Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

Published byBrittney Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign."— Presentation transcript:

1 Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign 1 Secure Virtual Architecture

2 Outline Background Current Work Future Work 2 Secure Virtual Architecture

3 TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious hardware Cryptographic secure computation Data-centric security Secure browser appliance Secure servers WEB-BASED ARCHITECTURES e.g., Enforce properties on a malicious OS e.g., Prevent data exfiltration e.g., Enable complex distributed systems, with resilience to hostile OS’s Secure Virtual Architecture 3

4 Wouldn’t It Be Great? Enforce information flow policy Confidentiality Data-centric policy created by application/user Malicious OS can examine/modify any data in memory Need to control OS memory operations Keep system running when a safety violation is detected 4 Secure Virtual Architecture Process 1 Process 1 Process 2 Process 2 Operating System Memory

5 Secure Virtual Architecture Compiler-based virtual machine Uses sophisticated compiler analysis & transformation techniques Virtual instruction set Typed virtual instruction set enables sophisticated program analysis Special instructions for OS kernel support Provide safe execution environment for commodity software Supports unmodified C/C++ applications Supports commodity operating systems (e.g., Linux) 5 Commodity Applications + OS Hardware Compiler + VM Virtual ISA Native ISA Secure Virtual Architecture

6 SVA Safety Guarantees Safe LanguageSecure Virtual Architecture Control flow integrity Array indexing within bounds No uses of uninitialized variables Type safety for all objectsType safety for subset of objects No uses of dangling pointersDangling pointers are harmless Sound operational semantics Dangling pointers & non-type-safe objects do not compromise other guarantees Strongest memory safety for C sans garbage collection 6 Secure Virtual Architecture

7 What’s the Secret Sauce? Run-time Checks Load/Store Checks Bounds Checks Illegal Free Checks Indirect Call Checks Static Analysis Type Inference Points-to Analysis 7 Secure Virtual Architecture

8 Outline Background Current Work Future Work 8 Secure Virtual Architecture

9 Safe Software/Hardware Interaction OperationProblemSolution Context SwitchingKernel can load bad state on to CPU Store CPU state in SVA VM memory Stack ManagementKernel stacks are regular, mutable memory objects SVA creates new type of memory object for kernel stacks; pointers to such objects cannot be dereferenced MMU ConfigurationStatic analysis assumes virtual address space is immutable Use para-virtualization to prevent MMU configurations that violate static analysis safety guarantees 9 Secure Virtual Architecture

10 A Secure Foundation Strong memory safety enforcement Even for low level OS code! Can rely on static analysis results to hold at run-time Enforces safety properties on applications and OS kernel code 10 Secure Virtual Architecture Safety enforced despite hostile OS Code!

11 Current Work Information Flow for C Improved Type Inference Recovery from Safety Violations 11 Secure Virtual Architecture

12 CIF: C Information Flow Compiler Experimental information flow infrastructure for C/C++ Explicit information flow on memory object granularity Properly joins (meets) labels for computation results Based on SVA Memory safety errors cannot violate safety guarantees Can reuse SVA infrastructure for optimization 12 Data Memory Object Memory Object Process Meet Secure Virtual Architecture

13 SVA Controls Information Flow SVA controls Memory access MMU configuration Information Flow Uniform monitoring SVA enforces policies Not the OS 13 Process 1 Process 1 Process 2 Process 2 SVA Virtual Machine Operating System Memory Secure Virtual Architecture

14 Improving Type Safety in SVA Benefits Better pointer disambiguation due to improved field sensitivity Better safety More static type safety yields more precise run-time safety guarantees Better performance Type-safe objects do not need load/store checks 14 Secure Virtual Architecture

15 Type Safety Enhancements Tracking types at byte-offsets Permit a subset of a memory object to be type safe Supports C++ class hierarchy sub-typing Identifying C library functions and allocator wrappers Static code transformations to improve inference results Cloning of address-taken functions for use in direct calls Clone functions that take embedded structures from incompatible types 15 Secure Virtual Architecture

16 Static Type Safety SPEC 2000 Secure Virtual Architecture 16

17 Static Type Safety SPEC 2006 Secure Virtual Architecture 17

18 Outline Background Current Work Future Work 18 Secure Virtual Architecture

19 Dynamic Type Tracking in SVA Track types stored to memory at run-time Used for memory operations that cannot be proven safe statically Byte granularity tracking Fine grained tracking of fields in structures Check type of data when loading from memory 19 Secure Virtual Architecture

20 Conclusions SVA provides a secure foundation We have: Infrastructure for secure information flow Improved type inference Automated recovery from run-time safety violations In the pipeline: Secure information flow to enforce safety sans OS support Dynamic type tracking 20 Secure Virtual Architecture

Download ppt "Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign."

Similar presentations

Programming Technologies, MIPT, April 7th, 2012 Introduction to Binary Translation Technology Roman Sokolov SMWare

Programming Technologies, MIPT, April 7th, 2012 Introduction to Binary Translation Technology Roman Sokolov SMWare
1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
Optimizing single thread performance Dependence Loop transformations.

Optimizing single thread performance Dependence Loop transformations.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Code Compaction of an Operating System Kernel Haifeng He, John Trimble, Somu Perianayagam, Saumya Debray, Gregory Andrews Computer Science Department.

Code Compaction of an Operating System Kernel Haifeng He, John Trimble, Somu Perianayagam, Saumya Debray, Gregory Andrews Computer Science Department.
SAFECode Memory Safety Without Runtime Checks or Garbage Collection By Dinakar Dhurjati Joint work with Sumant Kowshik, Vikram Adve and Chris Lattner University.

SAFECode Memory Safety Without Runtime Checks or Garbage Collection By Dinakar Dhurjati Joint work with Sumant Kowshik, Vikram Adve and Chris Lattner University.
SAFECode SAFECode: Enforcing Alias Analysis for Weakly Typed Languages Dinakar Dhurjati University of Illinois at Urbana-Champaign Joint work with Sumant.

SAFECode SAFECode: Enforcing Alias Analysis for Weakly Typed Languages Dinakar Dhurjati University of Illinois at Urbana-Champaign Joint work with Sumant.
Korey Breshears. Overview  What are automated security tools?  Why do we need them?  What types of tools are there?  What problems do these tools.

Korey Breshears. Overview  What are automated security tools?  Why do we need them?  What types of tools are there?  What problems do these tools.
Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge.
Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.

Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.

State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.
MEMORY MANAGEMENT By KUNAL KADAKIA RISHIT SHAH. Memory Memory is a large array of words or bytes, each with its own address. It is a repository of quickly.

MEMORY MANAGEMENT By KUNAL KADAKIA RISHIT SHAH. Memory Memory is a large array of words or bytes, each with its own address. It is a repository of quickly.
CS884 (Prasad)Java Goals1 “Perfect Quote” You know you've achieved perfection in design, Not when you have nothing more to add, But when you have nothing.

CS884 (Prasad)Java Goals1 “Perfect Quote” You know you've achieved perfection in design, Not when you have nothing more to add, But when you have nothing.
Memory Layout C and Data Structures Baojian Hua

Memory Layout C and Data Structures Baojian Hua
May 22, 2002OSQ Retreat 1 CCured: Taming C Pointers George Necula Scott McPeak Wes Weimer

May 22, 2002OSQ Retreat 1 CCured: Taming C Pointers George Necula Scott McPeak Wes Weimer
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Similar presentations

Ads by Google