Presentation is loading. Please wait.

Presentation is loading. Please wait.

SASI Enforcement of Security Policies : A Retrospective* PSLab 오민경.

Published byHelen Wade Modified over 9 years ago

Similar presentations

Presentation on theme: "SASI Enforcement of Security Policies : A Retrospective* PSLab 오민경."— Presentation transcript:

1 SASI Enforcement of Security Policies : A Retrospective* PSLab 오민경

2 Contents Introduction Security Automata Merging-in a Security Automaton Two Prototype SASI Implementations X86 Prototype JVML Prototype

3 Abstract SASI enforces security policies by modifying object code for a target system before that system is executed Prototype Intel x86 Java JVML (Security Automata SFI Implementation)

4 introduction Reference monitor observe execution of a target system halts that system whenever it is about to violate some security policy of concern Typical security mechanisms directly implement reference monitors are intended to facilitate the implementation of reference monitors

5 introduction Reference monitor must be protected from subversion by the target systems it monitors. Memory protection hardware Placing the reference monitor and target systems in separate address spaces Performance cost Overhead due to context switches associated with transferring control to the reference monitor from within the target system. Expressiveness cost Means by which target system events cause the reference monitor to be invoked.

6 introduction To modify the target system code, effectively merging the reference monitor in-line. This is the basis for software-fault isolation (SFI). SFI : prevents reads, writes, or branches to memory locations outside of certain predefined memory regions. Our Prototype merge security policy enforcement code into the object code for a target system. Transforms x86 assembly language Transforms JVML (Java Virtual Machine Language) With each, Security policies are specified using security automata.

7 Security Automata Security automaton involves set of states input alphabet transition relation define next state using current state and input symbol using fist-order predicates no transition -> reject Security automata can be regarded as defining reference monitors. The input alphabet corresponds to the events that the reference monitor would see. The transition relation encodes a security policy.

8 Security Automata

9 Merging-in a Security Automaton SASI generalizes SFI to any security policy that is specified as a security automaton. With SFI New code is added to the target system preceding memory access instruction. New code ensure all reads and writes to memory will access addresses within the target’s data region. all branches, calls, and returns will transfer control to an instruction within the target program. the functionality of these additions cannot e circumvented by the target system.

10 Merging-in a Security Automaton With SASI New code is added to the target system preceding every instruction. The added code simulates a security automaton. new variable represent the current state of the security automata. new code simulates an automata state transition causes the target system to halt whenever the automaton rejects its input. Thus, the automaton simulation is equivalent to inserting a reference monitor in-line into the target system.

11 Merging-in a Security Automaton Simplification of code (for simulating a security automaton) Irrelevant tests and updates to the security automaton state can be removed. By using partial evaluation on the transition predicates. By using the automaton structure. Merging of a security automaton specification Insert security automata Evaluate transitions Simplify automata Compile automata

12 Merging-in a Security Automaton

13

14 Two Prototype SASI Implementations Security policies for our SASI prototypes are represented in SAL. SAL (Security Automaton Language) SAL specification consist of a list of states, with each state having a list of transitions to other states. Macros are defined at the start of the SAL specification and are expanded fully bottom-up before use. SAL supports only deterministic automata. SAL transition predicates are expression constructed from constants, variables, C-style arithmetic and logical operators, and calls to platform-independent functions and to platform-specific functions

15 Two Prototype SASI Implementations

16 The integrity of a reference monitor depends on preventing the corruption Preventing the target system from modifying variables Preventing the target system from circumventing the code that implements transitions. Preventing the target system from modifying its own code or causing other code to be executed. The discharge of these obligations is platform dependent, but there are two general approaches Verification of the object code to establish that the unwelcome behavior is impossible Modification of the object code to rule out the unwelcome behavior

17 Two Prototype SASI Implementations

18 x86 Prototype

19 MiSFIT performs considerably better. But, x86 SASI have the flexibility.

20 JVML Prototype

Download ppt "SASI Enforcement of Security Policies : A Retrospective* PSLab 오민경."

Similar presentations

Chapter 11 Introduction to Programming in C

Chapter 11 Introduction to Programming in C
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 3 Memory Management Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 3 Memory Management Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
Containment and Integrity for Mobile Code Status Report to DARPA ISO: Feb. 2000 Fred B. Schneider Andrew Myers Department of Computer Science Cornell University.

Containment and Integrity for Mobile Code Status Report to DARPA ISO: Feb Fred B. Schneider Andrew Myers Department of Computer Science Cornell University.
The Assembly Language Level

The Assembly Language Level
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
COE 205 - 3 Computer Organization & Assembly Language Introduction HLL vs. Assembly Programming Languages.

COE Computer Organization & Assembly Language Introduction HLL vs. Assembly Programming Languages.
Introduction to Computers and Programming. Some definitions Algorithm: –A procedure for solving a problem –A sequence of discrete steps that defines such.

Introduction to Computers and Programming. Some definitions Algorithm: –A procedure for solving a problem –A sequence of discrete steps that defines such.
A Type System for Expressive Security Policies David Walker Cornell University.

A Type System for Expressive Security Policies David Walker Cornell University.
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
Extensible Untrusted Code Verification Robert Schneck with George Necula and Bor-Yuh Evan Chang May 14, 2003 OSQ Retreat.

Extensible Untrusted Code Verification Robert Schneck with George Necula and Bor-Yuh Evan Chang May 14, 2003 OSQ Retreat.
Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette Project Prism - Cornell University DLI2 All-Projects Meeting June 14, 2000.

Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette Project Prism - Cornell University DLI2 All-Projects Meeting June 14, 2000.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.

Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
Computer Architecture Computational Models Ola Flygt V ä xj ö University +46 470 70 86 49.

Computer Architecture Computational Models Ola Flygt V ä xj ö University
An Introduction Chapter 1. 2301274 Chapter 1 Introduction2 Computer Systems  Programmable machines  Hardware + Software (program) HardwareProgram.

An Introduction Chapter Chapter 1 Introduction2 Computer Systems  Programmable machines  Hardware + Software (program) HardwareProgram.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.
4-1 Chapter 4 - The Instruction Set Architecture Computer Architecture and Organization by M. Murdocca and V. Heuring © 2007 M. Murdocca and V. Heuring.

4-1 Chapter 4 - The Instruction Set Architecture Computer Architecture and Organization by M. Murdocca and V. Heuring © 2007 M. Murdocca and V. Heuring.

Similar presentations

Ads by Google