Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.

Published byAshlyn Ury Modified over 9 years ago

Similar presentations

Presentation on theme: "Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary."— Presentation transcript:

1 Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary

2 Isolated security-sensitive application Towards Application Security on Untrusted Operating Systems (by DRK Ports - ‎2008)

3 Isolated security-sensitive application AppShield: Protecting Applications against Untrusted Operating System (by Y Cheng - ‎2013) Tamper-Resistant Execution in an Untrusted Operating System Using A Virtual Machine Monitor (H Chen - ‎2007) TrustVisor: Efficient TCB Reduction and Attestation (by JM McCune - ‎2010)

4 Isolated security-sensitive application Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework(by A Vasudevan - ‎2013) MiniBox: A Two-Way Sandbox for x86 Native Code (by Y Li - ‎2014) Many More...

5 Isolated application Wimps Giants {

6 Limitations of Isolated application software components must be verified Small, simple, limited in function Wimps Giants { - persistent memory - file system and network services, - flexible trusted paths to users, and - isolated I/O services Wimps Lack :

7 Limitations of Isolated application: Example

8 Providing Trustworthy services Approach 1: Restructure Giant for trust-worthy services Problem: lacks scalable performance Approach 2: Include basic services to TCB Problem: Increases code base Providing services to Isolated application

9 Approach 3: Wimps reuse giant-provided services but only after efficiently verifying their results Providing services to Isolated application Requires: P1: On-demand isolated I/O Channel P2: Complete Mediation of time-multiplexed accesses to devices P3: Minimization of the Trusted Codebase Giants can use Wimp services for protection against persistent threats

10 Wimpy Kernels for On-demand Isolated I/O

11 Adversary Model 1) Compromised OS can attack wimp apps or intentionally control or mis-configure any device 2) Malicious wimp application may escalate its privilege by manipulating the interfaces with the I/O isolation system or configuring the wimp app’s devices 3) Wimp Apps can break application isolation or even compromise OS execution and corrupt its data

12 Security requirements P1. I/O Channel Isolation. P2. Complete Mediation. P3. Minimization of the Trusted Codebase. (1) the code base of a trusted I/O kernel must be minimized to facilitate formal verification; and (2) the underlying TCB must be unaffected by the addition of a trusted I/O kernel

13 System Component

14 Implementing Security Properties: Wimpy kernel Wimpy kernel is an add-on trustworthy component, Dynamically controls hardware resources necessary to establish isolated I/O channels between wimp apps and I/O devices (P1: I/O Channel Isolation)

15 On-demand Isolated I/O Four significant advantages Enables wimp applications to obtain isolated I/O channels to any subset of a system’s commodity devices needed during a session Enables trusted audit and control of physical devices without stopping and restarting applications, Allows unmodified commodity OSes to have unfettered access to all hardware resources and preserve the entire application ecosystem unchanged Offers a significant opportunity for the reduction of the trusted I/O kernel size and complexity

16 Implementing Security Properties Wimple Kernel compose with three other system components MHV: To maintain memory integrity and address space separation (P3-II:TCB must be unaffected) Untrusted OS: wimpy kernel outsources its most complex functions to the untrusted OS (P3-I: Small and simple Code base) Wimp apps: minimize wimp kernel code base by de-privileging and exporting some of its code to wimp applications (P3-I: Small and simple Code base) Wimp kernel mediates all accesses of the exported code to I/O devices and channels under its control (P2: Complete Mediation.)

17 Implementing Security Properties: Details Outsource-and-Verify& Export-and-Mediate

18 Implementing Security Properties: Details P1 & 3-I: I/O Channel Isolation & Small and simple Code base: Outsource-and-Verify 1) Untrusted OS initializes the USB hierarchy 2) wimpy kernel verifies their correct configuration and initialization. Outsource

19 Implementing Security Properties: Details P1 & 3-I: I/O Channel Isolation & Small and simple Code base: Outsource-and-Verify 1) Untrusted OS initializes the USB hierarchy 2) wimpy kernel verifies their correct configuration and initialization. Resolve the threat of USB address overlap and remote wake-up attacks

20 Implementing Security Properties: Details Outsource-and-Verify& Export-and-Mediate

21 Implementing Security Properties: Details P2 & 3-I: Complete Mediation & Small and simple Code base: Export-and-Mediate 1) Bus subsystem code exported by the wimpy kernel to a wimp app 2) WK verifies the behavior of the wimp apps that may affect wimp app isolation from the OS

22 Implementing Security Properties: Details P2 & 3-I: Complete Mediation & Small and simple Code base: Export-and-Mediate 1) Bus subsystem code exported by the wimpy kernel to a wimp app 2) WK verifies the behavior of the wimp apps that may affect wimp app isolation from the OS

23 SYSTEM LIFE-CYCLE

24

25 EVALUATION

26 Scanning Process

27 Contribution Introduce the notion of on-demand isolated I/O channels for security-sensitive applications on unmodified commodity platforms Present a security architecture based on a minimal wimpy kernel, without affecting the underlying TCB. how the classic outsource-and-verify and export-and-mediate methods are used to minimize the wimpy kernel, and report on the minimization results in detail. Implement and Evaluate the wimpy kernel for the USB subsystem

28 Questions

Download ppt "Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary."

Similar presentations

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.
Content Overview Virtual Disk Port to Intel platform

Content Overview Virtual Disk Port to Intel platform
CS533 Concepts of Operating Systems Class 14 Virtualization and Exokernels.

CS533 Concepts of Operating Systems Class 14 Virtualization and Exokernels.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Lecture 12 Page 1 CS 111 Online Devices and Device Drivers CS 111 On-Line MS Program Operating Systems Peter Reiher.

Lecture 12 Page 1 CS 111 Online Devices and Device Drivers CS 111 On-Line MS Program Operating Systems Peter Reiher.
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
CS533 Concepts of Operating Systems Class 14 Virtualization.

CS533 Concepts of Operating Systems Class 14 Virtualization.
1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.

1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Systems with small trusted computing bases (TCBs) open possibility for automated security verification of systems Example: SecVisor - a 3kLOC security.

Systems with small trusted computing bases (TCBs) open possibility for automated security verification of systems Example: SecVisor - a 3kLOC security.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
TrustVisor: Efficient TCB Reduction and Attestation Jonathan M

TrustVisor: Efficient TCB Reduction and Attestation Jonathan M
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.

KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.
OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.

OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.

Similar presentations

Ads by Google