Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control
|
|
- Cornelia Reynolds
- 5 years ago
- Views:
Transcription
1 Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Völp, Adam Lackorzynski *, Jérémie Decouchant, Vincent Rahli, Francisco Rocha, and Paulo Esteves-Veríssimo University of Luxembourg SnT CritiX Lab Luxembourg * Kernkonzept GmbH and TU Dresden Operating-systems group Dresden, Germany 1st Workshop on System Software for Trusted Execution (SysTEX 2016), Dec. 12, 2016, Trento, Italy
2 The functionality/code size dilemma application scenarios require the system to implement a certain set of functionalities implementing these functionalities comes at the cost of a certain minimal amount of code even if development time and costs don t matter; and even if you only use high-class developers correlation of code size and complexity to vulnerabilities Chou et al., An Empirical Study of Operating Systems Errors, SOSP 2001 Asadollah et al., A Study of Concurrency Bugs in an Open Source Software, OSS
3 The functionality/code size dilemma application scenarios require the system to implement a certain set of functionalities implementing these functionalities comes at the cost of a certain minimal amount of code even if development RTOS time and costs ca. 5 don t KLOC matter; and5-13 PY even if you only Microkernel use high-class developers formal KLOC verification correlation of Legacy code size OS and complexity MLOC to vulnerabilities Chou et al., An Empirical Study of Operating Systems Errors, SOSP 2001 Asadollah et al., A Study of Concurrency Bugs in an Open Source Software, OSS
4 Intransitive trust secure legacy secure Player Legacy OS Driver Stub FS 4
5 Intransitive trust legacy Player Legacy OS Resource Mgmt Stub FS Driver secure VPFS secure En-/Decryption Codec Framebuffer Mgr. tudos.org Weinhold et al., jvpfs: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components, USENIX ATC, 2011 Singaravelu et al., Reducing TCB Complexity for Security-Sensitive lications: Three Case Studies, Eurosys, 2006 Asmussen, Völp, ASPLOS 16 5
6 Intransitive trust legacy Player Legacy OS Resource Mgmt Stub FS Driver secure VPFS secure En-/Decryption Codec Framebuffer Mgr. Intel SGX Inktag Hoffmann et al. 13 microhypervisor ARM Trustzone / M3 Manycore + DTUs Asmussen, Völp, ASPLOS 16 6
7 SGX Vulnerabilities Source: AsyncShock Fine grain preemption control to widen the window of vulnerability of synchronization bugs 7
8 SGX Vulnerabilities Fine grain preemption control to widen the window of vulnerability for side-channel attacks Fine grain preemption control to widen the window of vulnerability of synchronization bugs 8
9 SGX Vulnerabilities Running Example: Osvik et al., Cache Attacks and Countermeasures: the Case of AES, CT-RSA 2006 in-memory tables T i source: wikimedia 9
10 SGX Vulnerabilities Running Example: Osvik et al., Cache Attacks and Countermeasures: the Case of AES, CT-RSA 2006 T i R 5 = read T i [x j ] R 0 = xor R 0, R 5 read T i [0] read T i [n] T i 10
11 SGX Vulnerabilities Running Example: Osvik et al., Cache Attacks and Countermeasures: the Case of AES, CT-RSA 2006 T i R 6 = read T i [0] cmp 0, x j R 5 = cmov R 6 R 0 = xor R 0, R 5 T i low indistinguishable data access pattern embedded into low indistinguishable control flow 11
12 SGX Vulnerabilities Running Example: Osvik et al., Cache Attacks and Countermeasures: the Case of AES, CT-RSA 2006 disable preemptions R 5 = read T i [x j ] R 0 = xor R 0, R 5 read T i [0] read T i [n] enable preemptions T i T i 12
13 This talk Re-investigate delayed-preemption: How can we allow user-level applications (in enclaves) to disable preemptions without being able to monopolizing the system? How can we prevent solicited exits through which the management OS could regain control? How can we translate delayedpreemption to Intel SGX? 13
14 This talk disable preemptions R 5 = read T i [x j ] R 0 = xor R 0, R 5 read T i [0] read T i [n] enable preemptions How can we prevent solicited exits in sensitive code? How can we make sure the enclave enables preemptions again? 14
15 This talk disable preemptions prepare if preempted goto retry R 5 = read T i [x j ] R 0 = xor R 0, R 5 read T i [0] read T i [n] enable preemptions How can we prevent solicited exits in sensitive code? How can we make sure the enclave enables preemptions again? 15
16 Delayed Preemption in a Trusted-Trustworthy Hypervisor user / enclave mode kernel mode time disable all interrupts except timer execute delayed preemptions program timer to max_tolerable_delay inform app about pending preemption: p = 1 16
17 Delayed Preemption in a Trusted-Trustworthy Hypervisor user / enclave mode kernel mode max_tolerable_delay disable all interrupts except timer program timer to max_tolerable_delay inform app about pending preemption: p = 1 time execute delayed preemptions 17
18 Delayed Preemption in a Trusted-Trustworthy Hypervisor sensitive code user / enclave mode kernel mode time max_tolerable_delay 18
19 Delayed Preemption in SGX xapic register sensitive code user / enclave mode kernel mode time max_tolerable_delay 19
20 Delayed Preemption in SGX xapic register not virtualizable sensitive code user / enclave mode kernel mode max_tolerable_delay xapic: set timer on first preemption; don t interrupt application time local xapic register; write only in kernel mode (i.e., not in enclave mode) 20
21 Solicited Exits disable preemptions prepare if preempted goto retry R 5 = read T i [x j ] R 0 = xor R 0, R 5 read T i [0] read T i [n] enable preemptions 21
22 Solicited Exits retry: xapic.d = 1; prepare if (p = 1) goto retry R 5 = read T i [x j ] R 0 = xor R 0, R 5 read T i [0] read T i [n] xapic.d = 0 // if (xapic.p = 1) -> AEX Trigger all such exits during non-sensitive prepare phase; Set p flag to make code aware of these exits; Context switch p flag as part of enclave state How to prevent solicited exits in sensitive code? data / instruction page-faults lazy FPU context switch power management device virtualization max_tolerable_delay 22
23 Solicited Exits data / instruction TLB f g T 0 T 1 T 2 T 3 retry: d = 1; //prepare call pg(f) call pg(g) or $0, [pg(t 0 )] or $0, [pg(t 1 )] or $0, [pg(t 2 )] or $0, [pg(t 3 )] if (p = 1) goto retry set p-flag on instruction / data pagefault Recall: cross-cpu page-table changes require IPIs to shootdown TLBs 23
24 Solicited Exits retry: xapic.d = 1; prepare if (p = 1) goto retry R 5 = read T i [x j ] R 0 = xor R 0, R 5 read T i [0] read T i [n] xapic.d = 0 // if (xapic.p = 1) -> AEX max_tolerable_delay How to prevent solicited exits in sensitive code? data / instruction page-faults lazy FPU context switch power management device virtualization access pages / FPU; check p-flag report power state access device MMIO / ports; check p-flag check max_tolerable_delay > WCET(prepare + sensitive) of current power state 24
25 Concurrency Bugs Cannot fix concurrency bugs by delaying preemptions Avoid widening the window of vulnerability disable preemptions free object invalidate pointer enable preemptions disable preemptions if (pointer) use object enable preemptions 25
26 This talk in one slide intransitive trust: enabler for TCB reduction legacy Player Legacy OS Resource Mgmt Stub FS Driver secure VPFS secure En-/Decryption Codec Framebuffer Mgr. Intel SGX Inktag Hoffmann et al. 13 microhypervisor ARM Trustzone / M3 Manycore + DTUs Asmussen, Völp, ASPLOS 16 CritiX Lab (Critical and Extreme Security and Dependability) Interdisciplinary Centre for Security, Reliability and Trust - University of Luxembourg PEARL Grant FNR/P14/ Paulo Esteves-Veríssimo We are hiring bright post-docs and research associates! 26
27 This talk in one slide intransitive trust: enabler for TCB reduction legacy Legacy OS Driver Player Resource Mgmt Stub FS Intel SGX secure delayed-preemption mechanism prevents widening attack windows disable preemptions VPFS secure prepare Codec if preempted goto retry R 5 = read T i [x j ] R 0 = xor R 0, R 5 Inktag read Hoffmann T et al. 13 i [0] microhypervisor read ARM Trustzone T i [n] / enable preemptions En-/Decryption Framebuffer Mgr. M3 Manycore + DTUs Asmussen, Völp, ASPLOS 16 CritiX Lab (Critical and Extreme Security and Dependability) Interdisciplinary Centre for Security, Reliability and Trust - University of Luxembourg PEARL Grant FNR/P14/ Paulo Esteves-Veríssimo We are hiring bright post-docs and research associates! 27
28 This talk in one slide intransitive trust: enabler for TCB reduction legacy Legacy OS Driver Player Resource Mgmt Stub FS Intel SGX secure delayed-preemption mechanism prevents widening attack windows disable preemptions VPFS secure prepare Codec if preempted goto retry R 5 = read T i [x j ] R 0 = xor R 0, R 5 Inktag read Hoffmann T et al. 13 i [0] microhypervisor read ARM Trustzone T i [n] / enable preemptions En-/Decryption Framebuffer Mgr. and it can be integrated in SGX user / enclave M3 mode kernel mode Manycore + DTUs Asmussen, Völp, ASPLOS 16 xapic register sensitive code max_tolerable_delay xapic: set timer on first preemption; don t interrupt application not virtualizable time local xapic register; write only in kernel mode (i.e., not in enclave mode) CritiX Lab (Critical and Extreme Security and Dependability) Interdisciplinary Centre for Security, Reliability and Trust - University of Luxembourg PEARL Grant FNR/P14/ Paulo Esteves-Veríssimo We are hiring bright post-docs and research associates! 28
Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. CS 563 Young Li 10/31/18
Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races CS 563 Young Li 10/31/18 Intel Software Guard extensions (SGX) and Hyper-Threading What is Intel SGX? Set of
More informationControlled- Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
Controlled- Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems Yuanzhong Xu, Weidong Cui, Marcus Peinado The University of Texas at Austin, Microsoft Research San Jose, CA May
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationGerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish
Gerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish Thomas Sewell Harvey Tuch Simon Winwood 1 microkernel
More informationLeaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX W. Wang, G. Chen, X, Pan, Y. Zhang, XF. Wang, V. Bindschaedler, H. Tang, C. Gunter. September 19, 2017 Motivation Intel
More informationEleos: Exit-Less OS Services for SGX Enclaves
Eleos: Exit-Less OS Services for SGX Enclaves Meni Orenbach Marina Minkin Pavel Lifshits Mark Silberstein Accelerated Computing Systems Lab Haifa, Israel What do we do? Improve performance: I/O intensive
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationMicrokernels and Portability. What is Portability wrt Operating Systems? Reuse of code for different platforms and processor architectures.
Microkernels and Portability What is Portability wrt Operating Systems? Reuse of code for different platforms and processor architectures. Contents Overview History Towards Portability L4 Microkernels
More informationA Comparison Study of Intel SGX and AMD Memory Encryption Technology
A Comparison Study of Intel SGX and AMD Memory Encryption Technology Saeid Mofrad, Fengwei Zhang Shiyong Lu Wayne State University {saeid.mofrad, Fengwei, Shiyong}@wayne.edu Weidong Shi (Larry) University
More informationTHREADS ADMINISTRIVIA RECAP ALTERNATIVE 2 EXERCISES PAPER READING MICHAEL ROITZSCH 2
Department of Computer Science Institute for System Architecture, Operating Systems Group THREADS ADMINISTRIVIA MICHAEL ROITZSCH 2 EXERCISES due to date and room clashes we have to divert from our regular
More informationFaculty of Computer Science, Operating Systems Group. The L4Re Microkernel. Adam Lackorzynski. July 2017
Faculty of Computer Science, Operating Systems Group The L4Re Microkernel Adam Lackorzynski July 2017 2 Agenda Plan What is L4Re? History The L4Re Microkernel / Hypervisor Fiasco Interfaces SMP Virtualization...
More informationTransplantation of VirtualBox to the NOVA microhypervisor. Norman Feske
Transplantation of VirtualBox to the NOVA microhypervisor Norman Feske Outline 1. VirtualBox 2. NOVA microhypervisor and Genode 3. Steps 4. Demo + Outlook 5. War stories
More informationIsolating Operating System Components with Intel SGX
SysTEX 16 Trento, Italy Isolating Operating System Components with Intel SGX Lars Richter, Johannes Götzfried, Tilo Müller Department of Computer Science FAU Erlangen-Nuremberg, Germany December 12, 2016
More informationVarys. Protecting SGX Enclaves From Practical Side-Channel Attacks. Oleksii Oleksenko, Bohdan Trach. Mark Silberstein
Varys Protecting SGX Enclaves From Practical Side-Channel Attacks Oleksii Oleksenko, Bohdan Trach Robert Krahn, Andre Martin, Christof Fetzer Mark Silberstein Key issue of the cloud: We cannot trust it
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
More informationHardware Enclave Attacks CS261
Hardware Enclave Attacks CS261 Threat Model of Hardware Enclaves Intel Attestation Service (IAS) Process Enclave Untrusted Trusted Enclave Code Enclave Data Process Process Other Enclave OS and/or Hypervisor
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationImproving Interrupt Response Time in a Verifiable Protected Microkernel
Improving Interrupt Response Time in a Verifiable Protected Microkernel Bernard Blackham Yao Shi Gernot Heiser The University of New South Wales & NICTA, Sydney, Australia EuroSys 2012 Motivation The desire
More informationGeneral-purpose computing with VirtualBox on Genode/NOVA. Norman Feske
General-purpose computing with VirtualBox on Genode/NOVA Norman Feske Outline 1. VirtualBox 2. NOVA microhypervisor and Genode 3. Transplantation of VirtualBox to NOVA 4.
More information24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.
24-vm.txt Mon Nov 21 22:13:36 2011 1 Notes on Virtual Machines 15-440, Fall 2011 Carnegie Mellon University Randal E. Bryant References: Tannenbaum, 3.2 Barham, et al., "Xen and the art of virtualization,"
More informationChap.6 Limited Direct Execution. Dongkun Shin, SKKU
Chap.6 Limited Direct Execution 1 Problems of Direct Execution The OS must virtualize the CPU in an efficient manner while retaining control over the system. Problems how can the OS make sure the program
More informationTowards a Practical, Verified Kernel
Towards a Practical, Verified Kernel Kevin Elphinstone and Gerwin Klein, National ICT Australia and the University of New South Wales Philip Derrin, National ICT Australia Timothy Roscoe, ETH Zürich Gernot
More informationFaithful Virtualization on a Real-Time Operating System
Faithful Virtualization on a Real-Time Operating System Henning Schild Adam Lackorzynski Alexander Warg Technische Universität Dresden Department of Computer Science Operating Systems Group 01062 Dresden
More informationHow Can You Trust Formally Verified Software?
How Can You Trust Formally Verified Software? Alastair Reid Arm Research @alastair_d_reid https://www.theguardian.com/business/2015/may/01/us-aviation-authority-boeing-787-dreamliner-bug-could-cause-loss-of-control
More informationHyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
31 st IEEE Symposium on Security & Privacy, Oakland CA, May 16-19 2010 HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity Zhi Wang, Xuxian Jiang North Carolina State
More informationMICROKERNEL CONSTRUCTION 2014
MICROKERNEL CONSTRUCTION 2014 THE FIASCO.OC MICROKERNEL Alexander Warg MICROKERNEL CONSTRUCTION 1 FIASCO.OC IN ONE SLIDE CAPABILITY-BASED MICROKERNEL API single system call invoke capability MULTI-PROCESSOR
More informationSIERRAWARE SIERRATEE FOR MIPS OMNISHIELD
SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD Introduction SierraTEE for MIPS OmniShield is a Global Platform compliant Trusted Execution Environment (TEE) designed for devices based on Imagination Technologies'
More informationSECURITY ARCHITECTURES CARSTEN WEINHOLD
Department of Computer Science Institute of System Architecture, Operating Systems Group SECURITY ARCHITECTURES CARSTEN WEINHOLD MOTIVATION Common observations: Complex software has security bugs Users
More informationIntel Virtualization Technology Roadmap and VT-d Support in Xen
Intel Virtualization Technology Roadmap and VT-d Support in Xen Jun Nakajima Intel Open Source Technology Center Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
More informationCache Side Channel Attacks on Intel SGX
Cache Side Channel Attacks on Intel SGX Princeton University Technical Report CE-L2017-001 January 2017 Zecheng He Ruby B. Lee {zechengh, rblee}@princeton.edu Department of Electrical Engineering Princeton
More informationShreds: S H R E. Fine-grained Execution Units with Private Memory. Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu D S
Shreds: S H R E D S Fine-grained Execution Units with Private Memory Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu RiS3 Lab / Computer Science / Stony Brook University 1 Execution Units
More informationIntroduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
More informationSGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 3b SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees Slide deck extracted from Kamran s tutorial on SGX and Chenglu s security analysis
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationGrand Research Challenges for Cybersecurity of Critical Information and Infrastructures
Grand Research Challenges for Cybersecurity of Critical Information and Infrastructures Paulo Esteves-Veríssimo Univ. of Luxembourg, FSTC / SnT paulo.verissimo@uni.lu http://staff.uni.lu/paulo.verissimo
More informationSoftware Solutions to Micro-architectural Side Channels. Yinqian Zhang Assistant Professor Computer Science & Engineering The Ohio State University
Software Solutions to Micro-architectural Side Channels Yinqian Zhang Assistant Professor Computer Science & Engineering The Ohio State University Introduction Research interests Computer system security
More informationThe Last Mile An Empirical Study of Timing Channels on sel4
The Last Mile An Empirical Study of Timing on David Cock Qian Ge Toby Murray Gernot Heiser 4 November 2014 NICTA Funding and Supporting Members and Partners Outline The Last Mile Copyright NICTA 2014 David
More informationHardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices
Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices Yeongpil Cho 1 Junbum Shin 2, Donghyun Kwon 1, MyungJoo Ham2 2, Yuna Kim 2, Yunheung Paek
More informationT-SGX: Eradicating Controlled-Channel
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs Ming-Wei Shih Sangho Lee Taesoo Kim Marcus Peinado Georgia Institute of Technology Microsoft Research 2 3 Intel SGX aims to secure
More informationGraphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij
Graphene-SGX A Practical Library OS for Unmodified Applications on SGX Chia-Che Tsai Donald E. Porter Mona Vij Intel SGX: Trusted Execution on Untrusted Hosts Processing Sensitive Data (Ex: Medical Records)
More informationLeaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Leak Cauldron on the Dark Land: Understanding Memor Side-Channel Hazards in SGX 1,4 Wenhao Wang, 2 Guoxing Chen, 1 Xiaorui Pan, 2 Yinqian Zhang, 1 XiaoFeng Wang, 3 Vincent Bindschaedler, 1 Haixu Tang and
More informationVirtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
More informationYielding, General Switching. November Winter Term 2008/2009 Gerd Liefländer Universität Karlsruhe (TH), System Architecture Group
System Architecture 6 Switching Yielding, General Switching November 10 2008 Winter Term 2008/2009 Gerd Liefländer 1 Agenda Review & Motivation Switching Mechanisms Cooperative PULT Scheduling + Switch
More informationMiniBox: A Two-Way Sandbox for x86 Native Code
MiniBox: A Two-Way Sandbox for x86 Native Code Yanlin Li CyLab/CMU Jonathan McCune CyLab/CMU, Google Inc. James Newsome CyLab/CMU, Google Inc. Adrian Perrig CyLab/CMU Brandon Baker Google Inc. Will Drewry
More informationFakultät Informatik Institut für Systemarchitektur, Betriebssysteme THE NOVA KERNEL API. Julian Stecklina
Fakultät Informatik Institut für Systemarchitektur, Betriebssysteme THE NOVA KERNEL API Julian Stecklina (jsteckli@os.inf.tu-dresden.de) Dresden, 5.2.2012 00 Disclaimer This is not about OpenStack Compute.
More informationInkTag: Secure Applications on an Untrusted Operating System. Owen Hofmann, Sangman Kim, Alan Dunn, Mike Lee, Emmett Witchel UT Austin
InkTag: Secure lications on an Untrusted Operating System Owen Hofmann, Sangman Kim, Alan Dunn, Mike Lee, Emmett Witchel UT Austin You trust your... should you? The is the software root of trust on most
More informationIntroduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras Week - 04 Lecture 17 CPU Context Switching Hello. In this video
More informationControlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. Yuanzhong Xu, Weidong Cui, Marcus Peinado
: Deterministic Side Channels for Untrusted Operating Systems Yuanzhong Xu, Weidong Cui, Marcus Peinado 2 Goal Protect the data of applications running on remote hardware 3 New tech Trusted Platform Modules
More informationIntroduction. COMP9242 Advanced Operating Systems 2010/S2 Week 1
Introduction COMP9242 Advanced Operating Systems 2010/S2 Week 1 2010 Gernot Heiser UNSW/NICTA/OK Labs. Distributed under Creative Commons Attribution License 1 Copyright Notice These slides are distributed
More informationIntroduction Construction State of the Art. Virtualization. Bernhard Kauer OS Group TU Dresden Dresden,
Virtualization Bernhard Kauer OS Group TU Dresden bk@vmmon.org Dresden, 2010-07-15 Motivation The vision: general-purpose OS secure trustworthy small fast fancy First problem: Legacy Application Supporting
More informationBUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX
BUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX FLORIAN KERSCHBAUM, UNIVERSITY OF WATERLOO JOINT WORK WITH BENNY FUHRY (SAP), ANDREAS FISCHER (SAP) AND MANY OTHERS DO YOU TRUST YOUR CLOUD SERVICE
More informationCOMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
More informationBinding keys to programs using Intel SGX remote attestation
Binding keys to programs using Intel SGX remote attestation Mark D. Ryan London Crypto Day 22 September 2017 1 Intel SGX Intel SGX is a set of processor instructions which allow one: To set up an enclave
More informationIntel Software Guard Extensions
Intel Software Guard Extensions Dr. Matthias Hahn, Intel Deutschland GmbH July 12 th 2017 cryptovision Mindshare, Gelsenkirchen Intel SGX Making Headlines Premium Content requiring Intel SGX on PC Intel
More informationOS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.
Virtualization Basics Motivation OS Virtualization CSC 456 Final Presentation Brandon D. Shroyer Types of Virtualization Process virtualization (Java) System virtualization (classic, hosted) Emulation
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCIS Operating Systems Memory Management Address Translation for Paging. Professor Qiang Zeng Spring 2018
CIS 3207 - Operating Systems Memory Management Address Translation for Paging Professor Qiang Zeng Spring 2018 Previous class What is logical address? Who use it? Describes a location in the logical memory
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationLecture 5. KVM for ARM. Christoffer Dall and Jason Nieh. 5 November, Operating Systems Practical. OSP Lecture 5, KVM for ARM 1/42
Lecture 5 KVM for ARM Christoffer Dall and Jason Nieh Operating Systems Practical 5 November, 2014 OSP Lecture 5, KVM for ARM 1/42 Contents Virtualization KVM Virtualization on ARM KVM/ARM: System architecture
More informationDisclaimer. This talk vastly over-simplifies things. See notes for full details and resources.
Greg Kroah-Hartman Disclaimer This talk vastly over-simplifies things. See notes for full details and resources. https://github.com/gregkh/presentation-spectre Spectre Hardware bugs Valid code can be tricked
More informationDistributed File Systems Issues. NFS (Network File System) AFS: Namespace. The Andrew File System (AFS) Operating Systems 11/19/2012 CSC 256/456 1
Distributed File Systems Issues NFS (Network File System) Naming and transparency (location transparency versus location independence) Host:local-name Attach remote directories (mount) Single global name
More informationCS533 Concepts of Operating Systems. Jonathan Walpole
CS533 Concepts of Operating Systems Jonathan Walpole Improving IPC by Kernel Design & The Performance of Micro- Kernel Based Systems The IPC Dilemma IPC is very import in µ-kernel design - Increases modularity,
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Mobile Hardware Platform Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2017 Acknowledgement This slide set
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2016 Acknowledgement This slide set is based on slides provided by
More informationAn External Integrity Checker for Increasing Security of Open Source Operating Systems
An External Integrity Checker for Increasing Security of Open Source Operating Systems Hiromasa Shimada, Tsung-Han Lin, Ning Li Distributed and Ubiquitous Computing Lab., Waseda University, Japan Background!
More informationUsing a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles
Safety & Security for the Connected World Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles 16 th June 2015 Mark Pitchford, Technical Manager, EMEA Today
More informationFaculty of Computer Science Institute for System Architecture, Operating Systems Group. Virtualization. Henning Schild. Dresden,
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Virtualization Henning Schild Dresden, 2009-12-01 So Far... Basics Introduction Threads & synchronization Memory Real-time
More informationOS Extensibility: SPIN and Exokernels. Robert Grimm New York University
OS Extensibility: SPIN and Exokernels Robert Grimm New York University The Three Questions What is the problem? What is new or different? What are the contributions and limitations? OS Abstraction Barrier
More informationInferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, and Hyesoon Kim, Georgia Institute of Technology; Marcus Peinado, Microsoft
More informationA Userspace Packet Switch for Virtual Machines
SHRINKING THE HYPERVISOR ONE SUBSYSTEM AT A TIME A Userspace Packet Switch for Virtual Machines Julian Stecklina OS Group, TU Dresden jsteckli@os.inf.tu-dresden.de VEE 2014, Salt Lake City 1 Motivation
More informationjvpfs: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components
Department of Computer Science Institute of Systems Architecture, Operating Systems Group : Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components Carsten Weinhold, ermann
More informationFacing the Reality: Virtualization in a Microkernelbased Operating System. Matthias Lange, MOS, January 26th, 2016
Facing the Reality: Virtualization in a Microkernelbased Operating System Matthias Lange, MOS, January 26th, 2016 matthias.lange@kernkonzept.com Today's take aways Microkernel systems are used to build
More informationDistributed Operating Systems
Distributed Operating Systems Synchronization in Parallel Systems Marcus Völp 2009 1 Topics Synchronization Locking Analysis / Comparison Distributed Operating Systems 2009 Marcus Völp 2 Overview Introduction
More informationThe Process Model (1)
The Process Model (1) L41 Lecture 3 Dr Robert N. M. Watson 15 November 2016 Reminder: last time DTrace The probe effect The kernel: Just a C program? A little on kernel dynamics: How work happens L41 Lecture
More informationSMART DEVICES: DO THEY RESPECT YOUR PRIVACY?
SMART DEVICES: DO THEY RESPECT YOUR PRIVACY? Systems and Mobile Research Lab, Department of Computer Science and Engineering INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Presenter: Sandip Chakraborty sandipc@cse.iitkgp.ac.in
More informationL4/Darwin: Evolving UNIX. Charles Gray Research Engineer, National ICT Australia
L4/Darwin: Evolving UNIX Charles Gray Research Engineer, National ICT Australia charles.gray@nicta.com.au Outline 1. Project Overview 2. BSD on the Mach microkernel 3. Porting Darwin to the L4 microkernel
More informationLearning Outcomes. Extended OS. Observations Operating systems provide well defined interfaces. Virtual Machines. Interface Levels
Learning Outcomes Extended OS An appreciation that the abstract interface to the system can be at different levels. Virtual machine monitors (VMMs) provide a lowlevel interface An understanding of trap
More informationToday s Topics. u Thread implementation. l Non-preemptive versus preemptive threads. l Kernel vs. user threads
Today s Topics COS 318: Operating Systems Implementing Threads u Thread implementation l Non-preemptive versus preemptive threads l Kernel vs. user threads Jaswinder Pal Singh and a Fabulous Course Staff
More informationMicrokernels. Overview. Required reading: Improving IPC by kernel design
Microkernels Required reading: Improving IPC by kernel design Overview This lecture looks at the microkernel organization. In a microkernel, services that a monolithic kernel implements in the kernel are
More informationUser-level Management of Kernel Memory
User-level Management of Memory Andreas Haeberlen University of Karlsruhe Karlsruhe, Germany Kevin Elphinstone University of New South Wales Sydney, Australia 1 Motivation: memory Threads Files memory
More informationIntroduction. COMP /S2 Week Gernot Heiser UNSW/NICTA/OKL. Distributed under Creative Commons Attribution License 1
Introduction COMP9242 2008/S2 Week 1 2008 Gernot Heiser UNSW/NICTA/OKL. Distributed under Creative Commons Attribution License 1 Copyright Notice These slides are distributed under the Creative Commons
More informationQualifying exam: operating systems, 1/6/2014
Qualifying exam: operating systems, 1/6/2014 Your name please: Part 1. Fun with forks (a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationTo EL2, and Beyond! connect.linaro.org. Optimizing the Design and Implementation of KVM/ARM
To EL2, and Beyond! Optimizing the Design and Implementation of KVM/ARM LEADING COLLABORATION IN THE ARM ECOSYSTEM Christoffer Dall Shih-Wei Li connect.linaro.org
More informationSGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut
SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic
More informationRecommendations for TEEP Support of Intel SGX Technology
Recommendations for TEEP Support of Intel SGX Technology Overview of SGX & Selected TEEP Topics David M. Wheeler david.m.wheeler@intel.com 1 Apologies If you are really interested in the details of SGX
More informationSecure Computation Interfaces
Secure Computation Interfaces Manuel Costa, Orion Hodson, Marcus Peinado, Sriram Rajamani, Mark Russinovich, Kapil Vaswani Introduction Applications such as secure Hadoop [1] need to have part of their
More informationThe Next Steps in the Evolution of Embedded Processors
The Next Steps in the Evolution of Embedded Processors Terry Kim Staff FAE, ARM Korea ARM Tech Forum Singapore July 12 th 2017 Cortex-M Processors Serving Connected Applications Energy grid Automotive
More informationSFO17-403: Optimizing the Design and Implementation of KVM/ARM
SFO17-403: Optimizing the Design and Implementation of KVM/ARM Christoffer Dall connect.linaro.org Efficient, isolated duplicate of the real machine Popek and Golberg [Formal requirements for virtualizable
More informationOn the Effectiveness of Virtualization Based Memory Isolation on Multicore Platforms
On the Effectiveness of Virtualization Based Memory Isolation on Multicore Platforms Siqi Zhao School of Information Systems Singapore Management University siqi.zhao.2013@smu.edu.sg Xuhua Ding School
More informationDisclaimer. This talk vastly over-simplifies things. See notes for full details and resources.
Greg Kroah-Hartman Disclaimer This talk vastly over-simplifies things. See notes for full details and resources. https://github.com/gregkh/presentation-spectre Spectre Hardware bugs Valid code can be tricked
More informationSanctum: Minimal HW Extensions for Strong SW Isolation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7a Sanctum: Minimal HW Extensions for Strong SW Isolation Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical &
More informationLecture Secure, Trusted and Trustworthy Computing Introduction to SGX
Lecture Secure, and Trustworthy Computing Introduction to Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Intel Software Guard Extensions
More informationKVM/ARM. Marc Zyngier LPC 12
KVM/ARM Marc Zyngier LPC 12 For example: if a processor is in Supervisor mode and Secure state, it is in Secure Supervisor mode ARM Architecture if a processor is Virtualization
More informationVirtualization and memory hierarchy
Virtualization and memory hierarchy Computer Architecture J. Daniel García Sánchez (coordinator) David Expósito Singh Francisco Javier García Blas ARCOS Group Computer Science and Engineering Department
More informationCOMP9242 Advanced Operating Systems S2/2011 Week 9: Microkernel Design Gernot Heiser, NICTA
COMP9242 Advanced Operating Systems S2/2011 Week 9: Microkernel Design Copyright Notice These slides are distributed under the Creative Commons Attribution 3.0 License You are free: to share to copy, distribute
More informationInitial Evaluation of a User-Level Device Driver Framework
Initial Evaluation of a User-Level Device Driver Framework Stefan Götz Karlsruhe University Germany sgoetz@ira.uka.de Kevin Elphinstone National ICT Australia University of New South Wales kevine@cse.unsw.edu.au
More informationMicrokernel Construction
Introduction SS2013 Class Goals Provide deeper understanding of OS mechanisms Introduce L4 principles and concepts Make you become enthusiastic L4 hackers Propaganda for OS research at 2 Administration
More information