Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Published byDella Cain Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure web browsers, malicious hardware, and hardware support for binary translation Sam King."— Presentation transcript:

1 Secure web browsers, malicious hardware, and hardware support for binary translation Sam King

2 Browser motivation Browsers most commonly used application today Browsers are an application platform – Email, banking, investing, shopping, television, and more! Browsers are plagued with vulnerabilities – Internet Explorer: 57 vulnerabilities – Mozilla/Firefox: 122 vulnerabilities – Safari + Opera: 66 vulnerabilities Studies from Microsoft, Google, and University of Washington show web browser is attacker target 2/14

3 The OP Browser Goal: build a secure web browser Provide an architecture for secure web browsing – Maintain security guarantees even when compromised Driven by OS and formal methods design principles 3/14

4 OP design Decompose into browser subsystems – Web page instance further divided Use message passing – All messages through browser kernel Dedicated subsystems for OS operations Host OS sandboxing 4/14

5 Design enables security Partitioning and constrained communication enable new security mechanisms – Clean separation of browser functionality and security Policy – Plugin security policies, xss Formal methods – SOP + URL address bar invariant 5/14

6 Research questions OP: more secure browser can be practical – Hopefully no longer weakest link in comp. stack Can you operate with a malicious OS? – What portions of the OS does browser kernel replicate? – What portions of the OS does browser kernel rely on? 6/14

7 Replicate portions of the OS Extracts parts of OS needed for web client sec – Custom labeling and access control system – RPC / message passing layer – Window manager (limited extent) 7/14

8 Assumptions about OS Process-level isolation (easy) – Memory protection – well-known IPC mechanisms System-level sandboxing (moderate) – Isolate processes from system resources – Restrict system call capabilities Resource management (hard) – Create processes, message forwarding and naming – Network, disk, screen Possible techniques for enforcing assumptions – Bottom up: SVA, binary trans, hardware isolation primitives – Top down: Simple web client, not a full browser 8/14

9 Untrusted computing base: defending against malicious hardware

10 Building secure systems We make assumptions when designing secure systems Break secure system, break assumptions – E.g., look for crypto keys in memory People assume hardware is correct What if we break this assumption? 10/14

11 Malicious hardware Is it possible to modify design of processors? Implementing hardware is difficult Implementing HW-based attacks is easy! – Small hardware level footholds – Execute high-level high-value attacks WITHOUT exploiting any software bugs 11/14

12 Defenses Based on insights from foothold devel. Analyze circuit at design time Highlight potentially malicious circuits Closely related to operating systems – Both have symbolic representation, compiled – 3 rd party tools and libraries – Principles learned from exercise could apply to OS Fundamentally an issue untrusted lower layers 12/14

13 Hardware support for dynamic binary translation

14 H/W for dynamic bin. trans. Problem: instrument individual inst is slow – Especially true for security applications Goal: amortize the cost across mult. instructions – Fast path for common case, efficient check for correct E.g., don’t read tainted memory – Slow path for correct (fully instrumented) case Solution: hardware support – HW signatures (e.g., bloom filter) to summarize E.g., addresses for load / store instructions – Apply known tricks to security case Extra registers, parallel optimization, atomic regions, etc. 14/14

15 Questions? 15/14

16 Performance Load latencies do not impact usability Load time in seconds 16/14

Download ppt "Secure web browsers, malicious hardware, and hardware support for binary translation Sam King."

Similar presentations

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
Applications of Feather-Weight Virtual Machines (FVMs) Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science.

Applications of Feather-Weight Virtual Machines (FVMs) Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science.
1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
Rung-Bin Lin Chapter 4: Exploiting Instruction-Level Parallelism with Software Approaches4-1 Chapter 4 Exploiting Instruction-Level Parallelism with Software.

Rung-Bin Lin Chapter 4: Exploiting Instruction-Level Parallelism with Software Approaches4-1 Chapter 4 Exploiting Instruction-Level Parallelism with Software.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.

REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.

Internet Indirection Infrastructure Ion Stoica UC Berkeley.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.

Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.
CS533 Concepts of OS Class 16 ExoKernel by Constantia Tryman.

CS533 Concepts of OS Class 16 ExoKernel by Constantia Tryman.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Client/Server Architectures

Client/Server Architectures
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

Similar presentations

Ads by Google