Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

Slides:



Advertisements
Similar presentations
Programming Technologies, MIPT, April 7th, 2012 Introduction to Binary Translation Technology Roman Sokolov SMWare
Advertisements

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
Optimizing single thread performance Dependence Loop transformations.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Code Compaction of an Operating System Kernel Haifeng He, John Trimble, Somu Perianayagam, Saumya Debray, Gregory Andrews Computer Science Department.
SAFECode Memory Safety Without Runtime Checks or Garbage Collection By Dinakar Dhurjati Joint work with Sumant Kowshik, Vikram Adve and Chris Lattner University.
SAFECode SAFECode: Enforcing Alias Analysis for Weakly Typed Languages Dinakar Dhurjati University of Illinois at Urbana-Champaign Joint work with Sumant.
Korey Breshears. Overview  What are automated security tools?  Why do we need them?  What types of tools are there?  What problems do these tools.
Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.
Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
OS Spring’03 Introduction Operating Systems Spring 2003.
State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.
MEMORY MANAGEMENT By KUNAL KADAKIA RISHIT SHAH. Memory Memory is a large array of words or bytes, each with its own address. It is a repository of quickly.
CS884 (Prasad)Java Goals1 “Perfect Quote” You know you've achieved perfection in design, Not when you have nothing more to add, But when you have nothing.
Memory Layout C and Data Structures Baojian Hua
May 22, 2002OSQ Retreat 1 CCured: Taming C Pointers George Necula Scott McPeak Wes Weimer
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Virtualization for Cloud Computing
Intro to Java The Java Virtual Machine. What is the JVM  a software emulation of a hypothetical computing machine that runs Java bytecodes (Java compiler.
JAVA v.s. C++ Programming Language Comparison By LI LU SAMMY CHU By LI LU SAMMY CHU.
Tanenbaum 8.3 See references
Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages.
A Portable Virtual Machine for Program Debugging and Directing Camil Demetrescu University of Rome “La Sapienza” Irene Finocchi University of Rome “Tor.
Secure Virtual Architecture: A Safe Execution Environment for Commodity Operating Systems John Criswell, University of Illinois Andrew Lenharth, University.
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
A Virtual Instruction Set Interface for Operating System Kernels John Criswell, Brent Monroe, Vikram Adve University of Illinois at Urbana-Champaign.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.
Virtualization Concepts Presented by: Mariano Diaz.
Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
A Survey of Dynamic Techniques for Detecting Device Driver Errors Olatunji Ruwase LBA Reading Group 18 th May 2010.
Virtual & Dynamic Memory Management Summer 2014 COMP 2130 Intro Computer Systems Computing Science Thompson Rivers University.
Programming Models & Runtime Systems Breakout Report MICS PI Meeting, June 27, 2002.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
CPRG 215 Introduction to Object-Oriented Programming with Java Module 1-Introduction to Java Topic 1.1 Basics of Java Produced by Harvey Peters, 2008 Copyright.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Memory: Relocation.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
Hardware, Languages, and Architectures for Defense Against Hostile Operating Systems (DHOSA) Vikram Adve, Krste Asanović, David Evans, Sam King, Greg Morrisett,
12/5/20151 Operating Systems Design (CS 423) Elsa L Gunter 2112 SC, UIUC Based on slides by Roy Campbell, Sam King,
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
Processes and Virtual Memory
Full and Para Virtualization
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.
1 Xen and the Art of Binary Modification Lies, Damn Lies, and Page Frame Addresses Greg Cooksey and Nate Rosenblum, March 2007.
Language Based Operating Systems by Sean Olson What is a virtual machine? What is managed code? Kernels. Memory and security models. What is a language.
Eliminating External Fragmentation in a Non-Moving Garbage Collector for Java Author: Fridtjof Siebert, CASES 2000 Michael Sallas Object-Oriented Languages.
Embedded Real-Time Systems
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
Virtual Machine Monitors
Presented by Mike Marty
Chapter 1 Introduction.
Memory Protection: Kernel and User Address Spaces
Chapter 1 Introduction.
State your reasons or how to keep proofs while optimizing code
OS Virtualization.
Memory Protection: Kernel and User Address Spaces
The Operating System Memory Manager
Virtualization Layer Virtual Hardware Virtual Networking
CSE 451: Operating Systems Autumn 2005 Memory Management
The Design & Implementation of Hyperupcalls
CSE 451: Operating Systems Autumn 2003 Lecture 9 Memory Management
Shielding applications from an untrusted cloud with Haven
CSE 451: Operating Systems Autumn 2003 Lecture 9 Memory Management
Foundations and Definitions
Run-time environments
Presentation transcript:

Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign 1 Secure Virtual Architecture

Outline Background Current Work Future Work 2 Secure Virtual Architecture

TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious hardware Cryptographic secure computation Data-centric security Secure browser appliance Secure servers WEB-BASED ARCHITECTURES e.g., Enforce properties on a malicious OS e.g., Prevent data exfiltration e.g., Enable complex distributed systems, with resilience to hostile OS’s Secure Virtual Architecture 3

Wouldn’t It Be Great? Enforce information flow policy Confidentiality Data-centric policy created by application/user Malicious OS can examine/modify any data in memory Need to control OS memory operations Keep system running when a safety violation is detected 4 Secure Virtual Architecture Process 1 Process 1 Process 2 Process 2 Operating System Memory

Secure Virtual Architecture Compiler-based virtual machine Uses sophisticated compiler analysis & transformation techniques Virtual instruction set Typed virtual instruction set enables sophisticated program analysis Special instructions for OS kernel support Provide safe execution environment for commodity software Supports unmodified C/C++ applications Supports commodity operating systems (e.g., Linux) 5 Commodity Applications + OS Hardware Compiler + VM Virtual ISA Native ISA Secure Virtual Architecture

SVA Safety Guarantees Safe LanguageSecure Virtual Architecture Control flow integrity Array indexing within bounds No uses of uninitialized variables Type safety for all objectsType safety for subset of objects No uses of dangling pointersDangling pointers are harmless Sound operational semantics Dangling pointers & non-type-safe objects do not compromise other guarantees Strongest memory safety for C sans garbage collection 6 Secure Virtual Architecture

What’s the Secret Sauce? Run-time Checks Load/Store Checks Bounds Checks Illegal Free Checks Indirect Call Checks Static Analysis Type Inference Points-to Analysis 7 Secure Virtual Architecture

Outline Background Current Work Future Work 8 Secure Virtual Architecture

Safe Software/Hardware Interaction OperationProblemSolution Context SwitchingKernel can load bad state on to CPU Store CPU state in SVA VM memory Stack ManagementKernel stacks are regular, mutable memory objects SVA creates new type of memory object for kernel stacks; pointers to such objects cannot be dereferenced MMU ConfigurationStatic analysis assumes virtual address space is immutable Use para-virtualization to prevent MMU configurations that violate static analysis safety guarantees 9 Secure Virtual Architecture

A Secure Foundation Strong memory safety enforcement Even for low level OS code! Can rely on static analysis results to hold at run-time Enforces safety properties on applications and OS kernel code 10 Secure Virtual Architecture Safety enforced despite hostile OS Code!

Current Work Information Flow for C Improved Type Inference Recovery from Safety Violations 11 Secure Virtual Architecture

CIF: C Information Flow Compiler Experimental information flow infrastructure for C/C++ Explicit information flow on memory object granularity Properly joins (meets) labels for computation results Based on SVA Memory safety errors cannot violate safety guarantees Can reuse SVA infrastructure for optimization 12 Data Memory Object Memory Object Process Meet Secure Virtual Architecture

SVA Controls Information Flow SVA controls Memory access MMU configuration Information Flow Uniform monitoring SVA enforces policies Not the OS 13 Process 1 Process 1 Process 2 Process 2 SVA Virtual Machine Operating System Memory Secure Virtual Architecture

Improving Type Safety in SVA Benefits Better pointer disambiguation due to improved field sensitivity Better safety More static type safety yields more precise run-time safety guarantees Better performance Type-safe objects do not need load/store checks 14 Secure Virtual Architecture

Type Safety Enhancements Tracking types at byte-offsets Permit a subset of a memory object to be type safe Supports C++ class hierarchy sub-typing Identifying C library functions and allocator wrappers Static code transformations to improve inference results Cloning of address-taken functions for use in direct calls Clone functions that take embedded structures from incompatible types 15 Secure Virtual Architecture

Static Type Safety SPEC 2000 Secure Virtual Architecture 16

Static Type Safety SPEC 2006 Secure Virtual Architecture 17

Outline Background Current Work Future Work 18 Secure Virtual Architecture

Dynamic Type Tracking in SVA Track types stored to memory at run-time Used for memory operations that cannot be proven safe statically Byte granularity tracking Fine grained tracking of fields in structures Check type of data when loading from memory 19 Secure Virtual Architecture

Conclusions SVA provides a secure foundation We have: Infrastructure for secure information flow Improved type inference Automated recovery from run-time safety violations In the pipeline: Secure information flow to enforce safety sans OS support Dynamic type tracking 20 Secure Virtual Architecture

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.