CS 6501- Overshadow Response Michael Deighan (9/1/09) ● Goals  application authenticity  execution integrity  data privacy ● Options  Overshadow extension.

Slides:

Advertisements

Similar presentations

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

Advertisements

Tom Sugden EPCC OGSA-DAI Future Directions OGSA-DAI User's Forum GridWorld 2006, Washington DC 14 September 2006.

Encryption Applications George Bailey Information Security Ivy Tech Community College Tech Day – Columbus, Indiana.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

PCD Medical Device IT Management White Paper

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Andrew File System CSS534 ZACH MA. History  Originated in October 1982, by the Information Technology Center (ITC) formed with Carnegie Mellon and IBM.

OS and Parallel systems By Wei Zhao & Sandeep Menon.

CS533 Concepts of Operating Systems Class 14 Virtualization and Exokernels.

The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009.

IMPACT Second Generation EPIC Architecture Wen-mei Hwu IMPACT Second Generation EPIC Architecture Wen-mei Hwu Department of Electrical and Computer Engineering.

File Server Organization and Best Practices IT Partners June, 02, 2010.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.

Authors: Dan R. K. Ports & Tal Garfinkel Course: Design of Secure Operating System Presented By: Sai Uday Kiran Ravi.

CS 443 Advanced OS Fabián E. Bustamante, Spring 2005 Supporting Parallel Applications on Clusters of Workstations: The Intelligent Network Interface Approach.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Strand 1 Social and ethical significance. Reliability and Integrity Reliability ◦Refers the operation of hardware, the design of software, the accuracy.

Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Towards Application Security On Untrusted OS

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Introduction and Overview of the Course CS 480/680 – Comparative Languages.

Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Auditing Cloud Administrators Using Information Flow Tracking Afshar David ACM Scalable Trusted Computing.

Troubleshooting Windows Vista Security Chapter 4.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

HARDWARE SUPPORT FOR ENFORCING INFORMATION FLOW CONTROL ON MANYCORE SYSTEMS Sarah Bird David McGrogan.

University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,

1 UCR Hardware Security Primitives with focus on PUFs Slide credit: Srini Devedas and others.

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Cristiano Giuffrida Anton Kuijsten Andrew S. Tanenbaum.

The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007.

G53SEC 1 Reference Monitors Enforcement of Access Control.

(a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always the same. So please give three examples.

A Summary of the Distributed System Concepts and Architectures Gayathri V.R. Kunapuli

CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.

Distributed System Concepts and Architectures 2.3 Services Fall 2011 Student: Fan Bai

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.

Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.

Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.

The Million Point PI System – PI Server 3.4 The Million Point PI System PI Server 3.4 Jon Peterson Rulik Perla Denis Vacher.

Wireless and Mobile Security

Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich MIT, Stanford University USENIX 09’ Nemesis: Preventing Authentication & Access Control Vulnerabilities.

Terry Kim. IT system behind traffic control systems  Traffic lights based on timer system  Traffic lights based on sensor system  Combination of both.

Hosting Wide-Area Network Testbeds: Policy Considerations Larry Peterson Princeton University.

1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.

ISC2 CISSP Certified Information Systems Security Professional.

Windows Vista Configuration MCTS : Network Security.

Study on “Secure In-VM Monitoring Using Hardware Virtualization” Qiang.Guan Dependable Computing System Lab New Mexico Tech.

Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.

Presenter: Yifan Zhang

OpenID Enhanced Authentication Profile (EAP) Working Group

Computer Science 5204 Operating Systems Fall, 2010

Understanding Cisco TrustSec (Secure Group Access)

TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh

Building Systems That Flexibly Control Downloaded Executable Content

Firewalls Types of Firewalls Inspection Methods Firewall Architecture

SCONE: Secure Linux Containers Environments with Intel SGX

WWW安全國立暨南國際大學資訊管理學系陳彥錚.

Virtual machine monitors & Secure operation

OpenID Enhanced Authentication Profile (EAP) Working Group

Presentation transcript:

CS Overshadow Response Michael Deighan (9/1/09) ● Goals  application authenticity  execution integrity  data privacy ● Options  Overshadow extension  CHAOS  LOKI  INVISIOS

Overshadow Extension Towards Application Security on Untrusted Operating Systems Dan R. K. Ports and Tal Garfinkel Use shim to protect: ● file system ● inter-process communications ● process management ● time and randomness ● I/O and trusted paths ● identity management ● error handling

CHAOS Tamper-Resistant Execution in an Untrusted Operating System Using a Virtual Machine Monitor Haibo Chen, Fengzhe Zhang, Cheng Chen, Ziye Yang, Rong Chen, Binyu Zang

LOKI Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich, Hari Kannan, Michael Dalton, and Christos Kozyrakis

INVISIOS INVISIOS: A Lightweight, Minimally Intrusive Secure Execution Environment Divya Arora, Najwa Aaraj, Anand Raghunathan, Niraj K. Jha

Discussion ● What are the pros and cons of each option? ● How will each affect application development? ● Which option deserves further investigation?