July 14, EPITA Systems/Security Laboratory (LSE) Code sandboxing. Alpha Abdoulaye - Pierre Marsais. Introduction. Solutions.
|
|
- Abner Williams
- 5 years ago
- Views:
Transcription
1 EPITA Systems/Security Laboratory (LSE) July 14, / 34
2 2 / 34
3 What do we want? Limit usage of some resources such as system calls and shared object functions But not from the whole program (we trust our libc.so, ld.so,... ) 3 / 34
4 Needed when executing untrusted code on your machine. Allow or deny use of some resources Usually theses resources are accessed through syscalls We already have namespaces(7) and seccomp(2) 4 / 34
5 Are all needs fulfilled? There is no ready-to-use solution for: Function usage Library usage 5 / 34
6 Technical choices Aim for: Speed Reliability Security 6 / 34
7 7 / 34
8 Solving the problem Trap at each function call Check if the call is righteous Continue as if nothing happened 8 / 34
9 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: PLT[n] / 34
10 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: PLT[n] / 34
11 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: PLT[n] / 34
12 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: PLT[n] / 34
13 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: PLT[n] / 34
14 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: PLT[n] / 34
15 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: PLT[n] / 34
16 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: PLT[n] / 34
17 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: PLT[n] / 34
18 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: my func 9 / 34
19 How a library function is called CODE: call my func@plt PLT: PLT[0]: push GOT[1] jmp *(GOT[2]) // resolver PLT[n]: // my func@plt jmp *(my func@got) push n jmp PLT[0] GOT: GOT[2]: resolver address my func@got: my func 9 / 34
20 Bound CODE: call my PLT: GOT: PLT[n]: // my jmp *(my my my func 10 / 34
21 Bound CODE: call my PLT: GOT: PLT[n]: // my jmp *(my my my func 10 / 34
22 Bound CODE: call my PLT: GOT: PLT[n]: // my jmp *(my my my func 10 / 34
23 Bound CODE: call my PLT: GOT: PLT[n]: // my jmp *(my my my func 10 / 34
24 Bound CODE: call my PLT: GOT: PLT[n]: // my jmp *(my my my func 10 / 34
25 So? We have two solutions: Disallow GOT reads of the sandboxed ELF Disallow code execution of executable mapping Then handle the rights violation and check if the ressource access is allowed or not. 11 / 34
26 Solution analysis GOT protection can be bypassed. The correct solution would be unallowing execution of executable mappings. 12 / 34
27 13 / 34
28 Goal Can we solve our problem without privileged code? 14 / 34
29 What do we need? Change mapping rights Handle mapping violation 15 / 34
30 What can we use? ptrace(2) procfs(5) 16 / 34
31 Is this enough? No: How to change mapping permissions from the tracer? What about non-got data on GOT pages? What about multithreaded programs? 17 / 34
32 The first hack How to change mappings from the tracer? We can link an ELF to the sandboxed binary. We can use signal handlers in order to protect and unprotect the GOT. Use ELF constructors to setup everything. 18 / 34
33 The second hack How to handle non-got data on GOT pages? GOT doesn t necessarily start and end at pages boundaries We can force this, with a custom linker script All we need is to customize the default linker script to align the GOT and export its size 19 / 34
34 We want reasonable performances LD BIND NOW=1 Cache authorized GOT access 20 / 34
35 Limitations We can t allow a lot of stuff for the sandboxed application: We currently need to link an object to the sandboxed application mprotect can t be used to PROT READ the GOT SIGSEGV can t be handled Libraries addresses can be leaked 21 / 34
36 Problems Address space leaks /proc/self/* auxv some syscalls addresses on stack and structures Functions pointers in structures dlopen(3), dlsym(3) / 34
37 Shared object randomization Idea taken from OpenBSD If the user gets a libc address, and knows what libc is used, it can easily call any function The problem arise for any libs, but the libc is the more annoying for us We currently have a script to randomize the glibc Additional work needed for other libraries 23 / 34
38 24 / 34
39 We need to go deeper Extended Page Table Additional translation level Hardware assisted Solve multi-threading problem 25 / 34
40 Bareflank Lightweight Extendable C++ in Kernel Multi-platform 26 / 34
41 Track program behaviour ptrace(2) /proc/[pid]/maps /proc/[pid]/pagemap linkmap, symbols, etc. 27 / 34
42 Report and Handle vmcall to report to hypervisor Virtual Machine Control Structure VM State Global Configuration VM Exits Enable EPT violation Convert to Exception 28 / 34
43 Pull the strings Handle #VE Trap on protected code Protect executable and check Decide!!!! And so on / 34
44 Recap Tracee: deref Tracer: Wait SIGVE Kernel: Hypervisor: ept protect (pid, begin, end) #VE vmcall EPT 30 / 34
45 31 / 34
46 Further work Be sure that our solution is foolproof handle multithreaded programs Work on performance What about statically linked ELFs? ROP? 32 / 34
47 Questions Questions? 33 / 34
48 Contact - 34 / 34
Outline. Outline. Common Linux tools to explore object/executable files. Revealing Internals of Loader. Zhiqiang Lin
CS 6V81-05: System Security and Malicious Code Analysis Revealing Internals of Loader Zhiqiang Lin Department of Computer Science University of Texas at Dallas March 28 th, 2012 Common Linux tools to explore
More informationsecubt Hacking the Hackers with User Space Virtualization
secubt Hacking the Hackers with User Space Virtualization Mathias Payer Mathias Payer: secubt User Space Virtualization 1 Motivation Virtualizing and encapsulating running programs
More informationMy memcheck. Version 1 7 December Epita systems/security laboratory 2017
My memcheck Version 1 7 December 2015 Epita systems/security laboratory 2017 1 I Copyright This document is for internal use only at EPITA http://www.epita.fr/. Copyright c 2015/2016
More informationRuntime Process Insemination
Runtime Process Insemination Shawn lattera Webb SoldierX https://www.soldierx.com/ Who Am I? Just another blogger Professional Security Analyst Twelve-year C89 programmer Member of SoldierX, BinRev, and
More informationThe Process Model (1)
The Process Model (1) L41 Lecture 3 Dr Robert N. M. Watson 15 November 2016 Reminder: last time DTrace The probe effect The kernel: Just a C program? A little on kernel dynamics: How work happens L41 Lecture
More informationLecture 4: Mechanism of process execution. Mythili Vutukuru IIT Bombay
Lecture 4: Mechanism of process execution Mythili Vutukuru IIT Bombay Low-level mechanisms How does the OS run a process? How does it handle a system call? How does it context switch from one process to
More informationFixing/Making Holes in Binaries
Fixing/Making Holes in Binaries The Easy, The Hard, The Time Consuming Shaun Clowes Ð shaun@securereality.com.au What are we doing? Changing the behaviour of programs Directly modifying the program in
More informationMy ld.so. Version 1 5 December Epita systems/security laboratory 2018
My ld.so Version 1 5 December 2016 Epita systems/security laboratory 2018 1 I Copyright This document is for internal use only at EPITA http://www.epita.fr/. Copyright 2016/2017
More informationDebugging for production systems
Debugging for production systems February, 2013 Tristan Lelong Adeneo Embedded tlelong@adeneo-embedded.com Embedded Linux Conference 2013 1 Who am I? Software engineer at Adeneo Embedded (Bellevue, WA)
More informationProcess Address Spaces and Binary Formats
Process Address Spaces and Binary Formats Don Porter Background We ve talked some about processes This lecture: discuss overall virtual memory organizafon Key abstracfon: Address space We will learn about
More informationSecurity Workshop HTS. LSE Team. February 3rd, 2016 EPITA / 40
Security Workshop HTS LSE Team EPITA 2018 February 3rd, 2016 1 / 40 Introduction What is this talk about? Presentation of some basic memory corruption bugs Presentation of some simple protections Writing
More informationLecture 4 Processes. Dynamic Analysis. GDB
Lecture 4 Processes. Dynamic Analysis. GDB Computer and Network Security 23th of October 2017 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 4, Processes. Dynamic Analysis. GDB 1/45
More informationRomain Thomas - Static instrumentation based on executable file formats
Romain Thomas - rthomas@quarkslab.com Static instrumentation based on executable file formats About Romain Thomas - Security engineer at Quarkslab Working on various topics: Android, (de)obfuscation, software
More informationISOLATION DEFENSES GRAD SEC OCT
ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Setting Possibly with multiple tenants OS: users / processes Browser: webpages / browser extensions Cloud:
More informationCS5460/6460: Operating Systems. Lecture 21: Shared libraries. Anton Burtsev March, 2014
CS5460/6460: Operating Systems Lecture 21: Shared libraries Anton Burtsev March, 2014 Recap from last time We know what linkers and loaders do Types of object files Relocatable object files (.o) Static
More informationL41 - Lecture 3: The Process Model (1)
L41 - Lecture 3: The Process Model (1) Dr Robert N. M. Watson 2 March 2015 Dr Robert N. M. Watson L41 - Lecture 3: The Process Model (1) 2 March 2015 1 / 18 Introduction Reminder: last time 1. DTrace 2.
More informationCNIT 127: Exploit Development. Ch 3: Shellcode. Updated
CNIT 127: Exploit Development Ch 3: Shellcode Updated 1-30-17 Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object files strace System Call Tracer Removing
More informationThe Performance of µ-kernel-based Systems
Liedtke et al. presented by: Ryan O Connor October 7 th, 2009 Motivation By this time (1997) the OS research community had virtually abandoned research on pure µ-kernels. due primarily
More informationLecture Notes for 04/04/06: UNTRUSTED CODE Fatima Zarinni.
Lecture Notes for 04/04/06 UNTRUSTED CODE Fatima Zarinni. Last class we started to talk about the different System Solutions for Stack Overflow. We are going to continue the subject. Stages of Stack Overflow
More informationLec 22: Interrupts. Kavita Bala CS 3410, Fall 2008 Computer Science Cornell University. Announcements
Lec 22: Interrupts Kavita Bala CS 3410, Fall 2008 Computer Science Cornell University HW 3 HW4: due this Friday Announcements PA 3 out Nov 14 th Due Nov 25 th (feel free to turn it in early) Demos and
More informationexecutable-only-memory-switch (XOM-Switch)
executable-only-memory-switch (XOM-Switch) Hiding Your Code From Advanced Code Reuse Attacks in One Shot Mingwei Zhang, Ravi Sahita (Intel Labs) Daiping Liu (University of Delaware) 1 [Short BIO of Speaker]
More informationProtecting Against Unexpected System Calls
Protecting Against Unexpected System Calls C. M. Linn, M. Rajagopalan, S. Baker, C. Collberg, S. K. Debray, J. H. Hartman Department of Computer Science University of Arizona Presented By: Mohamed Hassan
More informationCNIT 127: Exploit Development. Ch 14: Protection Mechanisms. Updated
CNIT 127: Exploit Development Ch 14: Protection Mechanisms Updated 3-25-17 Topics Non-Executable Stack W^X (Either Writable or Executable Memory) Stack Data Protection Canaries Ideal Stack Layout AAAS:
More informationProcess Address Spaces and Binary Formats
Process Address Spaces and Binary Formats Don Porter CSE 506 Binary Formats RCU Memory Management Logical Diagram File System Memory Threads Allocators Today s Lecture System Calls Device Drivers Networking
More informationPlay with FILE Structure Yet Another Binary Exploitation Technique. Abstract
Play with FILE Structure Yet Another Binary Exploitation Technique An-Jie Yang (Angelboy) angelboy@chroot.org Abstract To fight against prevalent cyber threat, more mechanisms to protect operating systems
More informationSandboxing. CS-576 Systems Security Instructor: Georgios Portokalidis Spring 2018
Sandboxing CS-576 Systems Security Instructor: Georgios Portokalidis Sandboxing Means Isolation Why? Software has bugs Defenses slip Untrusted code Compartmentalization limits interference and damage!
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationPractical and Efficient Exploit Mitigation for Embedded Devices
Practical and Efficient Exploit Mitigation for Embedded Devices Matthias Neugschwandtner IBM Research, Zurich Collin Mulliner Northeastern University, Boston Qualcomm Mobile Security Summit 2015 1 Embedded
More informationPrelinker Usage for MIPS Cores CELF Jamboree #11 Tokyo, Japan, Oct 27, 2006
At the core of the user experience. Prelinker Usage for MIPS Cores CELF Jamboree #11 Tokyo, Japan, Oct 27, 2006 Arvind Kumar, MIPS Technologies Kazu Hirata, CodeSourcery Outline What is the prelinker?
More informationCS 5460/6460 Operating Systems
CS 5460/6460 Operating Systems Fall 2009 Instructor: Matthew Flatt Lecturer: Kevin Tew TAs: Bigyan Mukherjee, Amrish Kapoor 1 Join the Mailing List! Reminders Make sure you can log into the CADE machines
More informationSystem Call. Preview. System Call. System Call. System Call 9/7/2018
Preview Operating System Structure Monolithic Layered System Microkernel Virtual Machine Process Management Process Models Process Creation Process Termination Process State Process Implementation Operating
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationCS 326: Operating Systems. Process Execution. Lecture 5
CS 326: Operating Systems Process Execution Lecture 5 Today s Schedule Process Creation Threads Limited Direct Execution Basic Scheduling 2/5/18 CS 326: Operating Systems 2 Today s Schedule Process Creation
More informationException Namespaces C Interoperability Templates. More C++ David Chisnall. March 17, 2011
More C++ David Chisnall March 17, 2011 Exceptions A more fashionable goto Provides a second way of sending an error condition up the stack until it can be handled Lets intervening stack frames ignore errors
More informationReal-World Buffer Overflow Protection in User & Kernel Space
Real-World Buffer Overflow Protection in User & Kernel Space Michael Dalton, Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University http://raksha.stanford.edu 1 Motivation Buffer
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationVirtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Virtual Machines Part 2: starting 19 years ago Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Operating Systems In Depth IX 2 Copyright 2018 Thomas W. Doeppner.
More informationHardware, Modularity, and Virtualization CS 111
Hardware, Modularity, and Virtualization Operating System Principles Peter Reiher Page 1 Outline The relationship between hardware and operating systems Processors I/O devices Memory Organizing systems
More informationAdvanced Systems Security: Program Diversity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
More informationCOMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
More informationUsing Hardware-Assisted Virtualization to Protect Application Address Space Inside Untrusted Environment
Using Hardware-Assisted Virtualization to Protect Application Address Space Inside Untrusted Environment Denis Silakov Institute for System Programming at the Russian Academy of Sciences Moscow, Russian
More informationHacking Blind BROP. Presented by: Brooke Stinnett. Article written by: Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazie`res, Dan Boneh
Hacking Blind BROP Presented by: Brooke Stinnett Article written by: Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazie`res, Dan Boneh Overview Objectives Introduction to BROP ROP recap BROP key phases
More informationECE 471 Embedded Systems Lecture 22
ECE 471 Embedded Systems Lecture 22 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 31 October 2018 Don t forget HW#7 Announcements 1 Computer Security and why it matters for embedded
More informationVirtual machines are an interesting extension of the virtual-memory concept: not only do we give processes the illusion that they have all of memory
Virtual machines are an interesting extension of the virtual-memory concept: not only do we give processes the illusion that they have all of memory to themselves, but also we give them the illusion that
More informationDistribution Kernel Security Hardening with ftrace
Distribution Kernel Security Hardening with ftrace Because sometimes your OS vendor just doesn't have the security features that you want. Written by: Corey Henderson Exploit Attack Surface Hardening system
More informationMaking Address Spaces Smaller
ICS332 Operating Systems Spring 2018 Smaller Address Spaces Having small address spaces is always a good idea This is good for swapping: don t swap as often (because if address spaces are small, then RAM
More informationDISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN. Chapter 3 Processes
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN Chapter 3 Processes Context Switching Processor context: The minimal collection of values stored in the
More informationContainer Isolation at Scale (... and introducing gvisor) Dawn Chen and Zhengyu He
Container Isolation at Scale (... and introducing gvisor) Dawn Chen and Zhengyu He Containers are amazing! Year 2013: Docker Inc. released its container engine Million downloads and about 8,000 docker
More informationLive Patching: The long road from Kernel to User Space. João Moreira Toolchain Engineer - SUSE Labs
Live Patching: The long road from Kernel to User Space João Moreira Toolchain Engineer - SUSE Labs jmoreira@suse.de Software has bugs, and bugs have to be fixed + security issues + execution degradation
More informationOperating Systems CMPSC 473. Process Management January 29, Lecture 4 Instructor: Trent Jaeger
Operating Systems CMPSC 473 Process Management January 29, 2008 - Lecture 4 Instructor: Trent Jaeger Last class: Operating system structure and basics Today: Process Management Why Processes? We have programs,
More informationLast time: introduction. Networks and Operating Systems ( ) Chapter 2: Processes. This time. General OS structure. The kernel is a program!
ADRIAN PERRIG & TORSTEN HOEFLER Networks and Operating Systems (252-0062-00) Chapter 2: Processes Last time: introduction Introduction: Why? February 12, 2016 Roles of the OS Referee Illusionist Glue Structure
More informationECS 153 Discussion Section. April 6, 2015
ECS 153 Discussion Section April 6, 2015 1 What We ll Cover Goal: To discuss buffer overflows in detail Stack- based buffer overflows Smashing the stack : execution from the stack ARC (or return- to- libc)
More informationCS 550 Operating Systems Spring System Call
CS 550 Operating Systems Spring 2018 System Call 1 Recap: The need for protection When running user processes, the OS needs to protect itself and other system components For reliability: buggy programs
More informationCSE506: Operating Systems CSE 506: Operating Systems
CSE 506: Operating Systems Memory Management Review We ve seen how paging works on x86 Maps virtual addresses to physical pages These are the low-level hardware tools This lecture: build up to higher-level
More informationThe Kernel Abstraction. Chapter 2 OSPP Part I
The Kernel Abstraction Chapter 2 OSPP Part I Kernel The software component that controls the hardware directly, and implements the core privileged OS functions. Modern hardware has features that allow
More informationCSCE Operating Systems Interrupts, Exceptions, and Signals. Qiang Zeng, Ph.D. Fall 2018
CSCE 311 - Operating Systems Interrupts, Exceptions, and Signals Qiang Zeng, Ph.D. Fall 2018 Previous Class Process state transition Ready, blocked, running Call Stack Execution Context Process switch
More informationKernel Support for Paravirtualized Guest OS
Kernel Support for Paravirtualized Guest OS Shibin(Jack) Xu University of Washington shibix@cs.washington.edu ABSTRACT Flexibility at the Operating System level is one of the most important factors for
More informationExtensibility, Safety, and Performance in the Spin Operating System
Extensibility, Safety, and Performance in the Spin Operating System Brian Bershad, Steven Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc Fiuczynski, David Becker, Craig Chambers, and Susan Eggers Department
More informationProtection and System Calls. Otto J. Anshus
Protection and System Calls Otto J. Anshus Protection Issues CPU protection Prevent a user from using the CPU for too long Throughput of jobs, and response time to events (incl. user interactive response
More informationProtecting COTS Binaries from Disclosure-guided Code Reuse Attacks
Protecting COTS Binaries from Disclosure-guided Code Reuse Attacks Mingwei Zhang Intel Labs Hillsboro, OR, USA mingwei.zhang@intel.com Michalis Polychronakis Stony Brook University Stony Brook, NY, USA
More information16 Sharing Main Memory Segmentation and Paging
Operating Systems 64 16 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More informationsyscall_intercept A user space library for intercepting system calls Author Name, Company Krzysztof Czuryło, Intel
Talk syscall_intercept Title Here A user space library for intercepting system calls Author Name, Company Krzysztof Czuryło, Intel What it is? Provides a low-level interface for hooking Linux system calls
More informationSandboxing. (1) Motivation. (2) Sandboxing Approaches. (3) Chroot
Sandboxing (1) Motivation Depending on operating system to do access control is not enough. For example: download software, virus or Trojan horse, how to run it safely? Risks: Unauthorized access to files,
More informationReview: Hardware user/kernel boundary
Review: Hardware user/kernel boundary applic. applic. applic. user lib lib lib kernel syscall pg fault syscall FS VM sockets disk disk NIC context switch TCP retransmits,... device interrupts Processor
More informationWho Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests
Tomasz Tuzel Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests Overview The Cloud Numerous organizations are moving en masse to the cloud It s easier to manage It s easier
More informationSPIN Operating System
SPIN Operating System Motivation: general purpose, UNIX-based operating systems can perform poorly when the applications have resource usage patterns poorly handled by kernel code Why? Current crop of
More informationHacking Blind. Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazières, Dan Boneh. Stanford University
Hacking Blind Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazières, Dan Boneh Stanford University Hacking 101 Exploit GET /0xDEAD HTTP/1.0 shell $ cat /etc/passwd root:x:0:0:::/bin/sh sorbo:x:6:9:pac:/bin/sh
More informationIntegrating Segmentation and Paging Protection for Safe, Efficient and Transparent Software Extensions
Integrating ation and Paging Protection for Safe, Efficient and Transparent Software s Abstract The technological evolution towards extensible software architectures and component-based software development
More informationIntroduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
More informationRoP Hooks.
RoP Hooks Shane.Macaulay@IOACTIVE.com Introduction K2 / ktwo@ktwo.ca Shane.Macaulay @ioactive.com Intro/Outline Hooking/Tracing What is a binary doing? Can we modify/detour Frustrations/Hurdles Friendly
More informationMaking things work as expected
Making things work as expected System Programming Lab Maksym Planeta Björn Döbel 20.09.2018 Table of Contents Introduction Hands-on Tracing made easy Dynamic intervention Compiler-based helpers The GNU
More informationProcess Address Spaces and Binary Formats
Process Address Spaces and Binary Formats Don Porter Binary Formats RCU File System Logical Diagram Memory Allocators Today s Lecture System Calls Networking Threads Sync User Kernel Memory Management
More informationVirtualization and memory hierarchy
Virtualization and memory hierarchy Computer Architecture J. Daniel García Sánchez (coordinator) David Expósito Singh Francisco Javier García Blas ARCOS Group Computer Science and Engineering Department
More informationSecuring Untrusted Code
Securing Untrusted Code Untrusted Code May be untrustworthy Intended to be benign, but may be full of vulnerabilities These vulnerabilities may be exploited by attackers (or other malicious processes)
More informationCOSC 6385 Computer Architecture. Virtualizing Compute Resources
COSC 6385 Computer Architecture Virtualizing Compute Resources Spring 2010 References [1] J. L. Hennessy, D. A. Patterson Computer Architecture A Quantitative Approach Chapter 5.4 [2] G. Neiger, A. Santoni,
More informationseccomp-nurse Nicolas Bareil ekoparty 2010 EADS CSC Innovation Works France seccomp-nurse: sandboxing environment
Nicolas Bareil 1/25 seccomp-nurse Nicolas Bareil EADS CSC Innovation Works France ekoparty 2010 Nicolas Bareil 2/25 Sandbox landscape Executive summary New sandboxing environment on Linux Focusing on headless
More informationDan Noé University of New Hampshire / VeloBit
Dan Noé University of New Hampshire / VeloBit A review of how the CPU works The operating system kernel and when it runs User and kernel mode Device drivers Virtualization of memory Virtual memory Paging
More informationProcesses & Threads. Process Management. Managing Concurrency in Computer Systems. The Process. What s in a Process?
Process Management Processes & Threads Managing Concurrency in Computer Systems Process management deals with several issues: what are the units of execution how are those units of execution represented
More informationReturn-orientated Programming
Return-orientated Programming or The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) Hovav Shacham, CCS '07 Return-Oriented oriented Programming programming
More informationFlatpak a technical walk-through. Alexander Larsson, Red Hat
Flatpak a technical walk-through Alexander Larsson, Red Hat What is Flatpak? apps for the Linux Desktop Distribute your app Run it anywhere Build in anywhere Run it sandboxed How is this different from
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationA recompilation and instrumentation-free monitoring architecture for detecting heap memory errors and exploits
Graduate Theses and Dissertations Iowa State University Capstones, Theses and Dissertations 2016 A recompilation and instrumentation-free monitoring architecture for detecting heap memory errors and exploits
More informationDune: Safe User- level Access to Privileged CPU Features
Dune: Safe User- level Access to Privileged CPU Features Adam Belay, Andrea Bi>au, Ali MashAzadeh, David Terei, David Mazières, and Christos Kozyrakis Stanford University A quick review of VirtualizaAon
More informationCS261 Scribe Notes: Secure Computation 1
CS261 Scribe Notes: Secure Computation 1 Scriber: Cameron Rasmussen October 24, 2018 1 Introduction It is often the case that code is being run locally on our system that isn t completely trusted, a prime
More informationLibSysCTr(3) System Call Tracing Library LibSysCTr(3)
NAME systr_init_library, systr_cleanup_library, systr_run, systr_stop, systr_trace_syscall, systr_untrace_syscall, systr_get_pid, systr_get_param, systr_set_params, systr_is_entry, systr_pmem_read, systr_pmem_write,
More informationAdvances in Linux process forensics with ECFS
Advances in Linux process forensics with ECFS Quick history Wanted to design a process snapshot format native to VMA Vudu http://www.bitlackeys.org/#vmavudu ECFS proved useful for other projects as well
More informationNamespaces and Capabilities Overview and Recent Developments
Namespaces and Capabilities Overview and Recent Developments Linux Security Summit Europe Edinburgh, Scotland Christian Brauner christian@brauner.io christian.brauner@ubuntu.com @brau_ner https://brauner.github.io/
More informationVEOS high level design. Revision 2.1 NEC
high level design Revision 2.1 NEC Table of contents About this document What is Components Process management Memory management System call Signal User mode DMA and communication register Feature list
More informationReserves time on a paper sign-up sheet. Programmer runs his own program. Relays or vacuum tube hardware. Plug board or punch card input.
Introduction & Ch1 Two Roles of an Operating System Extended Machine or virtual machine Device drivers, Processes, File systems, Networking protocols. Resource Manager Allocates and enforces Memory, Disk
More informationImplementing Secure Software Systems on ARMv8-M Microcontrollers
Implementing Secure Software Systems on ARMv8-M Microcontrollers Chris Shore, ARM TrustZone: A comprehensive security foundation Non-trusted Trusted Security separation with TrustZone Isolate trusted resources
More informationProject #1: Tracing, System Calls, and Processes
Project #1: Tracing, System Calls, and Processes Objectives In this project, you will learn about system calls, process control and several different techniques for tracing and instrumenting process behaviors.
More informationOS Agnostic Sandboxing Using Virtual CPUs
Berlin Institute of Technology FG Security in Telecommunications OS Agnostic Sandboxing Using Virtual CPUs Spring 6 - SIDAR Graduierten-Workshop über Reaktive Sicherheit Weiss Matthias Lange, March 21st,
More informationSCONE: Secure Linux Container Environments with Intel SGX
SCONE: Secure Linux Container Environments with Intel SGX S. Arnautov, B. Trach, F. Gregor, Thomas Knauth, and A. Martin, Technische Universität Dresden; C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe,
More informationAddress spaces and memory management
Address spaces and memory management Review of processes Process = one or more threads in an address space Thread = stream of executing instructions Address space = memory space used by threads Address
More informationDistributed Systems Principles and Paradigms
Distributed Systems Principles and Paradigms Chapter 03 (version February 11, 2008) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.20.
More informationOperating Systems CMPSCI 377 Spring Mark Corner University of Massachusetts Amherst
Operating Systems CMPSCI 377 Spring 2017 Mark Corner University of Massachusetts Amherst Last Class: Intro to OS An operating system is the interface between the user and the architecture. User-level Applications
More information64 bit Bare Metal Programming on RPI-3. Tristan Gingold
64 bit Bare Metal Programming on RPI-3 Tristan Gingold gingold@adacore.com What is Bare Metal? Images: Wikipedia No box What is Bare Metal? No Operating System Your application is the OS Why Bare Board?
More informationReducing Memory Usage at Shard Library Use on Embedded Devices
Reducing Memory Usage at Shard Library Use on Embedded Devices 2007.02.22 Tetsuji Yamamoto, Matsushita Electric Industrial Co., Ltd. Masashige Mizuyama, Panasonic Mobile Communications Co., Ltd. [translated
More informationCSE 153 Design of Operating Systems Fall 18
CSE 153 Design of Operating Systems Fall 18 Lecture 2: OS model and Architectural Support Last time/today l Historic evolution of Operating Systems (and computing!) l Today: We start our journey in exploring
More information