Protecting FreeBSD with Secure Virtual Architecture

Video in TIB AV-Portal: Protecting FreeBSD with Secure Virtual Architecture

Formal Metadata

Protecting FreeBSD with Secure Virtual Architecture
Title of Series
CC Attribution - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Release Date

Content Metadata

Subject Area
In this talk, I will present our research on protecting FreeBSD applications and the FreeBSD kernel from attacks. I will briefly describe the KCoFI system which protects the FreeBSD kernel from control-flow hijack attacks (such as classic buffer overflow attacks) and the Virtual Ghost system which protects applications from a compromised operating system kernel. Both KCoFI and Virtual Ghost are built using the Secure Virtual Architecture (SVA) (an LLVM-based infrastructure for enforcing security policies through compiler instrumentation and hardware techniques). In this talk, I will present our work on using the Secure Virtual Architecture (SVA) to protect FreeBSD applications and the FreeBSD kernel from security attacks. SVA is an LLVM-based infrastructure that permits us to use compiler instrumentation techniques to enforce security policies on both application and kernel code. In this talk, I will briefly describe how we used SVA to implement KCoFI: a system that enforces control-flow integrity and code segment integrity on the FreeBSD kernel to protect it from control-flow hijack attacks. I will then describe how we extended KCoFI to build Virtual Ghost. Virtual Ghost protects applications from a compromised operating system kernel. I will describe how Virtual Ghost uses compiler instrumentation to prevent the FreeBSD kernel from spying on and corrupting private application data and how it prevents the kernel from maliciously modifying application control flow (while still supporting features such as signal handlers and process creation).
build integration equality sources program bug malware Mathematical different memory kernel information model security Personal identification number (Denmark) Classes vulnerability Systems ARM map break connections job samples system website configurable level Systems results file machines Minimum break students Computed number goodness Memory Natural Number level address architectures overflow modules operations research information Net smart incident Applications Limit kernel Voter Computer animation networks integer frame overflow operating systems abstractions
call Code runtimes code state integration time set Compiler PowerPC privacy system software program languages static Biomedical Imaging Mathematical virtualized memory kernel single core Compilers set filesystem encrypted extent security Systems page tables bit virtualization break entire types job Ordering interrupted configurable level sort free Systems results read bootloaders point page Strömungsverlauf Implementierung functionality file connection break Mathematical analysis processors Computed number intermediate language goodness prototype Memory operators networks hardware level structure bootloaders Datumsgrenze form architectures Datentypen dialect key assembly code state Mathematical analysis code core Applications call Compiler Word kernel Computer animation networks hardware key family form operating systems
hard call runtimes Code integration state code time set water privacy program Mathematical virtualized memory option media kernel set encrypted series security partitions Systems rotation areas stations Relation map software developers Lasten Store physics virtualization bit break private key orbits category types job CPU interrupted rights sort figures Systems results Space Strömungsverlauf point slides Implementierung functionality sharing file Real connection break temporal help transfers polar versions Memory average operators networks interrupted structure bootloaders address architectures task form addition dialect key information interface state code incident Applications call pointers kernel Computer animation Case life key family operating systems overflow library
dialect runtimes key integration code Store code break virtualization break Applications SCSI kernel Computer animation Memory memory kernel networks operating systems address Space Systems library
virus transition sources open program San virtualized benchmark different Compilers set Systems God exceptions LTS screen software developers Lasten binds complete signature Buffers figures sort read page file break similar Mathematical analysis students Computed elements terms hardware structure Implementierung address man World Wide Web Consortium Authenticated comparison Standards state clients lines call Word networks function Kraft library build runtimes circuits state time Compiler part proper Mathematical malware filesystem model extent wrapper parallel Sass benchmark private key connections bandwith configurable rights level free recording Strömungsverlauf functionality Implementierung servers App identifiability perfect overhead factor machines transfers menu processors normal operations train versions Memory internets operators utilized Optimization Algorithm addition patches cells incident evaluation redundancies kernel pointers Code unit clients Trace Biomedical Imaging pointers signing kernel encrypted errors security Classes ARM page tables constructor Gradient effectiveness bit break messaging job eggs Ordering interrupted Space open source patches driver number level bootloaders architectures paging overhead graphs key information servers interface content code Applications Compiler academic faculty environmental Case utilized jump observer call code breadth integration ones set certification languages CAP memory CPU conversation areas programming language Headers Computed virtualization open entire deg Proof computer science Systems results mode free services software developers color prototype reduce interrupted domain multi Cryptography including Computer animation objects overflow operating systems extent
which not changing and wondering but there by good afternoon everyone on my name is John result I'm an assistant professor at the University of Rochester and today I'll be talking about protecting previously with the security architecture this is work that I did when I was a PhD student at the the University of Illinois at Urbana-Champaign and the work and then we talking up today date with joint work with Nathan about half an hour by vitamin number dissertation work starts with a very simple question do you trust your operating system a map that that have that now here's the interesting thing you say no and yes some people say yes and some people say no but in fact in practice we do and the reason why is because on top of our commodity operating system kernels such as the previously kernel we run applications and users applications to process sensitive information so we may buy things online using credit cards from web sites like eBay or Amazon . com or are we may file our taxes which includes of sensitive information such as if you're an American citizen social security number and your address medical data my doctor happens to store my medical information on a Windows machine and certain voting machines on run commodity operating system kernel sources offerings the kernel based on such as Windows CE that we run on these applications and on our commodity operating system kernels but maybe this is not such a good idea and the reason why is because commodity operating system kernels are vulnerable other vulnerable for 2 reasons 1st on all commodity operating system kernels they are written using C and C + + and as a result they suffer from the same security vulnerabilities the application suffer when they're putting mistakes that are made so for example commodity operating system kernels have been arm of vulnerable to buffer overflows integer overflow attacks additionally there are vulnerabilities that occurred operates the due to their job as the operating system so for example the operant system kernel provides the process abstraction which is supposed to isolate different processes different programs from each other but sometimes logical bugs in the operating system kernel allow information to link from 1 process to another unintentionally so for example through this configuration of the human you 1 process may be able to access memory of another process finally all commodity operating system kernels to date all are dynamically extensible you can load new drivers load a new kernel modules into the system as it is running now because of how the operating system kernel is structured these new modules when they're loaded can modify the operating system kernel behavior in arbitrary ways and so attackers have taken advantage of different kernel of malware typically to hide their presence such as hiding process season files and network connections but because they can use any arbitrary behavior that they want they can do things like stealing data from applications corrupting data with an application even modifying applications control now here's the real kicker if the operating system kernel is exploited that all security guarantees a new system model voice if you're operating system kernels compromise you have no security on your system and the reason why is because nearly all security policies are either enforced by the operating system kernel itself so the attacker control the upper incident kernel here she can just turn this pretty policy off or they are enforced by applications running on top of that operating systems and so because Molokai operates 2 girls have such a great amount of control over this is making this region of the application changes code changes data and therefore turn off the security policy enforcement within the application so the operating system goes everything goes with the other 2 approaches to addressing this problem if you don't want to abandon existing commodity operates kernel so if you don't wanna write it if you don't want be massive restructuring and refactoring the kernel the 1st is to automatically hard in the operating system kernel from certain classes of attack and I looked at this in my Ph.D. dissertation on and build systems such as the M which enforces strong every safety guarantees on commodity offering system kernels namely Linux and then more recently the coffee system which enforces a lighter weight security policy called controls voluntary arm on the previous speaker now map all these approaches are good 1 limitation that they have is the only address a particular class of attacks so the obviously mn coffee systems for example addressed buffer overflow attacks and attacks of that nature but they don't address things like kernel level now at this loaded in the system currently don't handle information which they don't handle missing access control checked so another approach that I explored in my dissertation is to just assume that the operating system kernel becomes problem of compromise just raising of your hand and say OK we're just assume that the operating system kernel can be compromised can we run applications securely on the kernel anyway and so we built a system called virtual ghost which provides data confidentiality and integrity for applications running on a potentially compromised operating systems not
today in this talk i'm going to talk about a little bit about coffee and virtual ghost was the talk will be about virtual ghost because in fact virtual ghost is actually built on top of the core of the system so we have control country for the previous the kernel and the Randall virtual goes on top of and so the
contributions of 1st word goes to that protects application data confidentiality and integrity as well as protecting the other features of the application the uses compiler techniques and because it uses compiler techniques we can use the same processor privilege level as the operating system kernel we do not need to use a hypervisor-based approaches if you will where we take the system kernel up entering 1 on x insects or have you men extensions allow strong code below the operating system kernel we can actually run alongside the operating system and it turns out that although we're using compiler instrumentation techniques to add instructions to the operating system kernel code we're still faster than hypervisor-based approach so that's a brief overview on of the research work on I'll talk about the design of virtual ghost and then take a small side and talk about some of the design and implementation of coffee all that talk about our experimental results so a little bit about the implementation and the experiments that we run on on coffee in virtual ghost and then finally all conclude with some future work that we're doing at the University of Rochester what is the fundamental problem with current system designed the fundamental problem is that applications cannot protect themselves from the to so if I want to write applications that does not trust the system kernel I will be inclined to write application that just keeps dating prepared as long as possible so pretty 2 of the file system into the network in even the data incredible stored in memory the problem is that even if the application does this cannot protect itself from the operating system for the reason why is is the operates as a kernel can access anything and everything on the system so the operating system kernel can just reach in and read unencrypted data out of the application or modified encryption keys to some value that the operating system what the utterances and kernel can modify the applications code so that it just doesn't hurt anything at all it can even modify the applications control flow can stop the application changes program counter and then resumed the application causing it to skip over encryption and decryption operations so the matter how hard and application trials on an existing operating system kernel such as previously your Linux and Mac OS 10 it just simply cannot protect itself the goal of virtual ghost is to build a system that allows applications to protect themselves and their 3 features that such a system requires 1st applications require private data and private code so they need our they're still going to be public memory the operating system kernel can read and write so that they can communicate with the operant system kernel but they're also going to need memory that the operating system kernel cannot read cannot corrupt secondly the incorruptible control flow as they need to know that when they start execution they start execution in their main functions and they also know that if the interrupted by and trap or a mom interrupt or they exude system call they have to know that the operating system kernels not to be able to modify the control flow maliciously while the operating system kernel running 3rd and finally the applications that protect themselves are going to need a reliable way of getting their encryption keys from some file typically the executable image from the textual image into that private data memory regions without the operating system kernel being involved because of the operating system kernel is involved that process can change the encryption keys you can read encryption key values on thereby defeating the purpose of having application cryptids data when it's to the operon system to begin with so these are the 3 things that we know how hard could it be well there's 2 challenges the 1st challenge the more obvious challenge thing is that modern processor design assumes that system software like the operating system kernel should be able to access all of memory that's challenge number 1 but there's actually more subtle challenge when you start trying to do this the more subtle challenge is that if we want operating-system kernels to provide the features that we expect them to have they must be able to manipulate applications state it doesn't suffice to put an application over here and the operating system kernel over here and saying need never the to shall meet because if you did that the operating system kernel would not be able to create new processes and new threats it would not be able to execute programs by providing the exact family system calls it would not be able to provide a signal handler that because all of these operations modify application state they go in and make changes to the Application Programming so instead of preventing the operating system kernel from manipulating application state we must allow it to do so but we was controlled what it does we must ensure that it makes good state modifications but not that the modification by so we're going to need some infrastructure do this for 1 to use from our previous research secure for architecture so it is you're virtue architecture instead of compiling the operating system kernel down to native code and instead of having inline assembly code written into the operating system kernel instead what we're going to do is we're going to compile the operant system kernel to a virtual instruction set and we're going to design a on structures set to be easy to analyze an instrument now handwritten assembly code is not easy to analyze an instrument so what we're going to do is we're going to port the operating system kernel to operate construction so we're going to have a set of instructions in network construction site as DOS which we can use to replace inline assembly yes the US instructions basically provide features such as registering interrupt and trap handlers on being able to configure the immune you being able to manipulate interrupted applications interrupted program states in this way we could represent an entire operating system kernel and the virtual structures that the operates kernel have no inline assembly code no handwritten assembly code in it at all that you can't actually run a virtual instruction set operating system kernel you have to translate it to native code like x 86 or armor power PC methods in order to run it on a real processes now when I give this talk some people tend to assume that all OK year dependence some like job hours so you ever constructs a that you have instruction set so the translation must happen it just in time just like topic the secure to architecture is is designed so that translation can happen any time you want it can happen ahead of time that happened at system boot time system installed time runtime of idle time In our implementation in our prototype we implement translation ahead of time because it's easier to do and be it's more efficient and less look at the verge structures such as well little bit more detail is comprised of 2 components the 1st component is as the core SEA core is taken from the an intermediate representation so it's the language that the LD compiler uses to analyze and optimize code it has tight source-level types has explicit static single Simon form these are things that allow us to do sophisticated compiler analysis instrumentation on the operon system kernel code now yesterday core structures that's what you call regular computations provides things like adding and subtracting point arithmetic are reading from and writing to memory those sorts of things and now the l the MIR if you take away the inline assembly code feature I can't support operants kernel can express the Free BSD kernel or the Linux kernel in LT in 1 hour so we extended it with a new set of instructions called as the last user operating system neutral instructions we use them with both Linux and previously and they encapsulate the state manipulation and hardware configuration operation so again they provide instructions like configuring page table pages of modifying interrupted current state for signal and we're dispatched on registering system call-handlers and handlers and things like that no it's interesting because it not only the do that do they encapsulate these operations but because the operates system kernel has to use these instructions to interface with the hardware and to manipulate state at all allows us to
control of the operons temporal doesn't so we can control of the operons system kernel figures in you we can control how manipulates the application state and so what we do is when we implement these instructions used as the US instructions we add run-time checks to them to help enforce security policy that were also supported that were also enforcing the components rotation so 1 implementation of the US the US instructions helps enforced control entry for the coffee system another implementation farm implements the run-time checks that we need for virtual goes to protect applications from the operating system kernel that implementation is what we do is we implement the SKOS instructions as a rock native code runtime libraries so essentially what happens is you express your operating system kernel in the virtual instructions that you then analyze an instrument it and break down to native code the implementation of the the US instructions is missing from many native those so the runtime libraries linked then provides the implementation of those instructions you now have completed the kernel that you can boot on real hard work of art that how we going use secure virtual architecture to implement virtual go how we going to provide those 3 features that we need let's 1st look at private data and practical so most operating system kernel such as previously and divide the on virtual address space into 2 partitions the user space partition and the kernel partition so users face memory is where the application with kernel space memories were the kernel lives and the kernel is allowed to access with users based on kernel space whereas applications can only access uses the virtual ghost is going to add 2 new petitions to the virtual address space the first one is ghost memory goes memory is memory that the application is allowed to read and write but the operating system kernel is not allowed to read and write so this is where the application is going put its private data and its private know what's going to happen is the at those that implementation of the as the US instruction that runtime library it has its own data structures that he uses in implementing its runtime checks those data structures should not be accessible to applications or the operating system for so there's another region of memory called the of virtual goes to the in memory or via memory for sure this is where the s US data structures this region is not readable or writeable by applications or the operating system kernel so essentially we provide this new into new regions consecutively continuously memory the operating system kernels not allowed to read or write about this idea probably asking me John how do you give an operating system kernel from writing into ghost memory via memory the church the the secret sauce is solved fault isolation instrumentation so what we do when we're translating from structures that code to native code is we look for all the load and store instructions in the operon system kernel and we add some instructions before them with these instructions do is they check to see whether the pointer that's going to be used in the lower is pointing in the user space memory or kernel if they are it's fine the pointer does not need to be changed if they are erroneously if the point is erroneously pointing into ghost memory or into the virtual goes to the in memory than a simple bit messy operation moves the pointer into kernel In this way we are guaranteed that all loads and stores the accessing users based memory or kernel memory but not memory and not be and now that let's say operating system kernel of fortunately has a buffer overflow an attacker could potentially use a buffer overflow to change the control flow to jump over these new instructions that we bad and that would allow the operant system of axis goes memory or vehemently that would be that that would violate the virtual go security properties that were trying to enforce so what we do is we use control-flow integrity by using control-flow integrity instrumentation along with sulfur fall isolations rotation we can assure that the softer full isolation are instructions are always executed they can never be jumped over are even if you kernel has a buffer overflow or other sort of memory safety air In addition the control flow in charity instrumentation helps protect the operating system kernel from buffer overflows and other related tasks so we sort of get a two-for-one deal on with virtual ghost and that we can actually protect the operating system kernel from attack and protect applications from the operating system kernel with 1 set of instrumentation arts now we have a private data private because what a secure application control flow will why isn't application truffles control-flow secure today the reason why is because an interrupt trap or system call the harbor transfers control flow to the operating system kernel and the operating system kernel saves the interrupted program state on the kernel stack the kernel staggers in kernel memory it's in kernel space the Oberon incident kernel can just rewrite that as it likes to virtual ghost what we do is we there's use in our purposes and call the harbor transfers control flow to the virtual ghost runtime library that implementation of the SUS instructions the runtime library then save the interrupted program state not into a kernel memory but into the virtual goes to the then vertigos transfers control flow to the operons tuples now the operant system kernel and respond to the interrupt or the trap the system called as appropriate but now when the operating system kernel wants to modify applications state it can't do so directly it's sitting in the virtual goes to the where the operant system current can capture so the operating system kernel must make a change to say the program counter and the stack pointer it has to ask virtual goes to do it through an SEO instruction so in this way the SCO as instructions can that changes to say program state and if the changes are OK and go ahead and make the changes on behalf of the operating system kernel so in this way we can actually control operations such a signal handler dispatch of threatened process creation and exact family of system calls as an example let's look at how the exact system call is implemented on a virtual system so you have the operating system kernel there's some application executable that it wants to execute there some program that has executed the exec system call so it's been interrupted and we're not running the kernel code so the kernel so kernel says a virtual ghost I have this application executable here please set up the code segment for these executable and please change the same program state so that it when I resume its when I put it back on CPU it will start up in the main function of this executable so a virtual ghost does it says OK I'll go and the application code segment in the applications those memories and now we have the applications code segment using those memory the operant system kernel not arbitrary modify the applications of the application can use it and then hurdle goes to locate the virtual address of the mean function and change the program counter to point to it and then return back to the operating system kernel so other incident kernel does the return from system call will happen is the say program state will start executing this new application code in its main function so what we've done is we've essentially taking the operating system out of the past the critical path on where we rely on it to do the correct thing instead virtual goes the critical operations of setting up the code segment and changing the current counterpoint to the main of article of private date and private code we have secure applications control flow the last thing we need is secure application encryption keys so let's say here on an application developer know you've written application you generate a public private key pair for that installation of the application and then you're going to run this on a virtual ghost system so he just embed the application code in the application the executable file and then you send them over to vertigo system your operating system kernel can do 1 of 2 nasty things so the 1st thing you can do consumers say why like the code but I don't like an encryption key because I don't know what it is so I'm going to do is I'm simply going to replace it with my own public private key pair so in this application goes encrypts data tidal what he it's using alternatively the operation promise a well I like that application public private key pair this application came
with some files there encrypted using those keys but I wanna be able see what's in those files so I'm going to change the code in the application so that it'll it will be correct the data with that application key pair and then I can see what we need to do is we need to tie the application code and the application he paired together so that if they are tampered with by the operating system kernel we can detect the tampering and refused to run the program so every installation a virtual ghost will have a public and private key vertigos public you will be used to encrypt the application code the application T and then check some of the combined application code application the pair will be encryptor with a virtual ghost public what this allows us to do is when the operating system crop kernel comes along says a virtual ghost please set up the code segment for this application virtual ghost can verify that the code is not been modified in the key has not been modified and then fact this code and this he actually go together is the right code in right the pair together it hasn't been hampered them over to little was also the code segment as we talk about a few slides ago and then I'll put the the correct the application pair and put that into ghost memory in this way the operating system kernel is never involved in getting that application keypair out of the executable in into the process is just memory is not involved in processes so as a result it cannot corrupt the process that we have about but you have to decide whether the they you would like to use in natural way of saying it will have to be a preview of the components and send them to the polarization of the of the season of the year although I'm not sure frequentist are used essentially saying if I'm an application developer and I think 1 version my application of my ship it is possible that I can send another version the application right right OK so I think my answer to that is that on if the system that the at developer is using is running on a virtual ghost orbits system outside so like it's like an AppStore map was something that should not be a problem stopping system kernel can get in and modify should be able to grow you should be able to properly process creates the sameAs the application correct so all I think so I think there is an attack where on the Oberon system kernel so actually be watched so I think what you'd probably want to do is I think what you want to do is every time you update application I think you'd actually have given a new application he pair and then green the files that application keeper so now I had thought of that thinking In questions yes or no I was on the right side of the the matter is that comes from the United States are now being at at the point the kernel of the water that is not the best we can I use that really from a series of the form of a process that is allowed in the have year there was 1 that I still have a long process that you know these guys don't see any way that that that the type of thing about is so so so let me rephrase your question you're asking how to secure swapping work right so so so yeah so so as it stands right now you can swap anything goes in the right yeah cannot stop anything just because it can't read any can't write to the right so so you're so you're so 1st she said OK let's these pop of the code segment in the application or the application he here right all the operant system can't do that because this goes non-paper we talk about design for allowing secure swapping so the operators in kernel once a swap of memory that happens to be mapped into those memory it can be somewhat virtual ghost will essentially do is essentially encryptor encryptor visually sign accountants and then all the options to kernel the have access to that I would have enabled me that because we haven't run into a case where we need to actually slot argues memory and things like that out there that are in that so executed memory should be endorsed memory because it's not best because otherwise the principle kernel can correct yes yes so we have implemented it but that's easily solvable through I arteriolar news to just so you just get so you have heard of goes control access to the island of New and the operons from cannot reconfigure the island New so the fertile goes from tiny implantation the DSPs instructions basically conveys the island use of that the often system kernel can use the you made to get information into and out of physical memory this mapped into the ghost memory region you can modify the trap France because it is so the trap the trap FrameNet what will we call interrupted program states that say that say the into the memory which the offering Systempro cannot access so can access it without going through virtual ghost virtual goes to the interface vertigos combined with this run-time checks ensure that the changes are not going to violate the applications control flaunted all of excellent excellent so you just reinvented Iago tax so there is an attack called Iago attack in which so the average of kernel can access the application memory anymore and can't get corrupted control flow it just as I'm going to return bogus values from system calls and when I do that maybe I can trick the application into doing something it doesn't want his maybe I returned in that returns a pointer in ghost memory media art you know the application is synsets OK so on in future work I'm actually having to work on that so I will get to that in face when my last slide but yes you in the yes that's because with all of the kernel code segment to be writable which I'll get to slide down so so so so in in in our usage security 2009 people we have a solution for the limited amount catching it when it's actually tries to do so but in general obvious kernel is not allowed to make arbitrary changes to its native the rest of your life but I actually hadn't really thought about that I I think he's space is actually fine and we'll get to look get the reason why in fact on 1 area of coffee break
alright so coffee is essentially a subset of virtual go so coffee divides virtual address space in the 3 regions that user space region the kernel region and then the coffee in the in the feature so this is a virtual ghost the memory just renamed as coffee in memory of it provides control-flow integrity so that we know we're we're jumping to the kernel code segment I guess this code segment so these are often system kernel code does not change I guess the sulfur full isolation on stores so unlike virtual ghost which has to maintain the confidentiality and integrity of the in-memory copy only needs to protect the integrity of its the so it only has to do sulfur full isolation sentation stores on SUS checks that it's SES runtime library does on only of you control voluntarily encode segmented 30 and it doesn't have the encryption key delivery feature or other little go specific features so basically coffee is like 2nd control haunted encode signatory that fertile just requires and then vertigos builds on top of that the features to protect applications from the operating system as coffee were
quoted in for the neutral country or multiple ways in our prototype implementation what we do is we use the approach from the same town and were set in CCS 2011 paper so what we do is in the when we translate to native code at the beginning of every function and after every construction we insert a special no-op instruction no-op instruction that does not appear anywhere else in the kernel code segment that we history all computer Johnson every return a redirect function call to 1st take the address that the kernel wants to jump to embed mascot so that it's not going into user space memory so someone asked well what about instructions in user space memory instructions in user space memory on the kernel code the the vertigo said vertigos status that have to set up the code segment so that its think merchandise has because I know that it's actually also verbal still has to serve the consignment but we allow arbitrary native code you run an application state because we control with the kernel at so long as a kernel is not hurt into running use this code which is what the this that masking does we were found so so the master pointer the address to make sure it's in the kernel code segment and then what we do is we check to make sure that we're jumping to actually contains 1 of these labels if it does great if not then we use a direct grants to jump to some error handling never
return from interrupt straps and system calls on so in modern offerings them kernels the operant system kernel can actually interrupt itself so governs the kernel can experience trap or interrupt while it's running so just like application state we say that state into the in memory where the operating system kernel cannot directly modified so in this case we prevent accidental running through buffer overflows of changing the program counter arm of the operons and kernel once interrupted are more changing privilege level the op incident kernels interrupted all we also have a structure that allow us to do the exception on 1 that's done on efficient implementations of copy in copy so we can still use the menu to catch our faults in copy and copy out operations on insecurely unwind the control flow all being controlled now as I said before we also provide code segment area so by controlling access to the page table pages and by controlling the MMU on both coffee virtual ghost ensure that the code segment is never made writable on there never any changes that map new data and code into a code segment on there is an instruction that allows you to dynamically extend the because and of the operon system kernel so if you want to load a say a device driver on you can give a virtual ghost or coffee the arm virtual structures that code will translate that dominated produce the instrumentation and then add that to the kernel circuits but otherwise the operating system kernels not allowed to make arbitrary changes to its native code segment right back commercial guest alright so number the number the results so we implemented a prototype of virtual ghost and coffee for 64 bit x 86 we ported previously 9 virtual ghost if you wanna know why it's so all this because we started this I think back in 2012 on so the trusted computing base is about 5 thousand 300 source lines of code this is the size of the compiler passes on that we'll have that we wrote and the runtime library that implement then we modified several applications from the Open SSH applications lead to use ghost memory so the SSH client users aged he generating program the SSH and utility on news ghost memory for the heat they really should be using it for global and stack but in a prototype implementation on were only doing the arm and basically what they do is they create authentication keys that on purpose to the offering stone kernel cannot read them cannot access them but the SSH client and the SSH and utility can use them by this is now released as open source software our we release the album compiler extensions virtual ghost of runtime library and patch the previous 9 kernel code which gives you the port of previously 9 from actually 6 to these architecture for construction set is available on my get have accounts idea how that comes less crizzled to L's is also linked to this from my homepage at the University of Rochester are now the 1st experiment that we ran was what we wanted to see whether we could start a sophisticated malware attack and specifically 1 that was designed with virtual ghost so what we did is we wrote a malicious kernel driver and with this malicious kernel driver does it tries to set up a false signal handler within the application that will try to copy data between ghost memory to traditional memory if they can do that then they can just read that the militias very just read the data out of traditional methods so they can get a copy instructions to act as a signal handler then can steal data out of those memory on by getting tracking application and tapping into traditional now this is way more sophisticated than what you need for standard previously instead of previously there is no there's been reading just read data straight out of memory so nevertheless this works on Native previously it doesn't work on virtual and the reason why doesn't work on version goes to the convertibility protecting the application state current state when the application starts running it tells virtual goes through a system call a go straight into the virtual ghost runtime library here is where all my signal handlers are at so when the malicious viruses had a virtual ghost please change the program counter to point to this man copy instruction vertigo says that's funny the application didn't say that that then copy instruction was a signal handler so no I'm not going to change the current state all I'm going to leave it completely unchanged so buffering system kernel if you continue to run this application is going continue running right where it left off before the interrupt proper system call so that's how we stop this rather sophisticated piece of kernel now as virtual ghost perform in terms of execution time so we want compare virtual goes to other approaches other approaches try to magically improve on application pages in the Princeton Girl tries to access them on the most recent of which is a system called intact uses the imam extensions in the processor on we compare our own bench benchmark results to interact and what we found is that we do quite a bit better than so vertigo it is usually about 4 X to 5 x overhead on on on system polling on normalized to native where as i in tags more like 7 x 2 9 also virtual ghost has very little overhead on some key benchmarks of for example on page faults burden post only at 15 % over whereas on the internet you have 7 . 5 x over here now this is not an apples-to-apples comparison because Intel uses Linux least reviews the reason different machines our not even using the same version the elements which parts but it gives a ballpark figure in the ballpark figures says that virtual ghost is doing pretty well now what about comparing virtual ghost to our coffee so what we see is this is ah elements benchmark results comparing on of the 2 virtual goes on because of the additional solver full isolation instrumentation on loads virtual ghost does incur a fair amount more overhead than coffee so 1 thing that this tells us is that the solvers fall isolationist actually does matter is actually hurt performance so we you get rid of that that would be nice I know that's micro-benchmarks that's latency of system called most applications do not spend most of the time executing system calls is the most the time doing computation so we wanted to see what is the effective performance on actual applications so what we did is we took to network servers th PD and ssh keys in RAM performance experiments on them all we ran our experiments on an isolated 1 gigabit-per-second network and the reason why we chose Network Services because unlike other standard benchmarks like the specter benchmark this that never get another time in kernel space they spend a lot of time actually using kernel services and therefore the overheads that we're adding to the kernel are more likely to show so our 1st experiment with 20 http the we used Apache bench transfer files between 1 kilobyte 1 megabyte in size of configured Apache best use 100 clients 100 clients after operating parallel to 100 thousand requests will always use the performance overhead is negligible I have shown the copy numbers on mainly because we compared a patch eventually differently we use I think 32 clients and 1 thousand but the results are essentially the same negligible overhead for tht http alright that's multiple clients what happens if what you want to do is just 1 transfer 1 file transfer over the network as quickly as possible and using credit connections that no 1 changes your file or states or states upon the contents of the file during the transfer so what we did is we took an unmodified SSH server so this is not using ghost memory this is unmodified SSH server running on a native previously system the coffee system and virtual ghost system we used a message client on another machine to transfer files between 1 kilobyte and 1 gigabyte size and we measure the bond with that we get through the verb verbose those on SCP what we find is that coffee incurs 27 27 per cent reduction in bandwidth in the worst case where Virgil goes reduces the bandwidth by 45 per cent in the worst case so the overhead is not completely terrible but obviously there is room for improvement alright no I have interviews just merits of so for these expensive basically image showing what happens to existing applications if you put them on a coffee system orbital goes what happens if you start using those memories the any cost to that so we took our SSH client which is usually a wrapper library that copies data between traditional memory and ghost memory what it wants to do read and write system calls we took this ghosting as the SSH client and we ran on a workable system and we use it to transfer files from another system between 1 kilobyte and when bite size and then we also tested the original SSH parts to this is original SSH in memory SSH both running on the virtual ghost system what we find is that there's a 5 per cent reduction in the worst case typically for these larger file sizes wiser for these larger file sizes well we suspect that overhead is coming from the fact that were copying data between traditional memory and those memory when we're doing reason right here's the good news the good news is that a lot of this copying is unnecessary because S H is encryption and decryption data as it sends it to and received from the network encryption encryption and decryption has an implicit copy operation so what this SSH client is doing right now is when it receives accredited takes the data gathering system kernel puts it into traditional memory sh copies it into ghost memory because that's what the wrapper library for the read system call them was that it takes that encoded and just memory groups it makes another copy in goes back so if we can to and SSH what we could do is encoded data comes into traditional memory then it's the corrupted and copied into ghost memory in 1 operation so instead of having these 2 copies you only have 1 copy so in nutshell all-fibre set reduction is bad we think we can do better our future work so 1 of the things that are and we're gonna have a sister working on soon is replacing and reducing the compiler instrumentation savvy as you see the compiler instrumentation it is better than using MN extensions on in the way that it had intended it still has the overhead is not negligible at least on e-mail Benjamin charts and on applications like SSH we think we can replace the soffit full isolation instrumentation using aerospace identifiers are on domains or perhaps only making small modifications to the Emmanuel processor provides the isolation isolation features that we knew it we can remove this off a flyer isolation instrumentation we should be able to significantly improve the performance of both coffee and virtual goes a 2nd thing that we're working on is were working on defenses against the yogurt Texas someone here I will mention the architects so we are attacked again our tax in which the opera incident kernel returns bogus values to an application through the system call interface to try to trick it into doing something that is we want to do our observation is that this is essentially an application trusting low integrity data so by using standard programming language information flow techniques we can basically check with an application is doing on computational on high interrogator data and whether that computation is being influenced by momentarily data from the operating system so this way we should be able to build a system that formally verifies that application is not vulnerable to these young well so looking at the automated were also building a system that will on automatically determine the efficacy of control pointed planetary so if you're following the control-flow integrity of literature on coarse-grained control flow integrity on now they're not sorry there now new attacks against coarse-grained control countries that allow attackers to compute to perform malicious computations so we now have this open question of how good of control flow and very unique so obviously coarse control entry where you don't distinguish between different about called targeted return targets are is insufficient but if you use a more accurate call graph that good enough if you have perfect control Ontario otherwise known as court-appointed technique is that no 1 knows and currently the only way that we can solve that problem by having 4 grad students trying out attached trying to create new attacks against the system my goal and I have some minutes of money to do this now is to try to build an infrastructure that given an application and some in a malicious computation that we might want execute can tell us will this defense allow the malicious code allow most computation to be executed yes or no as so this way we can have a much more systematic evaluation of our defense and finally I have a Google Summer of Code student working on of producing a tighter call Rafah copies of the notice copies using 1 of these coarse-grained are called rest so now that's actually good enough for virtual goes 1st is actually better than what we need for but we want to defend operating system kernels from sophisticated memory of sophisticated buffer overflows then we're gonna want something better than the coarse-grained color of that we're using today so a student is working on implementing that for the coffee system of highly because entertainer bonded I thought I would do it as well on just tell you a little bit about what we have the University of Rochester so at the University of Rochester on we have obviously degrees in computer science we offer master's degrees in computer science and PhD the reason computer science all we are very strong in computer architecture and operating systems and compilers and I'm not adding I'm along with the 1 with another factor remember security expertise to our faculty in addition you might want to know that we have a new master's program in data science of you interested in big data and being able to study the data along with some sort of application areas we now offer one year master's program and that all we have a small department was small class sizes my operating systems costs has about 25 students as both undergrads and red so there's a lot of personalized attention from our faculty and if you like to encourage programming needed to do that my operating systems costs so something to think about of principles been on your so in summary we built a system called virtual ghost virtual ghost permits applications to protect themselves from a commodity operating system kernel is compiler techniques namely control voluntarily insolvable isolation and this achieves higher process privilege levels free so we don't need the process should have been them extensions of our we don't have to use them so they can be used for something else and it turns out that by using the pilings incitation near faster than current BMM based approaches without take questions few so 1 of the reasons why I wanted to present here was to gage how interested people are in this technology so and 1 the reason for that is because being a small small school I have a small research groups so I have limited development so you tell me that something as interesting design too wild and crazy when you think of it in any way that that that that that sodomy idea i'd anybody on this but what I said you I actually all of you have heard that that God is like all of these the love of the of the of all the people who are in the world you want me to know that you were implemented yes we will use support the architectures on that question so basically what you need to do is you need to support the US the US on the runtime library on to a another architectures need to rewrite that arm if you design if you ported to the virtue instruction set properly on then and that's probably about all you need to do on sadly that is not what I did in my research for because I was in a hurry and kind of learning the low-level parts of previous years I went so are my probably didn't actually so I basically light is for the Birch instruction set support I didn't create a new port because was more work I is that the Exodus export redundancy exocyst 4 parts and put my virtual structures that parts so but if you do it right then and you shouldn't you shouldn't have to worry about that stuff then again it's only about 50 of you also support the compiler parts but again this is only 50 300 once again so it should be a lot of work In the 2nd part of the article that you have been in areas of the world you have to go on and on the hand use of the the of the of language on the object belongs right so so the answer that it's you're correct on 1 of the interesting things is that so like for mobile applications I think we can actually is automated compiler transforms existing applications and transform them into versions that protect themselves for you really regular applications it's more difficult because we don't know which files is supposed to be shared and therefore not prepared so that everyone can see them and which ones are supposed to be encrypted so on it is possible i think to create an API that the program just compiles to and then on systems that support vertigos they do the whole encryption encryption thing and then on systems that don't use virtual ghost the encryption is just a normal operation if it's attacking it's attacking a seminary some similar problem or other STX is trying to attack the same problems that were attacking so the the 1st implementation of STX STS 1 was primarily designed to take small bits of applications and throw them into what they call play this isolated environment and so to make things simple they are made of civil but to provide the security guarantees that the provided simplifying things like enclave can execute system calls so you know codon not play for example can receive a single enhancing wireless signal has army can't do system so can you read and write whereas in virtual they can now my understanding is that the regret in cell is starting to develop a new version of a of a theoretical to which tries to fix some these annotations to they're wanting to do what virtual ghost can do which is to protect an entire application arm I'm not familiar with exactly what they've done and how far they are on that but I know that that's what they're trying to do that so so so I think it time of haven for mostly I guess so 1 thing about haven that they've done is I think they're trying to protect the application from the hypervisor and what they've done for the afferent sister-chromatid OK were just these level so the OS now for the the application of that works but that's not a commodity operating system kernel right that's a library operates on so we have not investigated on inquiry on I think that it would be simple enough to serve to verities cryptographic signatures so that when you when you when you when you ask for non and collaborative loaded you can actually verify that it is the 1st library 3 load of that it's not something that the action of detail yes the traces not the other questions yes so so so so happy so so yes so the cluster what you're gonna wanna do you're gonna want to be able to isolate 1st 1st of all in any server system right are any server which you care about security 1 Isely applications from each other anyone isolate them from the system sort of systems offer can be by D and 4 in particular the way will be built money of ring systems they're very large and very complicated they're very privileged but in addition to that of cloud computing system what you want to do is you want to protect it from the hypervisor in from other virtual machines right because you don't want other you know other people running on the same physical be Safavid via access your data are corrupted so yes it's very it's it's very relevant to that area on 1 interesting piece of future work that we could do is to look at extending the virtue instruction set to support a hypervisor in that way protect from you know basically that Aboriginal from the operating system kernel but also from the hypervisor and other virtual machines that can be run in the same part so so so so so that's another words program that he knows the record that well OK so so 1st off the question is is can the operant system kernel corrupt the application code and the answer is that because of because of what I showed earlier work application is encrypted with version those public key so we were to post in the group it's over and sort the 2nd question is is let's say that you want execute program food they have process I like aprogram bar better so excuse for embarked now you want talks a program bar over a pint how do you know that it's that you want talk through over how how useful to not bought well that's why the that's why I said with the application keypair that's why it's a public private key pair because if you know the application public you're let's have a visually signed Certificate were you know OK this is the public you know this is a public key of this application of the operation kernel starts of another application and you start talking to it you can actually authenticate the application talking to is the 1 that you want so if you don't use public key then you can when you if you're talking the ba ba will be able to authenticate itself is too right so that now the case of SSH key gen what's going to happen is like let's say the outcomes kernel runs another application that application is going to have a different public private key pair right because arms in kernel doesn't know what you're SC Heejin public-private key pairs so if you then run your SSH client is likely be able to use the authentication he's created by the operant systems SSH gen because the signing it occur properly right now there are issues with OK if I'm the user and I'm actually typing on a keyboard and 1 of the application and talking user application as the application was talking to me the user as opposed to like some other programs they system set up to masquerade as a user that's an open research question on which I have a few ideas for but that's definitely future work as you way all of the Virgil the lover of them all of the of the so it so if you have so in a complete implementation including including 1 that can dynamically load new kernel code what you have your bootloader use trustability make sure you have bootloader which vertigos shows the offering system kernel which then can start of applications in the of all of the so the so if you if you if you corrupt the processor the actual hardware then I'm no we don't defend against that that's not attack model so yeah you're you're definitely you definitely you definitely but you are I OK so I think vertigos provides the infrastructure to protect against something like keyloggers but we don't actually have that implement because then then would should I OK how do you use these features and that becomes that becomes a whole bit more research right so 1 way to potentially do it is to have a essentially to have a kernel driver that's trusted so what you do is you create kernel drivers that have just now if you do that then an application was starts talking to a driver can actually authenticated so basically you have a few drivers that virtually that goes gives the same OK this is the driver for the keyboard this the driver of the screen so applications can basically get of the public he's from virtual ghost authenticated using the public even and talk to them over encrypted channel that's 1 that's 1 potential way that you can do it but I yes but not to the same train because you don't have your file systems and you don't have your networking subsystem no let other stuff on the and build as isolated virus and more importantly what I would like to do so so this is something that I've been thinking about it is I would like to keep these drivers and kernel space because I wanna have to I don't have the money and when after and the news this so and as an additional unit that's an additional challenge of new can we actually do that so I think the answer is yes so all over the world of programming language was used what we're also so so so so that so the thing is is that what you what you had was so in order to build a complete system in system you have to deal with issues such as how do you know you actually talking to the user through through all the bytes on how do you open you know when you when you rely upon another pieces offer how do you verify that doing what you wanted to do I think that the solutions to the army no proof code might be useful or just using public-private key encryption were applications are actually authenticate each other as opposed just trust each other like they today but yes it's an open problem it's not clear exactly how to solve them with the best way is to solve this year after year of years old so how do you guys all called are you in the so in their their their addressing completely different issues so icaps caps economy is doing and what jails are doing containers knowledge of is that they isolating user-space applications and the trust in the operating system kernel to implement this correctly so and it's a very valuable thing to do I should I use to build mandatory access controls to do this on you know probably about 15 17 years ago OK as long time anyway so there's a very good thing to do however it's trusting the operating system kernel and what I found when I worked for August systems group which you know made extensions to Solaris AIX but his mentor access controls that when attackers could attack applications they attack the operating system kernel and the operating system kernel is it's it violates all the security design that we know we're supposed to be doing its origins monolithic it's overly privileged you know and so what my research work has focused on is trying to address this challenge the fact that the optimality of kernels are not designed properly susceptible the buffer overflows the susceptible to Rockettes so forth and so on what can we do about it so so basically final problems is what it is I would say that on so I think that's it out if you have any other questions so please feel free to combine can with be thinking thank