Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAFE-OS: a Secure and Usable Desktop Operating System

Published byReino Tamminen Modified over 6 years ago

Similar presentations

Presentation on theme: "SAFE-OS: a Secure and Usable Desktop Operating System"— Presentation transcript:

1 SAFE-OS: a Secure and Usable Desktop Operating System
Authors Francois Lesueur, Ala Rezmerita, Thomas Herault, Sylvain Peyronnet and Sebastien Tixeuil Presented By: Md. Amjad Hossain Kent State University 9/19/2018 SAFE-OS

2 Contents Introduction Background SAFE-OS Architecture
SAFE-OS Implementation Data Transfer Among VMs of SAFE-OS System Evaluation Conclusion References 9/19/2018 SAFE-OS

3 Introduction Key security features of an OS:
Containment of application execution Vulnerabilities management of complex and large application Common approaches to avoid propagation of attack by isolating different services on: Different physical machines. Virtual Machines on same physical machine VM1 VM2 VM3 VM4 Desktop 9/19/2018 SAFE-OS

4 Introduction Challenges for these approaches:
The desktop must be unified view from all VMS Need file sharing for that Thus, corrupted VM can corrupt others Proposed SAFE-OS: Ensures secured communication between VMs Enforces fine gained control over the tasks running on different VMs. Thread model: Consider only external attackers Desktop VM1 ? 9/19/2018 SAFE-OS

5 Background: Kernel Based Containment
Classic solution – assigns access right to files. Corrupted application can access all files in the system. Mandatory Access Control(MAC) – Level based; No read up and no write down. Kernel is complex, so the security implementation. 9/19/2018 SAFE-OS

6 Background: Virtualization Based Containment
Virtual Machines on same physical machine Applications run on separate VMs SVFS and Storage Capsules are implemented to protect sensitive data. SVFS only protects integrity of sensitive data not personal user data. So, corrupted application can alter user data and send to attacker. In Storage Capsules , when data file is edited the network device is disabled. So no data stealing from outside. This system doesn’t work for online banking sessions. Xen virtualization Architecture [2] 9/19/2018 SAFE-OS

7 Background: Virtualization Based Containment
NetTop NetTop, uses VMware to run multiple isolated VMs each one having its own security classification level being unable to access data with different security levels. Complete isolation, so no communication among VMs. 9/19/2018 SAFE-OS

8 Background: Virtualization Based Containment
Bitfrost Each application runs on its own VM and protected from corruption from other VMs. All applications contained in different VMs are displayed in an unified interface. All personal data are stored in a central directory isolated from all VMs prohibiting direct access to that directory. Central directory is access via some dedicated primitives Qubes OS: VMs run independently and data can be stored in every VM Doesn’t handle security issues for file migration 9/19/2018 SAFE-OS

9 SAFE-OS: Architecture
Containment is done through virtualization ( Xen) Each VM runs on it’s own virtualized hardware ( CPU, memory, network card etc ). Different services are run on separate VMs So, a VM can’t access memory of other VMs, preempt CPU cycle. So, a corrupted application on a VM can’t affect applications on other VMs. User doesn't feel underlying virtualization, since a unified desktop is presented to the user. Challenge is secured communication among VMs and VMs to internet. Global Architecture of SAFE-OS 9/19/2018 SAFE-OS

10 SAFE-OS: Architecture
Roles of different VMs: Base: Only VM for VMs/world communication. Firewall and proxies run here. Main Env: VM/user communication center. Abstracts underlying visualization to users by providing single interface for all appliances. Appliance : User service provider. An autonomous VM. Each appliance runs particular user applications. Two types of Appliances – critical ( runs secured services) and sandbox ( runs untrusted services) Global Architecture of SAFE-OS 9/19/2018 SAFE-OS

11 SAFE-OS: Implementation
Xen virtualization technology is used. The first booted VM is called dom0, directly access hardware and start other VMs ( domU) Base runs as dom0 and all appliances and Main Env run as domU Base provides network services ( NAT, DNS ) to other VMs. Runs proxies ( firewalls). Only Base has access to keyboard, mouse , graphics card etc. 9/19/2018 SAFE-OS

12 SAFE-OS: Implementation
Main Env is responsible for the user interface and holds a user friendly GNOME graphical desktop and window manager. It doesn’t have internet access. Interface exactly like standard one. Hide underlying virtualization 9/19/2018 SAFE-OS

13 SAFE-OS: Implementation
Critical Appliances: Mail: Runs mozila Thunderbird for management. IMAP protocol to fetch s and SMTP to send s. Corruption of this VM is contained within itself by virtualization and the security services ( IMAP and SMTP proxies) running on Base VM. The IMAP proxy uses Perdition which listens for connection from Mail appliance and ensures to send correct user name to remote server. It also uses stunnel which allows to connect to right server using SSL ( Protection against Man-in-the-Middle). 9/19/2018 SAFE-OS

14 SAFE-OS: Implementation
Critical Appliances: Mail: SMTP proxy ensures correct connection to the server and is sent by valid users ( so no background to attacker). ProxSMTP listens for connection from the mail appliance. SMTP proxy also uses stunnel. Maintains a whitelist of recipients for checking each for valid recipient. 9/19/2018 SAFE-OS

15 SAFE-OS: Implementation
Critical Appliances: Trusted authenticated Websites: Runs Mozila Firefox to browse only trusted and authenticated websites ( whitelisted ). Uses https protocol. Tinyproxy running on this VM provides the list of authorized websites No security exceptions allowed. 9/19/2018 SAFE-OS

16 SAFE-OS: Implementation
Critical Appliances: Trusted but unauthenticated Websites: Runs Mozila Firefox. Allows both http ( for e-selling) and https ( final transaction). Tinyproxy running on this VM provides the list of authorized websites No guarantee to be connected to the intended remote host. For http Man-in-the-Middle attack can occur. Therefore, this VM is separated from previous one. 9/19/2018 SAFE-OS

17 SAFE-OS: Implementation
Sandboxes allows to execute risky tasks without compromising the security of other VMs Untrusted websites: This VM runs Mozila Firefox to browse ordinary websites. Office Applications: Runs OpenOffice 9/19/2018 SAFE-OS

18 SAFE-OS: Implementation
Global Functioning: Communication between VMs Uses SSH and Virtual Network Computing (VNC)- graphical desktop sharing system SSH tunnel between X-server running on Base VM and Main Env and Window manager. The SSH is used to control appliances from Main Env. VNC from Main Env is used to interact with the appliances. Each appliance runs its local x-server. Single window for all appliances by VNC viewer. Automatic Updates: During boot process, checks for operating systems updates and possibly updates all other VMs. Updates solves latest security issues. Malicious software are deleted during updates. 9/19/2018 SAFE-OS

19 SAFE-OS: Data Transfer
Containment of applications on different VMs also implies the containment of data in the VMs. Because each VM has own OS and Hard Disk. Need data or file migration ( word file attached with need to opened by Open office running on another VM) Migration is antagonistic to the containment, so need to be careful. 9/19/2018 SAFE-OS

20 SAFE-OS: Data Transfer
Proposed data transfer Tool: Graphical tool for transferring files. Each appliance either has internet connection or firewalled by the proxies ( no internet access). Each appliance is tagged as containing critical data or not. Initially sandboxes are tagged as not containing critical data. If critical data is transferred to a sandbox then its tag is changed to critical. 9/19/2018 SAFE-OS

21 SAFE-OS: Data Transfer
Proposed data transfer Tool: Suppose transferring file f from appliance A1 to A2. The tool should generate warning on following possible cases: Losing confidentiality of files (including f) in A1 ( transferring confidential data sandbox) Losing Integrity of files in A2 ( malicious code in f can modify critical data in A2) Warnings are for critical data only. 9/19/2018 SAFE-OS

22 SAFE-OS: Evaluation Security Evaluation Interaction between VMs:
Xen is responsible for VMs isolation VNC is used to display and interact with appliances ( VMs). VNC only sends Image of display and keyboard/mouse events ( no interpretation) , so ensures high level of containment between appliances and Main Env. SSH is used to control appliances from Main Env. Security modules (proxies) should be designed carefully otherwise the attackers can exploit their vulnerabilities to attack the system. 2. Resilience: As long as Base ( dom0) is not corrupted, SAFE-OS can restore all corrupted VMs to a safe state. 9/19/2018 SAFE-OS

23 SAFE-OS: Evaluation Benchmarking:
SAFE-OS is compared with a stock Debian system called reference. Boot time: Power on to an available desktop Cold Firefox launch time: to run firefox first time in the system Warm Firefox launch time: Subsequent start of Firefox CSS: CSS benchmark run on Firefox. Sunspider: Javascript Benchmark After initial launch time overhead, SAFE-OS performs similar to reference system. ( See the table ) 9/19/2018 SAFE-OS

24 Conclusion SAFE-OS is a desktop secure operating system based on virtualization that ensures confidentiality, integrity and availability of data and services. It provide a unified interface to display applications, though they run on different VMs Though SAFE-OS introduces some overhead, its global performance remains acceptable. 9/19/2018 SAFE-OS

25 References Lesueur, F.; Rezmerita, A.; Herault, T.; Peyronnet, S.; Tixeuil, S., "SAFE-OS: A secure and usable desktop operating system," Risks and Security of Internet and Systems (CRiSIS), 2010 Fifth International Conference on pp.1-7, Oct doi: /CRISIS 9/19/2018 SAFE-OS

26 Thanks 9/19/2018 SAFE-OS

Download ppt "SAFE-OS: a Secure and Usable Desktop Operating System"

Similar presentations

Operating-System Structures

Operating-System Structures
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.

Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
Fawaz Alsaadi Fahad Alsolmai.  Secure information sharing across different organizations is an emerging issue for collaborative software development,

Fawaz Alsaadi Fahad Alsolmai.  Secure information sharing across different organizations is an emerging issue for collaborative software development,
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
The Origin of the VM/370 Time-sharing system Presented by Niranjan Soundararajan.

The Origin of the VM/370 Time-sharing system Presented by Niranjan Soundararajan.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Data Security.

Data Security.
University of Management & Technology 1 Operating Systems & Utility Programs.

University of Management & Technology 1 Operating Systems & Utility Programs.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Protecting Students on the School Computer Network Enfield High School.

Protecting Students on the School Computer Network Enfield High School.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Similar presentations

Ads by Google