SegSlice: new primitives for trustworthy computing
|
|
- Olivia Shields
- 5 years ago
- Views:
Transcription
1 SegSlice: new primitives for trustworthy computing Sergey Bratus, PKI/Trust Lab, Dartmouth College Michael Locasto, George Mason U. Brian Schulte, George Mason U.
2 A policy should prevent the system transitions to untrusted states from trusted states! agrees with the TCG chain of trust concept Policy model Policy + mechanism = Event3 Event1 Event2 S1 S2 S3 S4 Policy goals are expressed in terms of states. Policy checks are in terms of events/transitions. Event system determines policy design, mechanism & policy language. definition of trustworthy system states (as derived from policy goals) definition of events that cause state transitions (cf. [F.B.Schneider, 2000]) trapping and mediation of events that might cause transition to an untrustworthy state re-measuring of system state, TPM ops
3 Vision Example: TPM-aware selective memory immutability (TRUST 08) Accesses to selected RAM regions (and all page tables) trapped (Xen; wish: MMU+ ) Trap handler re-measures them, may call TPM s seal/unseal, or zeroize PCRs Position: Smarter MMUs for finer, faster trapping of memory events, more context than just page read/written/fetched from (FTC 08)
4 C+'&I)1*.4$LM *.'F,(.*.8)F E.21F )18,1)3 Policy Gap %(,F).&4G++) %/HIG'F.&4 2-'184+J4)(,F) The Policy Gap in TCG architecture: $.*'8)12F +J4)(,F)4J+( 4'66012')1+8F K66012') F444 Policy mechanisms do not allow developers to express their knowledge of expected or trustworthy behaviors, relative data value Application-specific or special-purpose policy enforcement resembles debugging with predicates and actions to catch particular behavior Position: Policy requires developer knowledge about app internals, e.g., symbol tables! K))(1G,).44 *,)'G101)3N ONP4K5(.1).(74K0'*74B'J8.(74$.1J.()74Q-'8574R!"#$%&'()*$+&
5 Platform Desiderata Developers should be given tools to express policy-critical behaviors of software at runtime, just like they are given tools for correctness-critical behaviors while debugging Systems should support Boolean logicenhanced, object-granular, developer-friendly expressions of trappable conditions In the meantime, we should distill toolchainsupported & (x86-) implementable primitives
6 The distillation Some thoughts on security after 10 years of q-mail 1.0 [DJ Bernstein, 2007] Eliminating hidden data flow is more helpful than minimizing privilege Exploit engineering principle : convert a hidden data flow to a control flow code reading/writing data it is not meant to read/write
7 DJB quote I have become convinced that this principle of least privilege is fundamentally wrong. Minimizing privilege might reduce the damage done by some security holes but almost never fixes the holes. Minimizing privilege is not the same as minimizing the amount of trusted code, does not have the same benefits as minimizing the amount of trusted code, and does not move us any closer to a secure computer system.
8 Code-data ownership Developer intuition: This data unit is exclusively owned by this code unit Explicit scoping to catch hidden data flows at compile time (e.g., file-level static ) How many code/data units exist in binaries? ELF sections (semantically different contiguous memory areas) -- about 30 in executable, could be > 70 in shared libs
9 Special Relationships A lot of information about which code units own which data units.init &.fini with.ctors and.dtors.plt with.got (and other runtime linking and relocation relationships).o file-scope relationships Heap management code with heap (meta)data
10 Lost at runtime...and when the little sections woke up, it was Runtime, and no one could tell them apart, and no one cared about how special they were, or about their special relationships
11 SegSlice model ELF executable image is divided into OS- and user-defined (GCC s _section pragma) slices CPL2 virtualizes user-level program segments Not optimal w.r.t. x86 32bit, but virtualization support on x86 started out much worse A full lattice of code-date units relations can be implemented (as in Bell-LaPadula or Biba)
12 Developers wanted! SegSlice extends explicit data-flow controls from the source code through ELF to loadable binary image Loaded image is instrumented with traps, incurring least performance loss x86 segmentation can be RE-optimized to avoid these losses Integrates naturally with TCG platforms: lattice violations cause TPM PCR ops, remeasuring and/or clearing PCRs
13 Thanks!
CSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More information2018/04/11 00:10 1/6 NuttX Protected Build
2018/04/11 00:10 1/6 NuttX Protected Build NuttX Protected Build The Traditional "Flat" Build The traditional NuttX build is a flat build. By flat, I mean that when you build NuttX, you end up with a single
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
More informationSystems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees
Trustworthy Computing s View -- Current Trent Jaeger February 18, 2004 Process 1 Web server Process 2 Mail server Process 3 Java VM Operating Hardware (CPU, MMU, I/O devices) s View -- Target TC Advantages
More informationShreds: S H R E. Fine-grained Execution Units with Private Memory. Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu D S
Shreds: S H R E D S Fine-grained Execution Units with Private Memory Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu RiS3 Lab / Computer Science / Stony Brook University 1 Execution Units
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017 Roadmap: Trusted Computing Motivation
More informationOperating Systems. 09. Memory Management Part 1. Paul Krzyzanowski. Rutgers University. Spring 2015
Operating Systems 09. Memory Management Part 1 Paul Krzyzanowski Rutgers University Spring 2015 March 9, 2015 2014-2015 Paul Krzyzanowski 1 CPU Access to Memory The CPU reads instructions and reads/write
More information12: Memory Management
12: Memory Management Mark Handley Address Binding Program goes through multiple steps from compilation to execution. At some stage, addresses in the program must be bound to physical memory addresses:
More informationVirtual Memory. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Virtual Memory Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu SSE3044: Operating Systems, Fall 2017, Jinkyu Jeong (jinkyu@skku.edu) Virtual Memory:
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 Reference Monitor Observes execution of the program/process At what level? Possibilities:
More informationReal-World Buffer Overflow Protection in User & Kernel Space
Real-World Buffer Overflow Protection in User & Kernel Space Michael Dalton, Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University http://raksha.stanford.edu 1 Motivation Buffer
More informationNew Directions for Hardware-assisted Trusted Computing Policies (Position Paper)
New Directions for Hardware-assisted Trusted Computing Policies (Position Paper) Sergey Bratus Michael E. Locasto Ashwin Ramaswamy Sean W. Smith Dartmouth College Hanover, New Hampshire August 27, 2008
More informationIndex. object lifetimes, and ownership, use after change by an alias errors, use after drop errors, BTreeMap, 309
A Arithmetic operation floating-point arithmetic, 11 12 integer numbers, 9 11 Arrays, 97 copying, 59 60 creation, 48 elements, 48 empty arrays and vectors, 57 58 executable program, 49 expressions, 48
More informationAdministrivia. Lab 1 due Friday 12pm. We give will give short extensions to groups that run into trouble. But us:
Administrivia Lab 1 due Friday 12pm. We give will give short extensions to groups that run into trouble. But email us: - How much is done & left? - How much longer do you need? Attend section Friday at
More informationDecoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor
Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan, Michael Dalton, Christos Kozyrakis Computer Systems Laboratory Stanford University Motivation Dynamic analysis help
More informationMatching Logic A New Program Verification Approach
Matching Logic A New Program Verification Approach Grigore Rosu and Andrei Stefanescu University of Illinois at Urbana-Champaign (work started in 2009 with Wolfram Schulte at MSR) Usable Verification Relatively
More informationSafeBricks: Shielding Network Functions in the Cloud
SafeBricks: Shielding Network Functions in the Cloud Rishabh Poddar, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley Network Functions (NFs) in the cloud Clients 2 Enterprise Destination Network
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationIntroduction to Programming Using Java (98-388)
Introduction to Programming Using Java (98-388) Understand Java fundamentals Describe the use of main in a Java application Signature of main, why it is static; how to consume an instance of your own class;
More informationELFbac: Using the Loader Format for Intent-Level Semantics and Fine-Grained Protection
Submitted for publication. Author Copy - do not redistribute. ELFbac: Using the Loader Format for Intent-Level Semantics and Fine-Grained Protection Julian Bangert, Sergey Bratus, Rebecca Shapiro, Michael
More informationChapter 8 Memory Management
Chapter 8 Memory Management Da-Wei Chang CSIE.NCKU Source: Abraham Silberschatz, Peter B. Galvin, and Greg Gagne, "Operating System Concepts", 9th Edition, Wiley. 1 Outline Background Swapping Contiguous
More informationMemory Allocation. Copyright : University of Illinois CS 241 Staff 1
Memory Allocation Copyright : University of Illinois CS 241 Staff 1 Recap: Virtual Addresses A virtual address is a memory address that a process uses to access its own memory Virtual address actual physical
More informationRecap: Memory Management
, 4/13/2018 EE445M/EE360L.12 Embedded and Real-Time Systems/ Real-Time Operating Systems : Memory Protection, Virtual Memory, Paging References: T. Anderson, M. Dahlin, Operating Systems: Principles and
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationExtensibility, Safety, and Performance in the Spin Operating System
Extensibility, Safety, and Performance in the Spin Operating System Brian Bershad, Steven Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc Fiuczynski, David Becker, Craig Chambers, and Susan Eggers Department
More information8.3 Mandatory Flow Control Models
8.3 Mandatory Flow Control Models Mingsen Xu Advanced Operating System 2011-10-26 Outline Mandatory Flow Control Models - Information Flow Control - Lattice Model - Multilevel Security Model - Bell-Lapadula
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationFlicker: An Execution Infrastructure for TCB Minimization
Flicker: An Execution Infrastructure for TCB Minimization Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Hiroshi Isozaki (EuroSys 08) Presented by: Tianyuan Liu Oct 31, 2017 Outline Motivation
More informationGoals of Memory Management
Memory Management Goals of Memory Management Allocate available memory efficiently to multiple processes Main functions Allocate memory to processes when needed Keep track of what memory is used and what
More informationSections are Types, Linking is Policy: Using the Loader Format for Expressing Programmer Intent
Sections are Types, Linking is Policy: Using the Loader Format for Expressing Programmer Intent Julian Bangert, Sergey Bratus, Rebecca Shapiro, Jason Reeves, Sean W. Smith, Anna Shubina Dartmouth College
More informationAdvanced Systems Security: Securing Commercial Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationTopics in Systems and Program Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and
More informationProblem System administration tasks on a VM from the outside, e.g., issue administrative commands such as hostname and rmmod. One step ahead tradition
EXTERIOR: Using a Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery ACM VEE 13 Problem System administration tasks on a VM from the outside, e.g., issue administrative
More information16 Sharing Main Memory Segmentation and Paging
Operating Systems 64 16 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationResearch on the Novel and Efficient Mechanism of Exception Handling Techniques for Java. Xiaoqing Lv 1 1 huihua College Of Hebei Normal University,
International Conference on Informatization in Education, Management and Business (IEMB 2015) Research on the Novel and Efficient Mechanism of Exception Handling Techniques for Java Xiaoqing Lv 1 1 huihua
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationIntel s s Security Vision for Xen
Intel s s Security Vision for Xen Carlos Rozas Intel Corporation Xen Summit April 7-8, 7 2005 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More informationChapter 6: Integrity Policies
Chapter 6: Integrity Policies Overview Requirements Biba s models Clark-Wilson model Slide #6-1 Overview Requirements Very different than confidentiality policies Biba s model Clark-Wilson model Slide
More informationC++ for System Developers with Design Pattern
C++ for System Developers with Design Pattern Introduction: This course introduces the C++ language for use on real time and embedded applications. The first part of the course focuses on the language
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationCOS 318: Operating Systems
COS 318: Operating Systems Overview Kai Li Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Important Times Lectures 9/20 Lecture is here Other lectures in
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationMay 1: Integrity Models
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models
More informationCSE 303: Concepts and Tools for Software Development
CSE 303: Concepts and Tools for Software Development Hal Perkins Winter 2009 Lecture 7 Introduction to C: The C-Level of Abstraction CSE 303 Winter 2009, Lecture 7 1 Welcome to C Compared to Java, in rough
More information15 Sharing Main Memory Segmentation and Paging
Operating Systems 58 15 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More informationProgramming in C and C++
Programming in C and C++ Types, Variables, Expressions and Statements Neel Krishnaswami and Alan Mycroft Course Structure Basics of C: Types, variables, expressions and statements Functions, compilation
More informationCS 471 Operating Systems. Yue Cheng. George Mason University Fall 2017
CS 471 Operating Systems Yue Cheng George Mason University Fall 2017 Review: Segmentation 2 Virtual Memory Accesses o Approaches: Static Relocation Dynamic Relocation Base Base-and-Bounds Segmentation
More informationIntroduction to Operating Systems. Chapter Chapter
Introduction to Operating Systems Chapter 1 1.3 Chapter 1.5 1.9 Learning Outcomes High-level understand what is an operating system and the role it plays A high-level understanding of the structure of
More informationInline Reference Monitoring Techniques
Inline Reference Monitoring Techniques In the last lecture, we started talking about Inline Reference Monitors. The idea is that the policy enforcement code runs with the same address space as the code
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationRepeatable execution and why operating systems should support it
1 Repeatable execution and why operating systems should support it (... maybe) Stephen Kell stephen.kell@cl.cam.ac.uk Computer Laboratory University of Cambridge Repeatable execution: what and why? 2 $./meaning
More informationRuntime Integrity Checking for Exploit Mitigation on Embedded Devices
Runtime Integrity Checking for Exploit Mitigation on Embedded Devices Matthias Neugschwandtner IBM Research, Zurich eug@zurich.ibm.com Collin Mulliner Northeastern University, Boston collin@mulliner.org
More informationCS 550 Operating Systems Spring Memory Management: Paging
CS 550 Operating Systems Spring 2018 Memory Management: Paging 1 Recap: Memory Management Ideally programmers want memory that is large fast non volatile Memory hierarchy small amount of fast, expensive
More information* What are the different states for a task in an OS?
* Kernel, Services, Libraries, Application: define the 4 terms, and their roles. The kernel is a computer program that manages input/output requests from software, and translates them into data processing
More informationPage 1. Goals for Today" Virtualizing Resources" Important Aspects of Memory Multiplexing" CS162 Operating Systems and Systems Programming Lecture 20
Goals for Today" CS162 Operating Systems and Systems Programming Lecture 20 Address Translation" November 7, 2011 Anthony D. Joseph and Ion Stoica http://inst.eecs.berkeley.edu/~cs162 Address Translation
More informationMain Memory. ICS332 Operating Systems
Main Memory ICS332 Operating Systems Main Memory The OS must manage main memory because it manages processes that share main memory Main memory: A large array of bytes (words), each with its own address
More informationMemory Management. Frédéric Haziza Spring Department of Computer Systems Uppsala University
Memory Management Frédéric Haziza Department of Computer Systems Uppsala University Spring 2008 Operating Systems Process Management Memory Management Storage Management Compilers Compiling
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
More informationPastures: Towards Usable Security Policy Engineering
Pastures: Towards Usable Security Policy Engineering Institute for Security Technology Studies Department of Computer Science Dartmouth College A practitioner s look at the field Powerful formalisms exist:
More informationA new Distributed Security Model for Linux Clusters
A new Distributed Security Model for Linux Clusters Makan.Pourzandi@Ericsson.Com Open Systems Lab Montréal Canada June, 2004 Rev PA1 07/05/04 1 Outline Context Distributed Security Distributed Access Control
More informationAutoscopy Jr.: Intrusion Detec3on for Embedded Control Systems
Autoscopy Jr.: Intrusion Detec3on for Embedded Control Systems Jason Reeves, Ashwin Ramaswamy, Michael Locasto, Sergey Bratus, and Sean Smith CSRS 2011 Dartmouth College September 24, 2011 1 Outline Mo3va3on
More informationIntroduction to Programming (Java) 2/12
Introduction to Programming (Java) 2/12 Michal Krátký Department of Computer Science Technical University of Ostrava Introduction to Programming (Java) 2008/2009 c 2006 2008 Michal Krátký Introduction
More informationThe Evolution of Secure Operating Systems
The Evolution of Secure Operating Systems Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University 1 Operating Systems
More informationIntegrity Policies. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Integrity Policies Murat Kantarcioglu Requirements of Policies for Commercial Applications [Lipner 1982] 1. Users will not write their own
More informationProtection. - Programmers typically assume machine has enough memory - Sum of sizes of all processes often greater than physical memory 1 / 36
Want processes to co-exist Issues in sharing physical memory rotection - A bug in one process can corrupt memory in another - Must somehow prevent process A from trashing B s memory - Also prevent A from
More informationVirtual Memory. Kevin Webb Swarthmore College March 8, 2018
irtual Memory Kevin Webb Swarthmore College March 8, 2018 Today s Goals Describe the mechanisms behind address translation. Analyze the performance of address translation alternatives. Explore page replacement
More informationMemory Management. Memory
Memory Management These slides are created by Dr. Huang of George Mason University. Students registered in Dr. Huang s courses at GMU can make a single machine readable copy and print a single copy of
More informationI Don't Want to Sleep Tonight:
I Don't Want to Sleep Tonight: Subverting Intel TXT with S3 Sleep Seunghun Han, Jun-Hyeok Park (hanseunghun parkparkqw)@nsr.re.kr Wook Shin, Junghwan Kang, HyoungChun Kim (wshin ultract khche)@nsr.re.kr
More informationCompiler, Assembler, and Linker
Compiler, Assembler, and Linker Minsoo Ryu Department of Computer Science and Engineering Hanyang University msryu@hanyang.ac.kr What is a Compilation? Preprocessor Compiler Assembler Linker Loader Contents
More informationOperating Systems. Memory Management. Lecture 9 Michael O Boyle
Operating Systems Memory Management Lecture 9 Michael O Boyle 1 Memory Management Background Logical/Virtual Address Space vs Physical Address Space Swapping Contiguous Memory Allocation Segmentation Goals
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationPortland State University ECE 587/687. Virtual Memory and Virtualization
Portland State University ECE 587/687 Virtual Memory and Virtualization Copyright by Alaa Alameldeen and Zeshan Chishti, 2015 Virtual Memory A layer of abstraction between applications and hardware Programs
More informationMemory management. Last modified: Adaptation of Silberschatz, Galvin, Gagne slides for the textbook Applied Operating Systems Concepts
Memory management Last modified: 26.04.2016 1 Contents Background Logical and physical address spaces; address binding Overlaying, swapping Contiguous Memory Allocation Segmentation Paging Structure of
More informationToday: Computer System Overview (Stallings, chapter ) Next: Operating System Overview (Stallings, chapter ,
Lecture Topics Today: Computer System Overview (Stallings, chapter 1.1-1.8) Next: Operating System Overview (Stallings, chapter 2.1-2.4, 2.8-2.10) 1 Announcements Syllabus and calendar available Consulting
More informationChapter 8: Main Memory
Chapter 8: Main Memory Chapter 8: Memory Management Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel 32 and 64-bit Architectures Example:
More informationCSCE Introduction to Computer Systems Spring 2019
CSCE 313-200 Introduction to Computer Systems Spring 2019 Processes Dmitri Loguinov Texas A&M University January 24, 2019 1 Chapter 3: Roadmap 3.1 What is a process? 3.2 Process states 3.3 Process description
More informationCSE 237B Fall 2009 Virtualization, Security and RTOS. Rajesh Gupta Computer Science and Engineering University of California, San Diego.
CSE 237B Fall 2009 Virtualization, Security and RTOS Rajesh Gupta Computer Science and Engineering University of California, San Diego. Overview What is virtualization? Types of virtualization and VMs
More information[07] SEGMENTATION 1. 1
[07] SEGMENTATION 1. 1 OUTLINE Segmentation An Alternative to Paging Implementing Segments Segment Table Lookup Algorithm Protection and Sharing Sharing Subtleties External Fragmentation Segmentation vs
More informationHigh-Level Language VMs
High-Level Language VMs Outline Motivation What is the need for HLL VMs? How are these different from System or Process VMs? Approach to HLL VMs Evolutionary history Pascal P-code Object oriented HLL VMs
More informationOS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.
Virtualization Basics Motivation OS Virtualization CSC 456 Final Presentation Brandon D. Shroyer Types of Virtualization Process virtualization (Java) System virtualization (classic, hosted) Emulation
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationIntroduction to Operating. Chapter Chapter
Introduction to Operating Systems Chapter 1 1.3 Chapter 1.5 1.9 Learning Outcomes High-level understand what is an operating system and the role it plays A high-level understanding of the structure of
More informationSeparating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington
Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems Robert Grimm University of Washington Extensions Added to running system Interact through low-latency interfaces Form
More informationTrusted Computing and O/S Security. Aggelos Kiayias Justin Neumann
Trusted Computing and O/S Security Aggelos Kiayias Justin Neumann O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each layer may try to verify the outer layer
More informationApplications of Attestation:
Lecture Secure, Trusted and Trustworthy Computing : IMA and TNC Prof. Dr. Ing. Ahmad Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2011/2012 1 Roadmap: TC
More informationCS241 Computer Organization Spring Data Alignment
CS241 Computer Organization Spring 2015 Data Alignment 3-26 2015 Outline! Data Alignment! C: pointers to functions! Memory Layout Read: CS:APP2 Chapter 3, sections 3.8-3.9 Quiz next Thursday, April 2nd
More informationRuntime Defenses against Memory Corruption
CS 380S Runtime Defenses against Memory Corruption Vitaly Shmatikov slide 1 Reading Assignment Cowan et al. Buffer overflows: Attacks and defenses for the vulnerability of the decade (DISCEX 2000). Avijit,
More informationChapter 8: Memory-Management Strategies
Chapter 8: Memory-Management Strategies Chapter 8: Memory Management Strategies Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel 32 and
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationChapter 8 Main Memory
COP 4610: Introduction to Operating Systems (Spring 2014) Chapter 8 Main Memory Zhi Wang Florida State University Contents Background Swapping Contiguous memory allocation Paging Segmentation OS examples
More informationHardware Enforcement of Application Security Policies Using Tagged Memory
Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich, Hari Kannan, Michael Dalton, and Christos Kozyrakis MIT Stanford University ABSTRACT Computers are notoriously
More information