Using a Certified Hypervisor to Secure V2X communication
|
|
- Ami Cecily McCoy
- 6 years ago
- Views:
Transcription
1 SYSGO AG PUBLIC 1
2 Using a Certified Hypervisor to Secure V2X communication Author(s): Date: Version Chris Berg 08/05/2017 v1.1 SYSGO AG PUBLIC 2
3 Protecting Assets People started protecting their assets (e.g. life) from the very beginning of their existence People started building Fences Walls Trenches + water Air-gapping SYSGO AG PUBLIC 3
4 Protecting Assets People started protecting their assets (e.g. life) from the very beginning of their existence People started building Fences Walls Trenches + water Air-gapping SYSGO AG PUBLIC 4
5 What is going to be hacked??? SYSGO AG PUBLIC 5
6 Short Answer: The weakest link SYSGO AG PUBLIC 6
7 Long Answer: Attack Surface Typically attacks aim at Components with the exposed interfaces Information flow within system, i.e. component interaction Thus, the attack surface is the full system architecture Security is the integral system property! Without a clean design, it is extremly difficult to identify/define the attack surface SYSGO AG PUBLIC 7
8 Secure Design Principles (Saltzer and Schroeder 75) Design Principle Principle of Economy of Mechanism Explanation The protection mechanism should have a simple and small design. Principle of Fail-safe Defaults Principle of Complete Mediation Principle of Open Design Principle of Separation of Privilege Principle of Least Privilege Principle of Least Common Mechanism Principle of Psychological Acceptability The protection mechanism should deny access by default, and grant access only when explicit permission exists. The protection mechanism should check every access to every object. The protection mechanism should not depend on secrecy of its design The protection mechanism should grant access based on more than one piece of information (e.g., two keys are needed to open a vaultlock or defence in the depth). Every process shall operate with the minimum privileges needed to perform its task Minimize the amount of mechanism common to more than one user and depended on by all users The protection mechanism should be easy to use (at least as easy as not using it). SYSGO AG PUBLIC 8
9 PikeOS Supports Secure Design Principles Design Principle Principle of Economy of Mechanism Principle of Fail-safe Defaults Principle of Complete Mediation Principle of Open Design PikeOS Property PikeOS is 10-15k LoC. Typical hypervisor sizes on market are 60k-200k LoC. That is PikeOS default policy: No information flow and no resource sharing unless specified. PikeOS is a small separation kernel, which controls all accesses to controlled resources. 1) PikeOS source code and design are available for certification needs/vulnerability analysis, i.e. PikeOS security does not depend on secrecy of its design. Principle of Separation of Privilege Principle of Least Privilege Principle of Least Common Mechanism Principle of Psychological Acceptability 2) Detailed PikeOS API documentation available to all customers. PikeOS implements first level privilege, resource level. Thus, system/application design can rely on it and build separate privilege control. PikeOS separation is the technical means to implement it on system level. 1) PikeOS can be the only shared component. 2) PikeOS separation allows modular sharing of system security mechanisms. 1) Decomposition of a system into partitions makes it easier to understand and maintain its functionality. 2) Strong certification portfolio. 9 SYSGO AG PUBLIC 9
10 Agenda Security Challenges Connectivity Automotive Security Separation Kernel Multiple Independent Levels of Security Separation Kernel Security Concept Security Add-On Secure Boot Secure Update Summary SYSGO AG PUBLIC 10
11 Distributed System of ECUs Instrument Cluster Connectivity Box Infotainment Head Unit Electronic Toll Collection Advanced Driver Assistance Systems Ref: Wikipedia SYSGO AG PUBLIC 11
12 Distributed System of ECUs Problems SWaP Size Weight Power Communication overhead, interferences, the cost of interconnect Validation of the integrated system SYSGO AG PUBLIC 12
13 Consolidated System ADAS e.g. Traffic Sign identification Toll Collection ECU State Management... Gateway.. PikeOS Physical Hardware Core 0 Core 1 Core 2 Core 3 SYSGO AG PUBLIC 13
14 Consolidated System Characteristics of Consolidated System Multiple safety levels Multiple security domains Real-time and non-real time applications on a single device Shared device drivers Centralized state management Centralized health monitoring SYSGO AG PUBLIC 14
15 Agenda Security Challenges Connectivity Industrial Security Separation Kernel Multiple Independent Levels of Security Separation Kernel Security Concept Security Add-On Secure Boot Secure Update Security Certification Common Criteria PikeOS Security Certification Summary SYSGO AG PUBLIC 15
16 Why do I want Security? Security for Safety Security for Availability Security vs. Safety Safety The system shall not harm the environment Security The environment shall not harm the system wzjk.jpg&imgrefurl=http%3a%2f%2fwww.spiegel.de%2ffotostrecke%2froboter-sollen-menschen-an- fertigungsstrassen-arbeit-abnehmen-fotostrecke html&h=558&w=850&tbnid=3fzo3ydnbdgxfm%3a&zoom=1&docid=n0rab2uchoonzm&ei=xyzyvfikk8pb7 AbOpICgBw&tbm=isch&client=safari&iact=rc&uact=3&dur=1913&page=2&start=15&ndsp=20&ved=0CE0QrQMw Dw SYSGO AG PUBLIC 16
17 Perfectly Secure Product It is secure because it s doing nothing, i.e. it stays in the same state NOP transition INIT only if initial state is secure SYSGO AG PUBLIC 17
18 Sharing is a Challenge Challenge: Resources sharing Resources CPUs Memory, IO memory Flies, drivers, devices, buses Safety Integrity, availability Isolation, application errors, fail safe Security Integrity, availability, confidentiality Possible side channels via shared resources Resources and API are attack surface Challenge: Time sharing Time CPU cycles Time effects of accessing shared resources, e.g. buses Safety Availability, deterministic behavior, meeting deadlines Right balance between timeand event-triggered tasks Security Availability, confidentiality Possible timing side channels via shared resources, e.g. caches, busses Time is the attack surface SYSGO AG PUBLIC 18
19 Security by Spatial Separation MMU Map Memory to Partitions Adress- Space Static Configuration of OS Resources Connectivity Linux No Error Propagation HMI Android Early Boot CAN-Bus Guaranteed Access to Assigned Resources System Part. Health Mon. CBIT Native Privileged Partition Restart / Shutdown Direct Mapping of Physical Resources Change Scheduling Execute in User Mode IOMMU Memory access for DMA Devices PikeOS Hypervisor Execute in Kernel Mode Security by separation and controlled information flow SYSGO AG PUBLIC 19
20 Sharing of L2 Cache and the Consequence Security Domain 1 handling some secret data that shall not leak to Security Domain 2 -> information flow policy requires no data exchange from Dom 1 to Dom 2 Dom 1 contains an application Transmitter that willingly or non-willingly leaking information to Receiver in Dom 2 Assume: Domain 1 and Doman2 are assigned disjoint resources, e.g. memory Domain 1 and Doman2 are disjoint in time, i.e. executed in different time windows If they are scheduled on same core Core local cache (L1, L2) is shared Cache activity of one domain will be observable from other domain Cache based timing covert channel 20
21 Cache Based Timing Covert Channel Preparation Phase SYSGO AG PUBLIC 21
22 Cache Based Timing Covert Channel Encode Phase; TX Data = 0 SYSGO AG PUBLIC 22
23 Cache Based Timing Covert Channel Decode Phase; RX Data = 0 SYSGO AG PUBLIC 23
24 Cache Based Timing Covert Channel Encode Phase; TX Data = 1 SYSGO AG PUBLIC 24
25 Cache Based Timing Covert Channel Decode Phase; RX Data = 1 SYSGO AG PUBLIC 25
26 Cache Based Timing Covert Channel Maximum Bandwidth Measurement Experiment TX = 0 even set is evicted For RX, tb_e > tb_o TX = 1 odd set is evicted For RX, tb_o > tb_e SYSGO AG PUBLIC 26
27 Cache Based Timing Covert Channel Maximum Bandwidth Measurement Experiment Experiment Configuration TX window size = 350 us RX window size = 350 us Data transferred = 3 MB 9 minutes to transfer 3MB of data bandwidth of 44.6Kbits per second 12 bit Errors SYSGO AG PUBLIC 27
28 Mitigate the Cache Covert Channel Flushing takes variable time based on number of modified lines -> potential timing covert channel Sandwich partition to contain the cache flushing time -> also effective to contain the non-premptable kernel actions taken just before the time partition switch SYSGO AG PUBLIC 28
29 Agenda Security Challenges Connectivity Industrial Security Separation Kernel Multiple Independent Levels of Security Separation Kernel Security Concept Security Add-On Secure Boot Secure Update Summary SYSGO AG PUBLIC 29
30 Secure Boot What am I trying to protect? System availability Reverse engineering/cloning Who am I trying to protect from? Malicious Hacker Customers Competition How do I protect? Implement a chain of trust Encrypt SYSGO AG PUBLIC 30
31 Secure Boot - Implementation Validation Start of an 3 rd and of Application party 3 rd start party applications of applications the loader bootloader PikeOS and Secure image File Provider P Power On 1 Hardware validation Security Engine Bootloader 2 PikeOS PSP Kernel SE 3 3 Validation Module 4 Application Loader 5 5 Partition1: 3 rd party App1 Partition2: 3 rd party App2 FLASH Bootloader and its header PikeOS Image header PikeOS Image 3 rd party Apps 3 rd party App Header SYSGO AG PUBLIC 31
32 Secure Boot - Trusted Chain P Power On 1 Hardware validation Security Engine Bootloader 2 PikeOS PSP Kernel SE 3 3 Validation Module 4 Application Loader 5 5 Partition1: 3 rd party App1 Partition2: 3 rd party App2 FLASH Bootloader and its header PikeOS Image header PikeOS Image 3 rd party Apps 3 rd party App Header SYSGO AG PUBLIC 32
33 Secure Update - Implementation 5 1 Power On 1 Hardware validation Security Engine Bootloader PikeOS PSP Kernel SE Validation Module 4 Application Loader 2 6 Update Manager Partition1: 3 rd party App1 3 FLASH 3 rd party Apps 3 rd party App Header SYSGO AG PUBLIC 33
34 Agenda Security Challenges Connectivity Industrial Security Separation Kernel Multiple Independent Levels of Security Separation Kernel Security Concept Security Add-On Secure Boot Secure Update Security Certification Common Criteria PikeOS Security Certification Summary SYSGO AG PUBLIC 34
35 Use Case: Secure Gateway PikeOS Native system partition Controls boot process of Linux Implements secure boot Routines for individual partition update Separate partition for secure gateway update ELinOS as Secure IO guest PikeOS Native System Partition Fast Boot Secure Boot Secure Partition Update Esterel graphics ELinOS Secure IO Graph ETH ETH ETH CoreAVI PikeOS i.mx6 External Com TCP/IP with Security patches And updates ETH SYSGO AG PUBLIC 35
36 Microkernel Summary Security is an integral part of the system design Separation There is no on- size-fits-all Separation and MILS help implement system security Certification Hypervisors can implement this separation approach Secure Boot SYSGO AG PUBLIC 36
37 Thank you for your attention! More information on SYSGO AG PUBLIC 37
A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG
A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG SYSGO AG 1 Secure Software Update Unified Diagnostic Services DiagnosticsSessionControl
More informationHypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public
Franz Walkembach for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public 2018-04-19 1 What you can expect Quick introduction of SYSGO AG What are the market trends for hypervisor? Market size and main
More informationSafety and Security for Automotive using Microkernel Technology
Informationstag "Das Automobil als IT-Sicherheitsfall" Berlin, 11.05.2012 Safety and Security for Automotive using Microkernel Technology Dr.-Ing. Matthias Gerlach OpenSynergy TwoBirds withonestone Safety
More informationSmart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017
Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationCS6501: Great Works in Computer Science
CS6501: Great Works in Computer Science Jan. 29th 2013 Longze Chen The Protection of Information in Computer Systems Jerome H. Saltzer and Michael D. Schroeder Jerry Saltzer Michael Schroeder 1 The Meaning
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More informationUsing a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles
Safety & Security for the Connected World Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles 16 th June 2015 Mark Pitchford, Technical Manager, EMEA Today
More informationThe Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA
The Remote Exploitation of Unaltered Passenger Vehicles Revisited 20 th October 2016 Mark Pitchford, Technical Manager, EMEA Today s hot topic A few years ago, Lynx presentations at events such as this
More informationAchieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors
Safety & Security for the Connected World Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors 13 October 2015 Mark Pitchford, Technical Manager, EMEA Achieving safe,
More informationSicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017
Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen Axel Freiwald 1/2017 All OEMs Will Implement Software OTA As Soon As Possible IHS Study Motivation: Save on recalls caused by software bugs Evolution
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationAutomotive Anomaly Monitors and Threat Analysis in the Cloud
Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Rob Coombs Security Marketing Director TechCon 11/10/15 Agenda Introduction Security Foundations on Cortex-M Security Foundations on Cortex-A Use cases
More informationHypervisor security. Evgeny Yakovlev, DEFCON NN, 2017
Hypervisor security Evgeny Yakovlev, DEFCON NN, 2017 whoami Low-level development in C and C++ on x86 UEFI, virtualization, security Jetico, Kaspersky Lab QEMU/KVM developer at Virtuozzo 2 Agenda Why hypervisor
More informationConvergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations
Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations Agenda Nexus of Safety and Cybersecurity Separation and Connectivity Trends in Aerospace Cybersecurity Isn t Security
More informationSecurity and Performance Benefits of Virtualization
Security and Performance Benefits of Virtualization Felix Baum mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCommunication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018
Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018 Agenda Motivation Introduction of Safety Components Introduction to ARMv8
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More information10 th AUTOSAR Open Conference
10 th AUTOSAR Open Conference Dr. Moritz Neukirchner Elektrobit Automotive GmbH Building Performance ECUs with Adaptive AUTOSAR AUTOSAR Nov-2017 Major market trends and their impact Trends Impact on E/E
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Sr. Technical Marketing Manager Tech Symposia China 2015 November 2015 Agenda Introduction Security Foundations on ARM Cortex -M Security Foundations
More informationAUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.
AUTOBEST: A microkernel-based system (not only) for automotive applications Marc Bommert, Alexander Züpke, Robert Kaiser vorname.name@hs-rm.de Outline Motivation AUTOSAR ARINC 653 AUTOBEST Architecture
More informationSupport for Smart NICs. Ian Pratt
Support for Smart NICs Ian Pratt Outline Xen I/O Overview Why network I/O is harder than block Smart NIC taxonomy How Xen can exploit them Enhancing Network device channel NetChannel2 proposal I/O Architecture
More informationIntroduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
More informationInteraction between AUTOSAR and non-autosar Systems on top of a Hypervisor
Interaction between AUTOSAR and non-autosar Systems on top of a Pierre-Antoine Bernard Ι 7th AUTOSAR Open Conference Ι Detroit, October 23rd 2014 Introduction Pierre-Antoine Bernard Senior Software Engineer
More informationApplying MILS to multicore avionics systems
Applying MILS to multicore avionics systems Eur Ing Paul Parkinson FIET Principal Systems Architect, A&D EuroMILS Workshop, Prague, 19 th January 2016 2016 Wind River. All Rights Reserved. Agenda A Brief
More informationResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationA Big Little Hypervisor for IoT Development February 2018
A Big Little Hypervisor for IoT Development February 2018 Contents PROJECT OVERVIEW TECHNICAL OVERVIEW GOVERNANCE JOIN US! PROJECT OVERVIEW Current State of Affairs IoT Development IoT device devices requires
More informationSUCCESSFULL MULTICORE CERTIFICATION WITH SOFTWARE-PARTITIONING Efficient Implementation for DO-178C, EN 50128, ISO 26262
Sven Nordhoff, SYSGO AG, Klein-Winternheim, Germany ABSTRACT The usage of multi-core processors (MCPs) in modern systems is state-of-the art and will also come to reality in safetycritical domains like
More informationInfotainment Solutions. with Open Source and i.mx6. mentor.com/embedded. Andrew Patterson Business Development Director Embedded Automotive
Infotainment Solutions with Open Source and i.mx6 Andrew Patterson Business Development Director Embedded Automotive mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject
More informationEDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC
EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE 6 2018 PUBLIC PUBLIC 2 Key concerns with IoT.. PUBLIC 3 Why Edge Computing? CLOUD Too far away Expensive connectivity
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More information10 Steps to Virtualization
AN INTEL COMPANY 10 Steps to Virtualization WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Virtualization the creation of multiple virtual machines (VMs) on a single piece of hardware, where
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Senior Technical Marketing Manager Shenzhen / ARM Tech Forum / The Ritz-Carlton June 14, 2016 Agenda Introduction Security Foundations on Cortex-A
More informationCS 261 Fall Mike Lam, Professor. Virtual Memory
CS 261 Fall 2016 Mike Lam, Professor Virtual Memory Topics Operating systems Address spaces Virtual memory Address translation Memory allocation Lingering questions What happens when you call malloc()?
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationSafeBricks: Shielding Network Functions in the Cloud
SafeBricks: Shielding Network Functions in the Cloud Rishabh Poddar, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley Network Functions (NFs) in the cloud Clients 2 Enterprise Destination Network
More informationBringing Android to Secure SDRs
Bringing Android to Secure SDRs David Kleidermacher Frank Vandenberg SDR 11 WinnComm - Europe Agenda Overview Why Android in SDR? Android Security Proposed Architecture Typical red-black architecture for
More informationSIERRAWARE SIERRATEE FOR MIPS OMNISHIELD
SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD Introduction SierraTEE for MIPS OmniShield is a Global Platform compliant Trusted Execution Environment (TEE) designed for devices based on Imagination Technologies'
More informationMulticore platform towards automotive safety challenges
Multicore platform towards automotive safety challenges Romuald NOZAHIC European Application Engineer mentor.com/automotive Android is a trademark of Google Inc. Use of this trademark is subject to Google
More informationARM processors driving automotive innovation
ARM processors driving automotive innovation Chris Turner Director of advanced technology marketing, CPU group ARM tech forums, Seoul and Taipei June/July 2016 The ultimate intelligent connected device
More informationScalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018
Scalable and Flexible Software Platforms for High-Performance ECUs Christoph Dietachmayr Sr. Engineering Manager, November 8, Agenda A New E/E Architectures and High-Performance ECUs B Non-Functional Aspects:
More informationTrusted Computing and O/S Security. Aggelos Kiayias Justin Neumann
Trusted Computing and O/S Security Aggelos Kiayias Justin Neumann O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each layer may try to verify the outer layer
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationFour Components of a Computer System
Four Components of a Computer System Operating System Concepts Essentials 2nd Edition 1.1 Silberschatz, Galvin and Gagne 2013 Operating System Definition OS is a resource allocator Manages all resources
More informationFault Isolation for Device Drivers
Fault Isolation for Device Drivers 39 th International Conference on Dependable Systems and Networks, 30 June 2009, Estoril Lisbon, Portugal Jorrit N. Herder Vrije Universiteit Amsterdam ~26% of Windows
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More informationLive Demo: A New Hardware- Based Approach to Secure the Internet of Things
SESSION ID: CCS-W04 Live Demo: A New Hardware- Based Approach to Secure the Internet of Things Cesare Garlati Chief Security Strategist prpl Foundation @CesareGarlati Securing the Internet of (broken)
More informationTrusted Computing and O/S Security
Computer Security Spring 2008 Trusted Computing and O/S Security Aggelos Kiayias University of Connecticut O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each
More informationOS Structure. Kevin Webb Swarthmore College January 25, Relevant xkcd:
OS Structure Kevin Webb Swarthmore College January 25, 2018 Relevant xkcd: One of the survivors, poking around in the ruins with the point of a spear, uncovers a singed photo of Richard Stallman. They
More informationEmbedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi
Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi Lecture - 13 Virtual memory and memory management unit In the last class, we had discussed
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationAUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann
AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel Alexander Züpke, Marc Bommert, Daniel Lohmann alexander.zuepke@hs-rm.de, marc.bommert@hs-rm.de, lohmann@cs.fau.de Motivation Automotive and Avionic industry
More informationAutonomous Driving needs Safety & Security. Embedded World 2018 Dr. Ciwan Gouma
Autonomous Driving needs Safety & Security Embedded World 2018 Dr. Ciwan Gouma Autonomous Driving The Vision The vision is not new. Picture left (maybe you have seen this in other presentations) but why
More informationDeflating the hype: Embedded Virtualization in 3 steps
Deflating the hype: Embedded Virtualization in 3 steps Klaas van Gend MontaVista Software LLC For Embedded Linux Conference Europe 2010, Cambridge Agenda Why multicore made the topic more relevant Partitioning
More informationConquering Complexity: Addressing Security Challenges of the Connected Vehicle
Conquering Complexity: Addressing Security Challenges of the Connected Vehicle October 3, 2018 Securely Connecting People, Applications, and Devices Ted Shorter Chief Technology Officer CSS Ted.Shorter@css-security.com
More information18-642: Security Mitigation & Validation
18-642: Security Mitigation & Validation 11/27/2017 Security Migitation & Validation Anti-Patterns for security mitigation & validation Poorly considered password policy Poorly considered privilege management
More informationIntroduction to Adaptive AUTOSAR. Dheeraj Sharma July 27, 2017
Introduction to Adaptive AUTOSAR Dheeraj Sharma July 27, 2017 Overview Software Platform and scope of Adaptive AUTOSAR Adaptive AUTOSAR architecture and roadmap EB Adaptive Platform and Prototyping solution
More informationOperating-System Structures
Operating-System Structures Chapter 2 Operating System Services One set provides functions that are helpful to the user: User interface Program execution I/O operations File-system manipulation Communications
More informationCSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
More informationDistributed IMA with TTEthernet
Distributed IMA with thernet ARINC 653 Integration of thernet Georg Gaderer, Product Manager Georg.Gaderer@tttech.com October 30, 2012 Copyright TTTech Computertechnik AG. All rights reserved. Introduction
More informationChapter 2: Operating-System Structures
Chapter 2: Operating-System Structures Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationVirtualizaton: One Size Does Not Fit All. Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software
Virtualizaton: One Size Does Not Fit All Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software Agenda Linux and Automotive Challenges Solution: Virtualization Linux Containers Best
More informationDeveloping deterministic networking technology for railway applications using TTEthernet software-based end systems
Developing deterministic networking technology for railway applications using TTEthernet software-based end systems Project n 100021 Astrit Ademaj, TTTech Computertechnik AG Outline GENESYS requirements
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More information#RSAC #RSAC Thing Thing Thing Thing Thing Thing Edge Edge Gateway Gateway Cut costs Create value Find information in data then act Maintain Things Enrol Authorized Users & Things Authentication
More informationMentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016
Mentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016 andrew_patterson@mentor.com Embedded Software & Electric Vehicles Combustion Engine Electric
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationComputer Architecture Background
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 2b Computer Architecture Background Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical & Computer Engineering
More informationPublishing Enterprise Web Applications to BYOD using a Granular. Trust Model. Shachaf Levi IT Client Security & Connectivity May 2013.
Publishing Enterprise Web Applications to BYOD using a Granular Trust Model Shachaf Levi IT Client Security & Connectivity May 2013 Public Legal Notices This presentation is for informational purposes
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationSpring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand
Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,
More informationTailoring TrustZone as SMM Equivalent
presented by Tailoring TrustZone as SMM Equivalent Tony C.S. Lo Senior Manager American Megatrends Inc. UEFI Plugfest March 2016 www.uefi.org 1 Agenda Introduction ARM TrustZone SMM-Like Services in TrustZone
More informationWhat are some common categories of system calls? What are common ways of structuring an OS? What are the principles behind OS design and
What are the services provided by an OS? What are system calls? What are some common categories of system calls? What are the principles behind OS design and implementation? What are common ways of structuring
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
More informationIoT It s All About Security
IoT It s All About Security Colin Walls colin_walls@mentor.com Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds
More informationCreating a Practical Security Architecture Based on sel4
Creating a Practical Security Architecture Based on sel4 Xinming (Simon) Ou University of South Florida (many slides borrowed/adapted from my student Daniel Wang) 1 Questions for sel4 Community Is there
More informationThe Ultimate Windows 10 Hardening Guide: What to Do to Make Hackers Pick Someone Else
The Ultimate Windows 10 Hardening Guide: What to Do to Make Hackers Pick Someone Else Paula Januszkiewicz CQURE: CEO, Penetration Tester CQURE Offices: New York, Dubai, Warsaw MVP: Enterprise Security,
More information10 th AUTOSAR Open Conference
10 th AUTOSAR Open Conference Pierre-Antoine Bernard OpenSynergy GmbH Cornel Izbasa OpenSynergy GmbH Virtualization Solutions for the AUTOSAR Classic and Adaptive Platforms AUTOSAR Nov-2017 OpenSynergy
More informationAdvanced Systems Security: Security Goals
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationDOUG GOLDSTEIN STAR LAB XEN SUMMIT AUG 2016 ATTACK SURFACE REDUCTION
DOUG GOLDSTEIN STAR LAB XEN SUMMIT 2016 25 AUG 2016 ATTACK SURFACE REDUCTION OVERVIEW TOPICS Define attack surface Discuss parts of Xen s attack surface Attack surface metrics for Xen Define attack surface
More informationPresentation's title
3 rd April 2017 B03 -In-vehicle technology enabler Presentation's title Dominique Bolignano CEO Prove & Run dominique.bolignano@provenrun.com Introducing myself and Prove & Run Dominique Bolignano, previously
More informationSecurity as a Architectural Concern, Chrome Arch, and NFP Measurement Reid Holmes
Material and some slide content from: - Software Architecture: Foundations, Theory, and Practice - Krzysztof Czarnecki Security as a Architectural Concern, Chrome Arch, and NFP Measurement Reid Holmes
More informationTrusted Platform Modules Automotive applications and differentiation from HSM
Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies Axiom: Whatever is connected can (and will)
More informationwhitepaper ClickShare Security
ClickShare Security www.barco.com/clickshare Introduction ClickShare was introduced in 2012. Four years later, in 2016, a new generation of ClickShare Enterprise products was presented to the market. New
More informationThe Adaptive Platform for Future Use Cases
The Adaptive Platform for Future Use Cases Vector Congress 2016 - Stuttgart, 2016-11-30 V0.1 2016-09-21 Agenda Introduction Adaptive AUTOSAR Architecture Use Cases and Requirements Adaptive AUTOSAR at
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
More informationTrustzone Security IP for IoT
Trustzone Security IP for IoT Udi Maor CryptoCell-7xx product manager Systems & Software Group ARM Tech Forum Singapore July 12 th 2017 Why is getting security right for IoT so important? When our everyday
More informationReal-Time Systems and Intel take industrial embedded systems to the next level
Solution brief Industrial IoT (IIoT) Embedded Software and Systems Real-Time Systems and Intel take industrial embedded systems to the next level Innovative hypervisor and partitioning software increases
More informationA Data-Centric Approach for Modular Assurance Abstract. Keywords: 1 Introduction
A Data-Centric Approach for Modular Assurance Gabriela F. Ciocarlie, Heidi Schubert and Rose Wahlin Real-Time Innovations, Inc. {gabriela, heidi, rose}@rti.com Abstract. A mixed-criticality system is one
More informationPast, Present, and Future Justin Johnson Senior Principal Firmware Engineer
Dell Firmware Security Past, Present, and Future Justin Johnson Senior Principal Firmware Engineer justin.johnson1@dell.com Dell Security 2 What does BIOS do? Configure and Test System Memory Configure
More informationSecuring the Connected Car. Eystein Stenberg Product Manager Mender.io
Securing the Connected Car Eystein Stenberg Product Manager Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled
More informationInterconnecting Components
Interconnecting Components Need interconnections between CPU, memory, controllers Bus: shared communication channel Parallel set of wires for data and synchronization of data transfer Can become a bottleneck
More informationCSE 4/521 Introduction to Operating Systems. Lecture 12 Main Memory I (Background, Swapping) Summer 2018
CSE 4/521 Introduction to Operating Systems Lecture 12 Main Memory I (Background, Swapping) Summer 2018 Overview Objective: 1. To provide a detailed description of various ways of organizing memory hardware.
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More information