Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors
|
|
|
- Rosa Tate
- 6 years ago
- Views:
Transcription
1 Safety & Security for the Connected World Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors 13 October 2015 Mark Pitchford, Technical Manager, EMEA
2 Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors The CAST-32 position paper urges caution in the use of Multi-Core Processors in avionics systems What are the attributes of a Separation Kernel Hypervisor (SKH) which potentially help to address these concerns? 2
3 There are alternative approaches A multicore platform running a partitioning operating system Today I am focusing specifically on Separation Kernel Hypervisors There are benefits from an ARINC-653 based approach too!
4 Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors The alchemy of a cutting edge Separation Kernel Hypervisor (SKH) is a happy marriage of some improbable raw materials Understand the component parts Explain the combinations Understand the benefits 4
5 Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors Separation Kernel Least Privilege Safety implications of compromised security Hypervisor functionality Hardware Virtualization & Multicore Network and storage encryption components 5
6 Separation Kernel First mooted by John Rushby in 1981 Consists of a combination of hardware and software that permits multiple functions to be realized on a common set of physical resources without unwanted mutual interference Basic foundation of the Multiple Independent Levels of Security (MILS) initiative a vision of modular building blocks for highassurance secure systems 6
7 Separation Kernel Primary information flow is from high to low security block But SOME information flow will be required in the opposite direction That inevitably compromises the distinction in criticality between blocks 7
8 Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors Separation Kernel Least Privilege Safety implications of compromised security Hypervisor functionality Hardware Virtualization & Multicore Network and storage encryption components 8
9 Least Privilege 40 years ago, Saltzer and Schroeder suggested that Every program and every user of the [operating] system should operate using the least set of privileges necessary to complete the job This becomes imperative where applications of differing security classifications are run in close proximity to each other 9
10 Least Privilege Separation Kernel Separation Kernels and Least Privilege are therefore both centred on modularisation Levin, Irvine and Nguyen noted that Separation kernels had traditionally been focused on resource isolation Consequently they lacked the required granularity of privilege in the logic of the software design So a Least Privilege Separation Kernel superimposes Least Privilege principles on the Separation Kernel blocks 10
11 Least Privilege Separation Kernel Per-subject and per-resource flow-control granularity No subject needs to be given more access than that required to allow the desired flows Minimal TCB Code Execution (Extended Abstract) Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri Carnegie Mellon University 11
12 Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors Separation Kernel Least Privilege Safety implications of compromised security Hypervisor functionality Hardware Virtualization & Multicore Network and storage encryption components Lynx Software Technologies - Proprietary & Confidential 12
13 Safety or Security First mooted by John Rushby in 1981 Consists of a combination of hardware and software that permits multiple functions to be realized on a common set of physical resources without unwanted mutual interference Basic foundation of the MILS initiative a vision of modular building blocks for highassurance secure systems 13
14 Security? Safety? Security systems demand extreme rigour to ensure adequate isolation of functions from a security perspective Level of scrutiny applied depends on the level of that security These principles have clear parallels to those proven so successful in the application of DO-178B/C etc. 14
15 Security = Safety Scaremongering or not, recent press reports highlight the need for vigilance Lynx Software Technologies - Proprietary & Confidential 15
16 Security = Safety Military applications are not immune either! Lynx Software Technologies - Proprietary & Confidential 16
17 Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors Separation Kernel Least Privilege High Criticality & increasing demand Hypervisor functionality Hardware Virtualization & Multicore Network and storage encryption components 17
18 Hypervisor Functionality We are all familiar with Desktop Virtual Machine Monitors (Hypervisors) Early implementations required privilege levels to be manipulated to accommodate the VMM There were also overheads associated with to the software implementation Binary translation decoupled the operating system from the underlying hardware Not a basis for a real time system but a promising concept to limit hardware demand in the face of burgeoning functionality 18
19 Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors Separation Kernel Least Privilege High Criticality & increasing demand Hypervisor functionality Hardware Virtualization & Multicore Network and storage encryption components 19
20 Hardware Virtualization Hardware-assisted virtualization overcomes the VMM privilege issues seen in desktop hypervisors Intel VT AMD-V ARM v7 Freescale Virtualization Extensions CPU execution feature allows the hypervisor to run in a root mode Hardware-assisted virtualized performance can achieve near-native levels 20
21 Trusted Computing Base (TCB) Untrusted Application Space Untrusted Application Space Trusted LynxSecure Separation Kernel TCB ~25 thousand SLOC Executable ~150K Memory ~10MB Trusted Monolithic Linux Kernel > 5 million SLOC More than 200 times fewer SLOC than 2.6 Linux Kernel Minimal TCB Code Execution (Extended Abstract), Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri, Carnegie Mellon University Lynx Software Technologies Proprietary & Confidential 21
22 Hardware Virtualization Also provides an effective path for Least Privilege characteristics to be enabled On most Intel platforms, for example, control over the assignment of CPU, memory and device resources is directly supported by the h/w, via capabilities such as VT-x, VT-d and EPT 22
23 Least Privilege Separation Kernel Hypervisors in practice 23
24 Least Privilege Separation Kernel Hypervisors in practice Implements fundamental principles of Least Privilege Separation Kernel RTOS and GPOS subjects illustrate Hypervisor functionality Multicore processors facilitate assignment of subject to core User API privileges explicitly controlled Minimal attack surface Drivers in subject (VM) space 24
25 Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors Separation Kernel Least Privilege High Criticality & increasing demand Hypervisor functionality Hardware Virtualization & Multicore Network and storage encryption components 25
26 Extending the application of MILS We have seen that the Separation Kernel Hypervisor is based on MILS principles Consists of a combination of hardware and software that permits multiple functions to be realized on a common set of physical resources without unwanted mutual interference Basic foundation of the Multiple Independent Levels of Security (MILS) initiative a vision of modular building blocks for high-assurance secure systems Extend the application of those principles Encrypted data storage Encrypted network traffic 26
27 MILS Based High Level Architecture Critical App Gateway App Server VM Non-Critical App Gateway App Server VM Third Party App Gateway App Server VM MILS. connect Net Cert Tunneled Virtual Networks Network Gateway VM Critical VM V-NIC V-Disk Non-Critical VM V-NIC V-Disk Third Party VM V-NIC V-Disk MILS.store Disk Manager VM Encrypted Disk Partitions VM Image VM Image VM Image Lynx Software Technologies - Proprietary & Confidential 27
28 Least Privilege Separation Kernel Hypervisors Explained 28
29 Example Application: Electronic Flight Bag Cockpit UI for miscellaneous features including MAP display and electronic forms Advantages of architecture: LynxSecure Isolates low integrity UI from high integrity aircraft bus Graphical display options Certifiable approach to isolating fully virtualized OSes Lynx Software Technologies - Proprietary & Confidential 29
30 Example application: UAV Ground Controller UI and control platform for controlling unmanned vehicles Advantages of architecture Path to DO 178 certification Safety Critical Partitioning Deterministic Control Flexible application options Lynx Software Technologies - Proprietary & Confidential 30
31 Summary Least Privilege Separation Kernel Hypervisor represents the coming together of the complementary principles of Least Privilege, Separation Kernels, and Hypervisors This theoretical idyll is made practical by the advent of hardware virtualization Multicore processors equipped with hardware virtualization present the opportunity to deploy Separation Kernel Hypervisors MILS based communications and storage mechanisms advance that principle further His countenance, like richest alchemy, Will change to virtue and to worthiness William Shakespeare. Casca, in Julius Caesar. 31
32 Safety & Security for the Connected World For further information visit
Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles
Safety & Security for the Connected World Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles 16 th June 2015 Mark Pitchford, Technical Manager, EMEA Today
The Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA
The Remote Exploitation of Unaltered Passenger Vehicles Revisited 20 th October 2016 Mark Pitchford, Technical Manager, EMEA Today s hot topic A few years ago, Lynx presentations at events such as this
Applying MILS to multicore avionics systems
Applying MILS to multicore avionics systems Eur Ing Paul Parkinson FIET Principal Systems Architect, A&D EuroMILS Workshop, Prague, 19 th January 2016 2016 Wind River. All Rights Reserved. Agenda A Brief
Flicker: An Execution Infrastructure for TCB Minimization
Flicker: An Execution Infrastructure for TCB Minimization Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Hiroshi Isozaki (EuroSys 08) Presented by: Tianyuan Liu Oct 31, 2017 Outline Motivation
The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
Using a Certified Hypervisor to Secure V2X communication
SYSGO AG PUBLIC 1 Using a Certified Hypervisor to Secure V2X communication Author(s): Date: Version Chris Berg 08/05/2017 v1.1 SYSGO AG PUBLIC 2 Protecting Assets People started protecting their assets
10 Steps to Virtualization
AN INTEL COMPANY 10 Steps to Virtualization WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Virtualization the creation of multiple virtual machines (VMs) on a single piece of hardware, where
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center
Container Adoption for NFV Challenges & Opportunities Sriram Natarajan, T-Labs Silicon Valley Innovation Center Virtual Machine vs. Container Stack KVM Container-stack Libraries Guest-OS Hypervisor Libraries
Deos SafeMCTM. - Flight Software Workshop - Thursday December 7 th, Safety Critical Software Solutions for Mission Critical Systems
Deos SafeMCTM Real-Time DO 178C DAL A Operating System for Safety-Critical Multicore Avionics Systems (ARINC 653 and RTEMS POSIX APIS) Presenter : Theresa Rickman Military Aerospace Accounts - Flight Software
Real-Time Systems and Intel take industrial embedded systems to the next level
Solution brief Industrial IoT (IIoT) Embedded Software and Systems Real-Time Systems and Intel take industrial embedded systems to the next level Innovative hypervisor and partitioning software increases
A Data-Centric Approach for Modular Assurance Abstract. Keywords: 1 Introduction
A Data-Centric Approach for Modular Assurance Gabriela F. Ciocarlie, Heidi Schubert and Rose Wahlin Real-Time Innovations, Inc. {gabriela, heidi, rose}@rti.com Abstract. A mixed-criticality system is one
Operating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
Virtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
CSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
Advanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
Virtualization. Michael Tsai 2018/4/16
Virtualization Michael Tsai 2018/4/16 What is virtualization? Let s first look at a video from VMware http://www.vmware.com/tw/products/vsphere.html Problems? Low utilization Different needs DNS DHCP Web
Virtualization. Pradipta De
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly
Nested Virtualization and Server Consolidation
Nested Virtualization and Server Consolidation Vara Varavithya Department of Electrical Engineering, KMUTNB varavithya@gmail.com 1 Outline Virtualization & Background Nested Virtualization Hybrid-Nested
CSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand
Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,
Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Virtual Machines Part 2: starting 19 years ago Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Operating Systems In Depth IX 2 Copyright 2018 Thomas W. Doeppner.
IO virtualization. Michael Kagan Mellanox Technologies
IO virtualization Michael Kagan Mellanox Technologies IO Virtualization Mission non-stop s to consumers Flexibility assign IO resources to consumer as needed Agility assignment of IO resources to consumer
Operating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
CprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University
Virtualization Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Introduction Virtualization Technology Applications
SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM
1 SRIFY: A COMPOSITIONAL APPROACH OF BUILDING SRITY VERIFIED SYSTEM Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018 2 Securify Approach Compositional Security Reasoning with Untrusted Components
W11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
CSCI 8530 Advanced Operating Systems. Part 19 Virtualization
CSCI 8530 Advanced Operating Systems Part 19 Virtualization Virtualization This is a very old idea It appears in many different forms A variety of commercial products exist The idea has become hot again
ARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
Intel Virtualization Technology Roadmap and VT-d Support in Xen
Intel Virtualization Technology Roadmap and VT-d Support in Xen Jun Nakajima Intel Open Source Technology Center Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
SentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
Chapter 5 C. Virtual machines
Chapter 5 C Virtual machines Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple guests Avoids security and reliability problems Aids sharing
Advanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
Virtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Virtual Machines Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today's Topics History and benefits of virtual machines Virtual machine technologies
COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
Towards Application Security on Untrusted Operating Systems
Towards Application Security on Untrusted Operating Systems Dan R. K. Ports MIT CSAIL & VMware Tal Garfinkel VMware Motivation Many applications handle sensitive data financial, medical, insurance, military...
Paperspace. Architecture Overview. 20 Jay St. Suite 312 Brooklyn, NY Technical Whitepaper
Architecture Overview Copyright 2016 Paperspace, Co. All Rights Reserved June - 1-2017 Technical Whitepaper Paperspace Whitepaper: Architecture Overview Content 1. Overview 3 2. Virtualization 3 Xen Hypervisor
Module 1: Virtualization. Types of Interfaces
Module 1: Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform
Extended Page Tables (EPT) A VMM must protect host physical memory Multiple guest operating systems share the same host physical memory VMM typically implements protections through page-table shadowing
Security: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017
Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software
Operating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
Hypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public
Franz Walkembach for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public 2018-04-19 1 What you can expect Quick introduction of SYSGO AG What are the market trends for hypervisor? Market size and main
VMware ESX Server 3i. December 2007
VMware ESX Server 3i December 2007 ESX Server 3i Exec Summary What is it? What does it do? What is unique? Who can use it? How do you use it? Next generation, thin hypervisor integrated in server hardware
LINUX CONTAINERS. Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER
Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Flexible and connected platforms are core components in leading computing fields, including
Security and Performance Benefits of Virtualization
Security and Performance Benefits of Virtualization Felix Baum mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered
Virtualization (II) SPD Course 17/03/2010 Massimo Coppola
Virtualization (II) SPD Course 17/03/2010 Massimo Coppola The players The Hypervisor (HV) implements the virtual machine emulation to run a Guest OS Provides resources and functionalities to the Guest
Extensible Network Security Services on Software Programmable Router OS. David Yau, Prem Gopalan, Seung Chul Han, Feng Liang
Extensible Network Security Services on Software Programmable Router OS David Yau, Prem Gopalan, Seung Chul Han, Feng Liang System Software and Architecture Lab Department of Computer Sciences Purdue University
The Quest-V Separation Kernel for Mixed Criticality Systems
The Quest-V Separation Kernel for Mixed Criticality Systems Ye Li, Richard West, and Eric Missimer Computer Science Department Boston University Boston, MA 02215 Email: {liye,richwest,missimer}@cs.bu.edu
CSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
A Review On optimization technique in Server Virtualization
A Review On optimization technique in Server Virtualization Lavneet Kaur, Himanshu Kakkar Department of Computer Science Chandigarh Engineering College Landran, India Abstract In this paper, the earlier
Virtualization and memory hierarchy
Virtualization and memory hierarchy Computer Architecture J. Daniel García Sánchez (coordinator) David Expósito Singh Francisco Javier García Blas ARCOS Group Computer Science and Engineering Department
Integration of Mixed Criticality Systems on MultiCores: Limitations, Challenges and Way ahead for Avionics
Integration of Mixed Criticality Systems on MultiCores: Limitations, Challenges and Way ahead for Avionics TecDay 13./14. Oct. 2015 Dietmar Geiger, Bernd Koppenhöfer 1 COTS HW Evolution - Single-Core Multi-Core
ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay
ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay Or We Can Remember It for You Wholesale (with apologies to Philip K. Dick) George Dunlap, Sam King, SukruCinar, MurtazaBasraiand
Virtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)
The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014) ManolisMarazakis (maraz@ics.forth.gr) Institute of Computer Science (ICS) Foundation
Jonathan M. McCune. Carnegie Mellon University. March 27, Bryan Parno, Arvind Seshadri Adrian Perrig, Michael Reiter
Jonathan M. McCune Carnegie Mellon University March 27, 2008 Bryan Parno, Arvind Seshadri Adrian Perrig, Michael Reiter 1 Password Reuse People often use 1 password for 2+ websites Banking, social networking,
Security for the Xen Hypervisor Status Quo & Perspective 2006
Security for the Xen Hypervisor Status Quo & Perspective 2006 Reiner Sailer Xen Summit 2006 IBM T J Watson Research Center 1/17/2006 1. Access Control Module 2. Virtual Trusted Platform Module 2 IBM T
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
OPERATING SYSTEMS Chapter 13 Virtual Machines. CS3502 Spring 2017
OPERATING SYSTEMS Chapter 13 Virtual Machines CS3502 Spring 2017 Virtual Machines Allow you to run a Guest Operating System on top of a Host Operating System VMware (for most systems) Microsoft Virtual
The Quest-V Separation Kernel for Mixed Criticality Systems
The Quest-V Separation Kernel for Mixed Criticality Systems Ye Li, Richard West, and Eric Missimer Computer Science Department Boston University Boston, MA 02215 Email: {liye,richwest,missimer}@cs.bu.edu
RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
LINUX Virtualization. Running other code under LINUX
LINUX Virtualization Running other code under LINUX Environment Virtualization Citrix/MetaFrame Virtual desktop under Windows NT. aka Windows Remote Desktop Protocol VNC, Dameware virtual console. XWindows
USING DEVICE LIFECYCLE MANAGEMENT TO FUTURE PROOF YOUR IOT DEPLOYMENT
USING DEVICE LIFECYCLE MANAGEMENT TO FUTURE PROOF YOUR IOT DEPLOYMENT Tom Gibbings Market Development Manager 2017 WIND RIVER. ALL RIGHTS RESERVED. IOT IS CHANGING HOW WE LIVE AND WORK 2 2017 WIND RIVER.
Virtualization and Virtual Machines. CS522 Principles of Computer Systems Dr. Edouard Bugnion
Virtualization and Virtual Machines CS522 Principles of Computer Systems Dr. Edouard Bugnion Virtualization and Virtual Machines 2 This week Introduction, definitions, A short history of virtualization
The MILS Partitioning Communication System + RT CORBA = Secure Communications for SBC Systems
The MILS Partitioning Communication System + RT CORBA = Secure Communications for SBC Systems Kevin Buesing Objective Interface Systems Field Applications Engineer kevin.buesing@ois.com Jeff Chilton Objective
LINUX KVM FRANCISCO JAVIER VARGAS GARCIA-DONAS CLOUD COMPUTING 2017
LINUX KVM FRANCISCO JAVIER VARGAS GARCIA-DONAS CLOUD COMPUTING 2017 LINUX KERNEL-BASED VIRTUAL MACHINE KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware
Virtual Machine Monitors (VMMs) are a hot topic in
CSE 120 Principles of Operating Systems Winter 2007 Lecture 16: Virtual Machine Monitors Keith Marzullo and Geoffrey M. Voelker Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot topic
Virtualization for Embedded Systems
Is an open source solution right for you? 6/26/2013 Julia Keffer Page i Table of Contents Table of Contents Introduction... 1 What is Virtualization?... 1 Virtualization Applications... 2 Operating Systems
A Comparison Study of Intel SGX and AMD Memory Encryption Technology
A Comparison Study of Intel SGX and AMD Memory Encryption Technology Saeid Mofrad, Fengwei Zhang Shiyong Lu Wayne State University {saeid.mofrad, Fengwei, Shiyong}@wayne.edu Weidong Shi (Larry) University
Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
CSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
Hypervisor Part 1- What is a Hypervisor and How Does it Work?
WHITEPAPER Hypervisor Part 1- What is a Hypervisor and How Does it Work? Randy Martin Product Manager 5/3/17 BlackBerry QNX Not for general distribution. Intended for Advanced Sterilization Products 1
Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
Operating-System Structures
Operating-System Structures Chapter 2 Operating System Services One set provides functions that are helpful to the user: User interface Program execution I/O operations File-system manipulation Communications
CSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG
A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG SYSGO AG 1 Secure Software Update Unified Diagnostic Services DiagnosticsSessionControl
MILS Multiple Independent Levels of Security. Carol Taylor & Jim Alves-Foss University of Idaho Moscow, Idaho
MILS Multiple Independent Levels of Security Carol Taylor & Jim Alves-Foss University of Idaho Moscow, Idaho United states December 8, 2005 Taylor, ACSAC Presentation 2 Outline Introduction and Motivation
ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to
Virtualization, Xen and Denali
Virtualization, Xen and Denali Susmit Shannigrahi November 9, 2011 Susmit Shannigrahi () Virtualization, Xen and Denali November 9, 2011 1 / 70 Introduction Virtualization is the technology to allow two
The vsphere 6.0 Advantages Over Hyper- V
The Advantages Over Hyper- V The most trusted and complete virtualization platform SDDC Competitive Marketing 2015 Q2 VMware.com/go/PartnerCompete 2015 VMware Inc. All rights reserved. v3b The Most Trusted
FPGAs: High Assurance through Model Based Design
FPGAs: High Assurance through Based Design AADL Workshop 24 January 2007 9:30 10:00 Yves LaCerte Rockwell Collins Advanced Technology Center 400 Collins Road N.E. Cedar Rapids, IA 52498 ylacerte@rockwellcollins.cm
Virtualization. Application Application Application. MCSN - N. Tonellotto - Distributed Enabling Platforms OPERATING SYSTEM OPERATING SYSTEM
Virtualization lication lication lication lication lication lication OPERATING SYSTEM OPERATING SYSTEM VIRTUALIZATION 1 Basic Idea Observation Hardware resources are typically under-utilized Hardware resources
I/O and virtualization
I/O and virtualization CSE-C3200 Operating systems Autumn 2015 (I), Lecture 8 Vesa Hirvisalo Today I/O management Control of I/O Data transfers, DMA (Direct Memory Access) Buffering Single buffering Double
Virtualization. Dr. Yingwu Zhu
Virtualization Dr. Yingwu Zhu Virtualization Definition Framework or methodology of dividing the resources of a computer into multiple execution environments. Types Platform Virtualization: Simulate a
Learning Outcomes. Extended OS. Observations Operating systems provide well defined interfaces. Virtual Machines. Interface Levels
Learning Outcomes Extended OS An appreciation that the abstract interface to the system can be at different levels. Virtual machine monitors (VMMs) provide a lowlevel interface An understanding of trap
Distributed Systems COMP 212. Lecture 18 Othon Michail
Distributed Systems COMP 212 Lecture 18 Othon Michail Virtualisation & Cloud Computing 2/27 Protection rings It s all about protection rings in modern processors Hardware mechanism to protect data and
Architectural Support for A More Secure Operating System
Architectural Support for A More Secure Operating System Edward L. Bosworth, Ph.D. TSYS Department of Computer Science Columbus State University Columbus, GA A Few Comments The term Secure Operating System
Facing the Reality: Virtualization in a Microkernelbased Operating System. Matthias Lange, MOS, January 26th, 2016
Facing the Reality: Virtualization in a Microkernelbased Operating System Matthias Lange, MOS, January 26th, 2016 matthias.lange@kernkonzept.com Today's take aways Microkernel systems are used to build
SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012
SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD May 2012 THE ECONOMICS OF THE DATA CENTER Physical Server Installed Base (Millions) Logical Server Installed Base (Millions) Complexity and Operating
Using a Hypervisor to Manage Multi-OS Systems Cory Bialowas, Product Manager
Using a Hypervisor to Manage Multi-OS Systems Cory Bialowas, Product Manager cory.bialowas@windriver.com Trends, Disruptions and Opportunity Wasn t life simple? Single-OS: SMP OS OS CPU Single Core Virtualization
Optimizing and Enhancing VM for the Cloud Computing Era. 20 November 2009 Jun Nakajima, Sheng Yang, and Eddie Dong
Optimizing and Enhancing VM for the Cloud Computing Era 20 November 2009 Jun Nakajima, Sheng Yang, and Eddie Dong Implications of Cloud Computing to Virtualization More computation and data processing
Secure Partitioning (s-par) for Enterprise-Class Consolidation
Secure Partitioning (s-par) for Enterprise-Class Consolidation How Partitioning Technology Delivers Consolidation Without Compromising Performance, Security, or Isolation White Paper The enterprise clients
Securing the End Node in a Cloud World
Securing the End Node in a Cloud World Approved for Public Release: RY-11-0022, 88 ABW-11-0375 Lt Col Ken Edge, PhD Electronic & Net-Centric Warfare Division Air Force Research Laboratory Of Clouds and