CS 642 - Introduction to Information Security - Spring 2019

TPM

With a static root of trust, is there any software that must be trusted and cannot be verified? If so, which software and why?
Suppose the OS is allowed to reset PCRs after initializing. How does this break attestation? Be specific
What information does a client need to have to verify attestation of a remote operating system - to be sure it is running the correct software?
Suppose you use a TPM to attest to remotely running code, and it is later attacked with a stack smash. Will someone using attestation discover the attack? Why or why not

Why is the initial program loaded into an SGX enclave unencrypted?
What does a client program have to verify before passing secrets to an SGX enclave?
What state must be encrypted to protect the contents of an SGX enclave from the operating system or virtual machine monitor?
Suppose code in an SGX enclave is waiting for data to arrive and calls the read() system call. What conditions must it check after the read() call returns to make sure it executes correctly?

On a machine with Meltdown, what capabilities does an attacker need to launch an attack?
What can an attacker do with meltdown?
Suppose you run on a system like Windows where the kernel does not map all of physical memory. Does this change the severity of the meltdown attack?
Suppose with Spectre, you separate your code using encryption keys into a separate process from the application. Can spectre be used to compromise your secret keys? Explain.
Suppose you have an instruction that can stop speculation. If you could modify the compiler, where would you insert this instruction to prevent spectre attacks?

What hardware capabilities does code have to have to launch a rowhammer attack?
What information does code have to launch a double-sided rowhammer attack?
How can a program increase the likelihood that a bit flip is:
1. In memory controlled by the program?
2. In memory controlled by the OS?
Can you use rowhammer to defeat stack canaries? If so, how?