BIND paper review
BIND was presented at the last IEEE security symposium by IBM research.
BIND tackles the problem of attestation, but instead of attesting a whole machine, they suggest to attest the executing process in memory. To avoid dealing with the inherent problem of insecure paths and insecure execution, the work assumes that the system has a Secure Kernel (SK), a secure processor (AMD’s SEM chip) and a location aware TPM (so the main kernel cannot override the PCR’s). With all that elements in place, the steps are:
- Have the insecure OS call the SK
- attest the process by extending a PCR register
- execute the process in the SEM
- send this attestation along with the output of the process
As a system researcher I believe that, even when you make some assumptions, you need to make at least an effort to implement your solution. Accessing the TPM alone, which sits in the LPC bus, takes usually a second. This will be prohibitive for many processes if we do this type of fine-grained attestation. But I guess we can throw yet one more assumption, that the TPM is faster than current implementation.
IBM research usually looks far ahead in the future. The amount of work to implement such a system is colossal (Virtual Machine, Secure Kernel, secure processor, TPM with added capabilities). But maybe that is were we headed? A brownie for the first open source implementation!