Profile

Cover photo
Perry Lorier
Works at Google
Attended University of Waikato
Lives in Dublin, Ireland
436 followers|42,459 views
AboutPostsPhotosYouTubeReviews

Stream

Perry Lorier

Shared publicly  - 
 
This is what I do.
 
Today for the first time we've revealed how Google scaled its frontend infrastructure and how you can now take advantage of our technology by using Google Cloud Platform.

Putting Google's Network to work for You

I want to give a huge thank you to +Trisha Weir , who not only created all the drawings in the presentation but also TPM'ed many of the projects covered here.

#io2014
8
1
Simon Boggis's profile photoChris Whittleston's profile photo
 
Very cool +Perry Lorier, I've been playing with leveraging Compute Engine for our research on virus evolution over the last couple of months, seems like a great platform!
Add a comment...

Perry Lorier

Shared publicly  - 
 
 
From today's poetry bash on #linux:

"Ba ba bash shell have you any bool?
Yes, sir, yes but naught is true.
One for the error and more for arcane.
Zero for command which correctly exits main."
2
Add a comment...

Perry Lorier

Shared publicly  - 
 
I've always been intrigued by HIP, it's interesting to read a (extremely!) detailed report about what's been learnt.
1
Add a comment...
In his circles
227 people
Have him in circles
436 people
Nicola Drake's profile photo
Brett Lorier's profile photo
Drew Broadley's profile photo
Raleigh Mann's profile photo
 
The problem that the heartbleed attack demonstrates is that people's private keys are available to a server that is also available (via heartbleed) to the attackers.

Ideally you'd want your TLS keys to be stored in an HSM(hardware security module), where if your machine is compromised they cannot be extracted.   Usually this can be done via PKCS#11, an standard API for asking something else to do the crypto operations for you. This is plausible for client applications on devices with TPMs (eg Thinkpads), but the builtin TPMs are extremely slow, and are not usually available on servers. For example for storing things like client SSH keys, this is ideal.  (You don't need to use the Platform Configuration Registers which is the bit that most people object to, and ideally you'd get a "real" HSM, not just reuse the TPM as a HSM.).

Ideally what you want to do for a web farm is to have a software daemon that pretends to be a HSM, which runs as a separate user than your webserver.  When your webserver needs a crypto operation done that involves your private keys, it asks the software HSM to do the operation for it.  Thus, even if an attacker gains access to the user the webserver is running as (eg remote code execution), they cannot just read out the TLS keys, and probably also the password used to encrypt them from the config file!  If the softHSM running as a separate daemon in a second user account, they need to be able to access that second user (eg by exploiting bugs in the kernel etc) to get the keys, which is a much higher bar (and is not provided for by things like heartbleed).  The attacker, if they did get full access to the webserver account could ask the softHSM to do the operations for it, but when combined with Perfect Foward Security, this doesn't really buy the attacker much that they didn't get just by sniffing the unencrypted streams they already have access to.  If you wanted to later upgrade the security of your machine (eg, you have a TPM added to your server), you could swap out the software HSM's PKCS#11 driver library for your "real" HSM PKCS#11 driver, which is a small configuration change.

Unfortunately, at the moment all the softHSM's I've looked at operate as a shared library, and thus still have problems with key leakage.  I have also not been able to figure out how to get any of the webserver SSL configurations to actually use PKCS#11. So far they only seem to allow you to say "I want to use PKCS#11" but then don't let you configure anything that you need to such as ... which PKCS#11 module to use, or what the User PIN for the HSM is, or which slot, token or certificate to use within the HSM.  The current state of the art appears to recompiling to configure much of this.  Hopefully I'm wrong here.

Heartbleed is bad, but it's not going to be the last bug that we ever see that gives access to the webserver account.   There's going to be bugs in protocol handling (either TLS, or perhaps in new HTTP/2.0 implementations) and there's going to be bugs in websites that mean that file contents are leaked, or allow for varying degrees of remote code execution.  

The best fix here is to not expose your keys to the same process that is exposed to the Internet.  The best standard we have today for this is PKCS#11.  To do this we need a software daemon based PKCS#11 that can run as a separate user and a driver PKCS#11 module for it (communicating over, say, a unix domain socket, perhaps dbus or something), and we need to have webserver vendors support PKCS#11 as a first class citizen in their configuration.
44
12
Chris Boyle's profile photoElliot Murphy's profile photoTrevor Schroeder's profile photoCharles Forsyth's profile photo
20 comments
 
You might find this interesting - AcceSSL: a "soft HSM" for OpenSSL to secure private keys - https://github.com/gozdal/accessl/
Add a comment...

Perry Lorier

Shared publicly  - 
1
Gerard Sharp's profile photo
 
.. Haven't read it, but, do complex systems fail by not realising when to "down tools" and go for nachos?
Add a comment...

Perry Lorier

Shared publicly  - 
 
You should update your firewalls.
1
Add a comment...

Perry Lorier

Shared publicly  - 
2
Scott Raynel's profile photo
 
Really interesting.

Aside from all of the technical reasons (data representation, weak typing, aliasing, etc), I think there's a really telling quote in that article:

"Kernel programmers already operate at (or slightly beyond) the outer limit of systemic complexity that can be mainained in a programmer's head."

A language like C allows the programmer to develop very straightforward mental models of what's going on; there's very little "magic" going on such as there is in C++, etc. This ability to map C code to simple mental models allows programmers to "operate at the outer limits of systemic complexity" more readily.

Thanks for sharing. Wishing I was back doing more systems programming now :(
Add a comment...

Perry Lorier

Shared publicly  - 
 
"An Extension Language for the DNS" - John Levine
http://tools.ietf.org/html/levine-dnsextlang-02.txt
2
Greg S's profile photoandrew mcmillan's profile photoMurali Suriar's profile photoPerry Lorier's profile photo
6 comments
 
Oh dear.
Add a comment...
People
In his circles
227 people
Have him in circles
436 people
Nicola Drake's profile photo
Brett Lorier's profile photo
Drew Broadley's profile photo
Raleigh Mann's profile photo
Education
  • University of Waikato
    BCMS, 1997 - 2000
Basic Information
Gender
Male
Work
Employment
  • Google
    SRE, 2010 - present
  • WAND
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Dublin, Ireland
Previously
Hamilton, New Zealand
Links
Other profiles