Hardware, Languages, and Architectures for Defense Against Hostile Operating Systems (DHOSA) Vikram Adve, Krste Asanović, David Evans, Sam King, Greg Morrisett,

Slides:



Advertisements
Similar presentations
An Overview Of Virtual Machine Architectures Ross Rosemark.
Advertisements

Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines J. LeVasseur V. Uhlig J. Stoess S. G¨otz University of Karlsruhe,
Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011
Vulnerability, Attack, Defense Split Tunneling Cross-Site Request Forgery And You Mary Henthorn OIT Senior Technology Analyst February 8, 2007.
School of Engineering & Technology Computer Architecture Pipeline.
1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory.
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
#1 The Conventional Wisdom About Sensor Network Security… David Wagner U.C. Berkeley.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Data-Centric Security Dawn Song UC Berkeley Collaboration with Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Matei Zaharia, Scott Shenker, Ion.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
Anthony D. Joseph UC Berkeley SCRUB ISTC: Secure Computing Research for Users’ Benefit TRUST Autumn 2011 Conference.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Security for ad-hoc networks: Cryptography and beyond David Wagner U.C. Berkeley.
1 Next-Generation Secure Internet: Security Overview and Context Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song.
TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious.
Software Security David Wagner University of California at Berkeley.
Instrumentation and Profiling David Kaeli Department of Electrical and Computer Engineering Northeastern University Boston, MA
ELEC6200, Fall 07, Oct 29 Westrom: Virtual Machines 1 Kenneth Westrom ELEC-6620.
Proactive Software Security R. Sekar Director, Center for Cybersecurity Stony Brook University.
Distributed Systems CS Virtualization- Overview Lecture 22, Dec 4, 2013 Mohammad Hammoud 1.
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.
Cloud Computing 1. Outline  Introduction  Evolution  Cloud architecture  Map reduce operation  Platform 2.
Computer & Network Security
Virtualization Concepts Presented by: Mariano Diaz.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Cosc 4010 Sandboxing. Last lecture Last time, we covered chroot, which is a method to "sandbox" a problem. –Not full proof by any means. Many simple mistakes.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.
VirtualBox What you need to know to build a Virtual Machine.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
Active Security Ryan Hand, Michael Ton, Eric Keller.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2010.
Cloud Programming: From Doom and Gloom to BOOM and Bloom Peter Alvaro, Neil Conway Faculty Recs: Joseph M. Hellerstein, Rastislav Bodik Collaborators:
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.
“Trusted Passages”: Meeting Trust Needs of Distributed Applications Mustaque Ahamad, Greg Eisenhauer, Jiantao Kong, Wenke Lee, Bryan Payne and Karsten.
Module 4 Part 2 Introduction To Software Development : Programming & Languages Introduction To Software Development : Programming & Languages.
SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.
Virtual Machines Noam Rinetzky Schreiber 123A Semester A. Tuesday, 14:00-16:00. Ornstein 110.
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
VMM Based Rootkit Detection on Android
1 Xen and the Art of Binary Modification Lies, Damn Lies, and Page Frame Addresses Greg Cooksey and Nate Rosenblum, March 2007.
6/13/20161 Operating Systems Design (CS 423) Elsa L Gunter 2112 SC, UIUC Based on slides by Roy Campbell, Sam King,
EN Spring 2016 Lecture Notes FUNDAMENTALS OF SECURE DESIGN (NETWORK TOPOLOGY)
Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014.
Self-Securing Devices: Better Security via Smarter Devices Greg Ganger Director, Parallel Data Lab.
1 Virtualization "Virtualization software makes it possible to run multiple operating systems and multiple applications on the same server at the same.
Operating System Simulator
Chapter 1: Introduction
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
TRUST Area 3 Overview: Privacy, Usability, & Social Impact
University of Virginia
Computer Data Security & Privacy
Operating Systems Design (CS 423)
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
Defending against malicious hardware
Computer Systems Summary
Characteristics of Virtualized Environments
Course Information Teacher: Cliff Zou Office: HEC
USN Introduction Computer Engineering Sejin Oh.
Presentation transcript:

Hardware, Languages, and Architectures for Defense Against Hostile Operating Systems (DHOSA) Vikram Adve, Krste Asanović, David Evans, Sam King, Greg Morrisett, R. Sekar, Dawn Song, David Wagner (PI)

Vikram Adve (UIUC) Krste Asanović (UC Berkeley) David Evans (U Virginia) Sam King (UIUC) Greg Morrisett (Harvard) R. Sekar (Stony Brook) Dawn Song (UC Berkeley) David Wagner (UC Berkeley)

Overview Conventional wisdom: If the OS is malicious or subverted, you are hosed. This project: Actually, maybe there is hope… Project goal: Explore new approaches to defend against a malicious OS.

Problem Statement Defend against a compromised, hostile, or malicious operating system. Today: If the OS is malicious, all is lost. Desired end state: We can survive a malicious OS, perhaps with degraded functionality or availability.

Exploring New Territory This is exploratory research. (Not an engineering project.) We are exploring many approaches to the problem. We do not know which will prove most effective. Some may fail. We hope some of our ideas will have applications to other security problems outside of the hostile OS problem.

TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious hardware Cryptographic secure computation Data-centric security Secure browser appliance Secure servers WEB-BASED ARCHITECTURES e.g., Enforce properties on a malicious OS e.g., Prevent data exfiltration e.g., Enable complex distributed systems, with resilience to hostile OS’s

Agenda 8:30- 9:00Welcome + Overview 9:00- 9:30Secure Virtual Architecture 9:30- 9:50Binary translation 9:50-10:20Formal methods 10:20-10:35Testing binary emulators 10:50-11:10Hardware support 11:10-11:25Defenses against malicious hardware 11:25-11:40Cryptographic secure computation 11:40-12:20Lunch 12:20-12:50Data-centric security 12:50- 1:20Secure web-based architecture 1:20- 1:45Discussion and feedback