Trusted Browsers for Uncertain Times
|
|
- Candace Hutchinson
- 6 years ago
- Views:
Transcription
1 Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego
2 Building a browser that can provably mitigate timing attacks
3 Trusted Browsers for Uncertain Times Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
4 Timing attacks Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
5 Browsers and timing attacks Browser has multiple privilege levels Browsers expose detailed information User secrets System secrets Origin secrets performance.now() getanimationframe() Browsers compute and communicate between levels
6 Timing attacks in web browsers SVG Filter cross-origin pixel stealing JavaScript cache timing attacks Fingerprinting History Sniffing
7 What is being done about it? - SVG attack
8 What is being done about it? - Cache attack
9 What is being done about it? - Cache attack
10 Unfortunately, this doesn t work.
11 Better clocks with edges Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
12 Rounding down the clock
13 Clock-edge technique
14 Clock-edge technique - performance.now()
15 Clock-edge technique - performance.now()
16 Implicit clocks in the browser Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
17 Implicit clocks - Techniques <video> frames Web Speech <video> played settimeout() CSS Animations WebVTT API XHRs with cooperating server
18 Implicit clocks - Techniques <video> frames Web Speech <video> played settimeout() CSS Animations WebVTT API XHRs with cooperating server Probably many many more!
19 Implicit clocks - WebVTT Subtitles for <video> elements Specified in a.vtt file WEBVTT 00:00: > 00:00: A very short duration subtitle Specifies arbitrary subtitles with 1ms granularity track.activecues returns all displayed subtitles
20 Implicit clocks - WebVTT
21 Implicit clocks - WebVTT and clock-edge
22 How to mitigate timing attacks Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
23 Degrade all clocks available to the attacker.
24 Fuzzy time for the VAX security kernel [A] collection of techniques that reduces the bandwidths of covert timing channels by making all clocks available to a process noisy. Reducing Timing Channels with Fuzzy Time Hu at Oakland 1991!
25 Covert channels Two clocks Modulated The channel Reference Wall clock, etc
26 Fuzzy time for the VAX security kernel VAX VMM Single thread per VM Clean VM interface All I/O is asynchronous
27 Fuzzy time - Problem Ineffective countermeasures to disk covert channel Cannot be closed Not auditable Added noise impractical No hardware solution Plenty of other potential shared buses
28 Fuzzy time - Solution reduce the accuracy and precision of system clocks randomly alter the timings of I/O operations
29 Fuzzy time - Solution Explicit clocks make the interval-timer interrupt random
30 Fuzzy time - Solution Explicit clocks make the interval-timer interrupt random
31 Fuzzy time - Solution Explicit clocks make the interval-timer interrupt random Implicit clocks [use] random clock ticks to make fuzzy the clocks derived from I/O operations Add new buffers for all I/O operations
32 Fuzzy time - Solution guarantees Degraded clocks Time granularity Limit the bandwidth g Bounded channel bandwidth For any timing covert channel ~
33 Fuzzy time - I/O queuing Currently queued Active Active Active Next queue Response queue
34 Fuzzy time - I/O queuing Currently queued Active Active Active Next queue Response queue
35 Fuzzy time - I/O queuing Currently queued Active Active Active Next queue Response queue
36 Fuzzy time - I/O queuing Response queue Currently queued Active Active Next queue
37 Fuzzy time - I/O queuing Response queue Currently queued Active Next queue
38 Fuzzy time - I/O queuing Response queue Currently queued Active Active Next queue Active
39 Fuzzy time - I/O queuing Response queue Currently queued Active Active Next queue Active
40 Fuzzy time - I/O queuing Response queue Currently queued Active Active Next queue Active
41 Fuzzy time - I/O queuing Response queue Currently queued Active Active Next queue Active
42 Fermata Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
43 Fermata - Why adapt fuzzy time? Degrade clocks Slow down attacks Verifiability Browsers are uniquely well suited
44 Fermata - Fuzzy time for browsers Adapt the VAX fuzzy time model to JS etc! Put all I/O operations into queues Make all the explicit clocks fuzzy Prove everything falls into a fuzzy time defense th t! i w ip t Bu Scr va a J
45 Fermata - Fuzzy time for browsers Adapt the VAX fuzzy time model to JS etc! Put all I/O operations into queues Make all the explicit clocks fuzzy Prove everything falls into a fuzzy time defense Change all DOM accesses to be asynchronous! th t! i w ip t Bu Scr va a J
46 Fuzzyfox Rationale and design Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
47 Why we didn t build Fermata 1. We didn t know if it would work 2. We didn t know what to start with 3. We want to push mitigations to real browsers
48 Fuzzyfox Patch set on trunk Mozilla Firefox Supports multiple clock granularities Tested 0.5ms to 100ms Fully fuzzes explicit clocks Breaks main thread into ticks Delays outgoing HTTP request start
49 Fuzzyfox - Main thread queuing Current queue Next queue
50 Fuzzyfox - Main thread queuing Current queue Active Next queue
51 Fuzzyfox - Main thread queuing Current queue Active Next queue
52 Fuzzyfox - Main thread queuing Current queue Active Next queue
53 Fuzzyfox - Main thread queuing Current queue Active Pause Next queue
54 Fuzzyfox - Main thread queuing Current queue Active Next queue Pause
55 Fuzzyfox - Main thread queuing Current queue Active Pause
56 Fuzzyfox - Main thread queuing Current queue Active Pause
57 Fuzzyfox - Main thread queuing Current queue Active Pause
58 Fuzzyfox - Main thread queuing Current queue Pause
59 Fuzzyfox - Main thread queuing Current queue Pause Pause
60 Fuzzyfox - Main thread queuing Current queue Pause Active Pause
61 Fuzzyfox - Main thread queuing Current queue Pause Active Pause
62 Fuzzyfox - Main thread queuing Queue 1 Pause Queue 2 Active Pause Queue 3
63 Fuzzyfox - Main thread queuing Current queue Epoch Pause Active Epoch Pause Epoch
64 Fuzzyfox - Main thread queuing Current queue Epoch Pause Active Epoch Pause Epoch
65 Fuzzyfox - Main thread queuing Sleep Update clocks Flush queues Schedule next pause Current queue Epoch Pause Active Epoch Pause Epoch
66 Fuzzyfox Effectiveness Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
67 Fuzzyfox - Effectiveness - Explicit - performance.now() Firefox Fuzzyfox
68 Fuzzyfox - Effectiveness - Implicit - WebVTT clock Firefox Fuzzyfox
69 Fuzzyfox Performance Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
70 Fuzzyfox - Performance Micro performance Macro performance Synthetic microbenchmark page load times Real website load times Interactivity User study
71 Fuzzyfox - Performance Micro performance Macro performance Synthetic microbenchmark page load times Real website load times Interactivity User study
72 Fuzzyfox - Performance - Micro benchmarks Page load times As reported by onload() Measured effects of Sequential resource loads Parallel resource loads
73 Fuzzyfox - Performance - Sequential loads
74 Fuzzyfox - Performance vs Tor Browser
75 Takeaways Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
76 Timing attacks Rounding clocks doesn t work Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
77 Fuzzy time Secure operating systems tech Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
78 Fermata A different design for the browser Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
79 Fuzzyfox Defenses that can work and that we can deploy Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
80 Takeaways This material is based upon work supported by the National Science Foundation and by a gift from Mozilla. We thank Kyle Huey, Patrick McManus, Eric Rescorla, and Martin Thomson at Mozilla for helpful discussions about this work, and for sharing their insights with us about Firefox internals. Time and web browsers Mitigating attacks A trusted browser A (less) trusted browser
81 Fuzzyfox - Effectiveness - Explicit - performance.now() Firefox Fuzzyfox
82 Fuzzyfox - Effectiveness - Implicit - WebVTT clock Firefox Fuzzyfox
83 Performance - Micro benchmarks - Sequential loads
84 Performance - Micro benchmarks - Tor Browser
85 Performance - Load times* - Google search
Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript
Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript Michael Schwarz, Clémentine Maurice, Daniel Gruss, Stefan Mangard Graz University of Technology April 2017
More informationOn the effectiveness of mitigations against floating-point timing channels. David Kohlbrenner Hovav Shacham UC San Diego
On the effectiveness of mitigations against floating-point timing channels David Kohlbrenner Hovav Shacham UC San Diego How effective are On the effectiveness of mitigations? against floating-point timing
More informationFrom bottom to top: Exploiting hardware side channels in web browsers
From bottom to top: Exploiting hardware side channels in web browsers Clémentine Maurice, Graz University of Technology July 4, 2017 RMLL, Saint-Étienne, France Rennes Graz Clémentine Maurice PhD since
More informationON SUBNORMAL FLOATING POINT AND ABNORMAL TIMING
ON SUBNORMAL FLOATING POINT AND ABNORMAL TIMING Marc Andrysco, David Kohlbrenner, Keaton Mowery, Ranjit Jhala, Sorin Lerner, and Hovav Shacham UC San Diego 2 3 LETS RUN SOME CODE Normal Floating Point
More informationJavaScript Zero. Real JavaScript and Zero Side-Channel Attacks. Michael Schwarz, Moritz Lipp, Daniel Gruss
JavaScript Zero Real JavaScript and Zero Side-Channel Attacks Michael Schwarz, Moritz Lipp, Daniel Gruss 20.02.2018 www.iaik.tugraz.at 1 Michael Schwarz, Moritz Lipp, Daniel Gruss www.iaik.tugraz.at Outline
More informationDeterministic Browser
Yinzhi Cao Lehigh University Bethlehem, PA yinzhi.cao@lehigh.edu Deterministic Browser Zhanhao Chen Lehigh University Bethlehem, PA zhc416@lehigh.edu ABSTRACT Song Li Lehigh University Bethlehem, PA sol315@lehigh.edu
More informationVirtual machines (e.g., VMware)
Case studies : Introduction to operating systems principles Abstraction Management of shared resources Indirection Concurrency Atomicity Protection Naming Security Reliability Scheduling Fairness Performance
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Fall 2016 Lecture 2 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 2 System I/O System I/O (Chap 13) Central
More informationShadow: Real Applications, Simulated Networks. Dr. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems
Shadow: Real Applications, Simulated Networks Dr. Rob Jansen Center for High Assurance Computer Systems Cyber Modeling and Simulation Technical Working Group Mark Center, Alexandria, VA October 25 th,
More informationOn the effectiveness of mitigations against floating-point timing channels
On the effectiveness of mitigations against floating-point timing channels David Kohlbrenner and Hovav Shacham, UC San Diego https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/kohlbrenner
More informationPractical Keystroke Timing Attacks in Sandboxed JavaScript
Practical Keystroke Timing Attacks in Sandboxed JavaScript M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Sep 11, 2017 ESORICS 17 Graz University of Technology Motivation Keystroke timing
More informationAjax Performance Analysis. Ryan Breen
Ajax Performance Analysis Ryan Breen Ajax Performance Analysis Who Goals Ryan Breen: VP Technology at Gomez and blogger at ajaxperformance.com Survey tools available to developers Understand how to approach
More informationImplementing Scheduling Algorithms. Real-Time and Embedded Systems (M) Lecture 9
Implementing Scheduling Algorithms Real-Time and Embedded Systems (M) Lecture 9 Lecture Outline Implementing real time systems Key concepts and constraints System architectures: Cyclic executive Microkernel
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationA New Model for Image Distribution
A New Model for Image Distribution Stephen Day Distribution, Tech Lead Docker, Inc. stephen@docker.com @stevvooe github.com/stevvooe Overview Why does this matter? History Docker Registry API V2 Implementation
More informationMicro-architectural Attacks. Chester Rebeiro IIT Madras
Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Cryptography Passwords Information Flow Policies Privileged Rings ASLR Virtual Machines and confinement Javascript and HTML5 (due to restricted
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationMore on Testing and Large Scale Web Apps
More on Testing and Large Scale Web Apps Testing Functionality Tests - Unit tests: E.g. Mocha - Integration tests - End-to-end - E.g. Selenium - HTML CSS validation - forms and form validation - cookies
More informationLecture 2: September 9
CMPSCI 377 Operating Systems Fall 2010 Lecture 2: September 9 Lecturer: Prashant Shenoy TA: Antony Partensky & Tim Wood 2.1 OS & Computer Architecture The operating system is the interface between a user
More informationJump Over ASLR: Attacking Branch Predictors to Bypass ASLR
Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR Presentation by Eric Newberry and Youssef Tobah Paper by Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh 1 Motivation Buffer overflow
More informationA Browser Developer's Research Wish List. Robert O'Callahan Mozilla Corporation
A Browser Developer's Research Wish List Robert O'Callahan Mozilla Corporation About Me Research career Mozilla career Contributor Developer Manager A very quick overview of Mozilla development Problems
More informationCase Study. Windows XP. Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze
Case Study Windows XP Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Background Architecture Windows Operating System Internals - by David A. Solomon
More informationThe Last Mile An Empirical Study of Timing Channels on sel4
The Last Mile An Empirical Study of Timing on David Cock Qian Ge Toby Murray Gernot Heiser 4 November 2014 NICTA Funding and Supporting Members and Partners Outline The Last Mile Copyright NICTA 2014 David
More informationSo we broke all CSPs. You won't guess what happened next!
So we broke all CSPs You won't guess what happened next! whoami and Past Work Michele Spagnuolo Senior Information Security Engineer bitiodine.net rosettaflash.com Recap what happened last year Summary
More informationVirtual Machines. Part 1: 54 years ago. Operating Systems In Depth VIII 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Virtual Machines Part 1: 54 years ago Operating Systems In Depth VIII 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. It s 1964 The Beatles appear on the Ed Sullivan show IBM wants a multiuser
More informationAccelerate Applications Using EqualLogic Arrays with directcache
Accelerate Applications Using EqualLogic Arrays with directcache Abstract This paper demonstrates how combining Fusion iomemory products with directcache software in host servers significantly improves
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Spring 2018 Lecture 2 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 2 What is an Operating System? What is
More informationThe Lesson Plan of OS. The syllabus of OS. Access the lesson plan and syllabus at
The Lesson Plan of OS The syllabus of OS Access the lesson plan and syllabus at http://mycse/cse The Slide does not contain all the information and cannot be treated as a study material for Operating System.
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationCS510 Operating System Foundations. Jonathan Walpole
CS510 Operating System Foundations Jonathan Walpole OS-Related Hardware & Software 2 Lecture 2 Overview OS-Related Hardware & Software - complications in real systems - brief introduction to memory protection,
More informationComp 204: Computer Systems and Their Implementation. Lecture 18: Devices
Comp 204: Computer Systems and Their Implementation Lecture 18: Devices 1 Today Devices Introduction Handling I/O Device handling Buffering and caching 2 Operating System An Abstract View User Command
More informationCSE398: Network Systems Design
CSE398: Network Systems Design Instructor: Dr. Liang Cheng Department of Computer Science and Engineering P.C. Rossin College of Engineering & Applied Science Lehigh University February 23, 2005 Outline
More informationAN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE
AN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE Nicholas Carlini, Adrienne Porter Felt, David Wagner University of California, Berkeley CHROME EXTENSIONS CHROME EXTENSIONS servers servers
More informationVirtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018
Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018 Today s Papers Disco: Running Commodity Operating Systems on Scalable Multiprocessors, Edouard
More informationUsing a Certified Hypervisor to Secure V2X communication
SYSGO AG PUBLIC 1 Using a Certified Hypervisor to Secure V2X communication Author(s): Date: Version Chris Berg 08/05/2017 v1.1 SYSGO AG PUBLIC 2 Protecting Assets People started protecting their assets
More informationChapter 13: I/O Systems
Chapter 13: I/O Systems I/O Hardware Application I/O Interface Kernel I/O Subsystem Transforming I/O Requests to Hardware Operations Streams Performance Objectives Explore the structure of an operating
More informationDevices. Today. Comp 104: Operating Systems Concepts. Operating System An Abstract View 05/01/2017. Devices. Devices
Comp 104: Operating Systems Concepts Devices Today Devices Introduction Handling I/O Device handling Buffering and caching 1 2 Operating System An Abstract View User Command Interface Processor Manager
More informationScheduling, part 2. Don Porter CSE 506
Scheduling, part 2 Don Porter CSE 506 Logical Diagram Binary Memory Formats Allocators Threads Today s Lecture Switching System to CPU Calls RCU scheduling File System Networking Sync User Kernel Memory
More informationChapter 1: Introduction. Operating System Concepts 9 th Edit9on
Chapter 1: Introduction Operating System Concepts 9 th Edit9on Silberschatz, Galvin and Gagne 2013 Chapter 1: Introduction 1. What Operating Systems Do 2. Computer-System Organization 3. Computer-System
More informationAnnouncements. me your survey: See the Announcements page. Today. Reading. Take a break around 10:15am. Ack: Some figures are from Coulouris
Announcements Email me your survey: See the Announcements page Today Conceptual overview of distributed systems System models Reading Today: Chapter 2 of Coulouris Next topic: client-side processing (HTML,
More informationModule 12: I/O Systems
Module 12: I/O Systems I/O hardwared Application I/O Interface Kernel I/O Subsystem Transforming I/O Requests to Hardware Operations Performance 12.1 I/O Hardware Incredible variety of I/O devices Common
More information5 Solutions. Solution a. no solution provided. b. no solution provided
5 Solutions Solution 5.1 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 S2 Chapter 5 Solutions Solution 5.2 5.2.1 4 5.2.2 a. I, J b. B[I][0] 5.2.3 a. A[I][J] b. A[J][I] 5.2.4 a. 3596 = 8 800/4 2 8 8/4 + 8000/4 b.
More informationCOS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Prof. Margaret Martonosi Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall11/cos318/ Announcements Project
More informationI/O Systems. 04/16/2007 CSCI 315 Operating Systems Design 1
I/O Systems Notice: The slides for this lecture have been largely based on those accompanying the textbook Operating Systems Concepts with Java, by Silberschatz, Galvin, and Gagne (2007). Many, if not
More informationOperating Systems CMPSCI 377 Spring Mark Corner University of Massachusetts Amherst
Operating Systems CMPSCI 377 Spring 2017 Mark Corner University of Massachusetts Amherst Last Class: Intro to OS An operating system is the interface between the user and the architecture. User-level Applications
More informationI/O Handling. ECE 650 Systems Programming & Engineering Duke University, Spring Based on Operating Systems Concepts, Silberschatz Chapter 13
I/O Handling ECE 650 Systems Programming & Engineering Duke University, Spring 2018 Based on Operating Systems Concepts, Silberschatz Chapter 13 Input/Output (I/O) Typical application flow consists of
More informationCSE 451: Operating Systems Winter I/O System. Gary Kimura
CSE 451: Operating Systems Winter 2012 I/O System Gary Kimura What s Ahead Principles of I/O Hardware Structuring of I/O Software Layers of an I/O System Operation of an I/O System 2 Hardware Environment
More informationXen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila
Xen and the Art of Virtualization Nikola Gvozdiev Georgian Mihaila Outline Xen and the Art of Virtualization Ian Pratt et al. I. The Art of Virtualization II. Xen, goals and design III. Xen evaluation
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationSystem-centric Solutions to
System-centric Solutions to Micro-architectural and System-level Side Channels Yinqian Zhang, Ph.D. The Ohio State University Micro-architectural and System-level Side Channels Micro-architectural side
More informationEtanova Enterprise Solutions
Etanova Enterprise Solutions Front End Development» 2018-09-23 http://www.etanova.com/technologies/front-end-development Contents HTML 5... 6 Rich Internet Applications... 6 Web Browser Hardware Acceleration...
More informationIBM Website Monitoring Response Time
IBM Website Monitoring Response Time Xiao Ming Hu CSI IBM China Development Lab xmhubj@cn.ibm.com Document version 1.0 Copyright International Business Machines Corporation 2016. All rights reserved. IBM
More informationOutline. Operating Systems: Devices and I/O p. 1/18
Outline Diversity of I/O devices block and character devices Organization of I/O subsystem of kernel device drivers Common hardware characteristics of device I/O subsystem tasks Operating Systems: Devices
More informationCSI3131 Final Exam Review
CSI3131 Final Exam Review Final Exam: When: April 24, 2015 2:00 PM Where: SMD 425 File Systems I/O Hard Drive Virtual Memory Swap Memory Storage and I/O Introduction CSI3131 Topics Process Computing Systems
More informationMeltdown and Spectre Mitigation. By Sathish Damodaran
Meltdown and Spectre Mitigation By Sathish Damodaran Introduction Meltdown allows attackers to read arbitrary physical memory (including kernel memory) for an unprivileged user process. Meltdown uses out
More informationOvershadow: Retrofitting Protection in Commodity Operating Systems
Overshadow: Retrofitting Protection in Commodity Operating Systems Mike Chen Tal Garfinkel E. Christopher Lewis Pratap Subrahmanyam Carl Waldspurger VMware, Inc. Dan Boneh Jeffrey Dwoskin Dan R.K. Ports
More informationRowhammer.js: A Remote Software- Induced Fault Attack in Javascript
Rowhammer.js: A Remote Software- Induced Fault Attack in Javascript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology, Austria Rowhammer bug (I) Different DRAM cells can
More informationPrevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side
www.ijcsi.org 650 Prevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side S.SHALINI 1, S.USHA 2 1 Department of Computer and Communication, Sri Sairam Engineering College,
More informationby I.-C. Lin, Dept. CS, NCTU. Textbook: Operating System Concepts 8ed CHAPTER 13: I/O SYSTEMS
by I.-C. Lin, Dept. CS, NCTU. Textbook: Operating System Concepts 8ed CHAPTER 13: I/O SYSTEMS Chapter 13: I/O Systems I/O Hardware Application I/O Interface Kernel I/O Subsystem Transforming I/O Requests
More informationVulkan: Architecture positive How Vulkan maps to PowerVR GPUs Kevin sun Lead Developer Support Engineer, APAC PowerVR Graphics.
Vulkan: Architecture positive How Vulkan maps to PowerVR GPUs Kevin sun Lead Developer Support Engineer, APAC PowerVR Graphics www.imgtec.com Introduction Who am I? Kevin Sun Working at Imagination Technologies
More informationI/O Systems. Amir H. Payberah. Amirkabir University of Technology (Tehran Polytechnic)
I/O Systems Amir H. Payberah amir@sics.se Amirkabir University of Technology (Tehran Polytechnic) Amir H. Payberah (Tehran Polytechnic) I/O Systems 1393/9/15 1 / 57 Motivation Amir H. Payberah (Tehran
More informationMultitasking and scheduling
Multitasking and scheduling Guillaume Salagnac Insa-Lyon IST Semester Fall 2017 2/39 Previously on IST-OPS: kernel vs userland pplication 1 pplication 2 VM1 VM2 OS Kernel rchitecture Hardware Each program
More informationA Library and Proxy for SPDY
A Library and Proxy for SPDY Interdisciplinary Project Andrey Uzunov Chair for Network Architectures and Services Department of Informatics Technische Universität München April 3, 2013 Andrey Uzunov (TUM)
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationChapter 13: I/O Systems
Chapter 13: I/O Systems Chapter 13: I/O Systems I/O Hardware Application I/O Interface Kernel I/O Subsystem Transforming I/O Requests to Hardware Operations Streams Performance 13.2 Silberschatz, Galvin
More informationChapter 13: I/O Systems. Chapter 13: I/O Systems. Objectives. I/O Hardware. A Typical PC Bus Structure. Device I/O Port Locations on PCs (partial)
Chapter 13: I/O Systems Chapter 13: I/O Systems I/O Hardware Application I/O Interface Kernel I/O Subsystem Transforming I/O Requests to Hardware Operations Streams Performance 13.2 Silberschatz, Galvin
More informationXen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016
Xen and the Art of Virtualization CSE-291 (Cloud Computing) Fall 2016 Why Virtualization? Share resources among many uses Allow heterogeneity in environments Allow differences in host and guest Provide
More informationReal-Time Performance of Linux. OS Latency
Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real- Time Performance of Linux (L. Abeni, A. Goel, C. Krasic, J. Snow, J. Walpole) [RTAS 2002] OS Latency Definition [OS
More informationProcess Scheduling Queues
Process Control Process Scheduling Queues Job queue set of all processes in the system. Ready queue set of all processes residing in main memory, ready and waiting to execute. Device queues set of processes
More informationTopics in Systems and Program Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and
More informationWeb Browser as an Application Platform Antero Taivalsaari
Web Browser as an Application Platform Antero Taivalsaari November 27, 2007 http://research.sun.com/projects/lively lively@sun.com Background The widespread adoption of the World Wide Web has dramatically
More informationComputer Architecture and OS. EECS678 Lecture 2
Computer Architecture and OS EECS678 Lecture 2 1 Recap What is an OS? An intermediary between users and hardware A program that is always running A resource manager Manage resources efficiently and fairly
More informationMeltdown and Spectre - understanding and mitigating the threats
Meltdown and Spectre - understanding and mitigating the threats Gratuitous vulnerability logos Jake Williams @MalwareJake SANS / Rendition Infosec sans.org / rsec.us @RenditionSec The sky isn t falling!
More informationReliably Measuring Responsiveness in the Wild
Reliably Measuring Responsiveness in the Wild Shubhie Panicker Nic Jansma @shubhie @nicj When is load? Old load metrics don t capture user experience. We need to rethink our metrics and focus on what
More informationProcesses & Threads. Process Management. Managing Concurrency in Computer Systems. The Process. What s in a Process?
Process Management Processes & Threads Managing Concurrency in Computer Systems Process management deals with several issues: what are the units of execution how are those units of execution represented
More informationCode-Injection Attacks in Browsers Supporting Policies. Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos FORTH-ICS
Code-Injection Attacks in Browsers Supporting Policies Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos FORTH-ICS What is all about? New code-injection attacks or return-to-libc attacks
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationComet and WebSocket Web Applications How to Scale Server-Side Event-Driven Scenarios
Comet and WebSocket Web Applications How to Scale Server-Side Event-Driven Scenarios Simone Bordet sbordet@intalio.com 1 Agenda What are Comet web applications? Impacts of Comet web applications WebSocket
More informationStefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan. Stanford University, Chalmers University of Technology
Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology One of the most popular application platforms Easy to deploy and access Almost anything
More informationFour Components of a Computer System
Four Components of a Computer System Operating System Concepts Essentials 2nd Edition 1.1 Silberschatz, Galvin and Gagne 2013 Operating System Definition OS is a resource allocator Manages all resources
More informationHomework 2 COP The total number of paths required to reach the global state is 20 edges.
Homework 2 COP 5611 Problem 1: 1.a Global state lattice 1. The total number of paths required to reach the global state is 20 edges. 2. In the global lattice each and every edge (downwards) leads to a
More informationLecture 21. Isolation: virtual machines, sandboxes Covert channels. The pump Why assurance? Trust and assurance Life cycle and assurance
Lecture 21 Isolation: virtual machines, sandboxes Covert channels Detection Mitigation The pump Why assurance? Trust and assurance Life cycle and assurance May 17, 2013 ECS 235B Spring Quarter 2013 Slide
More informationInput/Output Systems
Input/Output Systems CSCI 315 Operating Systems Design Department of Computer Science Notice: The slides for this lecture have been largely based on those from an earlier edition of the course text Operating
More informationChapter 13: I/O Systems. Operating System Concepts 9 th Edition
Chapter 13: I/O Systems Silberschatz, Galvin and Gagne 2013 Chapter 13: I/O Systems Overview I/O Hardware Application I/O Interface Kernel I/O Subsystem Transforming I/O Requests to Hardware Operations
More informationOperating Systems. Introduction & Overview. Outline for today s lecture. Administrivia. ITS 225: Operating Systems. Lecture 1
ITS 225: Operating Systems Operating Systems Lecture 1 Introduction & Overview Jan 15, 2004 Dr. Matthew Dailey Information Technology Program Sirindhorn International Institute of Technology Thammasat
More informationLecture 1 Introduction (Chapter 1 of Textbook)
Bilkent University Department of Computer Engineering CS342 Operating Systems Lecture 1 Introduction (Chapter 1 of Textbook) Dr. İbrahim Körpeoğlu http://www.cs.bilkent.edu.tr/~korpe 1 References The slides
More informationMay 1, Foundation for Research and Technology - Hellas (FORTH) Institute of Computer Science (ICS) A Sleep-based Communication Mechanism to
A Sleep-based Our Akram Foundation for Research and Technology - Hellas (FORTH) Institute of Computer Science (ICS) May 1, 2011 Our 1 2 Our 3 4 5 6 Our Efficiency in Back-end Processing Efficiency in back-end
More information20-EECE-4029 Operating Systems Fall, 2015 John Franco
20-EECE-4029 Operating Systems Fall, 2015 John Franco Final Exam name: Question 1: Processes and Threads (12.5) long count = 0, result = 0; pthread_mutex_t mutex; pthread_cond_t cond; void *P1(void *t)
More informationLast 2 Classes: Introduction to Operating Systems & C++ tutorial. Today: OS and Computer Architecture
Last 2 Classes: Introduction to Operating Systems & C++ tutorial User apps OS Virtual machine interface hardware physical machine interface An operating system is the interface between the user and the
More informationChapter 13: I/O Systems
Chapter 13: I/O Systems Chapter 13: I/O Systems I/O Hardware Application I/O Interface Kernel I/O Subsystem Transforming I/O Requests to Hardware Operations Streams Performance 13.2 Silberschatz, Galvin
More informationChapter 1: Introduction. Operating System Concepts 8 th Edition,
Chapter 1: Introduction Operating System Concepts 8 th Edition, Silberschatz, Galvin and Gagne 2009 Operating-System Operations Interrupt driven by hardware Software error or system request creates exception
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationChapter 13: I/O Systems
Chapter 13: I/O Systems DM510-14 Chapter 13: I/O Systems I/O Hardware Application I/O Interface Kernel I/O Subsystem Transforming I/O Requests to Hardware Operations STREAMS Performance 13.2 Objectives
More informationChe-Wei Chang Department of Computer Science and Information Engineering, Chang Gung University
Che-Wei Chang chewei@mail.cgu.edu.tw Department of Computer Science and Information Engineering, Chang Gung University l Chapter 10: File System l Chapter 11: Implementing File-Systems l Chapter 12: Mass-Storage
More informationSpectre and Meltdown: Data leaks during speculative execution
Spectre and Meltdown: Data leaks during speculative execution Speaker: Jann Horn (Google Project Zero) Paul Kocher (independent) Daniel Genkin (University of Pennsylvania and University of Maryland) Yuval
More informationThe Kernel Abstraction
The Kernel Abstraction Debugging as Engineering Much of your time in this course will be spent debugging In industry, 50% of software dev is debugging Even more for kernel development How do you reduce
More informationECE 7650 Scalable and Secure Internet Services and Architecture ---- A Systems Perspective
ECE 7650 Scalable and Secure Internet Services and Architecture ---- A Systems Perspective Part II: Data Center Software Architecture: Topic 3: Programming Models Piccolo: Building Fast, Distributed Programs
More informationCS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES
CS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES Your name: SUNet ID: In accordance with both the letter and the spirit of the Stanford Honor Code, I did not cheat on this exam. Furthermore,
More information