A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory
|
|
- Bethany Hawkins
- 6 years ago
- Views:
Transcription
1 A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory Maximilian Seitzer, Michael Gruhn, Tilo Müller Friedrich Alexander Universität Erlangen-Nürnberg
2 Introduction Context: physical security Attacker has physical access to running system. 3
3 Introduction Context: physical security Attacker has physical access to running system. Ultimate problem: RAM is insecure. Cold boot attack, DMA attack 4
4 Introduction Context: physical security Attacker has physical access to running system. Ultimate problem: RAM is insecure. Cold boot attack, DMA attack Attacker has access to all kinds of sensitive data in memory, e.g.: Full disk encryption keys Code and data of running programs 5
5 Introduction Existing solutions to protect hard disk encryption: Run encryption on hardware (FDE) Run encryption on CPU (e.g. TRESOR) 6
6 Introduction Existing solutions to protect hard disk encryption: Run encryption on hardware (FDE) Run encryption on CPU (e.g. TRESOR) Possible solution: encrypt RAM With software: cheap, but slow With hardware: efficient, but expensive 7
7 Introduction Existing solutions to protect hard disk encryption: Run encryption on hardware (FDE) Run encryption on CPU (e.g. TRESOR) Possible solution: encrypt RAM With software: cheap, but slow With hardware: efficient, but expensive Our approach: Executing programs securely by not using RAM for sensitive data 8
8 Initial Situation Code and data are residing in RAM unprotected. RAM code CPU registers data 9
9 Idea: secure execution environment Move execution into CPU Encrypt program segments within RAM RAM CPU code data bytecode interpreter registers code data 10
10 Idea: secure execution environment Move execution into CPU Encrypt program segments within RAM Employ secure encryption: TRESOR RAM CPU code data bytecode interpreter registers code data 11
11 A program s lifecycle 13
12 A program s lifecycle Compiler produces encrypted bytecode.scll compiler source code user space 14
13 A program s lifecycle Front end invokes execution.scll compiler source code front end user space 15
14 A program s lifecycle Front end invokes execution.scll compiler source code back end front end user space sys-interface kernel space 16
15 A program s lifecycle Back end executes encrypted program.scll compiler source code back end front end user space sys-interface kernel space 17
16 A program s lifecycle Results are passed back to the user.scll compiler source code back end front end results user space sys-interface kernel space 18
17 Memory Layout Interpreter simulates instructions on program state 19
18 Memory Layout Interpreter simulates instructions on program state Interpreter manages three memory segments 20
19 Memory Layout Interpreter simulates instructions on program state Interpreter manages three memory segments code segment instructions instruction pointer 21
20 Memory Layout Interpreter simulates instructions on program state Interpreter manages three memory segments code segment instructions call stack variables instruction pointer stack pointer return addresses arguments 22
21 Memory Layout Interpreter simulates instructions on program state Interpreter manages three memory segments code segment call stack operand stack instruction pointer instructions stack pointer variables return addresses arguments stack pointer operands return values 23
22 Memory Layout The row registers contain a decrypted slice of a memory segment. The interpreter always loads the slices containing the currently needed data into the registers. instruction pointer code segment call stack operand stack instructions stack pointer variables return addresses arguments stack pointer operands return values CPU row registers (128 bit SSE registers) 24
23 Achieving Security Against Memory Attacks Obviously encrypt memory 28
24 Achieving Security Against Memory Attacks Obviously encrypt memory For this, AES has to run entirely on the CPU. Provided by an adapted TRESOR implementation, utilizing the instruction sets AVX and AES-NI. 29
25 Achieving Security Against Memory Attacks Obviously encrypt memory For this, AES has to run entirely on the CPU. Provided by an adapted TRESOR implementation, utilizing the instruction sets AVX and AES-NI. Problem: Context switches Operating system saves CPU registers to RAM Solution: deny context switches to happen 30
26 Achieving Security Against Memory Attacks Execution gets divided into atomic sections. Beginning of atomic section Load state into registers Process instructions End of atomic section Save state, clear registers 31
27 Bytecode Language Functionalities: Local variables Arithmetic: add, sub, mul, div, mod Conditional and unconditional jumps Function calls Input via commandline parameters, Output via print. 32
28 Bytecode Language Functionalities: Local variables Arithmetic: add, sub, mul, div, mod Conditional and unconditional jumps Function calls Input via commandline parameters, Output via print. Restrictions: Only one data type (integer) No arrays No global memory segment 33
29 runtime Evaluation: Performance Averaged runtime of three benchmark programs with four different languages 100% 80% 60% 40% 25,3% 20% 0% 0,9% 0,7% Interpreter Python Java C 35
30 runtime Evaluation: Performance Averaged runtime of three benchmark programs with four different languages 100% 80% without encryption 60% 40% 20% 22,4% 25,3% 0% 0,9% 0,7% Interpreter Python Java C 36
31 Evaluation: Security Protection against memory attacks: By design, neither key nor program state should leak into RAM. Scans of several different memory dumps for keys, code and data did not return any findings. 37
32 Evaluation: Security Protection against memory attacks: By design, neither key nor program state should leak into RAM. Scans of several different memory dumps for keys, code and data did not return any findings. But: TRESOR-Hunt (Blass & Robertson, 2012) DMA write attack Malicious code gets injected and executed in kernel context. Preventable e.g. with device whitelisting or IOMMU. 38
33 Future Work Extension of bytecode language More data types, arrays, global datasegment, Make execution of real software secure 40
34 Future Work Extension of bytecode language More data types, arrays, global datasegment, Make execution of real software secure Performance improvements through AVX-512 Additional register space allows caching New instructions allow to simplify implementation 41
35 Conclusion We present the concept of a secure execution environment in form of a bytecode interpreter which executes programs without using RAM for sensitive data. Proof of concept implementation is available for x86-64 Linux. Interpreter protects against memory attacks. Interpreter is around factor 4 slower than Python, with most time spent on encryption. 42
36 Thank you for your attention Any questions? 43
Isolating Operating System Components with Intel SGX
SysTEX 16 Trento, Italy Isolating Operating System Components with Intel SGX Lars Richter, Johannes Götzfried, Tilo Müller Department of Computer Science FAU Erlangen-Nuremberg, Germany December 12, 2016
More informationEvaluating Atomicity, and Integrity of Correct Memory Acquisition Methods
Evaluating Atomicity, and Integrity of Correct Memory Acquisition Methods Michael Gruhn, Felix Freiling 2016-30-03 Department Computer Science IT Security Infrastructures Friedrich-Alexander-University
More informationIntroduction to Scientific Computing
Introduction to Scientific Computing Dr Hanno Rein Last updated: October 12, 2018 1 Computers A computer is a machine which can perform a set of calculations. The purpose of this course is to give you
More informationFull file at
Import Settings: Base Settings: Brownstone Default Highest Answer Letter: D Multiple Keywords in Same Paragraph: No Chapter: Chapter 2 Multiple Choice 1. A is an example of a systems program. A) command
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationToday: Computer System Overview (Stallings, chapter ) Next: Operating System Overview (Stallings, chapter ,
Lecture Topics Today: Computer System Overview (Stallings, chapter 1.1-1.8) Next: Operating System Overview (Stallings, chapter 2.1-2.4, 2.8-2.10) 1 Announcements Syllabus and calendar available Consulting
More informationMemory Analysis. CSF: Forensics Cyber-Security. Part II. Basic Techniques and Tools for Digital Forensics. Fall 2018 Nuno Santos
Memory Analysis Part II. Basic Techniques and Tools for Digital Forensics CSF: Forensics Cyber-Security Fall 2018 Nuno Santos Previous classes Files, steganography, watermarking Source of digital evidence
More informationMartin Kruliš, v
Martin Kruliš 1 Optimizations in General Code And Compilation Memory Considerations Parallelism Profiling And Optimization Examples 2 Premature optimization is the root of all evil. -- D. Knuth Our goal
More informationLESSON 13: LANGUAGE TRANSLATION
LESSON 13: LANGUAGE TRANSLATION Objective Interpreters and Compilers. Language Translation Phases. Interpreters and Compilers A COMPILER is a program that translates a complete source program into machine
More informationThe Kernel Abstraction
The Kernel Abstraction Debugging as Engineering Much of your time in this course will be spent debugging In industry, 50% of software dev is debugging Even more for kernel development How do you reduce
More information4. Jump to *RA 4. StackGuard 5. Execute code 5. Instruction Set Randomization 6. Make system call 6. System call Randomization
04/04/06 Lecture Notes Untrusted Beili Wang Stages of Static Overflow Solution 1. Find bug in 1. Static Analysis 2. Send overflowing input 2. CCured 3. Overwrite return address 3. Address Space Randomization
More informationThe Slide does not contain all the information and cannot be treated as a study material for Operating System. Please refer the text book for exams.
The Slide does not contain all the information and cannot be treated as a study material for Operating System. Please refer the text book for exams. Operating System Services User Operating System Interface
More informationCompiling Techniques
Lecture 10: Introduction to 10 November 2015 Coursework: Block and Procedure Table of contents Introduction 1 Introduction Overview Java Virtual Machine Frames and Function Call 2 JVM Types and Mnemonics
More informationHacking Blind BROP. Presented by: Brooke Stinnett. Article written by: Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazie`res, Dan Boneh
Hacking Blind BROP Presented by: Brooke Stinnett Article written by: Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazie`res, Dan Boneh Overview Objectives Introduction to BROP ROP recap BROP key phases
More informationWhat Operating Systems Do An operating system is a program hardware that manages the computer provides a basis for application programs acts as an int
Operating Systems Lecture 1 Introduction Agenda: What Operating Systems Do Computer System Components How to view the Operating System Computer-System Operation Interrupt Operation I/O Structure DMA Structure
More informationRegisters. Registers
All computers have some registers visible at the ISA level. They are there to control execution of the program hold temporary results visible at the microarchitecture level, such as the Top Of Stack (TOS)
More informationCSc 453 Interpreters & Interpretation
CSc 453 Interpreters & Interpretation Saumya Debray The University of Arizona Tucson Interpreters An interpreter is a program that executes another program. An interpreter implements a virtual machine,
More informationOn the Practicability of Cold Boot Attacks
On the Practicability of Cold Boot Attacks Michael Gruhn and Tilo Müller Friedrich-Alexander-University Erlangen-Nuremberg 2013/09/06 Michael Gruhn, Tilo Müller (FAU) On the Practicability of Cold Boot
More informationHardware Emulation and Virtual Machines
Hardware Emulation and Virtual Machines Overview Review of How Programs Run: Registers Execution Cycle Processor Emulation Types: Pure Translation Static Recompilation Dynamic Recompilation Direct Bytecode
More informationOperating- System Structures
Operating- System Structures 2 CHAPTER Practice Exercises 2.1 What is the purpose of system calls? Answer: System calls allow user-level processes to request services of the operating system. 2.2 What
More informationHardware OS & OS- Application interface
CS 4410 Operating Systems Hardware OS & OS- Application interface Summer 2013 Cornell University 1 Today How my device becomes useful for the user? HW-OS interface Device controller Device driver Interrupts
More informationPrivacy-Preserving Forensics
DIGITAL FORENSIC RESEARCH CONFERENCE Privacy-Preserving Email Forensics By Frederik Armknecht, Andreas Dewald and Michael Gruhn Presented At The Digital Forensic Research Conference DFRWS 2015 USA Philadelphia,
More informationSista: Improving Cog s JIT performance. Clément Béra
Sista: Improving Cog s JIT performance Clément Béra Main people involved in Sista Eliot Miranda Over 30 years experience in Smalltalk VM Clément Béra 2 years engineer in the Pharo team Phd student starting
More informationThe Kernel Abstraction. Chapter 2 OSPP Part I
The Kernel Abstraction Chapter 2 OSPP Part I Kernel The software component that controls the hardware directly, and implements the core privileged OS functions. Modern hardware has features that allow
More informationInstruction Set Architecture
Computer Architecture Instruction Set Architecture Lynn Choi Korea University Machine Language Programming language High-level programming languages Procedural languages: C, PASCAL, FORTRAN Object-oriented
More informationInf2C - Computer Systems Lecture 16 Exceptions and Processor Management
Inf2C - Computer Systems Lecture 16 Exceptions and Processor Management Boris Grot School of Informatics University of Edinburgh Class party! When: Friday, Dec 1 @ 8pm Where: Bar 50 on Cowgate Inf2C Computer
More informationBASIC COMPUTER ORGANIZATION. Operating System Concepts 8 th Edition
BASIC COMPUTER ORGANIZATION Silberschatz, Galvin and Gagne 2009 Topics CPU Structure Registers Memory Hierarchy (L1/L2/L3/RAM) Machine Language Assembly Language Running Process 3.2 Silberschatz, Galvin
More informationLecture Notes for 04/04/06: UNTRUSTED CODE Fatima Zarinni.
Lecture Notes for 04/04/06 UNTRUSTED CODE Fatima Zarinni. Last class we started to talk about the different System Solutions for Stack Overflow. We are going to continue the subject. Stages of Stack Overflow
More informationLast class: Today: Course administration OS definition, some history. Background on Computer Architecture
1 Last class: Course administration OS definition, some history Today: Background on Computer Architecture 2 Canonical System Hardware CPU: Processor to perform computations Memory: Programs and data I/O
More informationSecure In-Cache Execution
Secure In-Cache Execution Yue Chen, Mustakimur Khandaker, and Zhi Wang Florida State University, Tallahassee, FL, US 32306 {ychen, khandake, zwang}@cs.fsu.edu Abstract. A cold boot attack is a powerful
More informationRuntime Defenses against Memory Corruption
CS 380S Runtime Defenses against Memory Corruption Vitaly Shmatikov slide 1 Reading Assignment Cowan et al. Buffer overflows: Attacks and defenses for the vulnerability of the decade (DISCEX 2000). Avijit,
More informationJava Internals. Frank Yellin Tim Lindholm JavaSoft
Java Internals Frank Yellin Tim Lindholm JavaSoft About This Talk The JavaSoft implementation of the Java Virtual Machine (JDK 1.0.2) Some companies have tweaked our implementation Alternative implementations
More informationA software view. Computer Systems. The Compilation system. How it works. 1. Preprocesser. 1. Preprocessor (cpp)
A software view User Interface Computer Systems MTSU CSCI 3240 Spring 2016 Dr. Hyrum D. Carroll Materials from CMU and Dr. Butler How it works hello.c #include int main() { printf( hello, world\n
More informationComputers in Engineering COMP 208. Computer Structure. Computer Architecture. Computer Structure Michael A. Hawker
Computers in Engineering COMP 208 Computer Structure Michael A. Hawker Computer Structure We will briefly look at the structure of a modern computer That will help us understand some of the concepts that
More informationComputer Architecture COMP360
Computer Architecture COMP360 It s hardware that makes a machine fast. It's software that makes a fast machine slow. Craig Bruce Basic Computer Components CPU I/O Device Cache I/O Controller Bus Memory
More informationParsing Scheme (+ (* 2 3) 1) * 1
Parsing Scheme + (+ (* 2 3) 1) * 1 2 3 Compiling Scheme frame + frame halt * 1 3 2 3 2 refer 1 apply * refer apply + Compiling Scheme make-return START make-test make-close make-assign make- pair? yes
More informationFree Development Environment for Bus Coupling Units (BCUs)
Free Development Environment for Bus Coupling Units (BCUs) for the European Installation Bus (EIB) Martin Kögler mkoegler@auto.tuwien.ac.at June 13, 2005 Course of the talk 1 Introduction 2 BCU SDK development
More informationTACi: Three-Address Code Interpreter (version 1.0)
TACi: Three-Address Code Interpreter (version 1.0) David Sinclair September 23, 2018 1 Introduction TACi is an interpreter for Three-Address Code, the common intermediate representation (IR) used in compilers.
More informationDigital Forensics Lecture 3 - Reverse Engineering
Digital Forensics Lecture 3 - Reverse Engineering Low-Level Software Akbar S. Namin Texas Tech University Spring 2017 Reverse Engineering High-Level Software Low-level aspects of software are often the
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 Reference Monitor Observes execution of the program/process At what level? Possibilities:
More informationPractical Java Card bytecode compression 1
RENPAR 14 / ASF / SYMPA Practical Java Card bytecode compression 1 Gabriel Bizzotto Gilles Grimaud LIFL, Universite de Lille 1 Gemplus Research Lab bizzotto@dea.lifl.fr grimaud@lifl.fr Abstract Our work
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationImproving the Operating System with Reconfigurable Hardware
Improving the Operating System with Reconfigurable Hardware (FGBS 11) Michael Gernoth System Software Group Friedrich-Alexander University Erlangen-Nuremberg November 11, 2011 supported by Challenges in
More informationVersion:1.1. Overview of speculation-based cache timing side-channels
Author: Richard Grisenthwaite Date: January 2018 Version 1.1 Introduction This whitepaper looks at the susceptibility of Arm implementations following recent research findings from security researchers
More informationDeclaring Pointers. Declaration of pointers <type> *variable <type> *variable = initial-value Examples:
1 Programming in C Pointer Variable A variable that stores a memory address Allows C programs to simulate call-by-reference Allows a programmer to create and manipulate dynamic data structures Must be
More informationReferences. T. LeBlanc, Memory management for large-scale numa multiprocessors, Department of Computer Science: Technical report*311
References [Ande 89] [Ande 92] [Ghos 93] [LeBl 89] [Rüde92] T. Anderson, E. Lazowska, H. Levy, The Performance Implication of Thread Management Alternatives for Shared-Memory Multiprocessors, ACM Trans.
More informationCryptographic Engineering
Cryptographic Engineering Cryptography in software the basics Radboud University, Nijmegen, The Netherlands Spring 2019 The software arena(s) Embedded microcontrollers This is what you re looking at in
More informationSecurity Bugs in Embedded Interpreters
Security Bugs in Embedded Interpreters Haogang Chen, Cody Cutler, Taesoo Kim, Yandong Mao, Xi Wang, Nickolai Zeldovich and M. Frans Kaashoek MIT CSAIL Embedded interpreters Host system Bytecode Input Embedded
More informationChapter 2. Operating-System Structures
Chapter 2 Operating-System Structures 2.1 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationInstruction-set Design Issues: what is the ML instruction format(s) ML instruction Opcode Dest. Operand Source Operand 1...
Instruction-set Design Issues: what is the format(s) Opcode Dest. Operand Source Operand 1... 1) Which instructions to include: How many? Complexity - simple ADD R1, R2, R3 complex e.g., VAX MATCHC substrlength,
More informationQ.1 Explain Computer s Basic Elements
Q.1 Explain Computer s Basic Elements Ans. At a top level, a computer consists of processor, memory, and I/O components, with one or more modules of each type. These components are interconnected in some
More informationAnne Bracy CS 3410 Computer Science Cornell University
Anne Bracy CS 3410 Computer Science Cornell University The slides were originally created by Deniz ALTINBUKEN. P&H Chapter 4.9, pages 445 452, appendix A.7 Manages all of the software and hardware on the
More informationInstruction-set Design Issues: what is the ML instruction format(s) ML instruction Opcode Dest. Operand Source Operand 1...
Instruction-set Design Issues: what is the format(s) Opcode Dest. Operand Source Operand 1... 1) Which instructions to include: How many? Complexity - simple ADD R1, R2, R3 complex e.g., VAX MATCHC substrlength,
More informationNo Sugar but all the Taste! Memory Encryption without Architectural Support
No Sugar but all the Taste! Memory Encryption without Architectural Support Panagiotis Papadopoulos, Giorgos Vasiliadis, Giorgos Christou, Evangelos Markatos, Sotiris Ioannidis FORTH-ICS, Greece {panpap,
More information! Learn how to think like a computer scientist. ! Learn problem solving. ! Read and write code. ! Understand object oriented programming
1 TOPIC 1 INTRODUCTION TO COMPUTER SCIENCE AND PROGRAMMING Topic 1 Introduction to Computer Science and Programming Notes adapted from Introduction to Computing and Programming with Java: A Multimedia
More informationIdentity-based Access Control
Identity-based Access Control The kind of access control familiar from operating systems like Unix or Windows based on user identities This model originated in closed organisations ( enterprises ) like
More informationModesto Junior College Course Outline of Record CMPSC 241
Modesto Junior College Course Outline of Record CMPSC 241 I. OVERVIEW The following information will appear in the 2010-2011 catalog CMPSC 241 Assembly Language Programming Prerequisite: Satisfactory completion
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationCS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2018 Lecture 20
CS24: INTRODUCTION TO COMPUTING SYSTEMS Spring 2018 Lecture 20 LAST TIME: UNIX PROCESS MODEL Began covering the UNIX process model and API Information associated with each process: A PID (process ID) to
More informationPOINTERS - Pointer is a variable that holds a memory address of another variable of same type. - It supports dynamic allocation routines. - It can improve the efficiency of certain routines. C++ Memory
More informationBUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX
BUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX FLORIAN KERSCHBAUM, UNIVERSITY OF WATERLOO JOINT WORK WITH BENNY FUHRY (SAP), ANDREAS FISCHER (SAP) AND MANY OTHERS DO YOU TRUST YOUR CLOUD SERVICE
More informationPointers in C. A Hands on Approach. Naveen Toppo. Hrishikesh Dewan
Pointers in C A Hands on Approach Naveen Toppo Hrishikesh Dewan Contents About the Authors Acknowledgments Introduction xiii xv xvii S!Chapter 1: Memory, Runtime Memory Organization, and Virtual Memory
More informationProcessing Analytical Queries over Encrypted Data
Processing Analytical Queries over Encrypted Data Stephen Tu M. Frans Kaashoek Sam Madden Nickolai Zeldovich VLDB 2013 Introduction MONOMI a system for securely executing analytical queries over sensitive
More informationSpring 2017 :: CSE 506. Device Programming. Nima Honarmand
Device Programming Nima Honarmand read/write interrupt read/write Spring 2017 :: CSE 506 Device Interface (Logical View) Device Interface Components: Device registers Device Memory DMA buffers Interrupt
More informationChapter 2: Operating-System Structures. Operating System Concepts 9 th Edit9on
Chapter 2: Operating-System Structures Operating System Concepts 9 th Edit9on Silberschatz, Galvin and Gagne 2013 Chapter 2: Operating-System Structures 1. Operating System Services 2. User Operating System
More informationSeparating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington
Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems Robert Grimm University of Washington Extensions Added to running system Interact through low-latency interfaces Form
More informationCyber Moving Targets. Yashar Dehkan Asl
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system
More information[0569] p 0318 garbage
A Pointer is a variable which contains the address of another variable. Declaration syntax: Pointer_type *pointer_name; This declaration will create a pointer of the pointer_name which will point to the
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 X. Chen, T, Garfinkel, E. Lewis, P. Subrahmanyam, C. Waldspurger, D. Boneh, J. Dwoskin,
More informationVirtual Machine Tutorial
Virtual Machine Tutorial CSA2201 Compiler Techniques Gordon Mangion Virtual Machine A software implementation of a computing environment in which an operating system or program can be installed and run.
More informationJazelle ARM. By: Adrian Cretzu & Sabine Loebner
Jazelle ARM By: Adrian Cretzu & Sabine Loebner Table of Contents Java o Challenge o Acceleration Techniques ARM Overview o RISC o ISA o Background Jazelle o Background o Jazelle mode o bytecode execution
More informationSoftware Security: Buffer Overflow Defenses
CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Defenses Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,
More informationSpectre and Meltdown: Data leaks during speculative execution
Spectre and Meltdown: Data leaks during speculative execution Speaker: Jann Horn (Google Project Zero) Paul Kocher (independent) Daniel Genkin (University of Pennsylvania and University of Maryland) Yuval
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationTizen/Artik IoT Lecture Chapter 3. JerryScript Parser & VM
1 Tizen/Artik IoT Lecture Chapter 3. JerryScript Parser & VM Sungkyunkwan University Contents JerryScript Execution Flow JerryScript Parser Execution Flow Lexing Parsing Compact Bytecode (CBC) JerryScript
More informationReturn-Oriented Rootkits
Return-Oriented Rootkits Ralf Hund Troopers March 10, 2010 What is Return-Oriented Programming? New emerging attack technique, pretty hyped topic Gained awareness in 2007 in Hovav Shacham s paper The Geometry
More informationEmbedded Linux Architecture
Embedded Linux Architecture Types of Operating Systems Real-Time Executive Monolithic Kernel Microkernel Real-Time Executive For MMU-less processors The entire address space is flat or linear with no memory
More informationSubversive-C: Abusing and Protecting Dynamic Message Dispatch
Subversive-C: Abusing and Protecting Dynamic Message Dispatch Julian Lettner, Benjamin Kollenda, Andrei Homescu, Per Larsen, Felix Schuster, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Michael Franz
More informationAssembly Language: Overview!
Assembly Language: Overview! 1 Goals of this Lecture! Help you learn:" The basics of computer architecture" The relationship between C and assembly language" IA-32 assembly language, through an example"
More informationOperating system Dr. Shroouq J.
2.2.2 DMA Structure In a simple terminal-input driver, when a line is to be read from the terminal, the first character typed is sent to the computer. When that character is received, the asynchronous-communication
More informationLast 2 Classes: Introduction to Operating Systems & C++ tutorial. Today: OS and Computer Architecture
Last 2 Classes: Introduction to Operating Systems & C++ tutorial User apps OS Virtual machine interface hardware physical machine interface An operating system is the interface between the user and the
More informationProgrammazione Avanzata
Programmazione Avanzata Vittorio Ruggiero (v.ruggiero@cineca.it) Roma, Marzo 2017 Pipeline Outline CPU: internal parallelism? CPU are entirely parallel pipelining superscalar execution units SIMD MMX,
More informationCost of Your Programs
Department of Computer Science and Engineering Chinese University of Hong Kong In the class, we have defined the RAM computation model. In turn, this allowed us to define rigorously algorithms and their
More informationStackVsHeap SPL/2010 SPL/20
StackVsHeap Objectives Memory management central shared resource in multiprocessing RTE memory models that are used in Java and C++ services for Java/C++ programmer from RTE (JVM / OS). Perspectives of
More informationLatches. IT 3123 Hardware and Software Concepts. Registers. The Little Man has Registers. Data Registers. Program Counter
IT 3123 Hardware and Software Concepts Notice: This session is being recorded. CPU and Memory June 11 Copyright 2005 by Bob Brown Latches Can store one bit of data Can be ganged together to store more
More informationIntermediate Code Generation
Intermediate Code Generation In the analysis-synthesis model of a compiler, the front end analyzes a source program and creates an intermediate representation, from which the back end generates target
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationInstruction Sets: Characteristics and Functions Addressing Modes
Instruction Sets: Characteristics and Functions Addressing Modes Chapters 10 and 11, William Stallings Computer Organization and Architecture 7 th Edition What is an Instruction Set? The complete collection
More informationHandout 3. HSAIL and A SIMT GPU Simulator
Handout 3 HSAIL and A SIMT GPU Simulator 1 Outline Heterogeneous System Introduction of HSA Intermediate Language (HSAIL) A SIMT GPU Simulator Summary 2 Heterogeneous System CPU & GPU CPU GPU CPU wants
More informationRuntime Integrity Checking for Exploit Mitigation on Embedded Devices
Runtime Integrity Checking for Exploit Mitigation on Embedded Devices Matthias Neugschwandtner IBM Research, Zurich eug@zurich.ibm.com Collin Mulliner Northeastern University, Boston collin@mulliner.org
More informationChapter 2. Computer Abstractions and Technology. Lesson 4: MIPS (cont )
Chapter 2 Computer Abstractions and Technology Lesson 4: MIPS (cont ) Logical Operations Instructions for bitwise manipulation Operation C Java MIPS Shift left >>> srl Bitwise
More informationCS4215 Programming Language Implementation
CS4215 Programming Language Implementation You have 45 minutes to complete the exam. Use a B2 pencil to fill up the provided MCQ form. Leave Section A blank. Fill up Sections B and C. After finishing,
More informationProtection Goals of Protection Principles of Protection principle of least privilege Domain Structure need to know principle
Protection Discuss the goals and principles of protection in a modern computer system Explain how protection domains combined with an access matrix are used to specify the resources a process may access
More informationOS and Computer Architecture. Chapter 3: Operating-System Structures. Common System Components. Process Management
Last class: OS and Architecture OS and Computer Architecture OS Service Protection Interrupts System Calls IO Scheduling Synchronization Virtual Memory Hardware Support Kernel/User Mode Protected Instructions
More informationRemix: On-demand Live Randomization
Remix: On-demand Live Randomization Yue Chen, Zhi Wang, David Whalley, Long Lu* Florida State University, Stony Brook University* Background Buffer Overflow -> Code Injection Attack Background Buffer Overflow
More informationECE232: Hardware Organization and Design
ECE232: Hardware Organization and Design Lecture 4: Logic Operations and Introduction to Conditionals Adapted from Computer Organization and Design, Patterson & Hennessy, UCB Overview Previously examined
More informationComputer Architecture and Organization. Instruction Sets: Addressing Modes and Formats
Computer Architecture and Organization Instruction Sets: Addressing Modes and Formats Addressing Modes Immediate Direct Indirect Register Register Indirect Displacement (Indexed) Stack Immediate Addressing
More information8/16/12. Computer Organization. Architecture. Computer Organization. Computer Basics
Computer Organization Computer Basics TOPICS Computer Organization Data Representation Program Execution Computer Languages 1 2 Architecture Computer Organization n central-processing unit n performs the
More informationENEE 457: Computer Systems Security. Lecture 16 Buffer Overflow Attacks
ENEE 457: Computer Systems Security Lecture 16 Buffer Overflow Attacks Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College Park Buffer overflow
More informationLecture 4: Mechanism of process execution. Mythili Vutukuru IIT Bombay
Lecture 4: Mechanism of process execution Mythili Vutukuru IIT Bombay Low-level mechanisms How does the OS run a process? How does it handle a system call? How does it context switch from one process to
More information