Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar Google Inc. 2009.

Published byLogan O’Brien’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar Google Inc. 2009."— Presentation transcript:

1 Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar Google Inc. 2009 IEEE Symposium on Security and Privacy

2  Introduction  System Architecture  Implementation  Experience  Discussion  Related Work 2 Advanced Defense Lab

3  The modern web browser brings together a remarkable combination of resources.  JavaScript  Document Object Model (DOM)  …  It remains handicapped in a critical dimension: computational performance.  Newtonian physics  High-resolution scene rendering  … Advanced Defense Lab 3

4  Internet Explorer  ActiveX  Other Browser  NPAPI  Rely on non-technical measures for security Advanced Defense Lab 4

5 5 game.nexe Service runtime IMC Browser Storage Server

6  Use “NaCl module” to refer to untrusted native code  The service is responsible for insuring that it only services request consistent with the implied contract with the user. Advanced Defense Lab 6

7  Native Client is built around an x86-specific intra-process “inner sandbox”  A “outer sandbox ” mediates system calls at the process boundary. Advanced Defense Lab 7

8  Use static analysis to detect security defects  The inner sandbox is used to create a security subdomain within a native operating system process. Advanced Defense Lab 8

9  The “Inter-Module Communications(IMC)” allows trusted and untrusted modules to send/receive datagrams with optional “NaCl Resource Descriptors.”  Two higher-level abstractions  RPC  NPAPI Advanced Defense Lab 9

10  The service runtime provide a set of system service.  Ex: mmap(), malloc()/free()  A subset of the POSIX threads interface  To prevent unintended network access, connect()/accept() are omitted.  Modules can access the network via Javascript Advanced Defense Lab 10

11  The design is limited to explicit control flow.  Allow for a small trusted code base(TCB)  Validator: less than 600 C statements  About 6000 bytes of executable code Advanced Defense Lab 11

12  Data integrity  Use segment register(C1)  Reliable disassembly  No unsafe instruction  Control flow integrity Advanced Defense Lab 12

13 Advanced Defense Lab 13

14  Disallowed opcode  Privileged instructions  syscall and int  Instructions that modify x86 segment state  lds, far calls  ret – replace by indirect jump  Use hlt to terminate module(C4) Advanced Defense Lab 14

15  Use 32-byte alignment to avoid arbitrary x86 machine code(C5, C7)  Use nacljmp for indirect jump(C3)  and %eax, 0xffffffe0  jmp *%eax Advanced Defense Lab 15

16 Advanced Defense Lab 16 eip

17 Advanced Defense Lab 17

18  Hardware exceptions and external interrupts are not allowed  The incompatible models in Linux, MacOS, and Windows.  NaCl apply a failsafe policy to exceptions  But NaCl support C++ exceptions Advanced Defense Lab 18

19 Advanced Defense Lab 19 4KB 64KB 256MB Text (C2) Trampoline / Springboard For service runtime

20 Advanced Defense Lab 20 0x1000 0x1010 0x1020 Trampoline Springboard Service Runtime Transfer to untrusted code POSIX thread Start the main thread 0xffff

21  The getpid syscall time is 138ns Advanced Defense Lab 21 Platform“null” Service Runtime call time Linux, Ubuntu 6.06 Intel TM Core TM 2 6600 2.4 GHz 156 Mac OSX 10.5 Intel TM Xeon TM E5462 2.8 GHz 148 Windows XP Intel TM Core TM 2 Q6600 2.4 GHz 123

22  IMC is built around a NaCl socket, providing a bi-directional, reliable, in-order datagram service.  JavaScript can connect to the module by opening and sharing NaCl sockets as NaCl descriptors. Advanced Defense Lab 22

23 Advanced Defense Lab 23

24  Modify gcc  -falign-functions to 32-byte aligned  -falign-jumps to jumped target aligned  Ensure call instructions always appear in the final byte of a 32 byte block. (for springboard)  Making some changes permits testing applications by running them on the command line. Advanced Defense Lab 24

25  In this paper, measurements are made without the NaCl outer sandbox. Advanced Defense Lab 25

26 Advanced Defense Lab 26 Average: 5%

27  About the alignment Advanced Defense Lab 27

28  About code size Advanced Defense Lab 28

29  Earth  Voronoi  Life Advanced Defense Lab 29

30 Advanced Defense Lab 30

31  H.264 Decoder  Original: 11K lines of C  Porting effort:  20 lines of C  Rewriting the Makefile Advanced Defense Lab 31

32  A physics simulation system.  Baseline : 36.5 sec  32-byte aligned : 36.1 sec  NaCl : 37.1 sec Advanced Defense Lab 32

33 Advanced Defense Lab 33

34 Advanced Defense Lab 34

35  Popular operating systems generally require all threads to use a flat addressing model in order to deliver exceptions correctly.  Native Client would benefit from more consistent enabling of LDT access across popular x86 OS. Advanced Defense Lab 35

36  System Request Moderation  Android  Each application is run as a different Linux user  Xax by Microsoft Research  Using system call interception Advanced Defense Lab 36

37  Fault Isolation  The current CFI technique builds on the seminal work by Wahbe et al.  CFI provides finer-gained control flow integrity  Overhead: 15% vs. 5% by NaCl Advanced Defense Lab 37

38  Trust with Authentication  ActiveX Advanced Defense Lab 38

Download ppt "Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar Google Inc. 2009."

Similar presentations

Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.

Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.
Java Network Programming Vishnuvardhan.M. Dept. of Computer Science - SSBN Java Overview Object-oriented Developed with the network in mind Built-in exception.

Java Network Programming Vishnuvardhan.M. Dept. of Computer Science - SSBN Java Overview Object-oriented Developed with the network in mind Built-in exception.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
HARDWARE ACCELERATED WEB BROWSER Berlian Juliartha M.P7408040015 Indah Yudi Suryani7408040020 Wais Al Qonri H.7408040028.

HARDWARE ACCELERATED WEB BROWSER Berlian Juliartha M.P Indah Yudi Suryani Wais Al Qonri H
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.

INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
@ NCSU Zhi NCSU Xuxian Microsoft Research Weidong Microsoft NCSU Peng NCSU ACM CCS’09.

@ NCSU Zhi NCSU Xuxian Microsoft Research Weidong Microsoft NCSU Peng NCSU ACM CCS’09.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.
WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.

WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Efficient Software-Based Fault Isolation—sandboxing Presented by Carl Yao.

Efficient Software-Based Fault Isolation—sandboxing Presented by Carl Yao.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
Introduction to Java CSIS 3701: Advanced Object Oriented Programming.

Introduction to Java CSIS 3701: Advanced Object Oriented Programming.
Linux GUI Chapter 5. Graphical User Interface GUI vs. CLI Easier and more intuitive More popular and advanced Needed for graphics, web browsing Linux.

Linux GUI Chapter 5. Graphical User Interface GUI vs. CLI Easier and more intuitive More popular and advanced Needed for graphics, web browsing Linux.
Previous Next 06/18/2000Shanghai Jiaotong Univ. Computer Science & Engineering Dept. C+J Software Architecture Shanghai Jiaotong University Author: Lu,

Previous Next 06/18/2000Shanghai Jiaotong Univ. Computer Science & Engineering Dept. C+J Software Architecture Shanghai Jiaotong University Author: Lu,
Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.

Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.

Similar presentations

Ads by Google