vx32 lightweight user level sandboxing on the x86
play

Vx32: Lightweight User-Level Sandboxing on the x86 Bryan Ford and - PowerPoint PPT Presentation

Aug 20, 2023 •136 likes •427 views

Vx32: Lightweight User-Level Sandboxing on the x86 Bryan Ford and Russ Cox MIT CSAIL Presented by: Ashwin Chaugule 26th Sept 2008 Area Systems security: Application Virtualization USENIX 08 - Best Student Paper Source code:

  1. Vx32: Lightweight User-Level Sandboxing on the x86 Bryan Ford and Russ Cox MIT CSAIL Presented by: Ashwin Chaugule 26th Sept 2008

  2. Area • Systems security: Application Virtualization • USENIX ’08 - Best Student Paper • Source code: http://pdos.csail.mit.edu/~baford/vm/ • (OR just google for vx32)

  3. Problem • Many applications are untrustworthy • Inter application communication and with the kernel • How do you mediate their operation ?

  4. Confinement • Sandboxing: Host executes guest code in a confined environment, prevents it from affecting other code (app or host). Operations allowed are defined by policies. • <principle of least privilege> • Useful for security purposes as well as analysis

  5. Related Work • Capability Systems, L3’s Clan/Chief, Nested Processes etc • Problem: Expensive domain transitions • Kernel space additions: Domain specific languages, type-safe languages, PCC etc • Problem: Requires a lot of rework

  6. Related Work • Similar work by Tzi-Chieuh, Ganesh et al • Problem: Modified kernel • Sys-call Interpositioning: Janus etc • Problem: Requires sys-call API conformance with host OS • TOCTOU problem, but thats solved by delegation based interpositioning

  7. Problems • Required too much rework • Couldn’t handle variable length instructions • Restricted by specific programming languages (type-safety) • Had large overheads due to domain transitions

  8. Vx32 VM • Separate code sandboxing from data sandboxing • Data Sandboxing: Through Segmentation hardware • Code Sandboxing: Dynamic instruction translation (restrict code flow and can restrict ISA)

  9. Memory Map • ‘vxrun’ - contains elf-loader and inits space for guest • vxrun hosts the guest

  10. Data Sandboxing • 6 segment registers available (no special privileges required) • Segmentation cant be disabled (just uses flat model: 0 - 2 ^32 - 1)

  11. Data Sandboxing • 2 new segments in LDT per guest • Guest data segment • Guest control segment • ds, es, ss contain selectors to guest data segment • with seg base addr 0, segmentation h/w auto confines data accesses within segment

  12. Data Sandboxing • Control Segment • Hash table maps guest virt addr to code in fragment cache • Code frag cache contains guest code • fs or ss points to this segment

  13. Code Sandboxing • Main aim is to prevent guest from jumping out of the sandbox • Segmentation only ensures data reads and writes are confined • Need to trap segment overrides since those regs are unprivileged

  14. Code Sandboxing • Key point: Never execute guest code directly • Transform that code into safe sequence and execute the sequence outside the box (code frag cache) • ‘cs’ value always points to host app ‘vxrun’ • doesnt change

  15. Translation techniques • Scan • scan guest code from ‘eip’ till unconditional branch or fragment size • gather extra info per instr: len, offset, type, worst-case translated size (constitute hint table)

  16. Translation Techniques • Simplify • Maintain control by restricting code flow to code frag cache • Scan hint table: direct jmps converted to intra-fragment jmps < if destination fragment exists in cache>

  17. Translation Techniques • Place: Compute offsets for patching direct jmps • Emit: Actual patching or instruction fixups • Most instr’s are just copied • ‘unsafe’ ones are translated • branches and segment overrides

  18. TranslationTechniques • All control transfer instructions patched to confine flow within safe sequence • Trampoline: direct branches patched so that they jmp to hash lookup function • Indirect branches cant be patched: Invokes lookup in hash table = major overhead

  20. Exception Handling • ‘eip’ now points to translated code, need to trace it original guest code for feedback • Fragments already sorted in reverse order • 1st Bin search: to get appropriate frag with ‘eip’ • 2nd Bin search: within frag’s hint table to get exact guest addr corresponding to ‘eip’ • get ‘eip’ with guest regdump

  21. Evaluation

  22. Evaluation

  23. Evaluation

  24. Applications • VXA • exec decoders into compressed archive • vx32 protects host from malformed/buggy archives • Alpaca • extensible PKI based on PCA • runs algos in sandbox • 9vx • Plan 9 OS ported • uses vx32 to launch userspace apps • Vxlinux • delegation based interpositioning • relay guest syscalls to host OS

  25. Evaluation

  26. Evaluation

  27. Evaluation

  28. Take-Away • Sandboxing is implemented without depending on kernel • Hardware segmentation provides automatic sandboxing • Dynamic translation overheads are mainly from indirect branches • Vx32 satisfies: Complete mediation and Verifiability properties, but is it tamperproof ? Run all userpace in vx32 ? init = vx32 ? • Can we confine kernel extensions with this technique ? • think user-level device drivers

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bringing Your Content to the User, not the User to Your Content A lightweight approach towards

Bringing Your Content to the User, not the User to Your Content A lightweight approach towards

Bringing Your Content to the User, not the User to Your Content A lightweight approach towards integrating external content via the EEXCESS framework Martin Hffernig, Werner Bailer JOANNEUM RESEARCH SWIB 2015, Hamburg, 2015-11-23 Outline

1.45k views • 97 slides
Application-level sandboxing Erik Poll 1 Overview 1. Compartmentalisation 2. Classic OS access

Application-level sandboxing Erik Poll 1 Overview 1. Compartmentalisation 2. Classic OS access

Software Security Application-level sandboxing Erik Poll 1 Overview 1. Compartmentalisation 2. Classic OS access control compartmentalisation between processes Chapter 2 of lecture notes 3. Language-level access control

909 views • 69 slides
Container-based virtualization Process-level Extensively used in Lightweight virtualization

Container-based virtualization Process-level Extensively used in Lightweight virtualization

C NTR Lightweight OS Containers Jrg Thalheim, Pramod Bhatotia Pedro Fonseca Baris Kasikci USENIX ATC 2018 Container-based virtualization Process-level Extensively used in Lightweight virtualization production isolation Namespaces

250 views • 22 slides
secmodel_sandbox An application sandbox for NetBSD Stephen Herwig sandboxing Sandboxing:

secmodel_sandbox An application sandbox for NetBSD Stephen Herwig sandboxing Sandboxing:

secmodel_sandbox An application sandbox for NetBSD Stephen Herwig sandboxing Sandboxing: limiting the privileges of a process Two motivations - Running untrusted code in a restricted environment - Dropping privileges in trusted code so as to

1.09k views • 58 slides
Landlock LSM: toward unprivileged sandboxing Micka el Sala un ANSSI September 14, 2017 1 /

Landlock LSM: toward unprivileged sandboxing Micka el Sala un ANSSI September 14, 2017 1 /

Landlock LSM: toward unprivileged sandboxing Micka el Sala un ANSSI September 14, 2017 1 / 21 Secure user-space software How to harden an application? secure development follow the least privilege principle compartmentalize

789 views • 61 slides
User-level Andreas Zoor &amp; scheduling Nikolai Nagibin Whats User-level scheduling

User-level Andreas Zoor &amp; scheduling Nikolai Nagibin Whats User-level scheduling

13.02.2014 User-level Andreas Zoor &amp; scheduling Nikolai Nagibin Whats User-level scheduling Export scheduling policies form the kernel in the User- level Based on the idea of microkernel based operating systems

405 views • 12 slides
Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1. About Think Lightweight 2. What are Lightweight Structures? 3. Industry Applications 4. Product Line Review 5. Think Lightweight Component

832 views • 43 slides
Sandboxing &amp; Virtualization: Modern Tools for Combating Malware Anup K. Ghosh, PhD Founder

Sandboxing &amp; Virtualization: Modern Tools for Combating Malware Anup K. Ghosh, PhD Founder

Sandboxing &amp; Virtualization: Modern Tools for Combating Malware Anup K. Ghosh, PhD Founder anup@invincea.com www.invincea.com Research Professor Center for Secure Information Systems George Mason University May 2010 The User IS the

479 views • 20 slides
Capsicum Capability-Based Sandboxing David Drysdale Google UK Features Current LXC uses the

Capsicum Capability-Based Sandboxing David Drysdale Google UK Features Current LXC uses the

Capsicum Capability-Based Sandboxing David Drysdale Google UK Features Current LXC uses the following kernel features to contain processes: Kernel namespaces (ipc, uts, mount, pid, network and user) Apparmor and SELinux profiles

521 views • 30 slides
Minijail: Sandboxing software running on Linux kernels Jorge Lucangeli Obes jorgelo@google.com

Minijail: Sandboxing software running on Linux kernels Jorge Lucangeli Obes jorgelo@google.com

Minijail: Sandboxing software running on Linux kernels Jorge Lucangeli Obes jorgelo@google.com $ ps -eo pid,user,comm 1 root /sbin/init 2 root [kthreadd] ... 1468 message+ dbus-daemon --system --fork 1749 root

725 views • 38 slides
SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk

SKEE: A Lightweight Secure Kernel level Execution Environment for ARM Ahmed M Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, Peng Ning Samsung KNOX R&amp;D, Samsung Research America Motivation Operating system kernels

543 views • 25 slides
The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will revolutionise the international high-rise construction industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight

417 views • 12 slides
Elimina'ng Read Barriers through Procras'na'on and Cleanliness KC

Elimina'ng Read Barriers through Procras'na'on and Cleanliness KC

Elimina'ng Read Barriers through Procras'na'on and Cleanliness KC Sivaramakrishnan Lukasz Ziarek Suresh Jagannathan Big Picture Lightweight user-level threads

861 views • 64 slides
User Level DB: a Debugging API for User- Level Thread Libraries Kevin Pouget, Marc Prache,

User Level DB: a Debugging API for User- Level Thread Libraries Kevin Pouget, Marc Prache,

User Level DB: a Debugging API for User- Level Thread Libraries Kevin Pouget, Marc Prache, Patrick Carribault, and Herv Jourdren kevin.pouget@gmail.com, {marc.perache,patrick.carribault,herve.jourdren}@cea.fr CEA, DAM, DIF, F-91297 Arpajon,

895 views • 34 slides
Crowdsourced Conformance Testing via Remote Sandboxing Joe Gibbs Politz

Crowdsourced Conformance Testing via Remote Sandboxing Joe Gibbs Politz

Crowdsourced Conformance Testing via Remote Sandboxing Joe Gibbs Politz http://www.batchgeo.com Remote Sandboxing? Students' interpreters g r a d e . r k t 1 6 0 0 t i m e s ? Students' interpreters g r a d e

446 views • 15 slides
The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept will revolutionise the aviation industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight applications Patent Applied For

479 views • 12 slides
Theme is Not Meaning Soren Johnson Designer/Programmer, EA2D soren.johnson@gmail.com

Theme is Not Meaning Soren Johnson Designer/Programmer, EA2D soren.johnson@gmail.com

Theme is Not Meaning Soren Johnson Designer/Programmer, EA2D soren.johnson@gmail.com www.designer-notes.com www.twitter.com/SorenJohnson Who am I? Civilization 3 : Co-Designer, Programmer (2001) Planets : Lead Designer, Programmer

1.59k views • 109 slides
Open Source Robot Vladim r Petr k vladko.petrik@gmail.com http://alpaca.sh.cvut.cz

Open Source Robot Vladim r Petr k vladko.petrik@gmail.com http://alpaca.sh.cvut.cz

Robots Robotic Operating System Agile Infrastructure Open Source Robot Vladim r Petr k vladko.petrik@gmail.com http://alpaca.sh.cvut.cz November 3, 2014 1 / 20 Vladim r Petr k vladko.petrik@gmail.com Open Source Robot

723 views • 45 slides
Baksan EAS array Carpet-2 and Carpet-3 experiment Romanenko Viktor Baksan Neutrino Observatory

Baksan EAS array Carpet-2 and Carpet-3 experiment Romanenko Viktor Baksan Neutrino Observatory

Baksan EAS array Carpet-2 and Carpet-3 experiment Romanenko Viktor Baksan Neutrino Observatory of Institute for Nuclear Research of the Russian Academy of Sciences VI th CNRS thematic School of Astroparticle Physics Romanenko Viktor Outlines 1

466 views • 21 slides
Finding the smallest gas-rich galaxies Betsey Adams ASTRON / Kapteyn Astronomical Institute

Finding the smallest gas-rich galaxies Betsey Adams ASTRON / Kapteyn Astronomical Institute

Finding the smallest gas-rich galaxies Betsey Adams ASTRON / Kapteyn Astronomical Institute Small Galaxies, Cosmic Questions 1 Aug 2019 John Cannon, Riccardo Giovanelli, Martha Haynes, Bill Janesh, Lilly Bralts-Kelly, Steven Janowiecki, Tom

529 views • 23 slides
WORDS, GRAPHS, CODE A unified model Andy Shu v1.0 MMXVIII HKBU ENTITIES, SYMBOLS, BINDINGS

WORDS, GRAPHS, CODE A unified model Andy Shu v1.0 MMXVIII HKBU ENTITIES, SYMBOLS, BINDINGS

WORDS, GRAPHS, CODE A unified model Andy Shu v1.0 MMXVIII HKBU ENTITIES, SYMBOLS, BINDINGS Building blocks of symbolic systems ATOMIC primitive, elementary, assumed, axiomatic, self- evident, self-explained, taken-for-granted

1.04k views • 69 slides
Fifth Bruges European Business Conference W orkshop 1 : I nternal Market &amp; Regulation:

Fifth Bruges European Business Conference W orkshop 1 : I nternal Market &amp; Regulation:

Fifth Bruges European Business Conference W orkshop 1 : I nternal Market &amp; Regulation: Priorities for progress By Am aryllis Verhoeven Deputy Head of Unit Single Market Policy 2 7 March 2 0 1 4

242 views • 5 slides
ONLINE FUNDRAISER SIMPLE &amp; STRESS FREE Testimonials: The National Brain Tumor Society was

ONLINE FUNDRAISER SIMPLE &amp; STRESS FREE Testimonials: The National Brain Tumor Society was

ONLINE FUNDRAISER SIMPLE &amp; STRESS FREE Testimonials: The National Brain Tumor Society was pleased to work with Give &amp; Garden for our Tulips Against Tumors annual fundraiser. Give &amp; Garden was diligent about project managing the

389 views • 6 slides
Fundamentals in Information Retrieval Jean-Cdric C HAPPELIER Emmanuel E CKARD LIA EPFL

Fundamentals in Information Retrieval Jean-Cdric C HAPPELIER Emmanuel E CKARD LIA EPFL

Introduction Toolchain Evaluation Beyond the vector model Conclusion Fundamentals in Information Retrieval Jean-Cdric C HAPPELIER Emmanuel E CKARD LIA EPFL 20082014 c Jean-Cdric Chappelier &amp; Emmanuel Eckard Computational

700 views • 69 slides

More recommend