the ideal versus the real a brief history of secure
play

The ideal versus the real: a brief history of secure isolatoo io - PowerPoint PPT Presentation

Apr 06, 2024 •355 likes •714 views

The ideal versus the real: a brief history of secure isolatoo io virtual machioes aod cootaioers Allisoo Raodal University of Cambridge Except where otherwise ooted, liceosed uoder Creatve Commoos Atributoo ShareAlike 4.0 Ioteroatooal. Between

  1. The ideal versus the real: a brief history of secure isolatoo io virtual machioes aod cootaioers Allisoo Raodal University of Cambridge Except where otherwise ooted, liceosed uoder Creatve Commoos Atributoo ShareAlike 4.0 Ioteroatooal.

  2. Between the idea And the reality Between the moton And the act Falls the Shadow –T.S. Eliot, “The Hollow Meo”

  3. Secure Isolatoo Host OS Host OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS

  4. Secure Isolatoo Host OS Host OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS

  5. Secure Isolatoo Host OS Host OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS

  6. Secure Isolatoo Host OS OS OS OS OS OS OS OS OS OS

  7. Secure Isolatoo Host OS OS OS OS OS OS OS OS OS OS

  8. a securely isolated process, ruooiog oo a keroel, cootaioiog ao OS image

  9. Capsicum BSD jails chroot SunOS Solaris Zones Multics UNIX Borg Kubernetes VServer Chicago Magic Number Machine OpenVZ MINIX Linux LXC Docker OCI CAL-TSS Plessey System 250 POSIX POSIX.1e Kata capabilities B5000 QEMU NEMU CAP KVM iAPX 432 multiprogramming Denali ukvm hvt System/38 AWS CP-40/CMS CP-67/CMS VM/370 Disco VMware Xen LightVM M44/44X 1950 1960 1970 1980 1990 2000 2010 today

  10. BSD chroot SunOS Solar Multics UNIX Chicago Magic Number Machine MINIX Linux CAL-TSS Plessey System 250 POSIX PO capabilities B5000 CAP iAPX 432 multiprogramming System/38 CP-40/CMS CP-67/CMS VM/370 M44/44X 1950 1960 1970 1980 1990

  11. 1950s ● Multprogrammiog 1 2 – multtaskiog – multprocessiog: I/qO processors aod multple CPUs – tme-shariog – iocrease utlizatoo – risk of disruptoo – complex to program ● keroel isolatoo 3 2 1 E. F. Codd, E. S. Lowry, E. McDooough, aod C. A. Scalzi. Multprogrammiog STRETCH: Feasibility Coosideratoos. Communicatons of the ACM , 2(11):13–17, Nov. 1959. 2 A. Opler aod N. Baird. Multprogrammiog: The Programmer’s View. In Proceedings of the 14th Natonal Meetng of the Associaton for Computng Machinery , 1–4, 1959. 3 J. P. Buzeo aod U. O. Gagliardi. The Evolutoo of Virtual Machioe Architecture. In Proceedings of the Natonal Computer Conference and Expositon, AFIPS ’73, 291– PDP-1, (C) 2006, Mathew Hutchiosoo, CC BY 2.0 299, 1973.

  12. BSD chroot SunOS Solar Multics UNIX Chicago Magic Number Machine MINIX Linux CAL-TSS Plessey System 250 POSIX PO capabilities B5000 CAP iAPX 432 multiprogramming System/38 CP-40/CMS CP-67/CMS VM/370 M44/44X 1950 1960 1970 1980 1990

  13. 1960s ● Capabilites – B5000 1 descriptors – theoretcal 2 protected memory, owoership, subsets – MIT implemeotatoo oo (modifed) PDP-1 3 – Chicago Magic Number Machioe 4 Burroughs B5000, origio uokoowo htp:/q /qwww.retrocomputogtasmaoia.com/qhome/qprojects/q burroughs-b5500/qb5000_b5500_gallery – CAL-TSS 4 – Provably Secure Operatog System 5 6 1 A. J. W. Mayer. The Architecture of the Burroughs B5000: 20 Years Later aod Stll Ahead of the Times? SIGARCH Comput. Archit. News , 10(4):3–10, Juoe 1982. 2 J. B. Deoois aod E. C. Vao Horo. Programmiog Semaotcs for Multprogrammed Computatoos. Communicatons of the ACM , 9(3):143–155, Mar. 1966. 3 W. B. Ackermao aod W. W. Plummer. Ao Implemeotatoo of a Multprocessiog Computer System. In Proceedings of the First ACM Symposium on Operatng System Principles (SOSP ’67), 5.1–5.10, 1967. 4 H. M. Levy. Capability-Based Computer Systems . Digital Press, 1984. 5 P. G. Neumaoo. A Provably Secure Operatog System: The system, its applicatoos, aod proofs. Technical report, Computer Science Laboratory, SRI Internatonal , 1980. 6 P. G. Neumaoo aod R. J. Feiertag. PSOS revisited. In Proceedings of the 19 th Annual Computer Security Applicatons Conference , 208–216, Dec. 2003.

  14. 1960s ● VMs – M44/q44X 1 virtual memory – CP-40/qCMS 2 , CP-67/qCMS 3 for IBM System/q360 ioterrupt separatoo, paged guest memory, simulated devices, efcieot utlizatoo ● OS – Multcs 4 – Uoix 5 1 R. A. Nelsoo. Mapping Devices and the M44 Data Processing System . Research Report RC-1303, IBM Thomas J. Watsoo Research Ceoter. 1964. 2 R. J. Adair, R. U. Bayles, L. W. Comeau, aod R. J. Creasy. A Virtual Machine System for the 360/40 . Techoical Report 36.010, IBM Cambridge Scieotfc Ceoter, May 1966. 3 Control Program-67 Cambridge Monitor System . IBM Type III Release No. 360D-05.2.005. IBM Corporatoo, Oct. 1971. 4 J. B. Deoois. Segmeotatoo aod the Desigo of Multprogrammed Computer Systems. Journal of the ACM , 12(4):589–602, Oct. 1965. 5 D. Ritchie. The Evolutoo of the Uoix Time-Shariog System. In Proceedings of a Symposium on Language Design and Programming Methodology , 25–36, 1980. Sprioger-Verlag.

  15. BSD jails chroot SunOS Solaris Multics UNIX VSer Chicago Magic Number Machine O MINIX Linux CAL-TSS Plessey System 250 POSIX POSIX.1e capabilities B5000 CAP iAPX 432 ming System/38 CP-40/CMS CP-67/CMS VM/370 Disco VMware M44/44X 1960 1970 1980 1990 2000

  16. 1970s ● Capabilites – Plessey System 250 1 telephooe-switch cootroller – CAP 2 hardware aod OS – Iotel iAPX 432 3 poor performaoce 4 – IBM System/q38 5 CAP, (C) 2004, Daderot, CC BY-SA 3.0 1 D. M. Eoglaod. Capability Coocept Mechaoism aod Structure io System 250. In Proceedings of the Internatonal Workshop on Protecton in Operatng Systems , 63–82, Aug. 1974. IRIA. 2 R. M. Needham aod R. D. H. Walker. The Cambridge CAP Computer aod its protectoo system. In Proceedings of the Sixth ACM Symposium on Operatng Systems Principles , 1– 10, Nov. 1977. ACM. 3 iAPX 432 General Data Processor Architecture Reference Manual . Iotel Corporatoo, 1981. 4 P. M. Haoseo, M. A. Liotoo, R. N. Mayo, M. Murphy, aod D. A. Patersoo. A Performaoce Evaluatoo of the Iotel iAPX 432. SIGARCH Comput. Archit. News , 10(4):17–26, Juoe 1982. 5 M. E. Houdek, F. G. Solts, aod R. L. Hofmao. IBM System/q38 Support for Capability-based Addressiog. In Proceedings of the 8th Annual Symposium on Computer Architecture , 341–348, 1981. IEEE.

  17. 1970s ● VMs – VM/q370 1 for IBM System/q370 virtual memory hardware – “Sioce a privileged sofware oucleus has, io priociple, oo way of determioiog whether it is ruooiog oo a virtual or a real machioe, it has oo way of spyiog oo or alteriog aoy other virtual machioe that may be coexistog with it io the same system. […] Io practce oo virtual machioe is completely equivaleot to its real machioe couoterpart.” 2 ● OS – BSD 3 – chroot 4 flesystem oamespaces 1 R. J. Creasy. The Origio of the VM/q370 Time-Shariog System. IBM Journal of Research and Development , 25(5):483–490, Sept. 1981. 2 J. P. Buzeo aod U. O. Gagliardi. The Evolutoo of Virtual Machioe Architecture. In Proceedings of the Natonal Computer Conference and Expositon, AFIPS ’73, 291–299, 1973. 3 M. K. McKusick, M. J. Karels, K. Sklower, K. Fall, M. Teitelbaum, aod K. Bostc. Curreot Research by The Computer Systems Research Group of Berkeley. In Proceedings of the European UNIX Users Group , Apr. 1989. 4 B. Keroighao aod M. McIlroy. UNIX Time-sharing System: UNIX Programmer’s Manual, volume 1, Seventh Editon . Bell Telephooe Laboratories, 1979.

  18. Caps BSD jails chroot SunOS Solaris Zones Multics UNIX Borg VServer Chicago Magic Number Machine OpenVZ MINIX Linux LXC CAL-TSS Plessey System 250 POSIX POSIX.1e capabilities QEMU CAP KV iAPX 432 Denali System/38 AWS CP-40/CMS CP-67/CMS VM/370 Disco VMware Xen 44/44X 1970 1980 1990 2000

  19. 1980s ● persooal computog 1 & mooolithic servers ● hardware without virtualizatoo support 2 ● geoeral purpose OS ● Iotel x86 3 “a crash program…to IMSAI 8080 from “WarGames”, (C) 1983, MGM/qUA save Iotel’s market share” 4 ● RISC 5 vs CISC 1 R. J. Creasy. The Origio of the VM/q370 Time-Shariog System. IBM Journal of Research and Development , 25(5):483–490, Sept. 1981. 2 L. I. Dickmao. Small Virtual Machioes: A Survey. In Proceedings of the Workshop on Virtual Computer Systems , 191–202, 1973. ACM. 3 S. P. Morse, B. W. Raveiel, S. Mazor aod W. B. Pohimao. Iotel Microprocessors–8008 to 8086. IEEE Computer , 13(10): 42-60, Oct. 1980. 4 S. Mazor. Iotel’s 8086. IEEE Annals of the History of Computng , 32(1):75–79, Jao. 2010. 5 D. A. Patersoo aod C. H. Sequio. RISC I: A Reduced Iostructoo Set VLSI Computer. In Proceedings of the 8th Annual Symposium on Computer Architecture , 443–457, 1981. IEEE.

  20. Capsicum BSD jails chroot SunOS Solaris Zones UNIX Borg Kubernetes VServer ber Machine OpenVZ MINIX Linux LXC Docker OCI CAL-TSS Plessey System 250 POSIX POSIX.1e QEMU CAP KVM iAPX 432 Denali System/38 AWS -67/CMS VM/370 Disco VMware Xen 1970 1980 1990 2000 2010

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.33k views • 102 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Gas Laws: Real Gases Real Gases Real gases deviate from ideal gas law Quantify deviations

Gas Laws: Real Gases Real Gases Real gases deviate from ideal gas law Quantify deviations

Gas Laws: Real Gases Real Gases Real gases deviate from ideal gas law Quantify deviations using compressibility factor, Z. Z = PVbar/RT Z = 1 for ideal gas Need corrections to account for non- ideal behavior. Gas

322 views • 9 slides
C O D E S Of the Form-Based Kind The Ideal - Urban Form The Ideal - Urban Form The Real -

C O D E S Of the Form-Based Kind The Ideal - Urban Form The Ideal - Urban Form The Real -

C O D E S Of the Form-Based Kind The Ideal - Urban Form The Ideal - Urban Form The Real - Codes THE CHARETTE THE LOCAL CALIBRATION OF THE FORM-BASED CODE THE CHARETTE - THE LOCAL CONDITION THE PUBLIC MUST BE GIVEN REAL ALTERNATIVES

1k views • 71 slides
Efficient and Cryptographically Secure Addition in the Ideal Class Groups of Hyperelliptic

Efficient and Cryptographically Secure Addition in the Ideal Class Groups of Hyperelliptic

Efficient and Cryptographically Secure Addition in the Ideal Class Groups of Hyperelliptic Curves Diploma thesis Andrey Bogdanov* Scientific advisors: Prof. Dr. Dr. h.c. Gerhard Frey Prof. Dr. Vladimir Anashin Russian State

397 views • 29 slides
REAL FOOD REAL PEOPLE A new batch of home cooks step up to the stove in 2014 in what promises to

REAL FOOD REAL PEOPLE A new batch of home cooks step up to the stove in 2014 in what promises to

REAL FOOD REAL PEOPLE A new batch of home cooks step up to the stove in 2014 in what promises to be one of the most hotly contested series in My Kitchen Rules history. Its state versus state as teams of two attempt to out-dine and out-wine

469 views • 22 slides
Hazards Introduction Pipelining up until now has been ideal In real life, though, we

Hazards Introduction Pipelining up until now has been ideal In real life, though, we

Hazards Introduction Pipelining up until now has been ideal In real life, though, we might not be able to fill the pipeline because of hazards: Data hazards . For example, the result of an operation is needed before it is

413 views • 6 slides
Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee ,

Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee ,

Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee , Byeonghak Lee KAIST Tweakable Block Cipher A tweakable block cipher accepts an additional input "tweak - Tweaks are publicly used

519 views • 30 slides
Reconnection with the Ideal Tree A New Approach to Real-Time Search Le on Illanes Department

Reconnection with the Ideal Tree A New Approach to Real-Time Search Le on Illanes Department

Search Designing a solution The FRIT Algorithm Results Future work Reconnection with the Ideal Tree A New Approach to Real-Time Search Le on Illanes Department of Computer Science School of Engineering Pontificia Universidad Cat

1.3k views • 115 slides
Wot the L: Analysis of Real versus Random Placed Nets, and Implications for Steiner Tree

Wot the L: Analysis of Real versus Random Placed Nets, and Implications for Steiner Tree

Wot the L: Analysis of Real versus Random Placed Nets, and Implications for Steiner Tree Heuristics Andrew B. Kahng, Christopher Moyes, Sriram Venkatesh and Lutong Wang UC San Diego CSE and ECE Departments Outline Background and

427 views • 23 slides
How SMPng Works and Why It Doesn't Work The Way You Think NYC*BUG February 6, 2013 John Baldwin

How SMPng Works and Why It Doesn't Work The Way You Think NYC*BUG February 6, 2013 John Baldwin

How SMPng Works and Why It Doesn't Work The Way You Think NYC*BUG February 6, 2013 John Baldwin jhb@FreeBSD.org Ideal SMP Ideal Ideal SMP Ideal Best Ideal SMP Ideal Best Decent Ideal SMP Ideal Best Decent Hump Ideal SMP Ideal

886 views • 21 slides
October 2017 WWW.VERSUSCAPITAL.COM Versus Capital Multi-Manager Real Estate Income Fund Real

October 2017 WWW.VERSUSCAPITAL.COM Versus Capital Multi-Manager Real Estate Income Fund Real

October 2017 WWW.VERSUSCAPITAL.COM Versus Capital Multi-Manager Real Estate Income Fund Real Estate was an asset class long before stocks and bonds became the investment of choice In fact, stocks and bonds became the alternatives to

132 views • 10 slides
Linx Sutures Prepared by: Mana Basirat 0 1 Suture History 2 THE IDEAL SUTURE MONOFILAMENT

Linx Sutures Prepared by: Mana Basirat 0 1 Suture History 2 THE IDEAL SUTURE MONOFILAMENT

Linx Sutures Prepared by: Mana Basirat 0 1 Suture History 2 THE IDEAL SUTURE MONOFILAMENT USE FOR ANY PROCEDURE EASY TO HANDLE MINIMAL TISSUE REACTION HIGH BREAKING STRENGTH HOLDS KNOTS SECURELY STERILE 3 Nylone 10/0 Knotted around

662 views • 25 slides
Ensuring Success Throughout the Implementation Phase Working Toward the Ideal in the Real World

Ensuring Success Throughout the Implementation Phase Working Toward the Ideal in the Real World

CAPT TRAINING April 20, 2017 Ensuring Success Throughout the Implementation Phase Working Toward the Ideal in the Real World Erin Ficker, Associate Coordinator, Central Resource Team Sheila Nesbitt, T/TA Specialist, Central Resource Team This

556 views • 23 slides
Improvements to ideal class group and regulator computation in real quadratic number fields cois

Improvements to ideal class group and regulator computation in real quadratic number fields cois

Outline Introduction Classical Algorithms Practical improvements Improvements to ideal class group and regulator computation in real quadratic number fields cois Biasse 1 , Michael J. Jacobson Jr 2 Jean-Fran 1 Ecole polytechnique, 2

1.35k views • 112 slides
Roadmap Task and history System overview and results Human versus machine Cognitive

Roadmap Task and history System overview and results Human versus machine Cognitive

Roadmap Task and history System overview and results Human versus machine Cognitive Toolkit (CNTK) Summary and outlook Microsoft Cognitive T oolkit Introduction: T ask and History 4 The Human Parity Experiment

1.32k views • 84 slides
Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck

Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck

Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck ISSE Brussels, November 6, 2018 A primer on software security Secure

897 views • 58 slides
Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven

Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven

Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck OWASP BeNeLux-Days, November 30, 2018 A primer on software security Secure program: convert all input

1.27k views • 77 slides
Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck 1st RISE Annual Conference, November 14, 2018 A primer on software security Secure program:

952 views • 79 slides
Financial Results 6 August 2020 1H 2020 RESULTS ANNOUCEMENT | AUGUST 2020 1 Important Notice

Financial Results 6 August 2020 1H 2020 RESULTS ANNOUCEMENT | AUGUST 2020 1 Important Notice

1H 2020 Financial Results 6 August 2020 1H 2020 RESULTS ANNOUCEMENT | AUGUST 2020 1 Important Notice This document may contain forward-looking statements that involve assumptions, An investment in Units is subject to investment risks,

379 views • 18 slides
Foreshadow: speculative attacks on SGX and beyond Mark Silberstein Joint work with Jo Van Bulck,

Foreshadow: speculative attacks on SGX and beyond Mark Silberstein Joint work with Jo Van Bulck,

Foreshadow: speculative attacks on SGX and beyond Mark Silberstein Joint work with Jo Van Bulck, Marina Minkin , Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx March 2019 Mark

1.07k views • 70 slides
Recent Surprises in the Simulation of Quantum Phase T ransitions Lei W ang, ETH Zrich

Recent Surprises in the Simulation of Quantum Phase T ransitions Lei W ang, ETH Zrich

Recent Surprises in the Simulation of Quantum Phase T ransitions Lei W ang, ETH Zrich Cologne 2015.04 Quantum Phase T ransitions H ( ) = H 0 + H 1 Quantum Temperature Where is the QCP ? Critical What are the phases ?

986 views • 44 slides
PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING

PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING

PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING SEARCH RESULTS IN REAL-TIME Grebennikov Roman / ndify.io

660 views • 45 slides
Generalized tensor methods and entanglement measurements for models with long-range interactions

Generalized tensor methods and entanglement measurements for models with long-range interactions

Generalized tensor methods and entanglement measurements for models with long-range interactions Ors Legeza in collaboration with Jen o S olyom, Gergely Barcza (Budapest) Florian Gebhard, Reinhard M. Noack (Marburg) Valentin

747 views • 64 slides

More recommend