CSE 60641: Operating Systems George C. Necula and Peter Lee, Safe Kernel Extensions Without Run-Time Checking, OSDI ‘96 –SIGOPS Hall of fame citation:

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

Vassal: Loadable Scheduler Support for Multi-Policy Scheduling George M. Candea, Oracle Corporation Michael B. Jones, Microsoft Research.
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
01/05/2015Leiden Institute of Advanced Computer Science 1 The Open Kernel Environment - spinning Linux - Herbert Bos Bart Samwel
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.
Microkernels How to build a dependable, modular and secure operating system?
An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)
The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI
Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, David Becker, Marc.
Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,
Extensible Kernels Edgar Velázquez-Armendáriz September 24 th 2009.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s.
Proofs, Types, and Safe Mobile Code CoS 598E David Walker.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Dawson R. Engler, M. Frans Kaashoek, and James O'Tool Jr.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Language-Based Security Proof-Carrying Code Greg Morrisett Cornell University Thanks to G.Necula & P.Lee.
A Type System for Expressive Security Policies David Walker Cornell University.
Figure 1.1 Interaction between applications and the operating system.
Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.
User-Level Interprocess Communication for Shared Memory Multiprocessors Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented.
Extensible Untrusted Code Verification Robert Schneck with George Necula and Bor-Yuh Evan Chang May 14, 2003 OSQ Retreat.
OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.
Extensible Code Verification Kun Gao (Senior EECS) with Professor George Necula, Evan Chang, Robert Schneck, Adam Chlipala An individual receives code.
Extensible Kernels Mingsheng Hong. OS Kernel Types Monolithic Kernels Microkernels – Flexible (?) – Module Design – Reliable – Secure Extensible Kernels.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Operating System Architectures
CS533 Concepts of Operating Systems Jonathan Walpole.
Extensibility, Safety and Performance in the SPIN Operating System Ashwini Kulkarni Operating Systems Winter 2006.
Kernel, processes and threads Windows and Linux. Windows Architecture Operating system design Modified microkernel Layered Components HAL Interacts with.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
CS533 Concepts of Operating Systems Jonathan Walpole.
Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, Operating System Concepts Operating Systems Lecture 7 OS System Structure.
Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM
4-Dec-15CSE 60641: Operating Systems1 -Exokernel: an operating system architecture for application-level resource management. Dawson R. Engler, M. Frans.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
CSE Winter 2008 Introduction to Program Verification January 15 tautology checking.
1.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Lecture 2: OS Structures (Chapter 2.7)
SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.
Proof-Carrying Code: A Language-Based Security Approach Thao Doan Wei Hu Liqian Luo Jinlin Yang CS851 Malware 11/16/2004.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
CS533 Concepts of Operating Systems Jonathan Walpole.
Conway’s Game Of Live 1 Fall 2014 CS7020: Game Design and Development.
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
1.3 Operating system services An operating system provide services to programs and to the users of the program. It provides an environment for the execution.
Papers on the Second Quiz Jehan-François Pâris
Introduction to Operating Systems Concepts
Computer System Structures
Operating System Structures
Proof Carrying Code and Proof Preserving Program Transformations
The Mach System Sri Ramkrishna.
Chien-Chung Shen CIS/UD
Modularity and Memory Clearly, programs must have access to memory
KERNEL ARCHITECTURE.
State your reasons or how to keep proofs while optimizing code
Chapter 2: System Structures
Language-based Security
Operating Systems: A Modern Perspective, Chapter 3
CSE 60641: Operating Systems
Presentation transcript:

CSE 60641: Operating Systems George C. Necula and Peter Lee, Safe Kernel Extensions Without Run-Time Checking, OSDI ‘96 –SIGOPS Hall of fame citation: This paper introduced the notion of proof carrying code (PCC) and showed how it could be used for ensuring safe execution by kernel extensions without incurring run-time overhead. PCC turns out to be a general approach for relocating trust in a system; trust is gained in a component by trusting a proof checker (and using it to check a proof the component behaves as expected) rather than trusting the component per se. PCC has become one of the cornerstones of language-based security. 24-Feb-16CSE 60641: Operating Systems1

Recap Monolithic vs microkernel Threads vs events Extensibility: exokernel vs SPIN Continuations, scheduler activations Resource containers Today’s paper addresses similar problem as SPIN 2/24/2016CSE 60641: Operating Systems2

PCC What problem are we addressing? –Extending functionality by moving functionality into the kernel (monolithic) similar to SPIN –SPIN achieves safety by using Modula 3 –Necula achieves safety using proof carrying code (PCC) 1.Create a security policy and give it to application & kernel – policy really describes the secure hardware functionality desired –Actual hardware can perform unsafe actions 2.Take the user library, compute the safety proof (using security policy) and send both to the kernel 2/24/2016CSE 60641: Operating Systems3

3.Kernel computes the safety predicate using VC rules. Check the safety predicate against the safety proof. If the checker finishes, then the code is safe (for the safety policy) and so use it without any further checks –Using first order logic stuff, they change the proof to typechecking which makes it computationally simple and efficient (1.4 ms). One can write your own type-checker rather than using public library if worried about security 4.If code is modified, safety predicate will not match safety proof. Code modifications which still creates same safety predicate are allowed 2/24/2016CSE 60641: Operating Systems4

5.If proof is modified, either it will be invalid or not correspond to safety predicate Signed code proves the trusted origin but not the code itself Java type checking – performance problems Problem with approach: Proofs can be exponentially long –Use loops at certain spots can help 2/24/2016CSE 60641: Operating Systems5

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.