An External Integrity Checker for Increasing Security of Open Source Operating Systems
|
|
- Morgan Robbins
- 6 years ago
- Views:
Transcription
1 An External Integrity Checker for Increasing Security of Open Source Operating Systems Hiromasa Shimada, Tsung-Han Lin, Ning Li Distributed and Ubiquitous Computing Lab., Waseda University, Japan
2 Background! There are a lot of OSS in the Linux platform.! Linux is also one of the OSS! They tend to be so huge source code! Linux has 34,563 files and involves 10,431,249 LOC (3.4.0)! Can we make them without bugs by hand?! No, we cannot.
3 How to handle the bugs! One solution is to verify the software to remove bugs! There are a lot of research of formal verifications.! But most of them cannot handle the OS.! A number of states to be verified is not feasible.! Some of research handle the OSes! But they target a specified OS and the part of it.! Only way that we can do for bugs is to apply patches.
4 Integrity Checker! In order to enhance security, the integrity checkers are often used.! Attackers invade the system via the software vulnerabilities.! They often insert rootkits into they system to assist their manipulations.! The integrity checkers can detect the infections of rootkits
5 Specifications! Integrity checkers require specifications to check the kernel.! How to define the correct properties for the integrity checkers?! Most of them are defined by hand.! It requires a lot of engineering cost.! How to verify that the properties are correct?
6 Our Solution! We provide an integrity checker that is generated automatically.! It runs outside from the target OS using a hypervisor.! against cross domain attack! It checks kernel data structures of the target OS
7 System Design
8 Building The Integrity Checker! We need 4 steps to generate the integrity checker.! Make a tracer program! Execute the tracer and obtain the actual kernel data structures.! Analyze the result and generate invariants.! Make the integrity checker
9 Building A Tracer Program! Tracer program obtain actual kernel data of the target kernel.! The tracer runs with Linux at the same time.
10 To get preprocessed files! We modified $LINUX_DIR/scripts/Makefile.build! We cannot use --save-temps option! Using this option saves all of preprocessed files in the current directory.! gcc 4.5 supports to save them in the same directory with object files.! Add a below line in the file cmd_cc_o_c +=; $(CC) $(c_flags) E o $(patsubst %.o,%.i,$@) $<
11 Analyzing Linux Source Codes! We use Haskell and Language.C library to parse Linux source codes.! Environment! python 2.6! ghc ! language.c ! scons 2.0.0
12 Abstracting kernel data structures! In order to make a header file to build a tracer, we have to abstract definitions of kernel data structures from all of the source codes.! global variables! typedef! struct! union
13 How to obtain kernel data structures! Making the tracer is below steps! Make functions to traverse each kernel data structures! Map symbol names in System.map and global variables to get types of the variable and call the functions! Obtained data! Primitive type: actual data! Structure type: pointer address and field! Pointer type: pointer address and actual data
14 Invariants! Our tool generates invariants of the kernel data structures using daikon tool! Daikon requires declared file and traced file! declared file: definitions of target data structures! traced file: obtained data! Example simple_dir_operations.read == proc_root.proc_fops.read! Our tool parses the invariants and generate the integrity checker
15 Applying Integrity Checker! Platform setup! Basic Platform: hypervisor system! Integrity Checker Protection: Secure Pager! Hypervisor: SPUMONE! Secure Pager: using local memory
16 SPUMONE! SH4A architecture! Co-kernel approach! Dedicated device management! Para-virtualization! Small modifications! Distributed design! Per-CPU image
17 Interrupt Virtualization Register Setting - INT2PRI0 ~ INT2PRI7
18 Interrupt Delivery Mechanism
19 Traditional Hypervisor v.s. SPUMONE GPOS RTOS GPOS RTOS Traditional Hypervisor Core 1 Core 2 Core 3 Core 4 SPUMONE SPUMONE SPUMONE SPUMONE Core 1 Core 2 Core 3 Core 4! Single hypervisor Image! Straightforward! Managing! Communication! Distributed design! Risk Diversification! Reliability enhancement! Shared memory communication
20 Protection of the integrity checker! A typical scene.! Without the protection, the Guest OS may attack the integrity checker to invalid the monitoring function.
21 Isolation based on Local memory! Local memory (small size) is a programmable region and can not be accessed by other cores.
22 Basic Architecture! Secure pager is used to extend the size of the local memory virtually.
23 Secure Pager! Xv6: a simple OS to run the integrity checker.! Secure pager verifies the integrity of the xv6 s pages when loading them into local memory.
24 Summary Increasing security using an external integrity checker generated automatically Applying integrity checker Based on hypervisor environment Protected by Secure Pager
Composition Kernel: A Multi-core Processor Virtualization Layer for Rich Functional Smart Products
Composition Kernel: A Multi-core Processor Virtualization Layer for Rich Functional Smart Products Tatsuo Nakajima, Yuki Kinebuchi, Alexandre Courbot, Hiromasa Shimada, Tsung-Han Lin, and Hitoshi Mitake
More informationTowards Co-existing of Linux and Real-Time OSes
Towards Co-existing of Linux and Real-Time OSes Hitoshi Mitake, Tsung-Han Lin, Hiromasa Shimada, Yuki Kinebuchi, Ning Li, Tatsuo Nakajima Department of Computer Science and Engineering, Waseda University
More informationSecurity versus Energy Tradeoffs in Host-Based Mobile Malware Detection
Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection Jeffrey Bickford *, H. Andrés Lagar-Cavilla #, Alexander Varshavsky #, Vinod Ganapathy *, and Liviu Iftode * * Rutgers University
More informationHyperkernel: Push-Button Verification of an OS Kernel
Hyperkernel: Push-Button Verification of an OS Kernel Luke Nelson, Helgi Sigurbjarnarson, Kaiyuan Zhang, Dylan Johnson, James Bornholt, Emina Torlak, and Xi Wang The OS Kernel is a critical component Essential
More informationCS 326 Operating Systems C Programming. Greg Benson Department of Computer Science University of San Francisco
CS 326 Operating Systems C Programming Greg Benson Department of Computer Science University of San Francisco Why C? Fast (good optimizing compilers) Not too high-level (Java, Python, Lisp) Not too low-level
More informationToward Resilient Cloud Environment:
Toward Resilient Cloud Environment: Case for Virtual Machine Introspection Using Hardware Architectural Invariants Z. Kalbarczyk C. Pham, C. Di Martino, R. Iyer Coordinated Science Laboratory Department
More informationHypervisor security. Evgeny Yakovlev, DEFCON NN, 2017
Hypervisor security Evgeny Yakovlev, DEFCON NN, 2017 whoami Low-level development in C and C++ on x86 UEFI, virtualization, security Jetico, Kaspersky Lab QEMU/KVM developer at Virtuozzo 2 Agenda Why hypervisor
More informationVirtual Machine Introspection Bhushan Jain
Virtual Machine Introspection Bhushan Jain Computer Science Department Stony Brook University 1 Traditional Environment Operating System 2 Traditional Environment Process Descriptors Kernel Heap Operating
More informationDoctoral Thesis. Addressing Hybrid OS Environment Issues in the Embedded Virtualization Multicore Platform
Graduate School of Fundamental Science and Engineering Waseda University Doctoral Thesis Thesis Theme Addressing Hybrid OS Environment Issues in the Embedded Virtualization Multicore Platform (Applicant
More informationTowards a Practical, Verified Kernel
Towards a Practical, Verified Kernel Kevin Elphinstone and Gerwin Klein, National ICT Australia and the University of New South Wales Philip Derrin, National ICT Australia Timothy Roscoe, ETH Zürich Gernot
More informationFlicker: An Execution Infrastructure for TCB Minimization
Flicker: An Execution Infrastructure for TCB Minimization Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Hiroshi Isozaki (EuroSys 08) Presented by: Tianyuan Liu Oct 31, 2017 Outline Motivation
More informationOS DESIGN PATTERNS II. CS124 Operating Systems Fall , Lecture 4
OS DESIGN PATTERNS II CS124 Operating Systems Fall 2017-2018, Lecture 4 2 Last Time Began discussing general OS design patterns Simple structure (MS-DOS) Layered structure (The THE OS) Monolithic kernels
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationProtection. Thierry Sans
Protection Thierry Sans Protecting Programs How to lower the risk of a program security flaw resulting from a bug? 1. Build better programs 2. Build better operating systems Build Better Programs Why are
More informationUsing VMware Player 3.0 with USB Pocket Hard Drive For IT Curriculum
Using VMware Player 3.0 with USB Pocket Hard Drive For IT Curriculum Salient Features Virtual machines stored on the USB Portable Hard Drive can be carried from one computer to another as long as the same
More informationOperating System Structure
CSE325 Principles of Operating Systems Operating System Structure David Duggan dduggan@sandia.gov January 24, 2013 A View of Operating System Services 1/24/13 CSE325 - OS Structure 2 Operating System Design
More informationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
More informationChapter 5 C. Virtual machines
Chapter 5 C Virtual machines Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple guests Avoids security and reliability problems Aids sharing
More informationPrograms. Function main. C Refresher. CSCI 4061 Introduction to Operating Systems
Programs CSCI 4061 Introduction to Operating Systems C Program Structure Libraries and header files Compiling and building programs Executing and debugging Instructor: Abhishek Chandra Assume familiarity
More informationDesigning Systems for Push-Button Verification
Designing Systems for Push-Button Verification Luke Nelson, Helgi Sigurbjarnarson, Xi Wang Joint work with James Bornholt, Dylan Johnson, Arvind Krishnamurthy, EminaTorlak, Kaiyuan Zhang Formal verification
More informationVirtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader
Virtualization Device Emulator Testing Technology Speaker: Qinghao Tang Title 360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
More informationCSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
More informationIMPROVED KERNEL SECURITY THROUGH MEMORY LAYOUT RANDOMIZATION IPCCC 2013
IMPROVED KERNEL SECURITY THROUGH MEMORY LAYOUT RANDOMIZATION IPCCC 2013 Dannie M. Stanley Graduate Student Special thanks to my advisors: Professors Dongyan Xu and Eugene Spafford INTRODUCTION PROBLEM
More informationFormal methods for software security
Formal methods for software security Thomas Jensen, INRIA Forum "Méthodes formelles" Toulouse, 31 January 2017 Formal methods for software security Formal methods for software security Confidentiality
More informationSoftware Project. Lecturers: Ran Caneti, Gideon Dror Teaching assistants: Nathan Manor, Ben Riva
Software Project Lecturers: Ran Caneti, Gideon Dror Teaching assistants: Nathan Manor, Ben Riva Emails: (canetti/benriva)@post.tau.ac.il nathan.manor@gmail.com gideon@mta.ac.il http://www.cs.tau.ac.il/~roded/courses/soft-project10.html
More informationPRINCIPLES OF OPERATING SYSTEMS
PRINCIPLES OF OPERATING SYSTEMS Tutorial-1&2: C Review CPSC 457, Spring 2015 May 20-21, 2015 Department of Computer Science, University of Calgary Connecting to your VM Open a terminal (in your linux machine)
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationArsenal. Shadow-Box: Lightweight Hypervisor-Based Kernel Protector. Seunghun Han, Jungwhan Kang (hanseunghun
Arsenal Shadow-Box: Lightweight Hypervisor-Based Kernel Protector Seunghun Han, Jungwhan Kang (hanseunghun ultract)@nsr.re.kr Who are we? - Senior security researcher at NSR (National Security Research
More informationEmbedded Systems. 5. Operating Systems. Lothar Thiele. Computer Engineering and Networks Laboratory
Embedded Systems 5. Operating Systems Lothar Thiele Computer Engineering and Networks Laboratory Embedded Operating Systems 5 2 Embedded Operating System (OS) Why an operating system (OS) at all? Same
More informationAdvances in Linux process forensics with ECFS
Advances in Linux process forensics with ECFS Quick history Wanted to design a process snapshot format native to VMA Vudu http://www.bitlackeys.org/#vmavudu ECFS proved useful for other projects as well
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationLecture 3: O/S Organization. plan: O/S organization processes isolation
6.828 2012 Lecture 3: O/S Organization plan: O/S organization processes isolation topic: overall o/s design what should the main components be? what should the interfaces look like? why have an o/s at
More informationComputer Architecture Background
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 2b Computer Architecture Background Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical & Computer Engineering
More informationC Compilation Model. Comp-206 : Introduction to Software Systems Lecture 9. Alexandre Denault Computer Science McGill University Fall 2006
C Compilation Model Comp-206 : Introduction to Software Systems Lecture 9 Alexandre Denault Computer Science McGill University Fall 2006 Midterm Date: Thursday, October 19th, 2006 Time: from 16h00 to 17h30
More informationIntroduction. COMP /S2 Week Gernot Heiser UNSW/NICTA/OKL. Distributed under Creative Commons Attribution License 1
Introduction COMP9242 2008/S2 Week 1 2008 Gernot Heiser UNSW/NICTA/OKL. Distributed under Creative Commons Attribution License 1 Copyright Notice These slides are distributed under the Creative Commons
More informationTowards High Assurance Networks of Virtual Machines
Towards High Assurance Networks of Virtual Machines Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
More informationBack To The Future: A Radical Insecure Design of KVM on ARM
Back To The Future: A Radical Insecure Design of KVM on ARM Abstract In ARM, there are certain instructions that generate exceptions. Such instructions are typically executed to request a service from
More informationSupporting Operating System Kernel Data Disambiguation using Points-to Analysis
Supporting Operating System Kernel Data Disambiguation using Points-to Analysis Amani Ibriham, James Hamlyn-Harris, John Grundy & Mohamed Almorsy Center for Computing and Engineering Software Systems Swinburne
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationMalware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationIdentifying Security Critical Properties for the Dynamic Verification of a Processor
Identifying Security Critical Properties for the Dynamic Verification of a Processor Rui Zhang, Natalie Stanley, Christopher Griggs, Andrew Chi, Cynthia Sturton 04-12-2017, ASLOS XI AN CHINA 1 Processor
More informationARM CORTEX-R52. Target Audience: Engineers and technicians who develop SoCs and systems based on the ARM Cortex-R52 architecture.
ARM CORTEX-R52 Course Family: ARMv8-R Cortex-R CPU Target Audience: Engineers and technicians who develop SoCs and systems based on the ARM Cortex-R52 architecture. Duration: 4 days Prerequisites and related
More informationSecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity
SecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig Carnegie Mellon University Kernel rootkits Motivation Malware inserted into OS kernels Anti
More informationCSE 351, Spring 2010 Lab 7: Writing a Dynamic Storage Allocator Due: Thursday May 27, 11:59PM
CSE 351, Spring 2010 Lab 7: Writing a Dynamic Storage Allocator Due: Thursday May 27, 11:59PM 1 Instructions In this lab you will be writing a dynamic storage allocator for C programs, i.e., your own version
More informationImproving Linux Development with better tools. Andi Kleen. Oct 2013 Intel Corporation
Improving Linux Development with better tools Andi Kleen Oct 2013 Intel Corporation ak@linux.intel.com Linux complexity growing Source lines in Linux kernel All source code 16.5 16 15.5 M-LOC 15 14.5 14
More informationUsing a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles
Safety & Security for the Connected World Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles 16 th June 2015 Mark Pitchford, Technical Manager, EMEA Today
More informationThe Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
More informationCS 326: Operating Systems. Process Execution. Lecture 5
CS 326: Operating Systems Process Execution Lecture 5 Today s Schedule Process Creation Threads Limited Direct Execution Basic Scheduling 2/5/18 CS 326: Operating Systems 2 Today s Schedule Process Creation
More informationGerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish
Gerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish Thomas Sewell Harvey Tuch Simon Winwood 1 microkernel
More informationVirtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection
Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection Brendan Dolan-Gavitt *, Tim Leek, Michael Zhivich, Jonathon Giffin *, and Wenke Lee * * Georgia Institute of Technology MIT Lincoln
More informationImproving Linux development with better tools
Improving Linux development with better tools Andi Kleen Oct 2013 Intel Corporation ak@linux.intel.com Linux complexity growing Source lines in Linux kernel All source code 16.5 16 15.5 M-LOC 15 14.5 14
More informationCreating a Practical Security Architecture Based on sel4
Creating a Practical Security Architecture Based on sel4 Xinming (Simon) Ou University of South Florida (many slides borrowed/adapted from my student Daniel Wang) 1 Questions for sel4 Community Is there
More informationSFFT Documentation. Release 0.1. Jörn Schumacher
SFFT Documentation Release 0.1 Jörn Schumacher June 11, 2013 CONTENTS 1 Introduction 3 1.1 When Should I use the SFFT library?.................................. 3 1.2 Target Platform..............................................
More informationAlterna(ve Architectures
Alterna(ve Architectures COMS W4118 Prof. Kaustubh R. Joshi krj@cs.columbia.edu hep://www.cs.columbia.edu/~krj/os References: Opera(ng Systems Concepts (9e), Linux Kernel Development, previous W4118s Copyright
More informationScaling CQUAL to millions of lines of code and millions of users p.1
Scaling CQUAL to millions of lines of code and millions of users Jeff Foster, Rob Johnson, John Kodumal and David Wagner {jfoster,rtjohnso,jkodumal,daw}@cs.berkeley.edu. UC Berkeley Scaling CQUAL to millions
More informationMulti-Aspect Profiling of Kernel Rootkit Behavior
Multi-Aspect Profiling of Kernel Rootkit Behavior Ryan Riley, Xuxian Jiang, Dongyan Xu Purdue University, North Carolina State University EuroSys 2009 Nürnberg, Germany Rootkits Stealthy malware Hide attacker
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationWhat's New in CDT 7.0? dominique dot toupin at ericsson dot com
What's New in CDT 7.0? dominique dot toupin at ericsson dot com 23 committers Project Status Representing IDE vendors, consultants, and users Downloads continue to grow Galileo SR-1: 530,000! CDT / Linux
More informationConstructing and Verifying Cyber Physical Systems
Constructing and Verifying Cyber Physical Systems Mixed Criticality Scheduling and Real-Time Operating Systems Marcus Völp Overview Introduction Mathematical Foundations (Differential Equations and Laplace
More information15-213/18-213/15-513, Fall 2017 C Programming Lab: Assessing Your C Programming Skills
15-213/18-213/15-513, Fall 2017 C Programming Lab: Assessing Your C Programming Skills 1 Logistics Assigned: Tues., Aug. 29, 2017 Due: Thurs., Sept. 7, 11:59 pm Last possible hand in: Tues., Sept. 7, 11:59
More informationHardware assisted Virtualization in Embedded
Hardware assisted Virtualization in Embedded Tanveer Alam Platform Architect Embedded Virtualization Sponsored by: & Agenda Embedded Virtualization What is embedded? Embedded specific requirements Key
More informationVerification & Validation of Open Source
Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open
More informationLecture 09: VMs and VCS head in the clouds
Lecture 09: VMs and VCS head in the Hands-on Unix system administration DeCal 2012-10-29 1 / 20 Projects groups of four people submit one form per group with OCF usernames, proposed project ideas, and
More informationAvoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control
Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Völp, Adam Lackorzynski *, Jérémie Decouchant, Vincent Rahli, Francisco Rocha, and Paulo Esteves-Veríssimo University
More informationHyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
31 st IEEE Symposium on Security & Privacy, Oakland CA, May 16-19 2010 HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity Zhi Wang, Xuxian Jiang North Carolina State
More informationVirtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.
Virtualization...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania April 6, 2009 (CIS 399 Unix) Virtualization April 6, 2009 1 / 22 What
More informationVirtualizaton: One Size Does Not Fit All. Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software
Virtualizaton: One Size Does Not Fit All Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software Agenda Linux and Automotive Challenges Solution: Virtualization Linux Containers Best
More informationPangu 9 Internals. Tielei Wang and Hao Xu
Pangu 9 Internals Tielei Wang and Hao Xu Team Pangu Agenda ios Security Overview Pangu 9 Overview Userland Exploits Kernel Patching in Kernel Patch Protections Persistent Code Signing Bypass Conclusion
More informationHeterogeneous Software Architecture with OpenAMP
Heterogeneous Software Architecture with OpenAMP Shaun Purvis, Xilinx Agenda Heterogeneous SoCs Linux and OpenAMP OpenAMP for HSA Heterogeneous SoCs A System-on-Chip that integrates multiple processor
More informationTURNING (PAGE) TABLES
TURNING (PAGE) TABLES BYPASSING ADVANCED KERNEL MITIGATIONS USING PAGE TABLES MANIPULATIONS BSidesLV 2018 ENSILO.COM ABOUT US Omri Misgav Security Research Team Leader @ ensilo Reverse Engineering, OS
More informationReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay
ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay Or We Can Remember It for You Wholesale (with apologies to Philip K. Dick) George Dunlap, Sam King, SukruCinar, MurtazaBasraiand
More informationDocker 101 Workshop. Eric Smalling - Solution Architect, Docker
Docker 101 Workshop Eric Smalling - Solution Architect, Docker Inc. @ericsmalling Who Am I? Eric Smalling Solution Architect Docker Customer Success Team ~25 years in software development, architecture,
More informationKnut Omang Ifi/Oracle 20 Oct, Introduction to virtualization (Virtual machines) Aspects of network virtualization:
Software and hardware support for Network Virtualization part 2 Knut Omang Ifi/Oracle 20 Oct, 2015 32 Overview Introduction to virtualization (Virtual machines) Aspects of network virtualization: Virtual
More informationAn Operating System Architecture for Future Information Appliances
An Operating System Architecture for Future Information Appliances Tatsuo Nakajima Hiroo Ishikawa Yuki Kinebuchi Midori Sugaya Sun Lei Alexandre Courbot Andrej van der Zee Aleksi Aalto Kwon Ki Duk Department
More informationBUD17-301: KVM/ARM Nested Virtualization. Christoffer Dall
BUD17-301: KVM/ARM Nested Virtualization Christoffer Dall Nested Virtualization VM VM VM App App App App App VM App Hypervisor Hypervisor Hardware Terminology Nested VM VM Nested VM L2 App App App App
More informationSystem Wide Tracing User Need
System Wide Tracing User Need dominique toupin ericsson com April 2010 About me Developer Tool Manager at Ericsson, helping Ericsson sites to develop better software efficiently Background
More informationVirtual Machine Monitors!
ISA 673 Operating Systems Security Virtual Machine Monitors! Angelos Stavrou, George Mason University! Virtual Machine Monitors 2! Virtual Machine Monitors (VMMs) are everywhere! Industry commitment! Software:
More informationCS330: Operating System and Lab. (Spring 2006) I/O Systems
CS330: Operating System and Lab. (Spring 2006) I/O Systems Today s Topics Block device vs. Character device Direct I/O vs. Memory-mapped I/O Polling vs. Interrupts Programmed I/O vs. DMA Blocking vs. Non-blocking
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationThe Performance of µ-kernel-based Systems
Liedtke et al. presented by: Ryan O Connor October 7 th, 2009 Motivation By this time (1997) the OS research community had virtually abandoned research on pure µ-kernels. due primarily
More informationA+ Guide to Managing and Maintaining Your PC. How Hardware and Software Work Together
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 2 How Hardware and Software Work Together You Will Learn About operating systems, what they are, and what they do How an OS interfaces
More informationHigh Performance Computing and Programming, Lecture 3
High Performance Computing and Programming, Lecture 3 Memory usage and some other things Ali Dorostkar Division of Scientific Computing, Department of Information Technology, Uppsala University, Sweden
More informationCptS 360 (System Programming) Unit 2: Introduction to UNIX and Linux
CptS 360 (System Programming) Unit 2: Introduction to UNIX and Linux Bob Lewis School of Engineering and Applied Sciences Washington State University Spring, 2018 Motivation APIs have a history: Learn
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationlpengfei Ding & Chenfu Bao lsecurity Researcher & Baidu X-Lab lfocused on Mobile, IoT and Linux kernel security
lpengfei Ding & Chenfu Bao lsecurity Researcher & Developer @ Baidu X-Lab lfocused on Mobile, IoT and Linux kernel security l Introduction l Past Compat Vulnerabilities l Newly Identified Compat Vulnerabilities
More informationPush-button verification of Files Systems via Crash Refinement
Push-button verification of Files Systems via Crash Refinement Verification Primer Behavioral Specification and implementation are both programs Equivalence check proves the functional correctness Hoare
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationBrowser Security Guarantees through Formal Shim Verification
Browser Security Guarantees through Formal Shim Verification Dongseok Jang Zachary Tatlock Sorin Lerner UC San Diego Browsers: Critical Infrastructure Ubiquitous: many platforms, sensitive apps Vulnerable:
More informationVirtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Virtual Machines Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today's Topics History and benefits of virtual machines Virtual machine technologies
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More informationOverview of the OS. CS 450 : Operating Systems Michael Saelee
Overview of the OS CS 450 : Operating Systems Michael Saelee 1 Agenda - what is an operating system? - what are its main responsibilities? - how does it achieve them? - how is an operating
More informationVirtual RDMA devices. Parav Pandit Emulex Corporation
Virtual RDMA devices Parav Pandit Emulex Corporation Overview Virtual devices SR-IOV devices Mapped physical devices to guest VM (Multi Channel) Para virtualized devices Software based virtual devices
More informationAshish Gupta, Data JUET, Guna
Categories of data structures Data structures are categories in two classes 1. Linear data structure: - organized into sequential fashion - elements are attached one after another - easy to implement because
More informationThe Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA
The Remote Exploitation of Unaltered Passenger Vehicles Revisited 20 th October 2016 Mark Pitchford, Technical Manager, EMEA Today s hot topic A few years ago, Lynx presentations at events such as this
More informationMotivation was to facilitate development of systems software, especially OS development.
A History Lesson C Basics 1 Development of language by Dennis Ritchie at Bell Labs culminated in the C language in 1972. Motivation was to facilitate development of systems software, especially OS development.
More informationSpectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick
Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment Orin Thomas @orinthomas Jeff Melnick Jeff.Melnick@Netwrix.com In this session Vulnerability types Spectre Meltdown Spectre
More informationInitial Evaluation of a User-Level Device Driver Framework
Initial Evaluation of a User-Level Device Driver Framework Stefan Götz Karlsruhe University Germany sgoetz@ira.uka.de Kevin Elphinstone National ICT Australia University of New South Wales kevine@cse.unsw.edu.au
More information