Dartmouth College Computer Science
Technical Report series
|By author:||A B C D E F G H I J K L M N O P Q R S T U V W X Y Z|
|By number:||2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997, 1996, 1995, 1994, 1993, 1992, 1991, 1990, 1989, 1988, 1987, 1986|
The software chain of trust starts with a chain of
loaders. Software is just as reliant on the sequence of loaders that
ultimately setup its runtime environment as it is on the libraries
with which it shares its address space and offloads tasks onto.
Loaders, and especially bootloaders, act as the keystone of trust, and
yet their formal security properties -- which should be a part of any
solid bootloader design -- are both underappreciated and not well
understood. This is especially problematic given the increasing
adoption of loader-based code signing and execution enforcement
mechanisms. My thesis digs deeply into how loaders have failed to earn
our trustworthiness and how they may continue to harbor
vulnerabilities even after memory corruption-based vulnerabilities
lose their prevalence. In order to address these issues, I propose a
memory region-based type system that allows us to better model a
loader's intentions and thus mediate its behavior. More specifically,
I show how a loader's execution can be broken down into a sequence of
typed phases, each semantically classified as either a bookkeeping,
loading, or a patching substage, while sections of memory are grouped
into semantically related regions and assigned a type, based on their
intended use, by which policy access decisions are made. I demonstrate
the feasibility of this technique by applying it to Das U-Boot, a
well-known and widely-used bootloader, with minimal changes to the
bootloader's implementation. In order to do so, I designed and
developed an extensive bootloader instrumentation suite to help
analyze a bootloader's behaviors, construct a policy, and completely
mediate operations, thereby enforcing behaviors governed by the type
Advisors: Sergey Bratus and Sean Smith.
Bibliographic citation for this report: [plain text] [BIB] [BibTeX] [Refer]
Or copy and paste:
Rebecca Shapiro, "Types for the Chain of Trust: No (Loader) Write Left Behind." Dartmouth Computer Science Technical Report TR2018-863, April 2018.
Notify me about new tech reports.
Search the technical reports.
To receive paper copy of a report, by mail, send your address and the TR number to reports AT cs.dartmouth.edu
Copyright notice: The documents contained in this server are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
Technical reports collection maintained by David Kotz.