The OS, called Qubes, is based on Xen, X and Linux and is in a basic, alpha stage right now. Qubes relies on virtualization to separate applications running on the OS and also places many of the system-level components in sandboxes to prevent them from affecting each other.

Qubes implements Security by Isolation approach. To do this, Qubes utilizes virtualization technology, to be able to isolate various programs from each other, and even sandbox many system-level components, like networking or storage subsystem, so that their compromise don’t affect the integrity of the rest of the system.

Qubes lets the user define many security domains implemented as lightweight Virtual Machines (VMs), or “AppVMs”. E.g. user can have “personal”, “work”, “shopping”, “bank”, and “random” AppVMs and can use the applications from within those VMs just like if they were executing on the local machine, but at the same time they are well isolated from each other. Qubes supports secure copy-and-paste and file sharing between the AppVMs, of course.

The concepts of isolation and sandboxing have been around for decades, and are used in a number of applications, including hardened operating systems and some security products. And many security experts say that sandboxing is one of the more effective ways of preventing malicious code from affecting entire systems, rather than just one vulnerable application.

In a guest column in January on Threatpost, security researcher Dino Dai Zovi said that he expected more and more vendors to implement sandboxing and isolation in the coming year.

“The desktop analogue to the network firewall is the privilege separated and sandboxed application.  These mechanisms finally move the bull (untrusted data) from the china shop (your data) to the outside where it belongs (a sandbox).  While it doesn’t quite reduce the attack surface, it significantly raises the bar for an attacker through defense-in-depth.  If an attacker is able to exploit a vulnerability and execute code, they must then exploit another vulnerability in the sandboxing mechanism in order to break free and even read the user’s data,” he wrote.

Rutkowska said that she plans to release the full version of Qubes by the end of 2010, and that she may create some commercial extensions to the OS in the future.

www.threatpost.com

The attack by the former US Army computer-security specialist is notable because it goes where no hacker has gone before: into the widely used Infineon SLE 66PE, a microcontroller that carries the TPM, or Trusted Platform Module designation of security. The hack means he can access sensitive data and algorithms locked away in the chip’s digital vault and even make counterfeit clones that could fool the many devices that rely on it.

Its genesis came when Tarnovsky learned that manufacturers of video game controllers had to obtain a license from Microsoft for the peripherals to work on the Xbox 360. The requirement offended his sense of fair play, so he put his reverse engineering muscle to breaking it.

“I was very surprised they would put a security chip in a wired controller, as well as a wireless controller,” he said. “It’s very monopolistic what they’ve done. They have a right to do it, but I have a right to break it too.”

After dissecting a controller, he found that the chip that allowed it to communicate with the Xbox was made by Infineon. He eventually purchased dozens of related microcontrollers on the Hong Kong surplus market for 15 cents apiece.

He then employed an electron microscope called a focused ion beam workstation (price tag $250,000 used) that allowed him to view the chip in the nanometer scale so he could manipulate its individual wires using microscopic needles.

It took Tarnovsky four months to develop techniques for probing the chip and another two months to apply them to breaking the 66PE.

What he found was a chip that was locked down with multiple levels of defenses. Optical sensors, for instance, were designed to detect ambient light from luminous sources. And a wire mesh that covered the microcontroller was aimed at disabling the chip should any of its electrical circuits be disturbed.

“One wrong move and I vaporize a track on the chip,” Tarnovsky said.

Indeed, some 50 of the chips were vaporized in the course of the hack. But over time, he learned how to use the needles to penetrate the chip’s inner recesses so he could tap sensitive data that remains unencrypted so it can be processed.

Using the tungsten as microscopic bridges, Tarnovsky said, he can digitally clone chips used to prevent piracy of satellite TV service, to disable unauthorized cartridges in printers – or to make Xbox game controllers.

“You could counterfeit this chip,” he said, although he stressed he had no plans to use the hack for illegal purposes.

In a statement sent to Infineon customers last week, the company noted the time and expense required for Tarnovsky to crack the chip. But the company went on to say it was a sign of attacks to come and said engineers were already working on a more successor to the 66PE.

“In contrast to conventional solutions, the SLE 78 family now utilizes encryption even in the CPU itself, leaving no plaintext for the attacker,” the release stated. “Technical advances of that scale are only possible if the CPU itself is designed ‘from the scratch’ by the hardware manufacturer with security in mind, right from the beginning.”

The physical attack on the 66PE is similar to hacks cryptographers have recently waged on proprietary encryption algorithms in cordless phones and the world’s most popular smartcard. In all of them, the secret formula was lifted after sanding down the chips’ silicon and examining its circuitry using an electron or optical microscope.

“More and more things are moving to hardware, and as things move to hardware, people are analyzing these devices and getting the algorithms out and putting them back in the software,” Tarnovsky said.

While the risks of physical attacks are in many cases inevitable, he said the cracking of the 66PE was aided by its abundant supply on international surplus markets, which is something Infineon may want to consider as it readies its new generation of ultra-secure microcontrollers.

“If this is supposed to be such a secure device and it’s common-criteria certified, why are they available on the used surplus market?” he said. “This device should not have been readily available for a researcher like me.”

www.theregister.co.uk

If you’re a Linux user, though, you might now have better success than other operating systems’ users, thanks to new, block I/O data integrity infrastructure code from Oracle that’s become part of the mainline kernel.

The code is in the currently shipping Linux 2.6.27 kernel, which debuted in early October. And as a result, its developers say it could dramatically improve protections against corruption during saving.

“When an application is reading or writing against storage, one of the things that could happen is silent data corruption — ‘silent’ meaning that the application reports that data as being correctly written, but it’s not,” Monica Kumar, Oracle’s senior director for Linux, virtualization and open source product marketing

“Silent data corruption can happen more frequently than you think, and it could cause millions of dollar of damage if it’s in a mission-critical business,” she said.

Kumar also said the enhancement also means that Linux now has an advantage that no other operating system currently offers — a benefit that could serve the open source OS well as its distributions continue to compete with established proprietary systems.

“Because Linux is now the first operating system that has the T10 standard implemented, I think it does have a lead in that sense,” she said. “I’m not saying other operating systems will not follow, but for now, Linux is leading in this space.”

Building on a standard

The new block I/O data integrity infrastructure code is an implementation of an industry standard, the T10 Protection Information Model designed for end-to-end data integrity for enterprise storage systems.

The code also adds what are known as Data Integrity Extensions, a technology co-developed with storage vendor Emulex that enables integrity information to be transmitted from memory.

Kumar explained that the data integrity feature works as an additional checkpoint at the operating system level, verifying the data being written or read. As a result, the process is designed to make data corruption less likely.

“The validity of I/O operations is assured through the exchange of verification information during data transmission,” she said. “The key is creating integrity metadata, so as the data travels the data path, the integrity metadata is validated.”

According to Kumar, Oracle and Emulex were working on the data integrity feature since mid-2006. In July of this year, the code landed in the Linux kernel development tree, ultimately becoming included in the final 2.6.27 kernel release in October.

Currently, the technology works with the Linux-based Ext3 filesystem, though Kumar noted that work is ongoing to validate the data integrity technology against other filesystems as well.

At the same time, Oracle and Emulex are pushing an early-adopter program to get a small group of end users testing and deploying the technology, which could help demonstrate its real-world potential.

Wider benefits

Since the data integrity technology is now part of the mainline Linux kernel, it is available to all Linux kernel users — and it could end up benefiting others beyond just Oracle and Emulex. Among two of the likely beneficiaries are Linux distribution vendors Novell and Red Hat.

“It goes without saying that any technology that improves data integrity is valued by Red Hat Enterprise Linux customers,” Nick Carr, marketing director at Red Hat, told InternetNews.com.

Michael Applebaum, senior product marketing manager at Novell, is also enthusiastic about the new data integrity technology.

“We see strong customer demand,” Applebaum told InternetNews.com. “Our heavy database users … for example, data warehousing vendors like Teradata, will benefit from enhanced data integrity.”

“We think such advanced features further establish SUSE Linux Enterprise Server as the operating system of choice for mission-critical data center workloads such as major database, middleware and line of business applications, backed by our strategic partners SAP and Microsoft,” he added.

For the present, Oracle is talking up its contribution as it and Emulex build an early adopter program to get the technology more widely deployed among storage vendors.

As a result, Kumar also suggested that storage vendors will soon be announcing gear that is specifically optimized for the technology, but provided few additional details.

www.internetnews.com