Re: [Teep] Working Group Last Call for draft-ietf-teep-architecture

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Tue, 14 January 2020 08:04 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA422120045 for <teep@ietfa.amsl.com>; Tue, 14 Jan 2020 00:04:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QnlsXXNp_X4U for <teep@ietfa.amsl.com>; Tue, 14 Jan 2020 00:04:08 -0800 (PST)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [63.128.21.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3BB412003F for <teep@ietf.org>; Tue, 14 Jan 2020 00:04:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1578989046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Kft5XxLPseiL3vI3kOxpcrahs1bfwR+IiscX2kzJKLU=; b=MhW4r0JaPY4/kaAz24U5aaOUyKEuJViqzCDZEaCROUz8zkX4oIr5YJf8+6QYY6ft2SftVk 7Cck+3jmWSINms9yhHBsHCW2CNO4jRmRruhOcXL75ha/qLc5m2UA4cDVlN/xfun6qGTQRS /eiKKpdVJYdph59p2L3QOgSWug8D0QU=
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11lp2170.outbound.protection.outlook.com [104.47.56.170]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-332-uE5dvyelOoaZU5_UwtefYw-1; Tue, 14 Jan 2020 03:04:04 -0500
Received: from DM5PR1601MB1259.namprd16.prod.outlook.com (10.172.87.13) by DM5PR1601MB1292.namprd16.prod.outlook.com (10.172.87.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.10; Tue, 14 Jan 2020 08:04:01 +0000
Received: from DM5PR1601MB1259.namprd16.prod.outlook.com ([fe80::949b:6afa:b9ba:f4e4]) by DM5PR1601MB1259.namprd16.prod.outlook.com ([fe80::949b:6afa:b9ba:f4e4%3]) with mapi id 15.20.2623.013; Tue, 14 Jan 2020 08:04:01 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Dave Thaler <dthaler@microsoft.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: Working Group Last Call for draft-ietf-teep-architecture
Thread-Index: AdW5iepOELmpRRFXSAWsc0EhHQP19ALfbySAAAc0BIAABIf9gAAWBUMgACJiNvABFeOUkAAPTa+A
Date: Tue, 14 Jan 2020 08:04:00 +0000
Message-ID: <DM5PR1601MB125920D70EA2D4D0227EDD29EA340@DM5PR1601MB1259.namprd16.prod.outlook.com>
References: <CY4PR1601MB1254CD83B0DAADAA67A54CF3EA2E0@CY4PR1601MB1254.namprd16.prod.outlook.com> <BL0PR2101MB10278417515DEF077714D693A33F0@BL0PR2101MB1027.namprd21.prod.outlook.com> <CY4PR1601MB125400678B0DA9EE37683FBBEA3F0@CY4PR1601MB1254.namprd16.prod.outlook.com> <AM6PR08MB5285F0C0209A745F1FAABA23FA3F0@AM6PR08MB5285.eurprd08.prod.outlook.com> <BL0PR2101MB1027BB4B1FDB272B61D04468A33F0@BL0PR2101MB1027.namprd21.prod.outlook.com> <CY4PR1601MB125473BCC69227A45D62FAA7EA390@CY4PR1601MB1254.namprd16.prod.outlook.com> <BL0PR2101MB10276A753111010D9422A7DFA3340@BL0PR2101MB1027.namprd21.prod.outlook.com>
In-Reply-To: <BL0PR2101MB10276A753111010D9422A7DFA3340@BL0PR2101MB1027.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-01-07T03:14:02.9467153Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=113fc599-cef6-4df9-bb00-5e0a626ea5d7; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
dlp-product: dlpe-windows
dlp-version: 11.4.0.45
dlp-reaction: no-action
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bd65f2bc-8eec-4f98-d023-08d798c850aa
x-ms-traffictypediagnostic: DM5PR1601MB1292:
x-microsoft-antispam-prvs: <DM5PR1601MB1292B672F4195AFAC727C6A2EA340@DM5PR1601MB1292.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 028256169F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(39860400002)(136003)(396003)(376002)(346002)(199004)(189003)(32952001)(71200400001)(66946007)(55016002)(66556008)(5660300002)(478600001)(26005)(6506007)(9686003)(45080400002)(186003)(66476007)(966005)(53546011)(86362001)(76116006)(81166006)(81156014)(52536014)(33656002)(316002)(8676002)(9326002)(64756008)(8936002)(110136005)(7696005)(2906002)(66446008)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR1601MB1292; H:DM5PR1601MB1259.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XA5DGy7D3V6C7K7X37xgA0w1jGO6LPRSQSDlG/ZEFS33WiXIR0keZRAJ1A9WYUcxam2YWL2Jyto702B8GD3qxjjRN6LESOsubszASFsWjcPiv2thLHVAD/miwXWbNiBvPQxAaSxww1z59ujo+jj4R9OntzHmW/GE2XJ88Sm5/NyfvvP8Jwf/MP5axnNU6LLYwnAZeQL/5e45+YuLT+EeCbd7kcyTjjugQj1PQLnPzEEjx2+xtnKljUvDk0rR8yztMBMO7HlZgle8Oy2nfF4996x+mh5Vzz5hdUYhWdIJ3sNUrVu1XDVane/bDBv1uCXUnLaSTIiFUFSMuelj102wrSOFNIfjF3/LC417rkfT95MQM9NDCj7M+boB6TgOUFPL8u5mvJIuhKbeo3u+SuwAvfIcBiEOu07i9cNYysnY5dSN+13DVUjvmxNct4e4VU6R/PTr0fh2MU3uxKaU1732hIkDe3Tq+DMOLYUvEBreuzcnKOROU549/H1rniqtbML0ogt0P9DryV2xMeYfQuH4qQ==
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: mcafee.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bd65f2bc-8eec-4f98-d023-08d798c850aa
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2020 08:04:00.8528 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: o5zp3YYzm7hHsrJ9MThpNgxH2ke3emGVdQhX3kLerg05lpRNB4IJaUnOTJL0ACdOiSvWhxhDa8tjH0sN+UipakF5VAtQA24lRybvvo8TYJAxgbQk1FNz8SV3j5SLfz6U
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1601MB1292
X-MC-Unique: uE5dvyelOoaZU5_UwtefYw-1
X-Mimecast-Spam-Score: 0
Content-Type: multipart/alternative; boundary="_000_DM5PR1601MB125920D70EA2D4D0227EDD29EA340DM5PR1601MB1259_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/OWVef3eYSbf-vnHdU8WF08TsBKE>
Subject: Re: [Teep] Working Group Last Call for draft-ietf-teep-architecture
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2020 08:04:11 -0000

Hi Dave,

Please see inline [TR2]

From: Dave Thaler <dthaler@microsoft.com>;
Sent: Tuesday, January 14, 2020 5:52 AM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>;; Hannes Tschofenig <Hannes.Tschofenig@arm.com>;; teep@ietf.org
Subject: RE: Working Group Last Call for draft-ietf-teep-architecture


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

________________________________

[...]

a) It is not clear from the Introduction how TEE is different from a Closed OS like Google Chromebook or Windows 10S ?

[...]



[DT] The document (intentionally) makes no statement about whether a "close OS" as you put it, is or is not a TEE.   The question is really about whether such an OS prevents code injection attacks (e.g., due to buffer overruns or whatever else), prevents data modification attacks, etc.



[TR] Closed OS prevent the above attacks, a malicious app cannot read/modify the data of the other apps (e.g., ransomware attack is not possible, see https://support.google.com/chromebook/answer/3438631?hl=en<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.google.com%2Fchromebook%2Fanswer%2F3438631%3Fhl%3Den&data=02%7C01%7Cdthaler%40microsoft.com%7C4a1e761bc5b7412883c508d794d8f70d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637141531903517840&sdata=AqPSd3PJDgbfJRXfJMRIg7EiK8GYWqGY3XNaFQJj5tQ%3D&reserved=0>;).



That link contains insufficient information to say whether a ransomware attack is possible, or whether the environment meets the other criteria of a TEE.  For example, the page mentions verified boot, which checks at boot time, but contains no statements about whether code modifications or additions are prevented post-boot.   The Sandboxing section implies (especially the part about "app" in there) that code can be added after boot, without requiring a security protocol equivalent to the TEEP protocol.  As such, I suspect it is inherently weaker than a TEE, and it would be an REE with classic security techniques.



It is not, however, the intent of this document to state whether such an OS is, or is not, a TEE.   The intent is to state the criteria for what is a TEE, and then provide an architecture for provisioning one, in a way that is sufficient for a reader to draw their own conclusions.



[TR2] Got it, Thanks for the clarification. My other comment is regarding the attacks discussed in first paragraph of Section 1. These attacks seem not possible in closed OS. For example, sideloading of apps is not possible (unless developer mode is enabled), so installing apps from untrustworthy sources is not applicable and data on which the applications are operating will not be revealed to other apps because of sandboxing.



-Tiru



Dave