NIST: Internet of Things (IoT) Trust Concerns

https://csrc.nist.gov/publications/detail/nistir/8222/draft

https://csrc.nist.gov/publications/detail/nistir/8222/draft

Internet of Things (IoT) Trust Concerns

Date Published: September 2018
Withdrawn: September 18, 2018

Planning Note (9/18/2018):
Draft NISTIR 8222 has been temporarily withdrawn to synchronize with other pending documents on this topic, and to ensure time for stakeholders to review and comment. Once the draft document has been re-posted, the comment period will be extended.

The Internet of Things (IoT) refers to systems that involve computation, sensing, communication, and actuation (as presented in NIST Special Publication (SP) 800-183). IoT involves the connection between humans, non-human physical objects, and cyber objects, enabling monitoring, automation, and decision making. The connection is complex and inherits a core set of trust concerns, most of which have no current resolution This publication identifies 17 technical trust-related concerns for individuals and organizations before and after IoT adoption. The set of concerns discussed here is necessarily incomplete given this rapidly changing industry, however this publication should still leave readers with a broader understanding of the topic. This set was derived from the six trustworthiness elements in NIST SP 800-183. And when possible, this publication outlines recommendations for how to mitigate or reduce the effects of these IoT concerns. It also recommends new areas of IoT research and study. This publication is intended for a general information technology audience including managers, supervisors, technical staff, and those involved in IoT policy decisions, governance, and procurement.

LLVM 7.0.0 released

[…]It is the result of the community’s work over the past six months, including: function multiversioning in Clang with the ‘target’ attribute for ELF-based x86/x86_64 targets, improved PCH support in clang-cl, preliminary DWARF v5 support, basic support for OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray and libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer support for OpenBSD, UBSan checks for implicit conversions, many long-tail compatibility issues fixed in lld which is now production ready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and diagtool. And as usual, many optimizations, improved diagnostics, and bug fixes.[…]

Some highlights:

Early support for UBsan, X-Ray instrumentation and libFuzzer (x86 and x86_64) for OpenBSD. Support for MSan (x86_64), X-Ray instrumentation and libFuzzer (x86 and x86_64) for FreeBSD.

AArch64 target: Assembler and disassembler support for the ARM Scalable Vector Extension has been added.

A new Implicit Conversion Sanitizer (-fsanitize=implicit-conversion) group was added. Please refer to the Undefined Behavior Sanitizer (UBSan) section of the release notes for the details.

An existing tool named diagtool has been added to the release. As the name suggests, it helps with dealing with diagnostics in clang, such as finding out the warning hierarchy, and which of them are enabled by default or for a particular compiler invocation.

clang-tidy: New module zircon for checks related to Fuchsia’s Zircon kernel.

The DEBUG macro has been renamed to LLVM_DEBUG, the interface remains the same.

A new tool named llvm-mca has been added. llvm-mca is a static performance analysis tool that uses information available in LLVM to statically predict the performance of machine code for a specific CPU.

http://releases.llvm.org/7.0.0/docs/ReleaseNotes.html
http://releases.llvm.org/7.0.0/tools/clang/docs/ReleaseNotes.html
http://releases.llvm.org/7.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html
http://releases.llvm.org/7.0.0/tools/lld/docs/ReleaseNotes.html
http://lists.llvm.org/pipermail/llvm-announce/2018-September/000080.html

Platform Security Summit 2018, some videos available

Re:  https://firmwaresecurity.com/2018/05/08/platform-security-summit/

Rich Persaud recntly posted a message to the edk2-devel mailing list, with a pointer to the videos of the May Platform Security Summit:

This event was held in May 2018 and hosted by Intel. There were firmware related talks by speakers from Dell, Intel, Oracle and others. Some videos have been posted.

https://www.platformsecuritysummit.com/2018/videos/

UefiPayloadPkg: UEFI Payload Project: supports Coreboot and Slim Bootloader

A freshly-created Github project:

https://github.com/BenjaminYou/UEFIPayload

UEFI Payload (UefiPayloadPkg) aims to be an upgrade to CorebootModulePkg and CorebootPayloadPkg. Features:
– Supporting Slim Bootloader in addition to Coreboot
– Source level configuration using .ini format
– User Extension using simple “C” codes
– Platform support library for adding platform specific codes

UC Irvine open sources their LLVM multicompiler

LLVM-based compiler to create artificial software diversity to protect software from code-reuse attacks.

https://github.com/securesystemslab/multicompiler

BlueHat Israel video: Beyond Belief: The Case of Spectre and Meltdown

http://www.bluehatil.com/files/Beyond%20Belief%20-%20The%20Case%20of%20Spectre%20and%20Meltdown.pdf

https://gruss.cc/

https://meltdownattack.com/

Software-based Microarchitectural Attacks

https://gruss.cc/files/phd_thesis.pdf

https://gruss.cc/files/phd_defense_slides.pdf

Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys

Re: https://firmwaresecurity.com/2018/09/12/intel-releases-17-security-advisories/ and

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html

http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html

Intel releases 17 security advisories!

https://www.intel.com/content/www/us/en/security-center/default.html

Intel® Distribution for Python 2018 for Windows Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html

Intel® Centrino® Wireless-N and Intel® Centrino® Advanced-N products Bluetooth Driver Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00177.html

Intel® NUC Firmware Security Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html

Intel® IoT Developers Kit Permissions Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00173.html

OpenVINO™ Toolkit for Windows Permissions Issue Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html

Intel® Data Migration Software Improper Permissions Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html

Intel® Driver & Support Assistant and Intel® Software Asset Manager Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html

Intel® Extreme Tuning Utility Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html

Intel® Baseboard Management Controller (BMC) firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00149.html

Intel® Server Board TPM Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html

Intel® Data Center Manager SDK Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html

Intel® Platform Trust Technology (PTT) Update Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html

Intel® Active Management Technology 9.x/10.x/11.x/12.x Security Review Cumulative Update Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html

Power Management Controller (PMC) Security Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html

Intel® CSME Assets Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html

INTEL-SA-00086 Detection Tool DLL Injection Issue Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html

Falkervisor hypervisor for fuzzing

Falkervisor_grilled_cheese:  This is the latest C version of my hypervisor and probably some of the best C code I’ve ever written (I’ve since switched to Rust, you should too). This was used roughly between 2015-2016, and replaced with a Rust version in late 2016.

https://github.com/gamozolabs/falkervisor_grilled_cheese

See-also:

https://github.com/gamozolabs/falkervisor_beta/

SALT – SLUB ALlocator Tracer for the Linux kernel (including GDB plugin)

Welcome to salt, a tool to reverse and learn kernel heap memory management. It can be useful to develop an exploit, to debug your own kernel code, and, more importantly, to play with the kernel heap allocations and learn its inner workings.

This tool helps tracing allocations and the current state of the SLUB allocator in modern linux kernels.

It is written as a gdb plugin, and it allows you to trace and record memory allocations and to filter them by process name or by cache. The tool can also dump the list of active caches and print relevant information.

This repository also includes a playground loadable kernel module that can trigger allocations and deallocations at will, to serve both as a debugging tool and as a learning tool to better understand how the allocator works.

https://github.com/PaoloMonti42/salt

https://github.com/PaoloMonti42/salt/blob/master/presentation.pdf

screenshot

 

AMI releases Unrestricted (Free) Version of AMIDuOS

Re: https://firmwaresecurity.com/2018/06/01/ami-retires-duos/

AMI has rmade DuOS — which runs both Android and Windows simultaneously — available again:

https://ami.com/en/amiduos/?amiduos=activation

PS: AMI: Please add Linux support to your feature list.

fdpp: FreeDOS plus-plus 64-bit DOS

If UEFI is the new DOS, then it seems that this should be ported to UEFI. 🙂

“fdpp is a 64-bit DOS. It is based on a FreeDOS kernel ported to modern C++. In short, FreeDOS plus-plus.”

https://github.com/stsp/fdpp