Hi Carl-Daniel, SEBOS is based on AEGIS, which is a secure bootstrap mechanism. As such, SEBOS can only guarantee the integrity of what programs are loaded into memory. This property is similar to that provided by the TCG trusted boot specification and is called loadtime attestation.
Loadtime attestation does not guarantee that a program which is loaded into memory and checked for integrity is what gets executed. The program can be modified by the attacker before being invoked for execution. For example, an attacker can overwrite memory locations in the program via a DMA write. Also, both AEGIS and the TCG specification depend on HW modifications and cannot be used by legacy systems.
Pioneer provides the stronger guarantee that the program whose integrity is checked is the one that is invoked for execution. In other words, an attacker cannot modify the program between the time its integrity is checked and the time the program is invoked for execution. Also, where as AEGIS and TCG only measure programs loaded at system boot, Pioneer can measure and launch programs at any point in time. The property provided by Pioneer is, therefore, similar to the late-launch capability of Intel's LT and AMD's SVM, which can be used to design systems with substantially smaller trusted computing bases than AEGIS and TCG. Unlike LT and SVM however, Pioneer is completely software-based and can be used on legacy systems.
Cheers, Arvind
On Thu, 11 Jan 2007, Carl-Daniel Hailfinger wrote:
Hi Arvind,
Arvind Seshadri wrote:
Thanks for the clarification! The way SMI is handled in LinuxBIOS suits my purpose very well. I am working on a project called Pioneer, whose goal is to prevent any malware present on a computer from tampering with code execution (details can be found at http://www.cs.cmu.edu/~arvinds/verifiable_code_exec.html).
It seems you are simply reimplementing SEBOS in a more complicated way. See http://www.missl.cs.umd.edu/sebos.html for details.
Regards, Carl-Daniel -- http://www.hailfinger.org/