HWMAC: Hardware-Enforced Fined-Grained Policy-Driven Security
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Operating Systems and Virtualisation Security Knowledge Area (Draft for Comment)
OPERATING SYSTEMS AND VIRTUALISATION SECURITY KNOWLEDGE AREA (DRAFT FOR COMMENT) AUTHOR: Herbert Bos – Vrije Universiteit Amsterdam EDITOR: Andrew Martin – Oxford University REVIEWERS: Chris Dalton – Hewlett Packard David Lie – University of Toronto Gernot Heiser – University of New South Wales Mathias Payer – École Polytechnique Fédérale de Lausanne © Crown Copyright, The National Cyber Security Centre 2019. Following wide community consultation with both academia and industry, 19 Knowledge Areas (KAs) have been identified to form the scope of the CyBOK (see diagram below). The Scope document provides an overview of these top-level KAs and the sub-topics that should be covered under each and can be found on the project website: https://www.cybok.org/. We are seeking comments within the scope of the individual KA; readers should note that important related subjects such as risk or human factors have their own knowledge areas. It should be noted that a fully-collated CyBOK document which includes issue 1.0 of all 19 Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas. Operating Systems and Virtualisation Security Herbert Bos Vrije Universiteit Amsterdam April 2019 INTRODUCTION In this knowledge area, we introduce the principles, primitives and practices for ensuring security at the operating system and hypervisor levels. We shall see that the challenges related to operating system security have evolved over the past few decades, even if the principles have stayed mostly the same. For instance, when few people had their own computers and most computing was done on multiuser (often mainframe-based) computer systems with limited connectivity, security was mostly focused on isolating users or classes of users from each other1. -
CHERI Instruction-Set Architecture
UCAM-CL-TR-876 Technical Report ISSN 1476-2986 Number 876 Computer Laboratory Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son September 2015 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2015 Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, SRI International Approved for public release; distribution is unlimited. Sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (“CTSRD”) and FA8750-11-C-0249 (“MRC2”) as part of the DARPA CRASH and DARPA MRC research programs. The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. Additional support was received from St John’s College Cambridge, the SOAAP Google Focused Research Award, the RCUK’s Horizon Digital Economy Research Hub Grant (EP/G065802/1), the EPSRC REMS Programme Grant (EP/K008528/1), the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), and Thales E-Security. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Abstract This technical report describes CHERI ISAv4, the fourth version of the Capability Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA)1 being developed by SRI International and the University of Cambridge. -
A VLSI Architecture for Enhancing Software Reliability Kanad Ghose Iowa State University
Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations 1988 A VLSI architecture for enhancing software reliability Kanad Ghose Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/rtd Part of the Computer Sciences Commons Recommended Citation Ghose, Kanad, "A VLSI architecture for enhancing software reliability " (1988). Retrospective Theses and Dissertations. 9345. https://lib.dr.iastate.edu/rtd/9345 This Dissertation is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. INFORMATION TO USERS The most advanced technology has been used to photo graph and reproduce this manuscript from the microfilm master. UMI films the original text directly from the copy submitted. Thus, some dissertation copies are in typewriter face, while others may be from a computer printer. In the unlikely event that the author did not send UMI a complete manuscript and there are missing pages, these will be noted. Also, if unauthorized copyrighted material had to be removed, a note will indicate the deletion. Oversize materials (e.g., maps, drawings, charts) are re produced by sectioning the original, beginning at the upper left-hand comer and continuing from left to right in equal sections with small overlaps. Each oversize page is available as one exposure on a standard 35 mm slide or as a 17" x 23" black and white photographic print for an additional charge. -
Privacy Engineering for Social Networks
UCAM-CL-TR-825 Technical Report ISSN 1476-2986 Number 825 Computer Laboratory Privacy engineering for social networks Jonathan Anderson December 2012 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2012 Jonathan Anderson This technical report is based on a dissertation submitted July 2012 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Trinity College. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Privacy engineering for social networks Jonathan Anderson In this dissertation, I enumerate several privacy problems in online social net- works (OSNs) and describe a system called Footlights that addresses them. Foot- lights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of today’s centralised OSNs, but it does not trust centralised infrastructure to en- force security properties. Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users’ interactions with OSNs, providing real control over online sharing. I also demonstrate that today’s OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks. Footlights’ storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year. -
Operating Systems & Virtualisation Security Knowledge Area
Operating Systems & Virtualisation Security Knowledge Area Issue 1.0 Herbert Bos Vrije Universiteit Amsterdam EDITOR Andrew Martin Oxford University REVIEWERS Chris Dalton Hewlett Packard David Lie University of Toronto Gernot Heiser University of New South Wales Mathias Payer École Polytechnique Fédérale de Lausanne The Cyber Security Body Of Knowledge www.cybok.org COPYRIGHT © Crown Copyright, The National Cyber Security Centre 2019. This information is licensed under the Open Government Licence v3.0. To view this licence, visit: http://www.nationalarchives.gov.uk/doc/open-government-licence/ When you use this information under the Open Government Licence, you should include the following attribution: CyBOK © Crown Copyright, The National Cyber Security Centre 2018, li- censed under the Open Government Licence: http://www.nationalarchives.gov.uk/doc/open- government-licence/. The CyBOK project would like to understand how the CyBOK is being used and its uptake. The project would like organisations using, or intending to use, CyBOK for the purposes of education, training, course development, professional development etc. to contact it at con- [email protected] to let the project know how they are using CyBOK. Issue 1.0 is a stable public release of the Operating Systems & Virtualisation Security Knowl- edge Area. However, it should be noted that a fully-collated CyBOK document which includes all of the Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas KA Operating Systems & Virtualisation Security j October 2019 Page 1 The Cyber Security Body Of Knowledge www.cybok.org INTRODUCTION In this Knowledge Area, we introduce the principles, primitives and practices for ensuring se- curity at the operating system and hypervisor levels. -
The Protection of Information in Computer Systems
The Protection of Information in Computer Systems JEROME H. SALTZER, SENIOR MEMBER, IEEE, AND MICHAEL D. SCHROEDER, MEMBER, IEEE Invited Paper Abstract - This tutorial paper explores the mechanics of Confinement protecting computer-stored information from unauthorized Allowing a borrowed program to have access to data, use or modification. It concentrates on those architectural while ensuring that the program cannot release the structures--whether hardware or software--that are information. necessary to support information protection. The paper Descriptor develops in three main sections. Section I describes A protected value which is (or leads to) the physical desired functions, design principles, and examples of address of some protected object. elementary protection and authentication mechanisms. Any Discretionary reader familiar with computers should find the first section (In contrast with nondiscretionary.) Controls on access to be reasonably accessible. Section II requires some to an object that may be changed by the creator of the familiarity with descriptor-based computer architecture. It object. examines in depth the principles of modern protection Domain architectures and the relation between capability systems The set of objects that currently may be directly and access control list systems, and ends with a brief accessed by a principal. analysis of protected subsystems and protected objects. Encipherment The reader who is dismayed by either the prerequisites or The (usually) reversible scrambling of data according the level of detail in the second section may wish to skip to to a secret transformation key, so as to make it safe for Section III, which reviews the state of the art and current transmission or storage in a physically unprotected research projects and provides suggestions for further environment. -
TCD-SCSS-T.20121208.032.Pdf
AccessionIndex: TCD-SCSS-T.20121208.032 Accession Date: 8-Dec-2012 Accession By: Prof.J.G.Byrne Object name: Burroughs 1714 Vintage: c.1972 Synopsis: Commercial zero-instruction-set computer used by the Dept.Computer Science from 1973-1979. Just two prototyping boards survive. Description: The Burroughs 1714 was one of their B1700 family, introduced in 1972 to compete with IBM's System/3. The original research for the B1700 series, initially codenamed the Proper Language Processor or Program Language Processor (PLP) was done at the Burroughs Pasadena plant. The family were known as the Burroughs Small Systems, as distinct from the Burroughs Medium Systems (B2000, etc) and the Burroughs Large Systems (B5000, etc). All the Burroughs machines had high-level language architectures. The large were ALGOL machines, the medium COBOL machines, but the small were universal machines. The principal designer of the B1700 family was Wayne T. Wilner. He designed the architecture as a zero-instruction-set computer, an attempt to bridge the inefficient semantic gap between the ideal solution to a particular programming problem and the real physical hardware. The B1700 architecture executed idealized virtual machines for any language from virtual memory. It achieved this feat by microprogramming, see the microinstruction set further below. The Burroughs MCP (Master Control Program) would schedule a particular job to run, then preload the interpreter for whatever language was required into a writeable control store, allowing the machine to emulate the desired virtual machine. The hardware was optimised for this. It had bit-addressable memory, a variable-width ALU, could OR in data from a register into the instruction register (for very efficient instruction parsing), and the output of the ALU was directly addressable as X+Y or X-Y read-only registers. -
Object Capabilities and Isolation of Untrusted Web Applications
Object Capabilities and Isolation of Untrusted Web Applications Sergio Maffeis John C. Mitchell Ankur Taly Imperial College London Stanford University Stanford University [email protected] [email protected] [email protected] Abstract—A growing number of current web sites combine Intel iAPX423, the Amoeba operating system, and others active content (applications) from untrusted sources, as in (see [10], [11]). The main idea is that code possessing a so-called mashups. The object-capability model provides an capability, such as an unforgeable reference to a file or appealing approach for isolating untrusted content: if separate applications are provided disjoint capabilities, a sound object- system object, is allowed to access the resource by virtue of capability framework should prevent untrusted applications possessing the capability. If a system is capability safe, and from interfering with each other, without preventing interaction a process possesses only the capabilities that it is explicitly with the user or the hosting page. In developing language-based given, then isolation between two untrusted processes may foundations for isolation proofs based on object-capability con- be achieved granting them non-overlapping capabilities. cepts, we identify a more general notion of authority safety that also implies resource isolation. After proving that capability An attractive adaptation to programming language con- safety implies authority safety, we show the applicability of texts is the object-capability model [12], [13], which replaces our framework for a specific class of mashups. In addition the traditional subject-object dichotomy with programming to proving that a JavaScript subset based on Google Caja language objects that are both subjects that initiate access is capability safe, we prove that a more expressive subset of and objects (targets) of regulated actions. -
1. Types of Computers Contents
1. Types of Computers Contents 1 Classes of computers 1 1.1 Classes by size ............................................. 1 1.1.1 Microcomputers (personal computers) ............................ 1 1.1.2 Minicomputers (midrange computers) ............................ 1 1.1.3 Mainframe computers ..................................... 1 1.1.4 Supercomputers ........................................ 1 1.2 Classes by function .......................................... 2 1.2.1 Servers ............................................ 2 1.2.2 Workstations ......................................... 2 1.2.3 Information appliances .................................... 2 1.2.4 Embedded computers ..................................... 2 1.3 See also ................................................ 2 1.4 References .............................................. 2 1.5 External links ............................................. 2 2 List of computer size categories 3 2.1 Supercomputers ............................................ 3 2.2 Mainframe computers ........................................ 3 2.3 Minicomputers ............................................ 3 2.4 Microcomputers ........................................... 3 2.5 Mobile computers ........................................... 3 2.6 Others ................................................. 4 2.7 Distinctive marks ........................................... 4 2.8 Categories ............................................... 4 2.9 See also ................................................ 4 2.10 References -
Great Principles of Computing
Great Principles of Computing Great Principles of Computing Peter J. Denning and Craig H. Martell The MIT Press Cambridge, Massachusetts London, England © 2015 Massachusetts Institute of Technology All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher. MIT Press books may be purchased at special quantity discounts for business or sales promotional use. For information, please email [email protected]. This book was set in Stone Sans Std and Stone Serif Std by Toppan Best-set Premedia Limited, Hong Kong. Printed and bound in the United States of America. Library of Congress Cataloging-in-Publication Data Denning, Peter J., 1942 – Great principles of computing / Peter J. Denning and Craig H. Martell. pages cm Includes bibliographical references and index. ISBN 978-0-262-52712-5 (pbk. : alk. paper) 1. Computer science. I. Martell, Craig H., 1965– II. Title. QA76.D3483 2015 004 — dc23 2014022598 10 9 8 7 6 5 4 3 2 1 To Dorothy, Anne, and Diana To Chaliya and Katie Contents Foreword by Vint Cerf ix Preface xiii 1 Computing 1 2 Domains 19 3 Information 35 4 Machines 59 5 Programming 83 6 Computation 99 7 Memory 123 8 Parallelism 149 9 Queueing 171 10 Design 195 11 Networking 219 12 Afterword 241 Summary of This Book 249 Notes 257 References 271 Index 287 Foreword Peter Denning and Craig Martell have taken on a monumental topic: iden- tifying and elucidating principles that shape and inform the process of coercing computers to do what we want them to do and struggling with the difference between what they actually do (that is, what we told them) and what we want them to do. -
Capability-Based Computer Systems Capability-Based Computer Systems
Capability-Based Computer Systems Capability-Based Computer Systems Henry M. Levy BBmoBc1” DIGITAL PRESS Copyright 0 1984 Digital Equipment Corporation All rights reserved. Reproduction of this book, in part or in whole, is strictly prohibited. For copy information contact: Digital Press, 12 Crosby Dr., Bedford, Mass. 01730 Printed in the United States of America 10987654321 Documentation Number: EY-00025-DP ISBN: O-932376-22-3 Library of CongressCataloging in Publication Data Levy, Henry M., 1952- Capability-based computer systems. Bibliography: p. 205 Includes index. 1. Computer architecture. 2. Operating systems (Com- puters) 3. System design. I. Title. QA76.9.A73L48 1983 621.3819’58 83-21029 ISBN O-932376-22-3 Trademarks Bell Laboratories: UNIX. Burroughs Corporation: B5000. Cam- bridge University: CAP. Control Data Corporation: CDC 6400, SCOPE. Digital Equipment Corporation: DEC, LSI-11, PDP-1, PDP-11, TOPS-20. Hewlett-Packard Company: HP 3000. Intel Cor- poration: iAPX 432, iMAX, Intel 8086. IBM: CPF, IBM 370, IBM Systemi38, SWARD. International Computers Ltd.: Basic Language Machine. Plessey Telecommunications Ltd. Plessey System 250. Xerox Corporation: Smalltalk. In Memory of Manny and Sonia Preface The purpose of this book is to provide a single source of infor- mation about capability-based computer systems. Although capability systems have existed for nearly two decades, only recently have they appeared in architecture and operating sys- tem textbooks. Much has been written about capability sys- tems in the technical literature, but finding this information is often difficult. This book is an introduction, a survey, a history, and an evaluation of capability- and object-based computer systems. -
M. Craig Weaver Society for Worldwide Interbank Financial
M. Craig Weaver 106 Lakewood Drive Coatesville, PA 19320 (484) 712-0479 [email protected] S UMMARY Software Engineering professional with extensive experience in the design and development of system networking software and layered network architectures. A team-oriented communicator with the ability to solve complex problems using strong analytical skills. Effectively analyzed, designed and developed global networking software products on platforms ranging from micro, server, and mid-range to mainframe computers. Core strengths: • Software design, specification, and programming • Team Management • Software Quality Assurance Testing • Network troubleshooting and problem solution • Software problem analysis and solution • Burroughs Network Architecture expert • Complex protocol design and implementation • Networking and layered network architectures T E C H N I C A L S KILLS LANGUAGES JavaScript, C++, C, ALGOL, FORTRAN, HTML, Intel Assembler, Pascal, and others. PLATFORMS UNIX Systems; Microsoft Windows based systems (WINNT/WIN2000/WINXP); Unisys A-Series; Unisys V-Series; Unisys Clearpath; Unisys ES7000; Burroughs Large Systems; Burroughs Medium systems; Intel Processor based communications processor cards; Burroughs CP9500/B900. P ROFESSIONAL E XPERIENCE Society for Worldwide Interbank Financial Telecommunication (SWIFT) 2008 – 2014 International Member Owned Banking Cooperative Manassas, Virginia SENIO R SOFTWARE ENG INEER – CONTRACT FIN Renewal Project – Moving the SWIFT financial application software from Unisys machines (ALGOL) to HP UNIX machines (C++) • Tested ALTOS conversion tool. Created test cases from canonical ALGOL forms, converting them using ALTOS, then comparing the ALGOL and C++ test results. Diagnosed discrepancies and either designed solutions or required changes to the tool. • Converted Unisys ALGOL into UNIX C++ code. Tested, debugged and maintained the converted C++ code.