Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems
|
|
|
- Nancy Bailey
- 5 years ago
- Views:
Transcription
1 Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems Seyed Mohammadjavad Seyed Talebi, Hamid Tavakoli, Hang Zhang, Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian UC Irvine UC Riverside
2 What is the problem? Key ideas to solve the problem Design Evaluation Summary 2
3 Security of mobile systems is vital 3
4 Mobile systems are diverse More than 1,000 Android device manufacturers More than 24,000 distinct Android devices 4
5 Diverse hardware many device drivers Vendors competition more features more hardwares more device drivers 5
6 Device drivers are a major risk to the security of mobile systems 6 Source: Jeffrey Vander Stoep Android: protecting the kernel. In Linux Security Summit. Linux Foundation.
7 How to investigate bugs in device drivers of mobile systems? 7 Source: Jeffrey Vander Stoep Android: protecting the kernel. In Linux Security Summit. Linux Foundation.
8 Dynamic analysis is useful to find vulnerabilities Fuzzing Interactive debugging Record-and-replay Selective Symbolic Execution REC Play Dynamic taint analysis 8
9 Many existing dynamic analysis tools use virtual machines Fuzzing Interactive debugging Record-and-replay Selective Symbolic Execution REC Play kafl Digtool GDB QEMU S 2E Dynamic taint analysis DECAF 9
10 Many existing dynamic analysis tools use virtual machines Fuzzing Interactive debugging Record-and-replay Selective Symbolic Execution REC Play kafl Digtool GDB QEMU S 2E Dynamic taint analysis DECAF 10
11 Many existing dynamic analysis tools use virtual machines Fuzzing Interactive debugging Record-and-replay Selective Symbolic Execution REC Play kafl Digtool GDB QEMU S 2E Dynamic taint analysis DECAF 11
12 Many existing dynamic analysis tools use virtual machines Fuzzing Interactive debugging Record-and-replay Selective Symbolic Execution REC Play kafl Digtool GDB QEMU S 2E Dynamic taint analysis DECAF 12
13 Many existing dynamic analysis tools use virtual machines Fuzzing Interactive debugging Record-and-replay Selective Symbolic Execution REC Play kafl Digtool GDB QEMU S 2E Dynamic taint analysis DECAF 13
14 Applying these tools to device drivers in mobile systems is hard Hardware assisted virtual machine Not available 14
15 Applying these tools to device drivers in mobile systems is hard Hardware assisted virtual machine Not available Software only virtual machine Poor performance 15
16 Key ideas to solve the problem Design Evaluation Summary 16
17 Key idea 1: running device drivers of a mobile system in a virtual machine on a workstation Virtual machine Device driver(s) of mobile system 17
18 Key idea 1: running device driver of a mobile system in a virtual machine on a workstation Virtual machine Fails without I/O access Device driver(s) of mobile system 18
19 Key idea 2: use the mobile device to serve low-level I/O operations Virtual machine Low-level I/O operations Device driver(s) of mobile system 19
20 Design Evaluation Summary 20
21 Device driver of a mobile system: a closer look Mobile system OS User space Kernel Device driver Shared modules I/O device Shared HW 21
22 Device driver of a mobile system: a closer look Mobile system OS User space Kernel Memory mapped register read/writes Interrupt Device driver Shared modules I/O device Shared HW 22
23 Device driver of a mobile system: a closer look Mobile system OS User space Kernel Device driver Clock, power management, GPIO, and pin control Shared modules I/O device Shared HW 23
24 Device driver of a mobile system: a closer look Mobile system OS User space Kernel Device driver Function calls to Linux API for shared modules Shared modules I/O device Shared HW 24
25 Move the device driver to a workstation Workstation Mobile system Virtual machine OS OS User space User space Kernel Kernel Device driver Shared modules Hypervisor I/O device Shared HW 25
26 Move the device driver to a workstation Workstation Mobile system Virtual machine OS OS User space User space Kernel Kernel Device driver Shared modules Hypervisor I/O device Shared HW 26
27 Challenge: cannot move shared modules Workstation Virtual machine OS User space Kernel Mobilecannot system Mobile system boot OSpower without clock, management, GPIO, and User space pin control modules Kernel Device driver Shared modules Hypervisor I/O device Shared HW 27
28 Do not move shared modules Workstation Mobile system Virtual machine OS OS User space User space Kernel Kernel Device driver Shared modules Hypervisor I/O device Shared HW 28
29 Remote I/O operations Workstation Virtual machine OS User space Kernel Mobile system Fails without I/O access OS User space Kernel Device driver Shared modules Hypervisor I/O device Shared HW 29
30 Low latency USB channel Workstation Mobile system Virtual machine OS OS User space User space Kernel Kernel Device driver USB channel Stub Shared modules Stub Hypervisor I/O device Shared HW 30
31 Design decision 2: low latency USB channel Workstation Virtual machine OS User space Kernel Normal USB channel Mobile system OS ~ 2 ms Latency User space Kernel Device driver Charm USB channel Stub Hypervisor ~ 100 us Latency Stub I/O device Shared modules Shared HW 31
32 Remote I/O interface 1: remote register read/write Workstation Mobile system Virtual machine OS OS User space User space Kernel Kernel Device driver USB channel Stub Shared modules Stub Hypervisor I/O device Shared HW 32
33 Remote I/O interface 2: remote interrupt handling Workstation Mobile system Virtual machine OS OS User space User space Kernel Kernel Device driver USB channel Stub Shared modules Stub Hypervisor I/O device Shared HW 33
34 Remote I/O interface 3: Remote Procedure Call (RPC) Workstation Mobile system Virtual machine OS OS User space User space Kernel Kernel Device driver USB channel Stub Shared modules Stub Hypervisor I/O device Shared HW 34
35 Evaluation Summary 35
36 Charm supports various drivers and devices Model Nexus 5X Nexus 6P Galaxy S7 LG Huawei Samsung Supported drivers Camera, Audio GPU IMU Sensors Lines of Code Ported 65, ,000 31, days 2 days Manufacturer Porting time 36
37 Time it takes to port a driver to Charm Model Nexus 5X Nexus 6P Galaxy S7 LG Huawei Samsung Supported drivers Camera, Audio GPU IMU Sensors Lines of Code Ported 65, ,000 31, days 2 days Manufacturer Porting time 37
38 Charm supports various dynamic analysis techniques Fuzzing Record-and-replay Manual Interactive debugging 38
39 How Charm facilitates fuzzing VT-x PT More hardware support 39
40 How Charm facilitates fuzzing VT-x PT More hardware support KASAN KMSAN KTSAN More software support 40
41 How Charm facilitates fuzzing VT-x PT More hardware support KASAN KMSAN KTSAN More software support Reliable console access No special hardware 41
42 Fuzzing scenarios Scenario 1 Scenario 2 Without Charm With Charm Execute fuzzer on the phone Execute fuzzer on the server 42
43 Fuzzing performance on Charm 43
44 Low overhead for fuzzing on Charm Higher performance Low-level I/O operations Not frequent 44
45 Bugs found by Charm Total number of bugs 25 New bugs 14 Bugs found using KASAN 2 False positive bugs 0 45
46 Charm supports various dynamic analysis techniques Fuzzing Record-and-replay Manual Interactive debugging REC Play 46
47 Charm facilitates record-and-replay Not feasible without Charm for mobile device drivers REC Play 47
48 Record all remote I/O interactions Workstation Mobile system Virtual machine OS OS User space User space Kernel Kernel Device driver USB channel Stub REC Resident modules Stub Hypervisor I/O device Resident hw 48
49 Replay the recorded interactions Workstation Virtual machine OS User space Kernel Device driver Play Stub Hypervisor 49
50 Replay the recorded interactions Workstation Virtual machine OS User space Kernel Device driver Mobile system is not needed while replaying Play Stub Hypervisor 50
51 Record-and-replay performance 51
52 Charm supports various dynamic analysis techniques Fuzzing Record and Replay Manual Interactive debugging 52
53 Charm facilitates manual interactive debugging Charm enables using GDB for device drivers Breakpoint Watchpoint Single-step execution 53
54 Manual interactive debugging results We analyzed three known vulnerabilities CVE : use-after-free bug CVE : out-of-bounds access bug CVE : out-of-bounds access bug We built an arbitrary kernel code execution exploit using CVE
55 Related work Charm Avatar [NDSS 14] Surrogate [WOOT 15] Target Mobile systems, open source device drivers Embedded Embedded systems systems firmware firmware Forward I/O accesses Yes Yes Yes Communication channel USB UART and JTAG PCIe FPGA board/jtag Performance Near native Poor Near native 55
56 Limitations and Future work Current Implementation Future work Manual port of drivers Automatic port of drivers No DMA support DMA support Open source drivers support Binary drivers support 56
57 Summary 57
58 Summary Charm facilitates dynamic analysis of mobile device drivers Charm s performance is on par with actual mobile systems Charm supports a broad variety of device drivers with reasonable engineering effort 58
59 Summary Charm facilitates dynamic analysis of mobile device drivers Charm s performance is on par with actual mobile systems Charm supports a broad variety of device drivers with reasonable engineering effort Charm is open source: 59
60 Backup slides: vulnerable code snippet of CVE
61 Backup slides: vulnerable code snippet of CVE
62 Backup slides: building exploit Heap or stack? 62
63 Backup slides: building exploit Heap or stack? Heap -> Spray target objects 63
64 Backup slides: building exploit Target object Vulnerable object offset 64
65 Dynamic analysis is very useful Static analysis Dynamic analysis False positives rate High Low Compiler/linker bugs Cannot find Can find Code obfuscation Vulnerable Not vulnerable Unknown types of bugs Cannot find Can find Code coverage High Low 65
66 CVE Is it out-of-bound access? 66
67 CVE Is it out-of-bound access? 67
68 CVE Use after free Watch points 68
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems Seyed Mohammadjavad Seyed Talebi, Hamid Tavakoli, Hang Zhang, Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian UC Irvine, UC Riverside
Malware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
Software Quality is Directly Proportional to Simulation Speed
Software Quality is Directly Proportional to Simulation Speed CDNLive! 11 March 2014 Larry Lapides Page 1 Software Quality is Directly Proportional to Test Speed Intuitively obvious (so my presentation
Sugar: Secure GPU Acceleration in Web Browsers
Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao, Zongheng Ma, Yingtong Liu, Ardalan Amiri Sani, Aparna Chandramowlishwaran Trustworthy Systems Lab, UC Irvine 1 WebGL was released in 2011 2 Source:
Wind River. All Rights Reserved.
1 Using Simulation to Develop and Maintain a System of Connected Devices Didier Poirot Simics Technical Account Manager THE CHALLENGES OF DEVELOPING CONNECTED ELECTRONIC SYSTEMS 3 Mobile Networks Update
Unleashing D* on Android Kernel Drivers. Aravind Machiry
Unleashing D* on Android Kernel Drivers Aravind Machiry (@machiry_msidc) $ whoami Fourth year P.h.D Student at University of California, Santa Barbara. Vulnerability Detection in System software. machiry.github.io
Virtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader
Virtualization Device Emulator Testing Technology Speaker: Qinghao Tang Title 360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
Software Development Using Full System Simulation with Freescale QorIQ Communications Processors
Patrick Keliher, Simics Field Application Engineer Software Development Using Full System Simulation with Freescale QorIQ Communications Processors 1 2013 Wind River. All Rights Reserved. Agenda Introduction
HITB Amsterdam
Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware Guillaume Delugré Sogeti / ESEC R&D guillaume(at)security-labs.org HITB 2011 - Amsterdam Purpose of this presentation G. Delugré
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices Marius Muench 1 Jan Stijohann 2,3 Frank Kargl 3 Aurélien Francillon 1 Davide Balzarotti 1 1 EURECOM 2 Siemens AG 3 Ulm University
27 March 2018 Mikael Arguedas and Morgan Quigley
27 March 2018 Mikael Arguedas and Morgan Quigley Separate devices: (prototypes 0-3) Unified camera: (prototypes 4-5) Unified system: (prototypes 6+) USB3 USB Host USB3 USB2 USB3 USB Host PCIe root
Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim Corteggiani (Maxim Integrated / EURECOM) Giovanni Camurati
Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim Corteggiani (Maxim Integrated / EURECOM) Giovanni Camurati (EURECOM) Aurélien Francillon (EURECOM) 08/15/18 Embedded
Virtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
Making Dynamic Instrumentation Great Again
Making Dynamic Instrumentation Great Again Malware Research Team @ @xabiugarte [advertising space ] Deep Packer Inspector https://packerinspector.github.io https://packerinspector.com Many instrumentation
Embedded Systems Programming
Embedded Systems Programming ES Development Environment (Module 3) Yann-Hang Lee Arizona State University yhlee@asu.edu (480) 727-7507 Summer 2014 Embedded System Development Need a real-time (embedded)
Software Driven Verification at SoC Level. Perspec System Verifier Overview
Software Driven Verification at SoC Level Perspec System Verifier Overview June 2015 IP to SoC hardware/software integration and verification flows Cadence methodology and focus Applications (Basic to
Identifying Memory Corruption Bugs with Compiler Instrumentations. 이병영 ( 조지아공과대학교
Identifying Memory Corruption Bugs with Compiler Instrumentations 이병영 ( 조지아공과대학교 ) blee@gatech.edu @POC2014 How to find bugs Source code auditing Fuzzing Source Code Auditing Focusing on specific vulnerability
Comprehensive Kernel Instrumentation via Dynamic Binary Translation
Comprehensive Kernel Instrumentation via Dynamic Binary Translation Peter Feiner Angela Demke Brown Ashvin Goel University of Toronto 011 Complexity of Operating Systems 012 Complexity of Operating Systems
Secure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
Fuzzing AOSP. AOSP for the Masses. Attack Android Right Out of the Box Dan Austin, Google. Dan Austin Google Android SDL Research Team
Fuzzing AOSP For the Masses AOSP for the Masses Attack Android Right Out of the Box Dan Austin, Google Dan Austin Google Android SDL Research Team Exploitation: Find the Needle Needles are Interesting
What's New in CDT 7.0? dominique dot toupin at ericsson dot com
What's New in CDT 7.0? dominique dot toupin at ericsson dot com 23 committers Project Status Representing IDE vendors, consultants, and users Downloads continue to grow Galileo SR-1: 530,000! CDT / Linux
Deterministic Replay and Reverse Debugging for QEMU
Deterministic Replay and Reverse Debugging for QEMU P. Dovgalyuk Novgorod State University Institute for System Programming of the Russian Academy of Sciences Our projects Working on QEMU projects since
Extending Fixed Subsystems at the TLM Level: Experiences from the FPGA World
I N V E N T I V E Extending Fixed Subsystems at the TLM Level: Experiences from the FPGA World Frank Schirrmeister, Steve Brown, Larry Melling (Cadence) Dave Beal (Xilinx) Agenda Virtual Platforms Xilinx
Juwei Lin. - Joined TrendMicro Since Windows Kernel/Rootkit/Bootkit - Ransomware Decryption - ios/android/mac Vulnerability Hunting
Juwei Lin - @panicaii - Joined TrendMicro Since 2013 - Windows Kernel/Rootkit/Bootkit - Ransomware Decryption - ios/android/mac Vulnerability Hunting Lilang Wu - @Lilang_Wu - Joined Trend Micro Since 2016
An NVMe-based Offload Engine for Storage Acceleration Sean Gibb, Eideticom Stephen Bates, Raithlin
An NVMe-based Offload Engine for Storage Acceleration Sean Gibb, Eideticom Stephen Bates, Raithlin 1 Overview Acceleration for Storage NVMe for Acceleration How are we using (abusing ;-)) NVMe to support
QSEE TrustZone Kernel Integer Overflow Vulnerability
QSEE TrustZone Kernel Integer Overflow Vulnerability Dan Rosenberg dr@azimuthsecurity.com July 1, 2014 1 Introduction This paper discusses the nature of a vulnerability within the Qualcomm QSEE TrustZone
Dia: AutoDirective Audio Capturing Through a Synchronized Smartphone Array
Dia: AutoDirective Audio Capturing Through a Synchronized Smartphone Array Sanjib Sur Teng Wei and Xinyu Zhang University of Wisconsin - Madison 1 Multimedia applications in smartphones Growing mobile
Juwei Lin. - Joined TrendMicro Since Windows Kernel/Rootkit/Bootkit - Ransomware Decryption - ios/android/mac Vulnerability Hunting
Juwei Lin - @panicaii - Joined TrendMicro Since 2013 - Windows Kernel/Rootkit/Bootkit - Ransomware Decryption - ios/android/mac Vulnerability Hunting Lilang Wu - @Lilang_Wu - Joined Trend Micro Since 2016
64 bit Bare Metal Programming on RPI-3. Tristan Gingold
64 bit Bare Metal Programming on RPI-3 Tristan Gingold gingold@adacore.com What is Bare Metal? Images: Wikipedia No box What is Bare Metal? No Operating System Your application is the OS Why Bare Board?
Building Advanced Coverage-guided Fuzzer for Program Binaries
Building Advanced Coverage-guided Fuzzer for Program Binaries NGUYEN Anh Quynh WEI Lei 17/11/2017 Zero Nights, Moscow 2017 Self-introduction NGUYEN Anh Quynh, PhD
Chapter 5 C. Virtual machines
Chapter 5 C Virtual machines Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple guests Avoids security and reliability problems Aids sharing
Tolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory,...
Intel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3
Intel Graphics Virtualization on KVM Aug-16-2011 allen.m.kay@intel.com KVM Forum 2011 Rev. 3 Agenda Background on IO Virtualization Device Operation on Native Platform QEMU IO Virtualization Device Direct
10 Steps to Virtualization
AN INTEL COMPANY 10 Steps to Virtualization WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Virtualization the creation of multiple virtual machines (VMs) on a single piece of hardware, where
Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems
Lecture 7 Xen and the Art of Virtualization Paul Braham, Boris Dragovic, Keir Fraser et al. Advanced Operating Systems 16 November, 2011 SOA/OS Lecture 7, Xen 1/38 Contents Virtualization Xen Memory CPU
Simplifying the Development and Debug of 8572-Based SMP Embedded Systems. Wind River Workbench Development Tools
Simplifying the Development and Debug of 8572-Based SMP Embedded Systems Wind River Workbench Development Tools Agenda Introducing multicore systems Debugging challenges of multicore systems Development
LotOS Framework. Getting Started Guide for Banana Pi. Copyright (C) 2015 ilbers GmbH Revision 1.1,
LotOS Framework Getting Started Guide for Banana Pi Copyright (C) 2015 ilbers GmbH Revision 1.1, 2015-10-20 Mango hypervisor and LotOS framework are copyright (C) 2014 2015 ilbers GmbH. All rights reserved.
Xen on ARM. Stefano Stabellini
Xen on ARM Stefano Stabellini What is Xen? a type-1 hypervisor small footprint (less than 90K LOC) Xen: Open Source GPLv2 with DCO (like Linux) Diverse contributor community Xen: Open Source source: Mike
SimXMD Simulation-based HW/SW Co-debugging for field-programmable Systems-on-Chip
SimXMD Simulation-based HW/SW Co-debugging for field-programmable Systems-on-Chip Ruediger Willenberg and Paul Chow High-Performance Reconfigurable Computing Group University of Toronto September 4, 2013
Porting Linux to a new SoC
Porting Linux to a new SoC Who am I? PrasannaKumar Muralidharan Linux kernel enthusiast Contributed to a few open source projects Contributed several patches to hwrng subsystem Wrote CI20 PRNG driver Implemented
Creating hybrid FPGA/virtual platform prototypes
Creating hybrid FPGA/virtual platform prototypes Know how to use the PCIe-over-Cabling interface in its HAPS-60-based system to create a new class of hybrid prototypes. By Troy Scott Product Marketing
Xen Automotive Hypervisor Automotive Linux Summit 1-2 July, Tokyo
Xen Automotive Hypervisor Automotive Linux Summit 1-2 July, Tokyo 2014 GlobalLogic Inc. Vehicles are Changing Vehicle became the ultimate mobile device and we, the people, are becoming connected drivers
Samuel T. King, George W. Dunlap, and Peter M. Chen University of Michigan. Presented by: Zhiyong (Ricky) Cheng
Samuel T. King, George W. Dunlap, and Peter M. Chen University of Michigan Presented by: Zhiyong (Ricky) Cheng Outline Background Introduction Virtual Machine Model Time traveling Virtual Machine TTVM
ECE 471 Embedded Systems Lecture 12
ECE 471 Embedded Systems Lecture 12 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 25 September 2017 HW#4 was posted. Announcements 1 Homework 3 Be sure to put your name in the
ARMlock: Hardware-based Fault Isolation for ARM
ARMlock: Hardware-based Fault Isolation for ARM Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang North Carolina State University Xi an Jiaotong University Florida State University Software is Complicated
Live Demo: A New Hardware- Based Approach to Secure the Internet of Things
SESSION ID: CCS-W04 Live Demo: A New Hardware- Based Approach to Secure the Internet of Things Cesare Garlati Chief Security Strategist prpl Foundation @CesareGarlati Securing the Internet of (broken)
Projects on the Intel Single-chip Cloud Computer (SCC)
Projects on the Intel Single-chip Cloud Computer (SCC) Jan-Arne Sobania Dr. Peter Tröger Prof. Dr. Andreas Polze Operating Systems and Middleware Group Hasso Plattner Institute for Software Systems Engineering
RMRR EXCLUSION. Technical Whitepaper. Alex Williamson Myron Stowe Laura Novich
RMRR EXCLUSION Technical Whitepaper Alex Williamson alex.williamson@redhat.com Myron Stowe myron.stowe@redhat.com Laura Novich lnovich@redhat.com Version 1.0 March 2015 1 100 East Davie Street Raleigh
Facilitating IP Development for the OpenCAPI Memory Interface Kevin McIlvain, Memory Development Engineer IBM. Join the Conversation #OpenPOWERSummit
Facilitating IP Development for the OpenCAPI Memory Interface Kevin McIlvain, Memory Development Engineer IBM Join the Conversation #OpenPOWERSummit Moral of the Story OpenPOWER is the best platform to
Tile Processor (TILEPro64)
Tile Processor Case Study of Contemporary Multicore Fall 2010 Agarwal 6.173 1 Tile Processor (TILEPro64) Performance # of cores On-chip cache (MB) Cache coherency Operations (16/32-bit BOPS) On chip bandwidth
Running on the Bare Metal with GeekOS
Running on the Bare Metal with GeekOS David Hovemeyer, Jeffrey K. Hollingsworth, and Bobby Bhattacharjee University of Maryland, College Park 1 Outline Motivation Overview Projects Classroom Experience
System Wide Tracing User Need
System Wide Tracing User Need dominique toupin ericsson com April 2010 About me Developer Tool Manager at Ericsson, helping Ericsson sites to develop better software efficiently Background
Virtual Platform Software Simulation for Enhanced Multi-core Software Verification
Virtual Platform Software Simulation for Enhanced Multi-core Software Verification Simon Davidmann Company: Imperas Software Ltd, 17 March 2014 Event: TVS Software Testing Location: UWE Conference Centre,
SimXMD: Simulation-based HW/SW Co-Debugging for FPGA Embedded Systems
FPGAworld 2014 SimXMD: Simulation-based HW/SW Co-Debugging for FPGA Embedded Systems Ruediger Willenberg and Paul Chow High-Performance Reconfigurable Computing Group University of Toronto September 9,
I/O and virtualization
I/O and virtualization CSE-C3200 Operating systems Autumn 2015 (I), Lecture 8 Vesa Hirvisalo Today I/O management Control of I/O Data transfers, DMA (Direct Memory Access) Buffering Single buffering Double
SimXMD Co-Debugging Software and Hardware in FPGA Embedded Systems
University of Toronto FPGA Seminar SimXMD Co-Debugging Software and Hardware in FPGA Embedded Systems Ruediger Willenberg and Paul Chow High-Performance Reconfigurable Computing Group University of Toronto
Module 1: Virtualization. Types of Interfaces
Module 1: Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform
Operating System Design Issues. I/O Management
I/O Management Chapter 5 Operating System Design Issues Efficiency Most I/O devices slow compared to main memory (and the CPU) Use of multiprogramming allows for some processes to be waiting on I/O while
IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 5, Oct-Nov, 2013 ISSN:
Friendly ARM MINI2440 & Dalvik Virtual Machine with Android Sangamesh Gama 1 and Manjula C 2 1 Assistant Professor, Department of Computer Science and Engineering, BKIT Bhalki, India 2 Associate Software
A Seamless Tool Access Architecture from ESL to End Product. Albrecht Mayer (Infineon Microcontrollers) S4D Conference Sophia Antipolis, Sept.
A Seamless Tool Access Architecture from ESL to End Product Albrecht Mayer (Infineon Microcontrollers) S4D Conference Sophia Antipolis, Sept. 2009 Tool Access Architecture (TAA) Tool to Device TAA = Abstraction
Principles of Operating Systems
Principles of Operating Systems Lecture 18-20 - Main Memory Ardalan Amiri Sani (ardalan@uci.edu) [lecture slides contains some content adapted from previous slides by Prof. Nalini Venkatasubramanian, and
Simulation Based Analysis and Debug of Heterogeneous Platforms
Simulation Based Analysis and Debug of Heterogeneous Platforms Design Automation Conference, Session 60 4 June 2014 Simon Davidmann, Imperas Page 1 Agenda Programming on heterogeneous platforms Hardware-based
COTS Integration and Debugging Challenges - RBSP Lessons Learned. Subodh Harmalkar Joseph Hennawy Samuel Fix Debbie Clancy
COTS Integration and Debugging Challenges - RBSP Lessons Learned Subodh Harmalkar Joseph Hennawy Samuel Fix Debbie Clancy Agenda Background Testbed Architecture Intel PCI bus architecture Testbed modifications
Android Kernel Security
Jeff Vander Stoep and Sami Tolvanen Android Kernel Security Linux Security Summit Aug 2018 Acknowledgements People who have reported security vulnerabilities to Android security: https://source.android.com/security/overview/acknowledgements
Kernel Self Protection
Kernel Self Protection Kernel Summit 2016, Santa Fe Kees ( Case ) Cook keescook@chromium.org @kees_cook http://kernsec.org/wiki/index.php/kernel_self_protection_project http://www.openwall.com/lists/kernel-hardening/
UART Thou Mad? An Introduction to the UART Hardware Interface. Mickey Shkatov. Toby Kohlenberg
UART Thou Mad? An Introduction to the UART Hardware Interface Mickey Shkatov Toby Kohlenberg 1 Table of Contents Abstract... 2 Introduction to UART... 2 Essential Tools... 4 UART and Security... 5 Conclusion...
Developing on DragonBoard
Developing on DragonBoard Getting Started with APQ8060 and Pragmatux+Android Bill Gatliff bgat@billgatliff.com Ryan Kuester rkuester@insymbols.com 1 2 CPU Daughterboard APQ8060 ARMv7 Dual core 1.5 GHz
Tolerating Hardware Device Failures in Software. Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin Madison
Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin Madison Current state of OS hardware interaction Many device drivers assume device
Synaptic Labs. HyperFlash Programmer for the Nios II Ecosystem. Introduction
Synaptic Labs HyperFlash Programmer for the Nios II Ecosystem User Manual An easy to use solution for programming the HyperFlash memory with Nios II based projects. Introduction Synaptic Labs HyperFlash
Adaptive Android Kernel Live Patching
USENIX Security Symposium 2017 Adaptive Android Kernel Live Patching Yue Chen 1, Yulong Zhang 2, Zhi Wang 1, Liangzhao Xia 2, Chenfu Bao 2, Tao Wei 2 Florida State University 1 Baidu X-Lab 2 Android Kernel
QorIQ P4080 Software Development Kit
July 2009 QorIQ P4080 Software Development Kit Kelly Johnson Applications Engineering service names are the property of their respective owners. Freescale Semiconductor, Inc. 2009. QorIQ P4080 Software
Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017
Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software
Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation
Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation Markus Kammerstetter and Daniel Burian Secure Systems Lab Vienna, Automation Systems Group Institute of
Veloce2 the Enterprise Verification Platform. Simon Chen Emulation Business Development Director Mentor Graphics
Veloce2 the Enterprise Verification Platform Simon Chen Emulation Business Development Director Mentor Graphics Agenda Emulation Use Modes Veloce Overview ARM case study Conclusion 2 Veloce Emulation Use
Intel System Studio 2014 Overview
Intel System Studio 2014 Overview What you will learn from this slide deck High level overview of each component for Intel System Studio, along with how they address these development environments System
Virtual USB Fuzzer Updates
Virtual USB Fuzzer Updates [ 110.768243] usb 1-1: new full-speed USB device number 48 using xhci_hcd [ 111.028327] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 10 [ 111.030544]
Facing the Reality: Virtualization in a Microkernelbased Operating System. Matthias Lange, MOS, January 26th, 2016
Facing the Reality: Virtualization in a Microkernelbased Operating System Matthias Lange, MOS, January 26th, 2016 matthias.lange@kernkonzept.com Today's take aways Microkernel systems are used to build
Privilege Escalation
Privilege Coleman Kane Coleman.Kane@ge.com February 9, 2015 Security Vulnerability Assessment Privilege 1 / 14 root, or Privilege or Elevation is the act of gaining access to resources which were intended
ECE 471 Embedded Systems Lecture 12
ECE 471 Embedded Systems Lecture 12 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 1 October 2018 HW#4 was posted. Announcements Permissions! Unless your user is configured to
QuartzV: Bringing Quality of Time to Virtual Machines
QuartzV: Bringing Quality of Time to Virtual Machines Sandeep D souza and Raj Rajkumar Carnegie Mellon University IEEE RTAS @ CPS Week 2018 1 A Shared Notion of Time Coordinated Actions Ordering of Events
Software Verification for Low Power, Safety Critical Systems
Software Verification for Low Power, Safety Critical Systems 29 Nov 2016, Simon Davidmann info@imperas.com, Imperas Software Ltd. Page 1 Software Verification for Low Power, Safety Critical Systems Page
An Introduction to Android. Jason Chen Developer Advocate Google I/O 2008
An Introduction to Android Jason Chen Developer Advocate Google I/O 2008 Background What is Android? Latest News 4,000,000,000 Internet and Mobile Phone Users, Worldwide 3,000,000,000 2,000,000,000 1,000,000,000
Real Safe Times in the Jailhouse Hypervisor Unrestricted Siemens AG All rights reserved
Siemens Corporate Technology Real Safe Times in the Jailhouse Hypervisor Real Safe Times in the Jailhouse Hypervisor Agenda Jailhouse introduction Safe isolation Architecture support Jailhouse application
RTOS, Linux & Virtualization Wind River Systems, Inc.
taeyong.kim@windriver.com RTOS, Linux & Virtualization 2008 Wind River Systems, Inc. Simple Board Simple Code 2 2008 Wind River Systems, Inc. start: /* disable interrupts in CPU and switch to SVC32 mode
Improving the Productivity of Scalable Application Development with TotalView May 18th, 2010
Improving the Productivity of Scalable Application Development with TotalView May 18th, 2010 Chris Gottbrath Principal Product Manager Rogue Wave Major Product Offerings 2 TotalView Technologies Family
Implementing a GDB Stub in Lightweight Kitten OS
Implementing a GDB Stub in Lightweight Kitten OS Angen Zheng, Jack Lange Department of Computer Science University of Pittsburgh {anz28, jacklange}@cs.pitt.edu ABSTRACT Because of the increasing complexity
Keil uvision development story (Adapted from (Valvano, 2014a))
Introduction uvision has powerful tools for debugging and developing C and Assembly code. For debugging a code, one can either simulate it on the IDE s simulator or execute the code directly on ta Keil
CSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
Columbia University in the city of new york
A virtual Smartphone Architecture Jeremy Andrus Christoffer Dall Alexander Van t Hof Oren Laadan Jason Nieh Columbia University in the city of new york 1 23rd ACM Symposium on Operating Systems Principles,
Development of I/O Pass-through: Current Status & the Future. Nov 21, 2008 Yuji Shimada NEC System Technologies, Ltd.
Development of I/O Pass-through: Current Status & the Future Nov 21, 2008 Yuji Shimada NEC System Technologies, Ltd. Agenda 1.Implementation of I/O Pass-through 2.Future Enhancement Plan 3.Challenges for
Nested Virtualization Update From Intel. Xiantao Zhang, Eddie Dong Intel Corporation
Nested Virtualization Update From Intel Xiantao Zhang, Eddie Dong Intel Corporation Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED,
Designing with ALTERA SoC Hardware
Designing with ALTERA SoC Hardware Course Description This course provides all theoretical and practical know-how to design ALTERA SoC devices under Quartus II software. The course combines 60% theory
Lesson 6 Intel Galileo and Edison Prototype Development Platforms. Chapter-8 L06: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education
Lesson 6 Intel Galileo and Edison Prototype Development Platforms 1 Intel Galileo Gen 2 Boards Based on the Intel Pentium architecture Includes features of single threaded, single core and 400 MHz constant
Buffer Overflow Defenses
Buffer Overflow Defenses Some examples, pros, and cons of various defenses against buffer overflows. Caveats: 1. Not intended to be a complete list of products that defend against buffer overflows. 2.
Exploring Qualcomm Baseband via ModKit. Tencent Blade Team Tencent Security Platform Department
Exploring Qualcomm Baseband via ModKit Tencent Blade Team Tencent Security Platform Department About Us - Tencent Blade Team A security research team from Tencent Security Platform Department Focus security
CHAPTER 16 - VIRTUAL MACHINES
CHAPTER 16 - VIRTUAL MACHINES 1 OBJECTIVES Explore history and benefits of virtual machines. Discuss the various virtual machine technologies. Describe the methods used to implement virtualization. Show
Monitoring Hypervisor Integrity at Runtime. Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015
Monitoring Hypervisor Integrity at Runtime Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015 Motivation - Server Virtualization Trend x86 servers were virtualized
Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1
Memory Management Disclaimer: some slides are adopted from book authors slides with permission 1 Demand paging Concepts to Learn 2 Abstraction Virtual Memory (VM) 4GB linear address space for each process
Back To The Future: A Radical Insecure Design of KVM on ARM
Back To The Future: A Radical Insecure Design of KVM on ARM Abstract In ARM, there are certain instructions that generate exceptions. Such instructions are typically executed to request a service from
Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Virtual Machines Part 2: starting 19 years ago Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Operating Systems In Depth IX 2 Copyright 2018 Thomas W. Doeppner.