The Open-Source sel4 Kernel Military-Grade Security Through
|
|
- Kelley Taylor
- 6 years ago
- Views:
Transcription
1 The Open-Source sel4 Kernel Military-Grade Security Through Gernot Trustworthy Systems Data61 Linaro Connect SFO 17 h"ps://sel4.systems
2 Car Hacking What s Behind? Networking for: Entertainment Connected car Safety (@re pressure ) Maintenance (OTA upgrades) No security whatsoever on CAN bus! Sensor Infotainment etc Engine Control etc 2
3 Challenge of Networking Networking creates remote a"ack from passengers (wifi, Bluetooth) from nearby cars (wifi, Bluetooth) drive-by spread of viruses from anywhere (cellular) A"ack vectors: Insecure protocols Reusing crypto keys Soaware 3
4 Soaware Dependabilty, Security Soaware-engineering rule of thumb: 1 5 bugs per 1,000 lines of quality code Bluetooth protocol stack: Mul@ple 100,000 lines System Complexity Complexity Drivers Features/func@onality Legacy reuse Linux kernel: Tens of millions lines 4
5 Linux Security Soaware will break The enemy will be on the plahorm! 5
6 OK, So Let s Patch Regularly 10M LOC 10k bugs 10M LOC 10k-1 bugs Patch 10M LOC 10k bugs 1 known vulnerability Patch-and-Pray: A losing proposi@on 6
7 So, Let s Use Firewalls! Imposes overhead (SWaP) or Runs on vulnerable OS worthless if OS compromised Even more code may increase a"ack surface No help for valid messages that trigger bugs in soaware Firewalls treat symptoms, not causes of problems! Infotainment etc Sensor Engine Control etc 7
8 Let s Use AI to Detect Compromise! Runs on vulnerable OS worthless if OS compromised Even more code may increase a"ack surface Can only detect that system is already compromised Intrusion detec@on: admission of defeat Infotainment etc Sensor Engine Control etc 8
9 Fundamental Security Requirement: Strong untrusted trusted Enforced by trustworthy kernel Processor subject to global security policy 9
10 Trustworthiness: Can We Rely on A system is trustworthy if and only if: it behaves exactly as it is specified, in a timely manner, while ensuring secure execution Claim: A system must be considered untrustworthy unless proved otherwise! Corollary [with apologies to Dijkstra]: Tes@ng, code inspec@on, etc. can only show lack of trustworthiness! 10
11 Provably Secure System ~10,000 lines of C and ASM code Small attack surface, Amenable to full verification Non-kernel code can only access resources and communication channels if explicitly authorised with a per-object access token (capability) Confined damage Least privilege Small, fast, capability-based, operating system kernel components World s fastest (5 10X faster) operating system designed for security and safety Suitable for real-world deployment Code that runs in privileged mode of the hardware Most critical part Unprivileged mode sel4 access control VM IPC Threads Privileged mode hardware 11
12 20+ Years of L4 Microkernel R&D sel4: The latest (and most advanced) member of the L4 microkernel family API Inheritance L4-embed. Code Inheritance L4/MIPS L4/Alpha ios security processor OKL4-µKernel OKL4-Microvisor Codezero Qualcomm modem chips L3 L4 X Hazelnut Pistachio GMD/IBM/Karlsruhe UNSW/NICTA OK Labs Dresden Other (commercial) Fiasco P4 PikeOS Fiasco.OC Nova L4Re June'17
13 Proving Trustworthiness of sel4 C Implementa@on Exclusions (at present): Ini@alisa@on Low-level MMU model caches Mul@core Covert >ming channels Transla@on correctness [PLDI 13] Worst-case [RTSS 11, RTAS 16] Integrity Proof Proof Proof Abstract Model Binary code Availability Func@onal correctness [SOSP 09] Isola@on proper@es [ITP 11, S&P 13] Provably impossible: buffer overflow null-pointer dereference code injec@on memory leaks kernel crash undefined behaviour privilege escala@on 13
14 How Does sel4 Compare? Feature sel4 Other hypervisors, RTOSes, separation kernels Performance Fastest 2 10 slower Functional Proved No Guarantee correctness Isolation Proved No Guarantee Worst-case Sound & Estimates only latency bounds complete Storage channel Proved No Guarantee freedom Timing channel Low overhead None or High Overhead prevention Mixed-criticality support Fully supported, high utilisation Limited, resource-wastive 14
15 VM VM User Guest apps VMM Guest apps VMM Syscall Kernel guest OS guest OS Hypercall IPC Hyp COMP9242 S2/2017 W04
16 Security by Architecture Cyber-retrofit! Incremental process: migrate in pieces Virtual machine for legacy Extract bits, run untrusted Apps Apps Apps control Device driver NW stack Linux untrusted 16
17 Real-World Example: DARPA HACMS Retrofit system! Boeing Unmanned Li"le Bird SMACCMcopter Research Vehicle 17 US Army Autonomous Trucks Develop technology TARDEC GVR-Bot
18 Example: Processes A VSpace FRAME FRAME PT A PD A Thread-Object CSpace A CNodeA1 EP CONTEXT CNode A2 Send Receive CSpace CNode B1... Thread-Object B CONTEXT VSpace B Communica@on endpoint (port) 18 June'17
19 Component Middleware: CAmkES Higher-level of low-level sel4 constructs interface connector component 19 June'17
20 Example: Simplified HACMS UAV Radio Driver CAN Driver Data Link Crypto contained Wifi Camera Linux untrusted 20 June'17
21 Enforcing the Architecture Radio Driver CAN Driver Data Link Crypto untrusted, contained Linux untrusted Wi fi Camer a Architecture specifica@on language Low-level capdl access rights A Thread Object CSpace CSpace CNode EP CNode Thread Object B glue.c driver.c VMM.c CONTEXT VSpace... Send Receive... CONTEXT VSpace Compiler/ Linker init.c binary 21
22 Open-Source Architecture Analysis Analysis Tools Safety Eclipsebased IDE Design AADL Architecture Analysis & Language Generate Component CAmkES Generate Glue Code Binary 22 LCA'16 Geelong
23 Military-Grade Security Cross-Domain Desktop Compositor secure terminal Successful defence trial in AU Evaluated in US, UK, CA Formal security soon Pen10.com.au crypto device undergoing formal security in UK 23
24 Pull request or patch on mailing list Review 24
25 Thank you Robin Randhawa Please check out h"ps://sel4.systems 25
26 Military-Grade Security for You! Security is no excuse for poor performance! Gernot Linaro Connect SFO 17 h"p://sel4.systems
Towards Principled OS-Level Temporal Isola?on
Towards Principled OS-Level Temporal Isola?on Gernot Heiser gernot@data61.csiro.au @GernotHeiser So6ware Systems Summer School, February 2016 h"ps://trustworthy.systems Requirements for Trustworthy Systems
More informationIntroduction. COMP9242 Advanced Operating Systems 2010/S2 Week 1
Introduction COMP9242 Advanced Operating Systems 2010/S2 Week 1 2010 Gernot Heiser UNSW/NICTA/OK Labs. Distributed under Creative Commons Attribution License 1 Copyright Notice These slides are distributed
More informationIntroduction. COMP /S2 Week Gernot Heiser UNSW/NICTA/OKL. Distributed under Creative Commons Attribution License 1
Introduction COMP9242 2008/S2 Week 1 2008 Gernot Heiser UNSW/NICTA/OKL. Distributed under Creative Commons Attribution License 1 Copyright Notice These slides are distributed under the Creative Commons
More informationGerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish
Gerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish Thomas Sewell Harvey Tuch Simon Winwood 1 microkernel
More informationCOMP9242 Advanced OS. Monolithic Kernels vs Microkernels. Reducing TCB: Microkernels
Copyright Notice COMP9242 Advanced OS S2/2016 W01: Introduction to sel4 @GernotHeiser These slides are distributed under the Creative Commons Attribution 3.0 License You are free: to share to copy, distribute
More informationCOMP9242 Advanced OS. Monolithic vs Microkernel OS Evolution. Reducing Trusted Computing Base: Microkernels. Adaptable Dependable Highly optimised
Copyright Notice COMP9242 Advanced OS S2/2018 W01: Introduction to sel4 @GernotHeiser These slides are distributed under the Creative Commons Attribution 3.0 License You are free: to share to copy, distribute
More informationThe sel4 Status Report Security is no excuse for poor performance!
The sel4 Status Report Security is no excuse for poor performance! Gernot Heiser gernot.heiser@data61.csiro.au @GernotHeiser h"ps://sel4.systems Copyright NoBce These slides are distributed under the Creative
More informationCreating a Practical Security Architecture Based on sel4
Creating a Practical Security Architecture Based on sel4 Xinming (Simon) Ou University of South Florida (many slides borrowed/adapted from my student Daniel Wang) 1 Questions for sel4 Community Is there
More informationImproving Interrupt Response Time in a Verifiable Protected Microkernel
Improving Interrupt Response Time in a Verifiable Protected Microkernel Bernard Blackham Yao Shi Gernot Heiser The University of New South Wales & NICTA, Sydney, Australia EuroSys 2012 Motivation The desire
More informationCOMP9242 Advanced Operating Systems S2/2015 Week 1: Introduction to sel4 COMP9242 S2/2015 W01
COMP9242 Advanced Operating Systems S2/2015 Week 1: Introduction to sel4 Copyright Notice These slides are distributed under the Creative Commons Attribution 3.0 License You are free: to share to copy,
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationAlterna(ve Architectures
Alterna(ve Architectures COMS W4118 Prof. Kaustubh R. Joshi krj@cs.columbia.edu hep://www.cs.columbia.edu/~krj/os References: Opera(ng Systems Concepts (9e), Linux Kernel Development, previous W4118s Copyright
More informationTowards Application Security on Untrusted Operating Systems
Towards Application Security on Untrusted Operating Systems Dan R. K. Ports MIT CSAIL & VMware Tal Garfinkel VMware Motivation Many applications handle sensitive data financial, medical, insurance, military...
More informationHigh-assurance software for autonomous ground systems
High-assurance software for autonomous ground systems Aleksey Nogin HRL Laboratories, LLC December 15, 2016 Acknowledgment: This material is based upon work supported by the United States Air Force and
More informationSmart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017
Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software
More informationHigh-Assurance Cyber Space Systems (HACSS) for Small Satellite Mission Integrity
Distribution A: SSC17-V-01 High-Assurance Cyber Space Systems (HACSS) for Small Satellite Mission Integrity Daria C. Lane, Enrique S. Leon, Francisco C. Tacliad, Dexter H. Solio, Ian L. Rodney, Dmitriy
More informationAutomotive BoF Can Linux and Functional Safety Mix? (Take 2) Robin Randhawa ARM
Automotive BoF Can Linux and Functional Safety Mix? (Take 2) Robin Randhawa ARM Recap: My objectives Investigate the potential for open source software in safety critical domains Test assumptions with
More informationUsing Formal Methods Tools to Improve Security in an Autonomous Military Truck
U.S. ARMY TANK AUTOMOTIVE RESEARCH, DEVELOPMENT AND ENGINEERING CENTER Using Formal Methods Tools to Improve Security in an Autonomous Military Truck Dariusz Mikulski, Ph.D. SANS Automotive Cybersecurity
More informationMicrokernel Construction
Introduction SS2013 Class Goals Provide deeper understanding of OS mechanisms Introduce L4 principles and concepts Make you become enthusiastic L4 hackers Propaganda for OS research at 2 Administration
More informationHigh Assurance Cyber Military Systems (HACMS)
High Assurance Cyber Military Systems (HACMS) Ray Richards, I2O Program Manager November 19, 2018 11/19/2018 Distribution Statement A - Approved for Public Release, Distribution Unlimited 1 Many Remote
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationThe Motorola Evoke QA4 A Case Study in Mobile Virtualization
TECHNOLOGY WHITE PAPER The Motorola Evoke QA4 Gernot Heiser, PhD Chief Technology Officer Open Kernel Labs, Inc. July 22, 2009 Copyright 2009 Open Kernel Labs, Inc. This publication is distributed by Open
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationPart 1: Introduction to device drivers Part 2: Overview of research on device driver reliability Part 3: Device drivers research at ERTOS
Some statistics 70% of OS code is in device s 3,448,000 out of 4,997,000 loc in Linux 2.6.27 A typical Linux laptop runs ~240,000 lines of kernel code, including ~72,000 loc in 36 different device s s
More informationCOMP9242 Advanced OS. S2/2016 W09: Microkernel Design &
COMP9242 Advanced OS S2/2016 W09: Microkernel Design & Implementation @GernotHeiser Copyright Notice These slides are distributed under the Creative Commons Attribution 3.0 License You are free: to share
More informationUsing a Certified Hypervisor to Secure V2X communication
SYSGO AG PUBLIC 1 Using a Certified Hypervisor to Secure V2X communication Author(s): Date: Version Chris Berg 08/05/2017 v1.1 SYSGO AG PUBLIC 2 Protecting Assets People started protecting their assets
More informationOffense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent
Offense & Defense in IoT World Samuel Lv Keen Security Lab, Tencent Keen Security Lab of Tencent Wide coverage of software and hardware security research Mainstream PC & Mobile Operating Systems Mainstream
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationWhitepaper. Endpoint Strategy: Debunking Myths about Isolation
Whitepaper Endpoint Strategy: Debunking Myths about Isolation May 2018 Endpoint Strategy: Debunking Myths about Isolation Endpoints are, and have always been, a major cyberattack vector. Attackers, aiming
More information24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.
24-vm.txt Mon Nov 21 22:13:36 2011 1 Notes on Virtual Machines 15-440, Fall 2011 Carnegie Mellon University Randal E. Bryant References: Tannenbaum, 3.2 Barham, et al., "Xen and the art of virtualization,"
More informationVirtualization. Dr. Yingwu Zhu
Virtualization Dr. Yingwu Zhu Virtualization Definition Framework or methodology of dividing the resources of a computer into multiple execution environments. Types Platform Virtualization: Simulate a
More informationThe Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA
The Remote Exploitation of Unaltered Passenger Vehicles Revisited 20 th October 2016 Mark Pitchford, Technical Manager, EMEA Today s hot topic A few years ago, Lynx presentations at events such as this
More informationCSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
More informationSecure Server Project. Xen Project Developer Summit 2013 Adven9um Labs Jason Sonnek
Secure Server Project Xen Project Developer Summit 2013 Adven9um Labs Jason Sonnek 1 Outline I. Mo9va9on, Objec9ves II. Threat Landscape III. Design IV. Status V. Roadmap 2 Mo9va9on In a nutshell: Secure
More informationXen and the Art of Virtualiza2on
Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian PraF, Andrew Warfield University of Cambridge Computer Laboratory Kyle SchuF CS 5204 Virtualiza2on Abstrac2on
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationVirtualization for Embedded Systems
Is an open source solution right for you? 6/26/2013 Julia Keffer Page i Table of Contents Table of Contents Introduction... 1 What is Virtualization?... 1 Virtualization Applications... 2 Operating Systems
More informationFacing the Reality: Virtualization in a Microkernelbased Operating System. Matthias Lange, MOS, January 26th, 2016
Facing the Reality: Virtualization in a Microkernelbased Operating System Matthias Lange, MOS, January 26th, 2016 matthias.lange@kernkonzept.com Today's take aways Microkernel systems are used to build
More informationGREEN HILLS SOFTWARE: EAL6+ SECURITY FOR MISSION CRITICAL APPLICATIONS
GREEN HILLS SOFTWARE: EAL6+ SECURITY FOR MISSION CRITICAL APPLICATIONS 15 December 2008: EAL6+ Security for Mission Critical Applications INTERVIEWEE. DAVID KLEIDERMACHER CHIEF TECHNOLOGY OFFICER TEL.
More informationCOMP9242 Advanced OS. Copyright Notice. Microkernel Principles: Minimality. Consequence : User-level Services
Copyright Notice COMP9242 Advanced OS S2/2016 W09: Microkernel Design & Implementation @GernotHeiser These slides are distributed under the Creative Commons Attribution 3.0 License You are free: to share
More informationVirtualization. Introduction. Why we interested? 11/28/15. Virtualiza5on provide an abstract environment to run applica5ons.
Virtualization Yifu Rong Introduction Virtualiza5on provide an abstract environment to run applica5ons. Virtualiza5on technologies have a long trail in the history of computer science. Why we interested?
More informationCombining program verification with component-based architectures. Alexander Senier BOB 2018 Berlin, February 23rd, 2018
Combining program verification with component-based architectures Alexander Senier BOB 2018 Berlin, February 23rd, 2018 About Componolit 2 What happens when we use what's best? 3 What s Best? Mid-90ies:
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationVirtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Virtual Machines Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today's Topics History and benefits of virtual machines Virtual machine technologies
More informationSoftware Security: Vulnerability Analysis
Computer Security Course. Software Security: Vulnerability Analysis Program Verification Program Verification How to prove a program free of buffer overflows? Precondition Postcondition Loop invariants
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More information6.033 Spring Lecture #6. Monolithic kernels vs. Microkernels Virtual Machines spring 2018 Katrina LaCurts
6.033 Spring 2018 Lecture #6 Monolithic kernels vs. Microkernels Virtual Machines 1 operating systems enforce modularity on a single machine using virtualization in order to enforce modularity + build
More informationOS History and OS Structures
OS History and OS Structures Karthik Dantu CSE 421/521: Opera>ng Systems Slides adopted from CS162 class at Berkeley, CSE 451 at U-Washington and CSE 421 by Prof Kosar at UB Join Piazza Ac>on Items From
More informationSecuring the Connected Car. Eystein Stenberg Product Manager Mender.io
Securing the Connected Car Eystein Stenberg Product Manager Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled
More informationLearning Outcomes. Extended OS. Observations Operating systems provide well defined interfaces. Virtual Machines. Interface Levels
Learning Outcomes Extended OS An appreciation that the abstract interface to the system can be at different levels. Virtual machine monitors (VMMs) provide a lowlevel interface An understanding of trap
More informationHypervisor security. Evgeny Yakovlev, DEFCON NN, 2017
Hypervisor security Evgeny Yakovlev, DEFCON NN, 2017 whoami Low-level development in C and C++ on x86 UEFI, virtualization, security Jetico, Kaspersky Lab QEMU/KVM developer at Virtuozzo 2 Agenda Why hypervisor
More informationMicrokernel-based Operating Systems - Introduction
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Microkernel-based Operating Systems - Introduction Nils Asmussen Dresden, Oct 09 2018 Lecture Goals Provide deeper
More informationFaculty of Computer Science, Operating Systems Group. The L4Re Microkernel. Adam Lackorzynski. July 2017
Faculty of Computer Science, Operating Systems Group The L4Re Microkernel Adam Lackorzynski July 2017 2 Agenda Plan What is L4Re? History The L4Re Microkernel / Hypervisor Fiasco Interfaces SMP Virtualization...
More informationLOCAL OPERATING SYSTEMS R&D AND OPPOR TUNITIES FOR STUDENTS
OVERVIEW Cool systems stuff happening at: LOCAL OPERATING SYSTEMS R&D AND OPPOR TUNITIES FOR STUDENTS COMP9242 2006/S2 Week 14 UNSW Gelato@UNSW Linux scalability and performance on Itanium National ICT
More informationMASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.033 Computer Systems Engineering: Spring 2011 Quiz I Solutions There are 10 questions and 12 pages in this
More informationApplication Virtualization and Desktop Security
Application Virtualization and Desktop Security Karl MacMillan kmacmillan@tresys.com Tresys Technology 1 Application Virtualization Introduction Encapsulates a single application Bundles application into
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationThe Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
More informationBjörn Döbel. Microkernel-Based Operating Systems. Exercise 3: Virtualization
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Björn Döbel Microkernel-Based Operating Systems Exercise 3: Virtualization Emulation Virtualization Emulation / Simulation
More informationLive Demo: A New Hardware- Based Approach to Secure the Internet of Things
SESSION ID: CCS-W04 Live Demo: A New Hardware- Based Approach to Secure the Internet of Things Cesare Garlati Chief Security Strategist prpl Foundation @CesareGarlati Securing the Internet of (broken)
More informationmbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017
mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM mbed: Connecting chip to cloud Device software Device services Third-party cloud services IoT device application mbed Cloud Update IoT cloud
More information4. Jump to *RA 4. StackGuard 5. Execute code 5. Instruction Set Randomization 6. Make system call 6. System call Randomization
04/04/06 Lecture Notes Untrusted Beili Wang Stages of Static Overflow Solution 1. Find bug in 1. Static Analysis 2. Send overflowing input 2. CCured 3. Overwrite return address 3. Address Space Randomization
More informationDynamic Translator-Based Virtualization
Dynamic Translator-Based Virtualization Yuki Kinebuchi 1,HidenariKoshimae 1,ShuichiOikawa 2, and Tatsuo Nakajima 1 1 Department of Computer Science, Waseda University {yukikine, hide, tatsuo}@dcl.info.waseda.ac.jp
More informationL4/Darwin: Evolving UNIX. Charles Gray Research Engineer, National ICT Australia
L4/Darwin: Evolving UNIX Charles Gray Research Engineer, National ICT Australia charles.gray@nicta.com.au Outline 1. Project Overview 2. BSD on the Mach microkernel 3. Porting Darwin to the L4 microkernel
More informationMicrokernel-based Operating Systems - Introduction
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Microkernel-based Operating Systems - Introduction Carsten Weinhold Dresden, Oct 09 th 2012 Lecture Goals Provide
More informationTowards a Practical, Verified Kernel
Towards a Practical, Verified Kernel Kevin Elphinstone and Gerwin Klein, National ICT Australia and the University of New South Wales Philip Derrin, National ICT Australia Timothy Roscoe, ETH Zürich Gernot
More informationBusiness Case Components
How to Build A SOC Agenda Mission Business Case Components Regulatory requirements SOC Terminology Technology Components Events categories Staff Requirements Organiza>on s Considera>ons Training Requirements
More informationFault Isolation for Device Drivers
Fault Isolation for Device Drivers 39 th International Conference on Dependable Systems and Networks, 30 June 2009, Estoril Lisbon, Portugal Jorrit N. Herder Vrije Universiteit Amsterdam ~26% of Windows
More informationA HIGH ASSURANCE WIRELESS COMPUTING SYSTEM (HAWCS ) ARCHITECTURE FOR SOFTWARE DEFINED RADIOS AND WIRELESS MOBILE PLATFORMS
A HIGH ASSURANCE WIRELESS COMPUTING SYSTEM (HAWCS ) ARCHITECTURE FOR SOFTWARE DEFINED RADIOS AND WIRELESS MOBILE PLATFORMS David Murotake, Ph.D. (SCA Technica, Inc. Nashua NH, USA; dmurotak@scatechnica.com)
More informationCOMP9242 Advanced Operating Systems S2/2012 Week 1: Introduction to sel4
COMP9242 Advanced Operating Systems S2/2012 Week 1: Introduction to sel4 Copyright Notice These slides are distributed under the Creative Commons Attribution 3.0 License You are free: to share to copy,
More informationCOMP9242 Advanced Operating Systems S2/2013 Week 4: Microkernel Design
COMP9242 Advanced Operating Systems S2/2013 Week 4: Microkernel Design Copyright Notice These slides are distributed under the Creative Commons Attribution 3.0 License You are free: to share to copy, distribute
More informationVirtualization. Pradipta De
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationInformation Flow Control For Standard OS Abstractions
Information Flow Control For Standard OS Abstractions Maxwell Krohn, Alex Yip, Micah Brodsky, Natan Cliffer, Frans Kaashoek, Eddie Kohler, Robert Morris MIT SOSP 2007 Presenter: Lei Xia Mar. 2 2009 Outline
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationTrickle: Automated Infeasible Path
Trickle: Automated Infeasible Path Detection Using All Minimal Unsatisfiable Subsets Bernard Blackham, Mark Liffiton, Gernot Heiser School of Computer Science & Engineering, UNSW Software Systems Research
More informationThe Evolution of Secure Operating Systems
The Evolution of Secure Operating Systems Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University 1 Operating Systems
More informationTolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory,...
More informationA Userspace Packet Switch for Virtual Machines
SHRINKING THE HYPERVISOR ONE SUBSYSTEM AT A TIME A Userspace Packet Switch for Virtual Machines Julian Stecklina OS Group, TU Dresden jsteckli@os.inf.tu-dresden.de VEE 2014, Salt Lake City 1 Motivation
More informationCOMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
More informationHardware- assisted Virtualization
Hardware- assisted Virtualization Pra$k Shah (pcshah) Rohan Pa$l (rspa$l) 15-612 Opera,ng System Prac,cum Carnegie Mellon University 1 Agenda Introduc)on to VT- x CPU virtualiza)on with VT- x VMX VMX Transi$ons
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationPresentation's title
3 rd April 2017 B03 -In-vehicle technology enabler Presentation's title Dominique Bolignano CEO Prove & Run dominique.bolignano@provenrun.com Introducing myself and Prove & Run Dominique Bolignano, previously
More informationFormal methods for software security
Formal methods for software security Thomas Jensen, INRIA Forum "Méthodes formelles" Toulouse, 31 January 2017 Formal methods for software security Formal methods for software security Confidentiality
More informationConfinement. Steven M. Bellovin November 1,
Confinement Steven M. Bellovin November 1, 2016 1 Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many
More informationSecuring the Connected Car. Eystein Stenberg CTO Mender.io
Securing the Connected Car Eystein Stenberg CTO Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled Software defined
More informationVirtualization for Embedded Systems
TECHNOLOGY WHITE PAPER Virtualization for Embedded Systems Gernot Heiser, PhD Chief Technology Officer Open Kernel Labs, Inc. Document Number: OK 40036:2007 Date: November 27, 2007 OK 40036:2007 Copyright
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationBack To The Future: A Radical Insecure Design of KVM on ARM
Back To The Future: A Radical Insecure Design of KVM on ARM Abstract In ARM, there are certain instructions that generate exceptions. Such instructions are typically executed to request a service from
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationInitial Evaluation of a User-Level Device Driver Framework
Initial Evaluation of a User-Level Device Driver Framework Stefan Götz Karlsruhe University Germany sgoetz@ira.uka.de Kevin Elphinstone National ICT Australia University of New South Wales kevine@cse.unsw.edu.au
More informationBringing Android to Secure SDRs
Bringing Android to Secure SDRs David Kleidermacher Frank Vandenberg SDR 11 WinnComm - Europe Agenda Overview Why Android in SDR? Android Security Proposed Architecture Typical red-black architecture for
More informationOS Extensibility: SPIN and Exokernels. Robert Grimm New York University
OS Extensibility: SPIN and Exokernels Robert Grimm New York University The Three Questions What is the problem? What is new or different? What are the contributions and limitations? OS Abstraction Barrier
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationDan Noé University of New Hampshire / VeloBit
Dan Noé University of New Hampshire / VeloBit A review of how the CPU works The operating system kernel and when it runs User and kernel mode Device drivers Virtualization of memory Virtual memory Paging
More informationMICROKERNEL CONSTRUCTION 2014
MICROKERNEL CONSTRUCTION 2014 THE FIASCO.OC MICROKERNEL Alexander Warg MICROKERNEL CONSTRUCTION 1 FIASCO.OC IN ONE SLIDE CAPABILITY-BASED MICROKERNEL API single system call invoke capability MULTI-PROCESSOR
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationRED HAT ENTERPRISE VIRTUALIZATION 3.0
RED HAT ENTERPRISE VIRTUALIZATION 3.0 YOUR STRATEGIC VIRTUALIZATION ALTERNATIVE John Rinehart, Product Marke3ng Manager Mark St. Laurent, Senior Solu3on Architect Email: msl@redhat.com March 28, 2012 AGENDA
More information