Hardware, Languages, and Architectures for Defense Against Hostile Operating Systems (DHOSA)

Similar documents

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems

Data Centers and Cloud Computing

Virtualization. Types of Interfaces

UNCLASSIFIED Version 1.0 May 2012

VMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D

COS 318: Operating Systems. Virtual Machine Monitors

Cloud Computing #6 - Virtualization

Windows Server Virtualization & The Windows Hypervisor

Virtual Computing and VMWare. Module 4

RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Virtualization. Pradipta De

Multi-core Programming System Overview

Virtualization for Cloud Computing

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

evm Virtualization Platform for Windows

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)

Data Centers and Cloud Computing. Data Centers

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products

Development of Type-2 Hypervisor for MIPS64 Based Systems

Security Challenges & Opportunities in Software Defined Networks (SDN)

Technical Brief Distributed Trusted Computing

Virtualization. Dr. Yingwu Zhu

Survey On Hypervisors

Virtual Switching Without a Hypervisor for a More Secure Cloud

ARCHITECTING HIGH-SECURITY SYSTEMS FOR MULTILATERAL COOPERATION

Security Overview of the Integrity Virtual Machines Architecture

Cloud Computing. Up until now

Virtualization and the U2 Databases

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

How do Users and Processes interact with the Operating System? Services for Processes. OS Structure with Services. Services for the OS Itself

Virtual Machines. Virtualization

CS 695 Topics in Virtualization and Cloud Computing. Introduction

The Review of Virtualization in an Isolated Computer Environment

Security & Cloud Services IAN KAYNE

Virtualization Technology

Clouds, Virtualization and Security or Look Out Below

COM 444 Cloud Computing

Cloud Data Protection for the Masses

KVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com

McAfee Product Entitlement Definitions

Run-Time Deep Virtual Machine Introspection & Its Applications

Towards Trustworthy Clouds

Rackspace Cloud Databases and Container-based Virtualization

Building Docker Cloud Services with Virtuozzo

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN

VIRTUALIZATION SECURITY IN THE REAL WORLD

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Introduction to the NI Real-Time Hypervisor

Firewalls and IDS. Sumitha Bhandarkar James Esslinger

IO Visor: Programmable and Flexible Data Plane for Datacenter s I/O

Parallels Virtuozzo Containers

A Survey on Virtual Machine Security

Next Generation Operating Systems

Servervirualisierung mit Citrix XenServer

Lecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday

Networking for Caribbean Development

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

EECatalog SPECIAL FEATURE

Review from last time. CS 537 Lecture 3 OS Structure. OS structure. What you should learn from this lecture

CS 695 Topics in Virtualization and Cloud Computing and Storage Systems. Introduction

Analysis on Virtualization Technologies in Cloud

Network virtualization in AutoI

Virtualization Impact on Compliance and Audit

Virtualization across the organization

Virtual Machine Security

Before we can talk about virtualization security, we need to delineate the differences between the

Virtualization. Jukka K. Nurminen

M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2.

Although cloud computing promises lower costs, Cloud Data Protection for the Masses COVER FEATURE SECURITY AND PRIVACY CHALLENGES

Virtual Hosting & Virtual Machines

Distributed and Cloud Computing

Cloud Defense. Kevin Hall Cyber Security Technology Department 4/17/2012. Sandia National Laboratories SAND C

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.

Network performance in virtual infrastructures

The Xen of Virtualization

The Future of Virtualization Technology. Stephen Alan Herrod VP of Technology VMware

Enabling Database-as-a-Service (DBaaS) within Enterprises or Cloud Offerings

Frontiers in Cyber Security: Beyond the OS

Basics of Virtualisation

Above the clouds: A Berkeley View of Cloud Computing

The QEMU/KVM Hypervisor

Full and Para Virtualization

Confinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:

SSL VPN A look at UCD through the tunnel

Improving the Security of Commodity Hypervisors for Cloud Computing

Control your corner of the cloud.

CHOOSING THE RIGHT RED HAT ENTERPRISE LINUX SUBSCRIPTION. Gerry Riveros Senior Manager Server Solutions, Red Hat May 6, 2011

IMPLEMENTING YOUR BYOD MOBILITY STRATEGY

Computer Meteorology: Monitoring Compute Clouds

Operating System Structures

Adobe Flash Player and Adobe AIR security

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Public Cloud Security: Surviving in a Hostile Multitenant Environment

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

Transcription:

Hardware, Languages, and Architectures for Defense Against Hostile Operating Systems (DHOSA) Vikram Adve, Krste Asanović, David Evans, Sam King, Greg Morrisett, R. Sekar, Dawn Song, David Wagner (PI) http://www.dhosa.org/

The Problem Can we defend applications from buggy and even malicious host operating systems? OS s contain ~50M lines of code. 1 bug/kloc ~50K bugs? Reality: must assume OS will be compromised.

Exploring New Territory Conventional wisdom: If the OS is malicious or subverted, you are hosed. Our goal: Survive a malicious OS, perhaps with degraded functionality or availability.

The Approach Advances that cut across traditional disciplines: new hardware architectures new techniques for binary rewriting new OS and software architectures new advances in formal methods new cryptographic techniques

Vikram Adve (UIUC) Krste Asanović (UC Berkeley) David Evans (U Virginia) Sam King (UIUC) Greg Morrisett (Harvard) R. Sekar (Stony Brook) Dawn Song (UC Berkeley) David Wagner (UC Berkeley)

Timeline Aug 09 Aug 10 Aug 11 Aug 12 Kickoff meeting, project start (money arrives) Review meeting Review meeting

Farmville Facebook Bank What must you trust to prevent unwanted flows? Browser User-level libraries OS Kernel, Modules, Device Drivers, File Sys, Networking, Hypervisor CPU, Memory & Devices

Farmville Facebook Bank What must you trust to prevent unwanted flows? Browser User-level libraries OS Kernel, Modules, Device Drivers, File Sys, Networking, Hypervisor CPU, Memory & Devices

An alternative world? New OS and software architectures Recompilation required Small TCB (~ 1KLOC) POSIX API CPU, Memory & Devices

New OS and software architectures Another alternative world? Farmville Facebook Bank Browser Kernel Renderer Javascript VM Hypervisor CPU, Memory & Devices Illinois Browser Operating System (IBOS)

Data-centric Security New OS and software architectures Protect the data directly instead of network or host-based protection Three examples: Cloud-terminal: providing trusted input/output Platform for private data Secure web applications: Guardrails

New OS and software architectures Cloud-terminal architecture Generalpurpose OS Secure thin terminal VM Application Virtual desktop server Lightweight hypervisor Trusted Computing Hardware Cloud Rendering Engine Encrypted tunnel

New hardware architectures Hardware Legacy Stack Bank Browser-Based OS Hypervisor CPU, Memory & Devices Hardware support for isolation against covert channels in a multi-core environment

Binary rewriting New policy enforcement techniques Legacy Stack Bank Browser-Based OS Hypervisor CPU, Memory & Devices Binary rewriting and emulation techniques to enforce basic integrity and isolation policies

Language-based safety New policy enforcement techniques Legacy Stack Bank Browser-Based OS Hypervisor CPU, Memory & Devices Type-safe low-level virtual machine code: object-level isolation

Formal methods New techniques for trustworthiness Bank Browser-Based OS Hypervisor CPU, Memory & Devices New techniques for scalable verification of enforcement technologies.

New cryptographic techniques Cryptographic techniques Bank Browser-Based OS Hypervisor CPU, Memory & Devices New techniques for efficient encrypted computation through dynamic garbled circuits.

SVA Cryptographic secure computation Binary translation and emulation Formal methods TRANSFORMATION e.g., Enforce properties on a malicious OS Data-centric security Secure browser appliance e.g., Enable complex distributed systems, with resilience to hostile OS s Hardware support for isolation Dealing with malicious hardware e.g., Prevent data exfiltration Secure servers WEB-BASED ARCHITECTURES HARDWARE SYSTEM ARCHITECTURES

Agenda 9:30-9:45 Welcome + Overview 9:45-10:10 CPU emulators: improving their assurance 10:10-10:35 Formal modeling of x86 binaries 10:35-11:00 Data-centric security: Platform for Private Data 11:15-11:35 Binary rewriting 11:35-12:00 Secure Virtual Architecture 12:00-1:00 Lunch 1:00-1:25 Trust, protection, & performance with Valkyrie 1:25-1:50 When semi-honest is only semi-good-enough 1:50-2:30 Visitor feedback http://www.dhosa.org/