inktag secure applications on an untrusted operating
play

InkTag: Secure Applications on an Untrusted Operating System Paper - PowerPoint PPT Presentation

Feb 09, 2023 •414 likes •680 views

InkTag: Secure Applications on an Untrusted Operating System Paper from The University of Texas at Austin by: Owen S. Hofmann, Kim Sangmann, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel Presented by: Kyle May and Carson Boden Outline

  1. InkTag: Secure Applications on an Untrusted Operating System Paper from The University of Texas at Austin by: Owen S. Hofmann, Kim Sangmann, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel Presented by: Kyle May and Carson Boden

  2. Outline Motivation Access Control Prior Work Storage and Consistency High-Level Overview Testing and Evaluation Memory Isolation Conclusion Paraverification 2

  3. InkTag efficiently verifies untrusted OS behavior The operating system was once the root of trust Attacks against the OS render the system completely vulnerable Goal: For applications to remain safe, even on a compromised OS 3

  4. Outline Motivation Access Control Prior Work Storage and Consistency High-Level Overview Testing and Evaluation Memory Isolation Conclusion Paraverification 4

  5. Previous systems only ensure isolation High Assurance Processes (HAPs) prohibited from using any OS resources Programs could run, but were useless without OS intervention InkTag focuses on allowing HAPs to interact with the OS safely 5

  6. Outline Motivation Access Control Prior Work Storage and Consistency High-Level Overview Testing and Evaluation Memory Isolation Conclusion Paraverification 6

  7. InkTag gives users flexible OS access control Resides between the OS and Hardware level Introduces paraverification , requiring the OS to verify its own behavior Allows applications to define access policies Provides crash consistency between secure metadata From Hofmann et. al 7

  8. Outline Motivation Access Control Prior Work Storage and Consistency High-Level Overview Testing and Evaluation Memory Isolation Conclusion Paraverification 8

  9. Memory isolation protects HAPs from OS HAPs have separate trusted and OS contexts Files (Objects) are identified by 64-bit Object Identified (OID) Objects composed of secure pages (S-pages), encrypted and hashed 9

  10. EPT protects cleartext S-pages from OS Extended Page Tables (EPTs) are managed by the hypervisor Cleartext allows HAPs to freely access their data When OS tries to access cleartext From Hofmann et. al S-page, hypervisor intervenes 10

  11. Outline Motivation Access Control Prior Work Storage and Consistency High-Level Overview Testing and Evaluation Memory Isolation Conclusion Paraverification 11

  12. Paraverification monitors OS behavior InkTag intercepts low-level page table updates and determine effects State maintained to quickly determine effects of changes HAPs provide OS a token to describe memory mapping 12

  13. Outline Motivation Access Control Prior Work Storage and Consistency High-Level Overview Testing and Evaluation Memory Isolation Conclusion Paraverification 13

  14. Decentralized access control enables HAPs to communicate Useful access control mechanisms allow for: Easy implementation in the hypervisor The use of familiar primitives Creation of new policies in a decentralized way 14

  15. InkTag achieves access control with attributes Each HAP has a string ( .user.kyle ) of attributes Events like fork() and exec() allow for inheritance Each object (OID) has a list of attributes with different permissions 15

  16. Example: InkTag enables decentralized login Normally, all users would trust the single login binary In a decentralized system, all users can trust their own login binaries Enabled by the passing of attributes between the system admin and the user 16

  17. Outline Motivation Access Control Prior Work Storage and Consistency High-Level Overview Testing and Evaluation Memory Isolation Conclusion Paraverification 17

  18. InkTag must maintain metadata for persistent security Metadata is required for the maintenance of the S-pages Metadata is stored near the data it describes Paraverification synchronizes OS actions From Hofmann et. al 18

  19. Outline Motivation Access Control Prior Work Storage and Consistency High-Level Overview Testing and Evaluation Memory Isolation Conclusion Paraverification 19

  20. Experiments run on extension of Linux kernel Prototype built from KVM hypervisor Ran on actual h/w Benchmarked with LMBench, SPEC CPU2006, Apache, and DokuWiki From Hofmann et. al 20

  21. Metadata placement decreases performance 21 From Hofmann et. al

  22. Application benchmarks indicate low overhead From Hofmann et. al 22

  23. Outline Motivation Access Control Prior Work Storage and Consistency High-Level Overview Testing and Evaluation Memory Isolation Conclusion Paraverification 23

  24. InkTag is only impressive at a glance Hypervisor offloads work to the OS Low complexity and overhead means codebase is easy to maintain InkTag is highly efficient, but added security is relatively unknown 24

  25. Discussion Points Does this solve the problem? Are devices considered more secure with a hypervisor? What type of vulnerabilities does InkTag introduce? Is the result of the InkTag implementation worthwhile? Are the performance and complexity overheads worth the variable increase in security? 25

  26. References https://dl.acm.org/citation.cfm?id=2451146 www.cs.kent.edu/~rothstei/...13/.../AnwarAlsulaimanSecureAppsonUntrustedOS.pptx 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

InkTag: Secure Applications on an Untrusted Operating System Owen Hofmann, Sangman Kim, Alan

InkTag: Secure Applications on an Untrusted Operating System Owen Hofmann, Sangman Kim, Alan

InkTag: Secure Applications on an Untrusted Operating System Owen Hofmann, Sangman Kim, Alan Dunn, Mike Lee, Emmett Witchel UT Austin You trust your OS... should you? The OS is the software root of trust on most systems The OS is a

1.06k views • 79 slides
jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components

jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components

Department of Computer Science Institute of Systems Architecture, Operating Systems Group jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components Carsten Weinhold, Hermann Hrtig INTRODUCTION

429 views • 21 slides
Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT

Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT

Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT CSAIL & VMware VMware Motivation Many applications handle sensitive data financial, medical, insurance, military... credit cards, medical

712 views • 25 slides
Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt

Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt

Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt Microsoft Research In the old days Application Operating system 2 In the old days Application Operating system 2 In the old days

631 views • 34 slides
Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work with Alessandro Chiesa Eli Ben-Sasson Daniel Genkin 1 Technion Cryptoday June 16, 2011 Motivation 3 Motivation INTEGRITY CONFIDENTIALITY

725 views • 50 slides
Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work with Erik Riedel (Seagate Research), Ram Swaminathan (HP Labs), Qian Wang (Penn State), Kevin Fu (MIT) March 31 2003 Why care about storage

399 views • 27 slides
Safe Loading A Foundation for Secure Execution of Untrusted Programs Mathias Payer, Tobias

Safe Loading A Foundation for Secure Execution of Untrusted Programs Mathias Payer, Tobias

Safe Loading A Foundation for Secure Execution of Untrusted Programs Mathias Payer, Tobias Hartmann, Thomas R. Gross Department of Computer Science ETH Zurich, Switzerland Motivation Application code Kernel 2 Motivation Application code

483 views • 30 slides
and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff & Kenneth R. Van Wyk

753 views • 17 slides
Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern

Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern

Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern Immutability The Inverse Life Coach Pa7ern Trust The founda>on of so?ware security 1. Hello! Im Businessman Bob! 2. Hello! Im the bank!

877 views • 69 slides
Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted

Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted

Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern Immutability The Inverse Life Coach Pattern Trust The foundation of software security 1. Hello! Im Businessman Bob! 2. Hello! Im the

666 views • 66 slides
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules or library untrusted

797 views • 46 slides
Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Networking Secure apps Aims Crypto Basics Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014

389 views • 26 slides
Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer

Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer

Isolation problem for Web Mashups Formal definition of Capability Safe languages Solving the Isolation problem using Capabilit Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer Science, Stanford

1.01k views • 43 slides
Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

CSE 127: Computer Security Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side web applications (from vulnerable/untrusted components) Modern web sites are complicated Many acting parties on a site

867 views • 62 slides
Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian

Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian

Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, John Mitchell, David Mazires, and Alejandro Russo Web platforms are great ! They allow third-party developers to build apps

714 views • 54 slides
A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18,

A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18,

A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18, 2011 Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 1 / 21 Outline Introduction 1 Design 2 3 Implementation

424 views • 24 slides
P

P

571 views • 4 slides
Subset coercions in C M S under direction of C

Subset coercions in C M S under direction of C

Subset coercions in C M S under direction of C P -M Paris-Sud 11 University LRI - D Team & INRIA F - P

939 views • 60 slides
Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Virtual Machine Systems Trent

783 views • 43 slides
Why Do Less Than 10% of Canadian Women Take Menopausal Hormone Therapy June 5, 2018 Nese

Why Do Less Than 10% of Canadian Women Take Menopausal Hormone Therapy June 5, 2018 Nese

Why Do Less Than 10% of Canadian Women Take Menopausal Hormone Therapy June 5, 2018 Nese Yuksel, BScPharm, PharmD, FCSHP, NCMP Professor Faculty of Pharmacy and Pharmaceutical Sciences University of Alberta 16th WCM 6/4/18 285 285

622 views • 18 slides
[V IRTUALIZATION ] Shrideep Pallickara Computer Science Colorado State University CS370:

[V IRTUALIZATION ] Shrideep Pallickara Computer Science Colorado State University CS370:

CS370: Operating Systems [Fall 2018] Dept. Of Computer Science , Colorado State University CS 370: O PERATING S YSTEMS [V IRTUALIZATION ] Shrideep Pallickara Computer Science Colorado State University CS370: Operating Systems [Fall 2018]

787 views • 29 slides
Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1 Recap: Virtual Machines Enabling technology of cloud computing Basic idea: Provide machine abstractions 2 Recap: Virtual Machines

465 views • 23 slides
Analysis of valuation formulae and Valuation Examples of applications to option pricing in L

Analysis of valuation formulae and Valuation Examples of applications to option pricing in L

The model Analysis of valuation formulae and Valuation Examples of applications to option pricing in L evy models payoff functions L evy processes Ernst Eberlein 1 , Kathrin Glau 1 , and Exotic options Antonis Papapantoleon 2

367 views • 36 slides
Simplifying Regions Greg Morrisett Harvard University Collaborators: Matthew Fluet & Amal

Simplifying Regions Greg Morrisett Harvard University Collaborators: Matthew Fluet & Amal

Simplifying Regions Greg Morrisett Harvard University Collaborators: Matthew Fluet & Amal Ahmed The Cyclone Safe-C Project Primary goal: type-safety Secondary goal: retain virtues of C C programmers should feel comfortable. It

785 views • 41 slides

More recommend