Systems Security Research in SIIS Lab

Transcription

1 Systems and Internet Infrastructure Security (SIIS) Laboratory 1 Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Systems Security Research in SIIS Lab Trent Jaeger Penn State University, SIIS Lab, CSE Dept. Network and Security Research Center Industry Day October 8, 2008

2 Systems and Internet Infrastructure Security (SIIS) Laboratory 2 SIIS Laboratory ( Faculty Prof. Trent Jaeger (tjaeger@cse.psu.edu)\, Co-director operating systems security, policy design and analysis, source code analysis Prof. Patrick McDaniel (mcdaniel@cse.psu.edu), Co-director network security, security modeling, critical infrastructure, security-typed languages, formal security policy Prof. Adam Smith (asmith@cse.psu.edu) cryptography, algorithms, privacy-preserving computation Funding: National Science Foundation Ongoing Projects: Secure Storage Systems Army Research Office/DOD DTO/IARPA CISCO, Raytheon (NSRC) Motorola (SERC), Samsung IBM Research, AT&T Language Based Security Systems and VM Security Telecommunications Security Cryptography Privacy-preserving Computing Students (Over 20 graduate students) Factoids: Established September 2004, Location IST Building - contact siislab@cse.psu.edu

3 Operating System Security Systems and Internet Infrastructure Security (SIIS) Laboratory 3

4 Systems and Internet Infrastructure Security (SIIS) Laboratory 4 Security Enforcement Appl Appl Appl Operating Systems Virtual Machine Monitors Network

5 Ensuring Security Goals Despite all the policies, we still lack comprehensive security goal enforcement How do we construct a secure system rather than a secure-able system? Deploy applications that enforce system security goals Build VM system environment that enforces system goals Build integrity-verifiable distributed computations We have a number of related projects that focus on how to build systems that ensure security Systems and Internet Infrastructure Security (SIIS) Laboratory 5

6 Systems and Internet Infrastructure Security (SIIS) Laboratory 6 App Deployment Goal Build App Package Build Apps that ensure enforcement of security policy Deploy to Enforce Goals Run the App SELinux System Deploy apps such that they enforce system security goals

7 Systems and Internet Infrastructure Security (SIIS) Laboratory 7 Mobile Phone Projects Many applications are trusted to enforce system policy E.g., logrotate, telephony servers, samba, browsers, etc Ensure that mobile phone services enforce system policy

8 Systems and Internet Infrastructure Security (SIIS) Laboratory 8 STL Development Projects Security-typed language compilation verifies that programs enforce a policy Using security-typed languages (e.g., Jif Java extension) Can't tell what caused a policy (information flow) error Can't tell what error reports represent real errors and which do not Can't tell where to fix legitimate errors We have tools for solving each problem Goal: better tools to help developers convert their programs to information-flow secure

9 Systems and Internet Infrastructure Security (SIIS) Laboratory 9 Compliance Project Build App Package Compose compliant app policy with system automatically Extract Package Protectio n Verify Package Protectio n Compose App w/ System Verify App Complianc e Run the App SELinux System Deploy apps that enforce system security goals on any system

10 Systems and Internet Infrastructure Security (SIIS) Laboratory 10 Virtual Machine Systems Opportunity to leverage isolation among systems Isolate key applications in VMs E.g., Secure browsing Secrecy: Web application uses secret and public info w/o leakage Integrity: Web application uses low integrity info w/o to dependence How do we use VM isolation to achieve these goals? How are VMs created and administered?

11 Systems and Internet Infrastructure Security (SIIS) Laboratory 11 FlowwolF Browsing (1) User/browser requests URL (2) Browser asks system for label of URL (3) Browser creates socket channel for this label (4) If request is denied, browser may request a new window (browser VM) for that request (5) System authorizes network communication to

12 Systems and Internet Infrastructure Security (SIIS) Laboratory 12 FlowwolF VM Services To ensure enforcement of administrative domain security goals Browser Target VM Compos e VMM 2 Complianc e Labeling Server 5 Server

13 Systems and Internet Infrastructure Security (SIIS) Laboratory 13 Shamon Project Shared Reference Monitor (Shamon) Coherent enforcement across multiple physical platforms Single mandatory access control (MAC) policy Meet Reference Monitor Guarantees: tamperproof (detectable), complete mediation, verifiability Hypervisor + MAC Manager Shamon for all VMs ACM Hypervisor + MAC Manager ACM

14 Systems and Internet Infrastructure Security (SIIS) Laboratory 14 Integrity-Verified Systems Use Hardware-Based Integrity Measurement to Justify Shamon System Integrity Define secure approach Current approaches are complex, incomplete, unscalable We provide a VMM-based foundation of integrity (score) We define a VM-based framework for simplifying attestation We enable high performance VM processing using attestation (asynchronous attestation) We are defining a logic of distributed integrity verification to enable effective, scalable distribution computing

15 Systems and Internet Infrastructure Security (SIIS) Laboratory 15 Integrity Verification Asynch VM Attestation VM Foundation VM Verifier Integrity/Enforcement Foundation Shamon Core

16 Systems and Internet Infrastructure Security (SIIS) Laboratory 16 Questions Penn State SIIS Lab: Papers David H. King, Trent Jaeger, Somesh Jha, and Sanjit Seshia. Effective blame for information-flow violations. In Proceedings of the Sixteenth ACM SIGSOFT International Symposium on Foundations of Software Engineering, November Sandra Rueda, Yogesh Sreenivasan, and Trent Jaeger. Flexible security configuration for virtual machines. In Proceedings of the 2 nd Computer Security Architecture Workshop, October Sandra Rueda, David H. King, and Trent Jaeger. Verifying compliance of trusted programs. In Proceedings of the 17 th USENIX Security Symposium, August Divya Muthukumaran, Anuj Sawani, Joshua Schiffman, Brian M. Jung, and Trent Jaeger. Measuring integrity on mobile phone systems. In Proceedings of the 13th Symposium on Access Control Models and Technologies (SACMAT), June Joshua Schiffman, Thomas Moyer, Hayawardh Vijayakumar, Patrick McDaniel and Trent Jaeger. Verifying Virtual Machine Integrity by Proxy. September In submission.

17 Systems and Internet Infrastructure Security (SIIS) Laboratory 17 Questions More Papers Luke St. Clair, Joshua Schiffman, Trent Jaeger, and Patrick McDaniel. Establishing and sustaining system integrity via root of trust installation. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC), December Boniface Hicks, Sandra Rueda, Trent Jaeger, Patrick McDaniel. From trusted to secure: Building and executing applications that enforce system security. In Proceedings of the 2007 USENIX Annual Technical Conference, June Boniface Hicks, Sandra Rueda, Luke St. Clair, Trent Jaeger, Patrick McDaniel. A logical specification and analysis for SELinux MLS. In Proceedings of the 12 th ACM Symposium on Access Control Models and Technologies. June Divya Muthukumaran, Mohamed Hassan, Vikhyath Rao and Trent Jaeger..Protecting Telephony Services in Mobile Phones. Technical Report NAS-TR , Networking and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, September Thomas Moyer, Kevin Butler, Joshua Schiffman, Patrick McDaniel, and Trent Jaeger. Scalable Asynchronous Web Content Attestation. Technical Report NAS-TR , Networking and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, September 2008.