Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar Google Inc. 2009.

Slides:



Advertisements
Similar presentations
Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.
Advertisements

Java Network Programming Vishnuvardhan.M. Dept. of Computer Science - SSBN Java Overview Object-oriented Developed with the network in mind Built-in exception.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
HARDWARE ACCELERATED WEB BROWSER Berlian Juliartha M.P Indah Yudi Suryani Wais Al Qonri H
Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
@ NCSU Zhi NCSU Xuxian Microsoft Research Weidong Microsoft NCSU Peng NCSU ACM CCS’09.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.
WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Course 201 – Administration, Content Inspection and SSL VPN
Efficient Software-Based Fault Isolation—sandboxing Presented by Carl Yao.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
INTRODUCTION TO WEB DATABASE PROGRAMMING
Introduction to Java CSIS 3701: Advanced Object Oriented Programming.
Linux GUI Chapter 5. Graphical User Interface GUI vs. CLI Easier and more intuitive More popular and advanced Needed for graphics, web browsing Linux.
Previous Next 06/18/2000Shanghai Jiaotong Univ. Computer Science & Engineering Dept. C+J Software Architecture Shanghai Jiaotong University Author: Lu,
Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
1 Chapter Client-Server Interaction. 2 Functionality  Transport layer and layers below  Basic communication  Reliability  Application layer.
BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago.
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
Cosc 4010 Sandboxing. Last lecture Last time, we covered chroot, which is a method to "sandbox" a problem. –Not full proof by any means. Many simple mistakes.
KGuard: Lightweight Kernel Protection against Return-to-User Attacks Authors: Vasileios P. Kemerlis Georgios Portokalidis Angelos D. Keromytis Presenter:
CSE 451: Operating Systems Section 10 Project 3 wrap-up, final exam review.
VirtualBox What you need to know to build a Virtual Machine.
Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
CS533 Concepts of Operating Systems Jonathan Walpole.
Vasileios P. Kemerlis, Georgios Portokalidis, Angelos D. Keromytis Network Security Lab, Department of Computer Science, Columbia University, USA 21 st.
April 2000Dr Milan Simic1 Network Operating Systems Windows NT.
Windows XP. History Windows XP is based on the NT kernel developed in 1988 Windows XP is based on the NT kernel developed in 1988 XP was originally sold.
Branch Regulation: Low-Overhead Protection from Code Reuse Attacks.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: Operating-System Structures.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.
11 World-Leading Research with Real-World Impact! ZeroVM Backgroud Prosunjit Biswas Institute for Cyber Security University of Texas at San Antonio April.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Operating System Organization Chapter 3 Michelle Grieco.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.
Full and Para Virtualization
1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.
Chapter 1 Basic Concepts of Operating Systems Introduction Software A program is a sequence of instructions that enables the computer to carry.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
Operating Systems A.Biswas Architecture. Computer Startup.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
Introduction to Operating Systems Concepts
Computer System Structures
Exceptional Control Flow
CS 3214 Computer Systems Lecture 9 Godmar Back.
Client-Server Communication
Exceptional Control Flow: System Calls, Page Faults etc.
What is an Operating System?
Chapter 3: Windows7 Part 1.
Inline Reference Monitors: SFI, CFI, XFI, WIT, NaCl
OS Organization.
Suwen Zhu, Long Lu, Kapil Singh
Chapter 2: System Structures
Operating Systems: A Modern Perspective, Chapter 3
Shielding applications from an untrusted cloud with Haven
Introduction to Virtual Machines
Outline Operating System Organization Operating System Examples
Introduction to Virtual Machines
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
Running C# in the browser
Presentation transcript:

Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar Google Inc IEEE Symposium on Security and Privacy

 Introduction  System Architecture  Implementation  Experience  Discussion  Related Work 2 Advanced Defense Lab

 The modern web browser brings together a remarkable combination of resources.  JavaScript  Document Object Model (DOM)  …  It remains handicapped in a critical dimension: computational performance.  Newtonian physics  High-resolution scene rendering  … Advanced Defense Lab 3

 Internet Explorer  ActiveX  Other Browser  NPAPI  Rely on non-technical measures for security Advanced Defense Lab 4

5 game.nexe Service runtime IMC Browser Storage Server

 Use “NaCl module” to refer to untrusted native code  The service is responsible for insuring that it only services request consistent with the implied contract with the user. Advanced Defense Lab 6

 Native Client is built around an x86-specific intra-process “inner sandbox”  A “outer sandbox ” mediates system calls at the process boundary. Advanced Defense Lab 7

 Use static analysis to detect security defects  The inner sandbox is used to create a security subdomain within a native operating system process. Advanced Defense Lab 8

 The “Inter-Module Communications(IMC)” allows trusted and untrusted modules to send/receive datagrams with optional “NaCl Resource Descriptors.”  Two higher-level abstractions  RPC  NPAPI Advanced Defense Lab 9

 The service runtime provide a set of system service.  Ex: mmap(), malloc()/free()  A subset of the POSIX threads interface  To prevent unintended network access, connect()/accept() are omitted.  Modules can access the network via Javascript Advanced Defense Lab 10

 The design is limited to explicit control flow.  Allow for a small trusted code base(TCB)  Validator: less than 600 C statements  About 6000 bytes of executable code Advanced Defense Lab 11

 Data integrity  Use segment register(C1)  Reliable disassembly  No unsafe instruction  Control flow integrity Advanced Defense Lab 12

Advanced Defense Lab 13

 Disallowed opcode  Privileged instructions  syscall and int  Instructions that modify x86 segment state  lds, far calls  ret – replace by indirect jump  Use hlt to terminate module(C4) Advanced Defense Lab 14

 Use 32-byte alignment to avoid arbitrary x86 machine code(C5, C7)  Use nacljmp for indirect jump(C3)  and %eax, 0xffffffe0  jmp *%eax Advanced Defense Lab 15

Advanced Defense Lab 16 eip

Advanced Defense Lab 17

 Hardware exceptions and external interrupts are not allowed  The incompatible models in Linux, MacOS, and Windows.  NaCl apply a failsafe policy to exceptions  But NaCl support C++ exceptions Advanced Defense Lab 18

Advanced Defense Lab 19 4KB 64KB 256MB Text (C2) Trampoline / Springboard For service runtime

Advanced Defense Lab 20 0x1000 0x1010 0x1020 Trampoline Springboard Service Runtime Transfer to untrusted code POSIX thread Start the main thread 0xffff

 The getpid syscall time is 138ns Advanced Defense Lab 21 Platform“null” Service Runtime call time Linux, Ubuntu 6.06 Intel TM Core TM GHz 156 Mac OSX 10.5 Intel TM Xeon TM E GHz 148 Windows XP Intel TM Core TM 2 Q GHz 123

 IMC is built around a NaCl socket, providing a bi-directional, reliable, in-order datagram service.  JavaScript can connect to the module by opening and sharing NaCl sockets as NaCl descriptors. Advanced Defense Lab 22

Advanced Defense Lab 23

 Modify gcc  -falign-functions to 32-byte aligned  -falign-jumps to jumped target aligned  Ensure call instructions always appear in the final byte of a 32 byte block. (for springboard)  Making some changes permits testing applications by running them on the command line. Advanced Defense Lab 24

 In this paper, measurements are made without the NaCl outer sandbox. Advanced Defense Lab 25

Advanced Defense Lab 26 Average: 5%

 About the alignment Advanced Defense Lab 27

 About code size Advanced Defense Lab 28

 Earth  Voronoi  Life Advanced Defense Lab 29

Advanced Defense Lab 30

 H.264 Decoder  Original: 11K lines of C  Porting effort:  20 lines of C  Rewriting the Makefile Advanced Defense Lab 31

 A physics simulation system.  Baseline : 36.5 sec  32-byte aligned : 36.1 sec  NaCl : 37.1 sec Advanced Defense Lab 32

Advanced Defense Lab 33

Advanced Defense Lab 34

 Popular operating systems generally require all threads to use a flat addressing model in order to deliver exceptions correctly.  Native Client would benefit from more consistent enabling of LDT access across popular x86 OS. Advanced Defense Lab 35

 System Request Moderation  Android  Each application is run as a different Linux user  Xax by Microsoft Research  Using system call interception Advanced Defense Lab 36

 Fault Isolation  The current CFI technique builds on the seminal work by Wahbe et al.  CFI provides finer-gained control flow integrity  Overhead: 15% vs. 5% by NaCl Advanced Defense Lab 37

 Trust with Authentication  ActiveX Advanced Defense Lab 38

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.