hardware enforcement of application security policies
play

Hardware Enforcement of Application Security Policies Using Tagged - PowerPoint PPT Presentation

Nov 27, 2022 •406 likes •553 views

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich, Hari Kannan, Michael Dalton and Christos Kozyrakis Dresden,

  1. Faculty of Computer Science Institute for System Architecture, Operating Systems Group Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich, Hari Kannan, Michael Dalton and Christos Kozyrakis Dresden, 2008-12-17

  2. Motivation • Gap between security mechanisms and different abstraction layers  Facebook example: only friends can see profile • Reflect upon data vs. individual operations  Take primitive mechanism that fits all • Need for small TCB, that ensures certain security policies at runtime, as verification is hard (example: Anti-Virus scanner) TU Dresden, 2008-12-17 Tagged Memory Slide 2 von 13

  3. Solution: tagged memory • Additional memory protection mechanism in hardware • Word-granular security tags for memory, enforced by the CPU • Hardware extensions are used in new mode TU Dresden, 2008-12-17 Tagged Memory Slide 3 von 13

  4. Starting Point: HiStar • HiStar is a kind of micro-kernel  Inspired by AsbestOS's labels  Decentraliced information flow control  In contrast to AsbestOS labels are altered explicitly  Provides Unix environment that translates Unix implicit policies to HiStar's labeling mechanism (remember Flume: Linux enhanced by DIFC) TU Dresden, 2008-12-17 Tagged Memory Slide 4 von 13

  5. HiStar labeling mechanism • Each kernel object has a label :  threads, address spaces, segments, gates, containers, devices • Label is a set of categories (61-Bit ID) and taint levels • Thread's label:  Shows degree of information contamination, regarding specific categories  Can be extended explicitly up to specified clearance • Gates have an associated label and clearance TU Dresden, 2008-12-17 Tagged Memory Slide 5 von 13

  6. Tagged memory and LoStar • Using hardware memory tags to divide kernel into thread domains • New super-supervisor mode running small kernel subset, that drives tagging hardware App App App HiStar LoStar Loki TU Dresden, 2008-12-17 Tagged Memory Slide 6 von 13

  7. LoStar's protection • Twofold memory tags page-wide or word-wide • Integrity protection of all kernel object's labels and reference counters and the global object hash table by word-tags • Monitor call API: Thread switch (changes permissions)  Allocate or free kernel object (set or free label)  IPC by invoking a Gate (label check)  Increment or decrement object's refcounter  Adjusting the thread's label  ...  TU Dresden, 2008-12-17 Tagged Memory Slide 7 von 13

  8. Cruel thing: Devices • Interrupts don't change (non-)monitor mode • Interrupt handling code and most device handling code resides in security monitor • Interrupts received by non-monitor world need to be delivered to monitor! • Device driver code that deals with various tags (like disk driver) will remain in trusted code part TU Dresden, 2008-12-17 Tagged Memory Slide 8 von 13

  9. Loki • Associates 32-bit tag for each 32-bit word in physical memory • Page-tag array indexed by frame address contains tags, is cached by TLB like tag-cache • Page-tag array entries have a special indirection-bit to indicate word-granular tags for that page • Additional P-cache contains tag-values and permissions of running thread • P-cache misses are handled by monitor TU Dresden, 2008-12-17 Tagged Memory Slide 9 von 13

  10. Loki prototype • Leon SPARC V8 (FPGA core) 65 MHz • Added:  6 instructions (e.g.: P-cache handling)  7 registers (e.g.: faulting tag value)  32 entry 2-way associative P-cache  8 entry full-associative tag-TLB • P-cache gets accessed at least once by each instruction !!! TU Dresden, 2008-12-17 Tagged Memory Slide 10 von 13

  11. Evaluation: TCB • Trusted code base shrinks? • They didn't state exactly what is meant by trusted • To be sure that my applictions policy is enforced by the monitor + Loki I need to trust the whole kernel TU Dresden, 2008-12-17 Tagged Memory Slide 11 von 13

  12. Performance TU Dresden, 2008-12-17 Tagged Memory Slide 12 von 13

  13. Conclusion / Discussion • What do they won? TCB size reduction? • What about 'more realistic hardware and the supposable greater overhead? • Singularity went in the opposite direction and left out hardware memory protection at all, who is right? • Is there one security mechanism (like labels) that fits all, or do we need the different layers (example: timing issues, resource accounting ...) TU Dresden, 2008-12-17 Tagged Memory Slide 13 von 13

  14. Loki pipeline TU Dresden, 2008-12-17 Tagged Memory Slide 14 von 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg

The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg

This Document Does Not Contain Controlled Technology or Technical Data Draper Proprietary The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg Sullivan (Draper) (presenting), Andr DeHon (UPenn), Eli

432 views • 19 slides
Security Summer 2016 Cornell University 1 Today Security policies Enforcement

Security Summer 2016 Cornell University 1 Today Security policies Enforcement

CS 4410 Operating Systems Security Summer 2016 Cornell University 1 Today Security policies Enforcement Authenticating people Passwords 2 Security policy Security policies prescribe what must be done and what must not be

431 views • 13 slides
Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code Salvatore Guarnieri, University of Washington Ben Livshits, Microsoft Research 1 alert (hi); program malicious Catch me if you can dont

828 views • 26 slides
Deriving Enforcement Mechanisms from H. Janicke, et.al. Policies Motivation ITL Policy Rules

Deriving Enforcement Mechanisms from H. Janicke, et.al. Policies Motivation ITL Policy Rules

Deriving Enforcement Mechanisms from Policies Deriving Enforcement Mechanisms from H. Janicke, et.al. Policies Motivation ITL Policy Rules Helge Janicke, Antonio Cau, Fran cois Siewe, Enforcement Hussein Zedan Summary Software

550 views • 16 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data

HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data

Presenting a live 90 minute webinar with interactive Q&A HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data Security Policies and Responding to Breaches THURS DAY, MAY 5, 2011 1pm Eastern

836 views • 56 slides
Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
Monitoring Security Policies Felix Klaedtke NEC Labs Europe Story so far . . . Which

Monitoring Security Policies Felix Klaedtke NEC Labs Europe Story so far . . . Which

Monitoring Security Policies Felix Klaedtke NEC Labs Europe Story so far . . . Which policies are enforceable ? Characterization for an abstract setting Enforcement via execution monitoring system allowed

1.03k views • 73 slides
Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

347 views • 9 slides
Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Why W3C needs to Remain Neutral and Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just: Image source: halfelf.org It is about decentralizing ID validation and key storage (my religion)

522 views • 16 slides
Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems And what happens if they do CS 239 something else Security for Networks and And whos responsible for making sure System Software thats

245 views • 3 slides
Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day David Harper Practice Principal Fortify on Demand #MicroFocusCyberSummit Agenda The Application Security Problem Security Gate Secure DevOps

37.39k views • 30 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO security standards at campuses) p ) Brian OHora, BSc (Hons) & MBA Technology Management Information Systems Services, TCD TERENA E2E

325 views • 15 slides
HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware pentester Who am I ? Julien Moinard - Electronic engineer @opale-security (French company) - Security consultant, Hardware & SoDware pentester -

803 views • 40 slides
Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications Adam

Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications Adam

Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications Adam Chlipala OSDI 2010 Beyond Code Injection 1.Injection An application includes an Dependent on application-specific unintended run-time program

595 views • 20 slides
Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs

Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs

Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs reversed rj.rodriguez@unileon.es @RicardoJRdez www.ricardojrodriguez.es Research Institute of Applied Sciences in Cybersecurity University of

825 views • 50 slides
Advisory Panel on Improving Healthcare Systems January 14, 2015 9:30 a.m. 5:30 p.m. EST 1

Advisory Panel on Improving Healthcare Systems January 14, 2015 9:30 a.m. 5:30 p.m. EST 1

Advisory Panel on Improving Healthcare Systems January 14, 2015 9:30 a.m. 5:30 p.m. EST 1 Welcome & Introductions Steven Clauser, PhD, MPA Director, Improving Healthcare Systems 2 Housekeeping Todays webinar is open to the

1.56k views • 96 slides
Code Based Software Security Assessments CoBaSSA 2005 November 7 th 2005, Pittsburgh, PA

Code Based Software Security Assessments CoBaSSA 2005 November 7 th 2005, Pittsburgh, PA

Proceedings of the First International Workshop on Code Based Software Security Assessments CoBaSSA 2005 November 7 th 2005, Pittsburgh, PA Organized by Leon Moonen and Spiros Mancoridis Co-located with the 12 th IEEE Working Conference

458 views • 27 slides
Occupa+onal Kidney Disease: Emerging Exposures Chris+na Wya?, MD

Occupa+onal Kidney Disease: Emerging Exposures Chris+na Wya?, MD

3/11/16 Occupa+onal Kidney Disease: Emerging Exposures Chris+na Wya?, MD Mount Sinai, New York Disclosures No relevant disclosures 1 3/11/16 CDC -

622 views • 17 slides
PEPSI-DOCK A Detailed Data-Driven Protein-Protein Interaction Potential Accelerated By

PEPSI-DOCK A Detailed Data-Driven Protein-Protein Interaction Potential Accelerated By

PEPSI-DOCK A Detailed Data-Driven Protein-Protein Interaction Potential Accelerated By Polar Fourier Correlations MACARON Workshop- March 21st 2017 Emilie Neveu, Dave Ritchie, Petr Popov, Sergei Grudinin Nano-D & Capsid INRIA Teams

804 views • 33 slides
Actual Data Source: Department for Work and Pensions There is no alternative - Olli Rehn

Actual Data Source: Department for Work and Pensions There is no alternative - Olli Rehn

Actual Data Source: Department for Work and Pensions There is no alternative - Olli Rehn There is no Plan B - George Osborne Great Natural Experiment: stimulus versus austerity Great Natural Experiment: stimulus versus austerity

854 views • 52 slides
Towards Expressive 3D Modeling for Visual Communication Marie-Paule Cani Ecole Polytechnique

Towards Expressive 3D Modeling for Visual Communication Marie-Paule Cani Ecole Polytechnique

STR TREAM AM / LIX Across Disciplines? Towards Expressive 3D Modeling for Visual Communication Marie-Paule Cani Ecole Polytechnique European Computer Science Summit , October 24-25 2017, Lisbon Visual communication Sharing our understanding

910 views • 37 slides
IX. Early miracles, Sabbath day controversies, and choosing disciples A. Fishers of men Matthew

IX. Early miracles, Sabbath day controversies, and choosing disciples A. Fishers of men Matthew

IX. Early miracles, Sabbath day controversies, and choosing disciples A. Fishers of men Matthew 4:18 22, Mark 1:16 20, Luke 5:1 11 1. Luke 5:1 Luke wrote a section about Jesus second year of ministry during which He began

860 views • 38 slides

More recommend