone, TEE (Trusted Execution Environment), and TLK (Trusted Little Kernel) Slides
11:00am Room 113 IST(Cybertorium) Stefan Thom and Rob Spiger: Using the Windows 8 Platform Crypto Provider and Associated TPM Functionality Video and Slides
12:00pm Lunch
1:00pm Room 113 IST(Cybertorium) Stefan Thom and Rob Spiger: Windows TPM 2.0 Demonstration Video
2:30pm Break
3:00pm Room 113 IST(Cybertorium) Allan Tomlinson: Capture the Flag
5:00pm Event
Wednesday: (June 5)
8:30am Room 113 IST(Cybertorium) Keynote, Andrzej Kawalec: Enterprise and Cloud
9:30am Break
10:00am Room 113 IST(Cybertorium) David Lie: Virtualization Research Slides
11:00am Room 113 IST(Cybertorium) Steven McLaughlin: Smart Electric Meters: Architectures, Vulnerabilities, and Mitigations Slides
12:00pm Lunch
1:00pm Room 113 IST(Cybertorium) Saman Zonouz: Smart Grid Slides
2:00pm Room 113 IST(Cybertorium) Josh Schiffman: Cloud Integrity Verification Slides
3:00pm Break
3:30pm Room 113 IST(Cybertorium) Trent Jaeger: Cloud Lab Lab Instructions and PuTTY_X11 Instruction
5:00pm Room 113 IST(Cybertorium) Allan Tomlinson: Capture the Flag Backtrack linux, Metasploitable2 , Rapid7 doc ,Metasplotable database and Securityfocus vulnerability list
7:30pm Nittany Lion InnDinner
Thursday: (June 6)
8:30am Room 113 IST(Cybertorium) Vinod Ganapathy: Power to the clients: A self-service approach to democratizing cloud computing Slides
9:30am Break
10:00am Room 113 IST(Cybertorium) Robert Thibadeau: How to Stitch the TCG TPM and Opal Drive Together in an Operational System Slides
11:00am Room 113 IST(Cybertorium) Xeno Kovah: Timing-based Attestation Slides
12:00pm Lunch
1:00pm Room 113 IST(Cybertorium) Simha Sethumadhavan: Designing Trustworthy Hardware Slides
2:00pm Room 113 IST(Cybertorium) Rafael Mantilla Montalvo: Network Infrastructure Slides


Session Details


Stefan Thom

Title: Using the Windows 8 Platform Crypto Provider and Associated TPM Functionality


Abstract

This talk will provide details on how the TPM is employed on Windows 8 systems and exposed to be leveraged by 3rd party software, based on a concrete programming example: PCPTool. This example is not only used to show how to interact with the TPM on the Windows 8 platform, but also provides a TPM version independent library of functions that that may be used for attestation and Identities. This talk is set in a frame with real world examples, scenarios and applications. The impatient may get a head start preparation with the materials provided here: Toolkit.

Bio

I am Stefan Thom, a Senior Software Development Engineer and Security Architect for Microsoft in IEB Security. I have worked in the past in the Windows Security team and am an inventor of BitLocker Drive Encryption, Virtual Smart Card and am responsible for exposing the TPM as a crypto provider in Windows 8. I have filed over 25 patents for Microsoft over the years in this domain. It is crucial for Windows to increase trust in the OS and confidentiality of secrets by applying hardware security with the Trusted Platform Module. This will allow the creation of strong, tamperproof identities and the ability to do remote attestation of the OS and it's configuration. 20 Years of industry experience give me a nice perspective what has and has not worked in the past and put my focus on lasting improvement for the consumer. Other than being a total technology geek, I enjoy baking bread, brewing beer and making cheese in my spare time.

Rob Spiger

Title: Using the Windows 8 Platform Crypto Provider and Associated TPM Functionality


Abstract

This talk will provide details on how the TPM is employed on Windows 8 systems and exposed to be leveraged by 3rd party software, based on a concrete programming example: PCPTool. This example is not only used to show how to interact with the TPM on the Windows 8 platform, but also provides a TPM version independent library of functions that that may be used for attestation and Identities. This talk is set in a frame with real world examples, scenarios and applications. The impatient may get a head start preparation with the materials provided here: Toolkit.

Bio

Rob Spiger is a Senior Security Strategist working in Microsoft's Trustworthy Computing Team working to advance Trusted Platform Module adoption. For the previous five years, Rob worked as a Senior Program Manager on the Windows security team, focused on the TPM and how it is used in PC Client platforms. At ten year veteran of Microsoft, Rob also has industry experience from Avanade, Advanced Technical Resources and Lockheed Martin.

Simha Sethumadhavan

Title: Designing Trustworthy Hardware


Abstract

Due to the increasing complexity of modern hardware, intense time-to-market constraints and the dramatic globalization of the hardware development process, it has become impractical to assume trust in acquired hardware. Malicious designers, third-party providers and international foundries are all in positions to have profound impact through the addition of small and easy-to-hide malicious circuits to hardware systems. Attacks against hardware present a high-risk, high-reward surface for attackers with high-profile, specific targets. Organizations for which security is critical can no longer ignore the hardware that underlies all software. In this talk, we will survey the modern hardware design process, the inherent threats in the system and measures that can be taken to protect hardware.

Bio

Simha Sethumadhavan is an Associate Professor of Computer Science at Columbia University. Simha's research interests are in hardware security, hardware support for security and energy-efficient computing. He has been recognized with an Alfred P Sloan Fellowship (2013), NSF CAREER award (2011), two top paper awards in architecture conferences (2004, 2013) and a graduate teaching award (2006). He obtained his PhD from UT Austin in 2007.

Rafael Mantilla Montalvo

Title: Network Infrastructure


Abstract

In this lecture we illustrate how basic Trusted Systems principles can be applied to protect deployable Network Infrastructure. We focus on a primary security issue in network devices due to counterfeiting. There has been an increase in counterfeit, grey market and illegal devices modification across the globe. Counterfeiters target hardware and software vulnerabilities, without any consideration of user business concerns, devices performance and safety. A few basic Trusted Systems principles can be applied to mitigate these attacks. These principles are Secure Boot using cryptographic techniques, Device Identity supported by TCG TPM, and a Network Authentication Systems based on devices strong identity. In this manner, we tie together Trusted Systems technologies with Network Infrastructure Technologies to achieve a more Secure and Trusted Network.

Bio

Experience Principal Engineer Cisco Systems June 1993 - Present (5 years 11 months) Research and Development in Networking Technologies including L2 - L7 Switches, Edge and Core Routers, Mobility Gateways and Security. Member Technical Staff IBM, T.J. Watson June 1987 - May 1993 (6 years) Research and Development in High Bandwidth and Low Latency Switches for Token Ring, FDDI and Ethernet. Member Technical Staff AT&T Bell Labs June 1985 - May 1987 (2 years) Research and Development in Non-Linear Adaptive Equalization for DSL devices. M.Sc, Ph.D., EE 1978 - 1985 Instituto Politecnico Nacional B. Sc., Electrical Engineering 1970 - 1974

Andrew Martin

Title: Trusted Computing 101


Abstract

This is an introduction to the 'why' and 'how' of trusted computing. We will explore the class of problems which trusted computing is trying to address, making a distinction with other concepts of trust in computing. We will then go on to consider some deployed technologies for achieving these goals, with particular emphasis on the TPM, and discuss how these are realized in PC and mobile platforms - setting up some research challenges along the way, many of which will be picked up in other sessions at TIW.

Bio

Dr Andrew Martin undertakes research and teaching in the area of Systems Security, in the University of Oxford. He conceived the University's new Cyber Security Centre and helps to direct it, leading the University's successful bid to be recognised as a Centre of Excellence in Cyber Security Research. He lectures to Software Professionals as part of Oxford University's Software Engineering Programme, where he directs the Master of Science course in Software and Systems Security. He has a background in formal methods, but today devotes most of his time to issues of systems security in a distributed context. His recent research focus has been on the technologies of Trusted Computing, exploring how they can be applied in grid and cloud computing contexts, as well as in mobile devices, in order to address their emerging security challenges. He has published extensively in this area, hosting several related international events in Oxford and speaking on the subject all over the world. Andrew wrote a doctoral thesis on the subject 'Machine-Assisted Theorem Proving for Software Engineering', in the early 1990s. He then worked as a Research Fellow in the Software Verification Research Centre at the University of Queensland, Australia. Returning to the UK, he was briefly a lecturer at the University of Southampton, before returning to Oxford to take up his present post in 1999. Dr Martin is a fellow of Kellogg College, Oxford.

Allan Tomlinson

Title: Capture the Flag


Abstract

This session is an introduction to security testing and network defence. The objective is to provide students with an introduction to the methods and tools used to assess the security of Information Systems. It will give students an opportunity to apply these methods and tools in a `real-life' exercise where students practice defending their servers from attacks by opposing teams in a simple `Capture The Flag' contest. Where an attack is successful the attackers will then advise the defenders which part of their system is insecure. Ultimately the goal is to understand how Information Security techniques may be applied to protect sensitive data and where Trusted Computing may be applied in practice.

Bio

Dr Allan Tomlinson is a senior lecturer with the Information Security Group at Royal Holloway, University of London. He was awarded a PhD in 1991 from the University Edinburgh. His thesis was on "VLSI architectures for cryptography". He then joined the Institute of Microelectronics at the National University of Singapore, working on secure NICAM broadcasting. In 1994 he joined General Instrument in California to work on the Digicipher II pay-tv system. Before joining the Information Security Group at Royal Holloway in 2003, he was Principal Engineer at Barco Communications Systems where he was responsible for the development of the "Krypton" DVB Video Scrambler. His current research interests are in distributed systems security, mobile network security, and trusted computing. In particular, issues of trust and privacy in these areas.He is the PI for the Mobile VCE "Instant Knowledge" programme (DT/F007310/1) investigating privacy in mobile social networks.

David Grawrock

Title: Expressing Trust


Abstract

I trust my device, you trust your device, can you tell me that your trust is comparable to my trust. Or how do I know there is sufficient trust in your device to protect my data. The ability to describe trust, measure it, and then perform calculations is the focus of this talk.

Bio

David Grawrock is a Senior Principal Engineer and Security Architect at Intel. He serves as Chair of the Trusted Computing Group (TCG) Trusted Platform Module work group and is the Intel representative to the TCG Technical Committee. With 29 years in the computer industry, David holds 10 patents, and has held lead technical positions with Central Point Software, Symantec, and Lotus Development Corporation.

David Challener

Title: TPM 2.0


Abstract

TPM 2.0 versus 1.2 : How they are the same and how they are different, including algorithms, hierarchies, extended authorization, PCR brittleness and new use cases.

Bio

Dave Challener is currently a member of the Senior Professional Staff at Johns Hopkins University - Applied Physics Laboratory where he is a recognized expert in cyber security. David received his PhD from the University of Illinois in Applied Mathematics in 1984 and began his career at IBM in the semi-conductor field where he became a member of the technical staff to the President of the IBM PC company, and later became chief engineer in the Center for Natural Computing. He played an active role in building security into and in the PC and x86 server architecture. Dave also worked on the design of the IBM PC embedded security subsystem and the first TCPA TPM chip. Dr. Challener co-authored "A Practical Guide to Trusted Computing", the only book available on how to program with the TCG Software Stack. He has been active in the Trusted Computing Group, serving on the Board of Directors, and as a member of the Technical Committee, Virtualization Workgroup, and Storage Workgroup. He currently co-chairs the TPM Working Group which recently released specifications for TPM 2.0 and edited the TCG Software Stack as chair of that committee.

David Lie

Title: Virtualization Research


Abstract

In this talk we examine several strategies for using hypervisors to secure commodity systems. We first examine how hypervisors can be used to compensate for deficiencies in commodity operating systems by introducing a root of trust that supplants that of the operating system kernel. We then examine how hypervisors can enhance security by providing a secure vantage point from which to perform monitoring and detection of attacks.

Bio

David Lie received his B.S. from the University of Toronto in 1998, and his M.S. and Ph.D from Stanford University in 2001 and 2004 respectively. He is currently an Associate Professor and Canada Research Chair in the Department of Electrical and Computer Engineering at the University of Toronto. While at Stanford, David founded and led the XOM (eXecute Only Memory) Processor Project, which supports the execution of tamper and copy-resistant software. He was the recipient of a best paper award at SOSP for this work. David is also a recipient of the MRI Early Researcher Award. David leads the software security theme of the NSERC ISSNet Strategic Network on Systems Security and is a member of its Scientific Advisor Board. David has served on various program committees including OSDI, ASPLOS, Usenix Security and IEEE Security & Privacy. Currently, his interests are focused on securing mobile platforms, cloud computing security and automated configuration troubleshooting.

Xeno Kovah

Title: Timing-based Attestation


Abstract

When people think about timing side-channels, they usually think of breaking crypto systems. However for around a decade now there has been serious work on *purposely* making software have a built in timing side-channel in its execution. The idea is to enable code integrity through special self-measuring construction such that modification and forgery of self-measurement by an attacker leads to a detectably increased runtime. The technique called "software-based attestation" or "timing-based attestation" has recently been shown by our group to be more tractable in real-world situations, such as Windows machines on our own corporate network. This talk will start as a survey showing the variety of places the technique has been applied, from smart phones to SCADA RTUs to PCs to Apple wireless keyboards! Once we've given you a taste of the related work, we will drill down on our recent work on using the technique in the Windows kernel, as well as on a Dell BIOS. The talk will also cover some of the open problems we've identified, such as TOCTTOU attacks, that haven't been fully addressed in past work, and need new researchers to tackle. But the good news is that our self-check code is publicly available for people to poke and prod if you want to get started quicker in this area.

Bio

Xeno is a Lead InfoSec Engineer at The MITRE Corporation, a non-profit company that runs 6 federally funded research and development centers (FFRDCs) as well as manages CVE. He is the team lead for the BIOS Analysis for Detection of Advanced System Subversion project. On the predecessor project, Checkmate, he investigated kernel/userspace memory integrity verification & timing-based attestation. Both projects have a special emphasis on how to make it so that the measurement agent can't just be made to lie by an attacker.

Claire Vishik

Title: Defining Trust Evidence


Abstract

It is difficult to define trust in a situation where users and devices join and leave networks, most processes are cross-domain, applications and systems change quickly, and most devices are inter-connected. The talk will discuss what trust evidence means in such an environment and how additional trust parameters can become supplemental to trust approaches that are described in TCG specifications.

Bio

Claire Vishik's work at Intel Corporation focuses on hardware security, trusted computing, privacy enhancing technologies, some aspects of encryption and related policy issues. Claire is a member of the Permanent Stakeholders Group of ENISA, the European Network and Information Security Agency, Council member for the Information Security Forum, and numerous other advisory and review boards in several areas of security R&D. She is active in standards development and R&D strategy and is on the Board of Directors of TCG, the Trusted Computing Group and Cybersecurity Research Alliance. Claire received her PhD from the University of Texas at Austin. Prior to joining Intel, Claire worked at Schlumberger Laboratory for Computer Science and AT&T Laboratories, focusing on security and other aspects of Internet and computing technologies, from electronic commerce and communication protocols to software systems and applications. Claire is the author of many peer reviewed papers and reports and inventor 30 pending and granted US patents.

Hadi Nahari

Title: A Technical Introduction to TrustZone, TEE (Trusted Execution Environment), and TLK (Trusted Little Kernel)


Abstract

Trusted Computing Base (TCB) is one of many ways to establish trust in a system, which in turn might be used to make a system secure. Typically a reliable TCB is one that has its root based in system hardware. Different hardware architectures create a TCB in different ways; almost all recent ARM architectures (that are the core of more than 90% of consumer electronics devices) use a technology called "TrustZone" to establish a TCB, and call it Trusted Execution Environment (TEE.) TrustZone-enabled devices require a software stack to implement TEE. In this technical session we will briefly describe TrustZone and how it works, Global Platform and how its flavor of TEE operates, and finally propose an open source implementation of TEE called Trusted Little Kernel (TLK.)

Bio

Hadi Nahari is a security professional with 20 years of experience in security including extensive work in design and implementation of secure systems. Hadi has worked on large scale, high-end enterprise solutions, as well as resource-constrained embedded systems, with primary focus on security, cryptography, complex systems design, and vulnerability assessment & threat analysis. Author of the book: "Web Commerce Security: Design & Development", published by John Wiley & Sons, Hadi is a frequent speaker in U.S. and international security and mobile events and has led various security projects for Netscape Communications, Sun Microsystems, United States Government, Motorola, eBay, PayPal, and NVIDIA among others. Hadi is currently in charge of the security architecture and strategy of Mobile and Software Solutions at NVIDIA as Chief Security Architect.

Josh Schiffman

Title: Cloud Integrity Verification


Abstract

Today, locally managed computing infrastructures are giving way to shared cloud computing platforms. However, attacks on popular cloud service providers have demonstrated that we cannot blindly trust them to ensure a safe executing environment for their customers. The wide-spread deployment of commodity trusted computing (TC) hardware has made it possible to remotely verify system integrity by gathering information about a system's configuration (e.g., loaded code and data) to ensure it satisfies expected requirements. The challenge is to design these popular services to be both secure and easily verified. Current verification approaches have focused on examining only a limited view of system integrity and are often too inefficient or inflexible to be practical. In this talk, I will present novel methods of building, deploying, and verifying the integrity of virtualized and distributed systems similar to popular cloud platforms. First, I will describe a network-based installation technique called the root of trust for installation that leverages recent virtualization and TC hardware to establish a verifiable trusted installation environment, which was not previously possible. I will then introduce my recent work on the integrity verification proxy (IVP), an extensible monitoring framework that verifies system integrity on behalf of remote clients. Contrary to existing remote verification approaches, the IVP resides on a virtual machine host and monitors the runtime integrity of its hosted VMs through a combination of load time and VM introspection mechanisms. We validated a proof-of-concept IVP's ability to verify a broad range of integrity requirements and found it imposes only minor overhead on the monitored VM's performance.

Bio

Joshua Schiffman is a Software Security Architect in the Security Architecture R&D group at Advanced Micro Devices, Inc. where he specializes in operating system security and trusted hardware. He participates in several the Trusted Computing Group (TCG) working groups including mobile, TPM, and virtual platform. Schiffman received his PhD from Pennsylvania State University. His research interests include systems and virtualization security, trustworthy computing, and building verifiably secure cloud computing infrastructures. His research experience also spans the areas of networking, mobile phones, web applications, and databases.

Steven McLaughlin

Title: Smart Electric Meters: Architectures, Vulnerabilities, and Mitigations


Abstract

The introduction of smart grid technologies into the existing electric grid greatly expands its attack surface. Smart electric meters open utilities to the possibility of widespread energy theft, and reliance on additional sensing and computation for transmission and distribution exposes new parts of the grid to electronic attacks. This talk explores what is really meant by the term "smart grid," and why it is a challenging but also highly suitable environment for trusted platforms. In particular, we will review a case study of vulnerabilities in smart electric meters, and ask to what extent trusted computing-based solutions are helpful.

Bio

Stephen McLaughlin is a Ph.D. candidate in computer science and engineering at the Pennsylvania State University under the advising of Patrick McDaniel. His dissertation is on automation and detection of attacks against closed-loop control systems used in critical infrastructure. He has also done security assessments of real-world Advanced Metering Infrastructure systems.

Robert Thibadeau

Title: How to Stitch the TCG TPM and Opal Drive Together in an Operational System


Abstract

The TPM and Opal Drive specifications were developed by different workgroups within TCG. Often a platform will contain one or the other or both devices. It is interesting to see the engineering needed to use the TPM to provide device binding for a Drive and to see how the Opal preboot trusted execution can facilitate TPM preboot services. Once you see how this is actually done in a practical environment, there is room for improvement both in virtualized and non-virtualized systems. It also points to some fundamental issues in dealing with hardware roots of trust, plus in mixing them together.

Bio

Bob was on the full-time faculty at CMU in Robotics from 1981-2007, and has taught computer security in the School of Computer Science since 1996, after one of his projects was brought to a halt by malicious hackers attacking the SCS infrastructure. In 2002 he joined Seagate Research to head the program to develop a "trusted drive" which is now the Opal Drive delivered by several drive vendors. In 2002 he had Seagate join TCG, and he started the Storage Workgroup which he chaired until he left Seagate in 2009. He is now Senior Vice President and Chief Scientist for Wave Systems, Corp., which is the largest volume software supplier for Opal Drives and TPMs.

Andrzej Kawalec

Keynote: Enterprise and Cloud


Abstract



Bio

Andrzej Kawalec is the Chief Technology Officer (CTO) for HP Enterprise Security. He is responsible for HP's Information Security strategy, solutions, portfolio and market facing activity. He leads a global research and innovation team, with a particular focus upon Cloud, Consumerisation, Cyber Security and the Business Risks surrounding information security systems, policies, users and process. Prior to this, Andrzej has spent 15 years at some of the world's largest and smallest asset management and IT companies, including Siemens, Compaq and Digital. His experience with start-ups and niche advisory gives an intimate knowledge of both the macro and micro challenges facing organisations today. He works at Board-level across the public and private sectors to help define and promote information strategies. A recognized leader in security and business continuity planning, Andrzej is a frequent speaker at industry events. Andrzej is passionate about how enterprises can combine advanced technology and creative design to challenge traditional working practices. He lives near London, England and is an active supporter of several charities who have a focus on improving the education and opportunities of children.

Vinod Ganapathy

Title: Power to the clients: A self-service approach to democratizing cloud computing


Abstract

Modern cloud computing infrastructures use virtual machine monitors (VMMs) that often include a large and complex administrative domain with privileges to inspect client VM state. Attacks against or misuse of the administrative domain can compromise client security and privacy. Moreover, these VMMs provide clients inflexible control over their own VMs, as a result of which clients have to rely on the cloud provider to deploy useful services, such as VM introspection-based security tools. I will introduce a new self-service cloud (SSC) computing model that addresses these two shortcomings. SSC splits administrative privileges between a system-wide domain and per-client administrative domains. Each client can manage and perform privileged system tasks on its own VMs, thereby providing flexibility. The system-wide administrative domain cannot inspect the code, data or computation of client VMs, thereby ensuring security and privacy. SSC also allows providers and clients to establish mutually trusted services that can check regulatory compliance while respecting client privacy. We have implemented SSC by modifying the Xen hypervisor. I will present experiments that demonstrate the utility of SSC by showing that it can be used to build user domains to perform privileged tasks such as memory introspection, storage intrusion detection, and anomaly detection. Finally, I will also demonstrate how SSC can enable a richer notion of cloud app markets, where clients of cloud computing can download, instantiate and benefit VMs that offer a number of introspection services. Such services are not available on contemporary cloud computing platforms.

Bio

Vinod Ganapathy is an assistant professor of computer science at Rutgers University. He obtained his Ph.D. in computer science from the University of Wisconsin Madison in 2007 and a B.Tech in computer science and engineering from IIT Bombay in 2001. He is broadly interested in computer security, software engineering, mobile systems, and virtualization.

Trent Jaeger

Title: Cloud Security Lab


Abstract

Cloud computing has revolutionized they way we consume computing resources. Instead of maintaining a locally administered data center, businesses and individuals can simply purchase compute, storage, and network resources on demand from a public cloud utility. While this new model has increased access to affordable resources, it comes with new and challenging security risks. By using remotely administered systems, cloud customers are no longer in able to maintain visibility and control over their computing infrastructure.

In this lab, we demonstrate the Cloud Verifier, a monitoring framework that enables construction of verifiable monitoring services for use by cloud customers and their clients. Customers can leverage such services to verify that the runtime state of their computing environment satisfies an integrity criteria and react to anomalies.

We demonstrate an implementation of the CV framework integrated into the IaaS OpenStack cloud platform, which consists of an independent cloud-wide service (nova-verify) and Instance Monitor (IM) services within each cloud host. We show that the nova-verify service monitors the the OpenStack cloud computing platform against cloud administratorÕs criteria, thereby preventing maliciously modified systems from executing customer VMs. In addition, we show that the IM service monitors each cloud instance's state to detect changes that violate customers?integrity criteria. In this lab, we will demonstrate some sample criteria covering loadtime properties of VMs, such as kernel/initrd image measurements and security policies to be enforced, and runtime properties, such as the code loaded within a VM. We will also show how customers can protect their clients by leveraging the CV framework protect client connections to the customers' cloud-hosted services through a web service example.

Bio

Trent Jaeger is a Professor in the Computer Science and Engineering Department at The Pennsylvania State University and the Co-Director of the Systems and Internet Infrastructure Security (SIIS) Lab. Trent's research interests include operating systems security and the application of programming language techniques to security. He has published over 100 refereed research papers on these subjects and is the author of the book "Operating Systems Security," which examines the principles and designs of secure operating systems. He is active in the security research community, chairing and participating in numerous program committees for security conferences. He is an associate editor with ACM TOIT and has been a guest editor of ACM TISSEC. Trent has a B.S. from the California State Polytechnic Univerity, Pomona in Chemical Engineering in 1985 and M.S. and Ph.D. degrees from the University of Michigan, Ann Arbor in Computer Science and Engineering in 1993 and 1997, respectively. He previously worked at IBM Research Watson from 1996 to 2005, when he joined Penn State.

Saman Zonouz

Title: Trustworthy Smart-Grid Infrastructures: Threats, Challenges, and Countermeasures


Abstract

Secure and reliable operation of next-generation cyber-physical systems, specifically power grid infrastructures, will require effective trusted computing bases to provide situational awareness, security property verification, and intrusion tolerance capabilities. Continuous and precise comprehension of the system¿s security status and potential threats will enable operators and/or automated response systems to prepare proactively against adversarial coordinated activities, such as coordinated cyber and physical intrusions. In this talk, we will overview the power grid security problem, and in particular, potential threats and possible countermeasures in such cyber-physical environments. Additionally, we will review several solutions to model, predict, detect, and tolerate complex security incidents in computing, physical, or communication assets of the power grid in a real-time manner.

Bio

Saman Zonouz is an Assistant Professor in the Electrical and Computer Engineering Department at the University of Miami since August 2011, and the Director of the 4N6 Cyber Security and Forensics Laboratory. He has been awarded the Faculty Fellowship Award by the Air Force Office of Scientific Research in 2013, UM Provost Research award in 2011, as well as EARLY CAREER Research award from the University of Miami in 2012. His group's research projects have been funded by NSF, ONR, DOE/ARPA-E, and Fortinet Corporation. His current research focuses on Systems Security and Privacy, Intrusion Detection, Forensics, and Response, as well as Trustworthy Critical Cyber-Physical Power-Grid Infrastructures. He obtained his Ph.D. in Computer Science, specifically, Intrusion Tolerance Solutions for the Power-Grid, from University of Illinois at Urbana-Champaign (UIUC) in 2011.