DOCSLIB.ORG

Using Formal Methods to Enable More Secure Vehicles: DARPA's HACMS Program

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Using Formal Methods to Enable More Secure Vehicles: DARPA's HACMS Program Using Formal Methods to Enable More Secure Vehicles: DARPA's HACMS Program Kathleen Fisher Tufts University 16 April 2015 (Slides based on original DARPA HACMS slides) Pervasive Vulnerability to Cyber Attack SCADA Systems Medical Devices Vehicles Computer Peripherals Appliances Communication Devices 2 Modern Automobile: Many Remote Attack Vectors Mechanic Short-range wireless Long-range wireless © WiFi Alliance Source: Source: www.diytrade.com Source: CanOBD2 www.theunlockr.com © Bluetooth SIG, Inc. Source: www.custom-build- computers.com Source: American Car Company Source: christinayy.blogspot.com Source: www.wikipedia.org Source: www.zedomax.com Source: Koscher, K., et al. Entertainment “Experimental Security Analysis of a Modern Automobile” 3 Securing Cyber-Physical Systems: State of the Art Control Systems Cyber Systems • Air gaps & obscurity • Anti-virus scanning, intrusion detection systems, patching infrastructure Forget the myth of the air gap – the control system that is completely isolated is history. • This approach cannot solve the problem. -- Stefan Woronka, 2011 Siemens Director of Industrial Security Services • Not convergent with the threat • Focused on known vulnerabilities; can miss • Trying to adopt cyber approaches, but zero-day exploits technology is not a good fit: • Can introduce newUNCLASSIFIED vulnerabilities and • Resource constraints, real-time deadlines Additional security layers often create vulnerabilities… privilege escalation opportunities • Extreme cost pressures October 2010 Vulnerability Watchlist Vulnerability Title Fix Avail? Date Added • Patches may have to go through lengthy !"#$%&'()#(*&+,#-),**()&.)(/&0(-1,)2&3),-,4,*&!,4/*&3)"5"*(6(&784/*/9,#&:$*#()/;"*"-<& 0,& =>?@>?ABA& C(D&E/-&:FGH&H,D$*(&GG!&+,##(49,#&F(#"/*&,I&G()5"4(&:$*#()/;"*"-<& J(8& =>?K>?ABA& verification & validation processes 3E3&L";/8(M6(#M"DNOL&P$#49,#&,QR;<R,#(&S$Q()&T5()U,1&:$*#()/;"*"-<& 0,& =>?A>?ABA& V#-()#(-&7%W*,)()&=&L-,G-/94EXH!NOL&EXH!&G/#"9Y/9,#&S<W/88&Z(/2#(88& 0,& =>B=>?ABA& • Patches could require recalls H"4),8,[&Z"#D,18&'();(),8&L3/88&X\(&X"42(-L&C(W*/<&G(4$)"-<&S<W/88&:$*#()/;"*"-<&& 0,& =>B]>?ABA& +"84,&^#"_(D&Z")(*(88&0(-1,)2&N^Z0O&H$*9W*(&G(4$)"-<&:$*#()/;"*"9(8& J(8& =>B`>?ABA& +,aW$-()&.88,4"/-(8&T#(5"(1&H,#"-,)&LD,G/5(bc8WL&C(a,-(&+,D(&7%(4$9,#&:$*#()/;"*"-<& 0,& =>B`>?ABA& TW(#GG!&L88*dM6(-M2(<M(%4\/#6(NOL&^8(R.[()RP)((&H(a,)<&+,))$W9,#&:$*#()/;"*"-<& 0,& =>B?>?ABA& .D,;(&.4),;/-&/#D&C(/D()&P,#-&3/)8"#6&C(a,-(&+,D(&7%(4$9,#&:$*#()/;"*"-<& 0,& =>BA>?ABA& TW(#Te4(&VaW)(88&P"*(&H$*9W*(&S$Q()&T5()U,1&:$*#()/;"*"9(8& 0,& =>BA>?ABA& !"#$%&'()#(*&3.RCVG+&L*(Db4L&G-/42&S$Q()&T5()U,1&:$*#()/;"*"-<& 1/3 ofJ(8& the vulnerabilities=>Af>?ABA& :%Z,)28&F(;$66"#6&G()5"4(&G(4$)"-<RS<W/88&:$*#()/;"*"-<& are in0,& security=>A`>?ABA& software! :%Z,)28&H$*9W*(&G(4$)"-<&:$*#()/;"*"9(8& 0,& =>A@>?ABA& We need a fundamentally H"4),8,[&V#-()#(-&7%W*,)()&P)/a(&S,)D()&3),W()-<&S$Q()&T5()U,1&:$*#()/;"*"-<& 0,& ]>?f>?ABA& G<a/#-(4&.#95")$8&+,)W,)/-(&7Db&.*()-&H/#/6(a(#-&G()5"4(&C(a,-(&3)"5"*(6(&784/*/9,#&:$*#()/;"*"-<& 0,& ]>?=>?ABA& different approach H"4),8,[&T$-*,,2&Z(;&.44(88&I,)&7%4\/#6(&G()5()&?AAd&+),88&G"-(&C(g$(8-&&P,)6()<&:$*#()/;"*"-<& 0,& ]>?`>?ABA& H"4),8,[&F")(4-h&F")(4-3*/<&H$*9W*(&F(#"/*&TI&G()5"4(&:$*#()/;"*"9(8& 0,& ]>??>?ABA& DISTRIBUTION F - Further dissemination only as directed by DARPA Public Release Center or higher DoD authority 6 UNCLASSIFIED 4 SAT Solvers and Infrastructure Development: Critical Enablers for High Assurance Systems Results of the SAT competition/race winners on the SAT 2009 application benchmarks, 20mn timeout 1200 Interactive Theorem Provers Limmat 02 Zchaff 02 • seL4 microkernel Berkmin 561 02 Forklift 03 Siege 03 [9000 LoC:C, SOSP 09] 1000 Zchaff 04 SatELite 05 • compCert verifying C compiler Minisat 2.0 06 Picosat 07 Rsat 07 [6K LoC:ML, POPL 06] Minisat 2.1 08 800 Precosat 09 Glucose 09 Automatic Theorem Provers Clasp 09 Cryptominisat 10 Lingeling 10 • Verve OS Nucleus Minisat 2.2 10 [1.5K LoC:x86, PLDI 10] 600 • Baby Hypervisor CPU Time (in seconds) [1K LoC:C, VSTTE 10] 400 Model Checkers Picking 80 problem point, best time has dropped • Microsoft device drivers 200 from 1000 (2002) to 40 [30K LoC:C, PLDI 01, CACM 11] seconds (2010). 0 • ADGS-2100 Window Manager 0 20 40 60 80 100 120 140 160 180 Courtesy: Daniel Le Berre Number of problems solved [16K Simulink blocks, CACM 10] [A] significant part of the effort in existing projects was spent on the further development of verification tools, on formal models for low-level programming languages and paradigms, and on general proof libraries. The sharing of substantial parts of the verification tools between Verisoft and L4.verified demonstrates that there is a significant degree of re-usability... Future efforts will be able to build on these tools and reach far-ranging verification goals faster, better, and cheaper. Gerwin Klein, Formal OS Verification—An Overview. 5 HACMS: Clean-Slate Methods for High-Assurance Software Domain Specific Interactive Theorem Code Synthesis Languages (DSLs) Prover as PL High Assurance: Ensuring Correctness, Safety, Security 6 HACMS Program Structure 1. Vehicle Experts 2. Operating Systems 3. Control Systems 4. Research Integration 5. Red Team Boeing NICTA Galois RC*/U. Minn DRAPER*/AIS/ Pilot-able Unmanned Synthesize file systems, Embedded DSLs; Compositional U. Oxford Little Bird Helicopter device drivers, glue code; Synthesize and verify verification; Traditional Verified sel4 kernel; control system code Integrated workbench penetration Verified RTOS testing; novel formal methods SRI*/UIUC SRI* SRI* HRL*/GM approach American-Built EF-SMT solvers; Synthetic sensors; Lazy Composition; Automobile Synthesize monitors Synthesis for Evidential Tool Bus & and wrappers controllers of hybrid Kernel of Truth; systems Vehicle Integration Princeton*/Yale/ CMU*/Drexel/ MIT SpiralGen/UIUC Program Timeline: Build & verify in Coq Map high-level OS for vehicle control; spec into low-level • BAA Release: Feb 23, 2012 Verifying compiler for C code; Extend • Kick-Off: Aug 8-10, 2012 concurrent code; Spiral for hybrid • End of Phase 1: Jan 2014 Program logics systems • End of Phase 2: July 2015 © Boeing • End of Phase 3: Jan 2017 Kestrel* UPenn*/UCLA Synthesize protocols: Synthesize attack- refinement of high- resilient control Performers: • 8 Primes (*) level spec to low-level systems implementations • 22 Organizations Total Source: American Car Company Quadcopter: Initial Security Assessment Attacker could crash legitimate ground control station & hijack quadcopter in flight. Source: DIY Drones (Systems were designed to ensure connectivity, not security) The Evolving SMACCMCopter Architecture Phase 1 0 6 12 16 mo. FM Workbench System requirements AADL model of Verification of system requirements Rockwell HW & SW Collins / UMN AADL translation, generate glue code Generate executable NICTA NICTA RTOS Response to DoS Galois Embedded DSL (Ivory) Factored autopilot tasks Research Monolithic Ardupilot Software Stability Other Stability Other Monitor Vehicle Legacy Ardupilot Ardupilot HW Abstraction Layer Glue code HAL Glue code HAL Monolithic SW FreeRTOS FreeRTOS / eChronos NICTA eChronos No RTOS No security PX4: ARM Cortex M4 PX4: ARM Cortex M4 PX4: ARM Cortex M4 The SMACCMCopter: 18-Month Assessment • The SMACCMCopter flies: • Stability control, altitude hold, directional hold, and DOS detection and response. • GPS waypoint navigation 80% implemented. • Red Team: Found no security flaws in six weeks with full access to source code. • Air Team proved system-wide security properties: • The system is memory safe. • The system ignores malformed messages. • The system ignores non-authenticated messages. • All “good” messages received by SMACCMCopter radio will reach the motor controller. • Penetration Testing Expert: The SMACCMCopter is probably “the most secure UAV on the planet.” Open source: autopilot and tools available from http://smaccmpilot.org Source: DIY Drones Rockwell Collins (UMinn) – Technical Area 4 • Task Summary • Develop formal architecture model for SMACCMCopter and Boeing’s Unmanned Little Bird (ULB) • Develop compositional verification tool (AGREE) and architecture-based assurance case tool (Resolute) • Develop code synthesis tools to generate build code • Performance Summary • Generated software for Research Vehicle (~75KLOC), 60% high assurance. • Created AADL models of HW & SW architecture for SMACCMCopter (~3.6K LOC) and ULB • Extended AGREE tool for compositional reasoning and proved 10 properties about vehicle safety • Developed Resolute tool for capturing & evaluating assurance case arguments linked to AADL model • Developed assurance cases for 6 security requirements for information flow and memory safety • Developed synthesis tool to generate configuration data & glue code for OS/platform HW References • Your What is My How, IEEE Software (March 2013) • Resolute: An Assurance Case Language for Architecture Models, HILT (October 2014). 11 Galois – Technical Area 3 • Task Summary • Synthesize flight-control code, models, and properties from one specification • Generate safe low level-code in a scalable way by creating embedded domain-specific languages (Ivory and Tower) and using the host language (Haskell) as an expressive macro language. • Performance Summary • Created Ivory, an open-source EDSL for synthesizing safe low-level code. • No buffer overflows, no null pointer dereference, no memory leaks, safe system calls. • Created Tower, an open-source EDSL for describing tasks and the connections
Load more

Recommended publications
  • A Critical Review of Acquisitions Within the Australian Vocational Education and Training Sector 2012 to 2017 Kristina M. Nicho
    A Critical Review of Acquisitions within the Australian Vocational Education and Training Sector 2012 to 2017 Kristina M. Nicholls Victoria University Business School Submitted in fulfilment of requirements for the degree of Doctor of Business Administration 2020 Abstract A Critical Review of Acquisitions within the Vocational Education and Training Sector 2012 to 2017 Organisations often look to acquisitions as a means of achieving their growth strategy. However, notwithstanding the theoretical motivations for engaging in acquisitions, research has shown that the acquiring organisation, following the acquisition, frequently experiences a fall in share price and degraded operating performance. Given the failure rates that are conservatively estimated at over 50%, the issue of acquisitions is worthy of inquiry in order to determine what factors make for a successful or alternately an unsuccessful outcome. The focus of this study is the vocational education sector in Australia, where private registered training organisations [RTOs] adopted acquisitions as a strategy to increase their market share and/or support growth strategies prompted by deregulation and a multi-billion dollar training investment by both Australian State and Federal governments in the past ten years. Fuelled by these changes in Government policy, there was a dramatic growth in RTO acquisitions between the period 2012 and 2017. Many of these acquisitions ended in failure, including several RTOs that listed on the Australian Stock Exchange [ASX]. This study investigates acquisitions of Australian RTOs, focusing on the period from 2012 to 2017 [study period]. The aim is to understand what factors contributed to the success and/or failure of acquisitions of registered training organisations in the Australian Private Education Sector.
    [Show full text]
  • Total Cost of Ownership and Open Source Software
    What Place Does Open Source Software Have In Australian And New Zealand Schools’ and Jurisdictions’ ICT Portfolios? TOTAL COST OF OWNERSHIP AND OPEN SOURCE SOFTWARE Research paper by Kathryn Moyle Department of Education and Children’s Services South Australia July 2004 1 Contents Contents 2 List of tables and diagrams 3 Abbreviations 4 Acknowledgements 5 Executive summary 6 Options for future actions 7 Introduction 9 Key questions 9 Open source software and standards 9 Comparison of open source and proprietary software licences 11 Building on recent work 12 Contexts 14 Use of ICT in schools 14 Current use of open source software in Australia and New Zealand 14 Procurement and deployment of ICT 15 Department of Education and Children’s Services, South Australia 16 What is total cost of ownership? 17 Purpose of undertaking a total cost of ownership analysis 17 Why undertake total cost of ownership work? 17 How can total cost of ownership analyses help schools, regions and central agencies plan? 17 Total cost of ownership analyses should not be undertaken in isolation 18 Total cost of ownership and open source software 18 Review of literature 19 Open source software in government schools 19 Total cost of ownership 20 Total cost of ownership in schools 21 Total cost of ownership, open source software and schools 23 Summary 25 Undertaking a financial analysis 26 Principles underpinning a total cost of ownership 26 Processes 27 Testing a financial model: Total Cost of Ownership in a school 33 Scenario 33 Future plans 40 ICT deployment options
    [Show full text]
  • Page 14 Street, Hudson, 715-386-8409 (3/16W)
    JOURNAL OF THE AMERICAN THEATRE ORGAN SOCIETY NOVEMBER | DECEMBER 2010 ATOS NovDec 52-6 H.indd 1 10/14/10 7:08 PM ANNOUNCING A NEW DVD TEACHING TOOL Do you sit at a theatre organ confused by the stoprail? Do you know it’s better to leave the 8' Tibia OUT of the left hand? Stumped by how to add more to your intros and endings? John Ferguson and Friends The Art of Playing Theatre Organ Learn about arranging, registration, intros and endings. From the simple basics all the way to the Circle of 5ths. Artist instructors — Allen Organ artists Jonas Nordwall, Lyn Order now and recieve Larsen, Jelani Eddington and special guest Simon Gledhill. a special bonus DVD! Allen artist Walt Strony will produce a special DVD lesson based on YOUR questions and topics! (Strony DVD ships separately in 2011.) Jonas Nordwall Lyn Larsen Jelani Eddington Simon Gledhill Recorded at Octave Hall at the Allen Organ headquarters in Macungie, Pennsylvania on the 4-manual STR-4 theatre organ and the 3-manual LL324Q theatre organ. More than 5-1/2 hours of valuable information — a value of over $300. These are lessons you can play over and over again to enhance your ability to play the theatre organ. It’s just like having these five great artists teaching right in your living room! Four-DVD package plus a bonus DVD from five of the world’s greatest players! Yours for just $149 plus $7 shipping. Order now using the insert or Marketplace order form in this issue. Order by December 7th to receive in time for Christmas! ATOS NovDec 52-6 H.indd 2 10/14/10 7:08 PM THEATRE ORGAN NOVEMBER | DECEMBER 2010 Volume 52 | Number 6 Macy’s Grand Court organ FEATURES DEPARTMENTS My First Convention: 4 Vox Humana Trevor Dodd 12 4 Ciphers Amateur Theatre 13 Organist Winner 5 President’s Message ATOS Summer 6 Directors’ Corner Youth Camp 14 7 Vox Pops London’s Musical 8 News & Notes Museum On the Cover: The former Lowell 20 Ayars Wurlitzer, now in Greek Hall, 10 Professional Perspectives Macy’s Center City, Philadelphia.
    [Show full text]
  • The Dark Side of the Attack on Colonial Pipeline
    “Public GitHub is 54 often a blind spot in the security team’s perimeter” Jérémy Thomas Co-founder and CEO GitGuardian Volume 5 | Issue 06 | June 2021 Traceable enables security to manage their application and API risks given the continuous pace of change and modern threats to applications. Know your application DNA Download the practical guide to API Security Learn how to secure your API's. This practical guide shares best practices and insights into API security. Scan or visit Traceable.ai/CISOMag EDITOR’S NOTE DIGITAL FORENSICS EDUCATION MUST KEEP UP WITH EMERGING TECHNOLOGIES “There is nothing like first-hand evidence.” Brian Pereira - Sherlock Holmes Volume 5 | Issue 06 Editor-in-Chief June 2021 f the brilliant detective Sherlock Holmes and his dependable and trustworthy assistant Dr. Watson were alive and practicing today, they would have to contend with crime in the digital world. They would be up against cybercriminals President & CEO Iworking across borders who use sophisticated obfuscation and stealth techniques. That would make their endeavor to Jay Bavisi collect artefacts and first-hand evidence so much more difficult! As personal computers became popular in the 1980s, criminals started using PCs for crime. Records of their nefarious Editorial Management activities were stored on hard disks and floppy disks. Tech-savvy criminals used computers to perform forgery, money Editor-in-Chief Senior Vice President laundering, or data theft. Computer Forensics Science emerged as a practice to investigate and extract evidence from Brian Pereira* Karan Henrik personal computers and associated media like floppy disk, hard disk, and CD-ROM. This digital evidence could be used [email protected] [email protected] in court to support cases.
    [Show full text]
  • Operating System Security – a Short Note
    Operating System Security – A Short Note 1,2Mr. Kunal Abhishek, 2Dr. E. George Dharma Prakash Raj 1Society for Electronic Transactions and Security (SETS), Chennai 2Bharathidasan University, Trichy [email protected], [email protected] 1. Introduction An Operating System (OS) is viewed as a Reference Monitor (RM) or a Reference Validation Mechanism (RVM) that provides basic level security. In [1], Anderson reported three design requirements for a Reference Monitor or Operating System. He suggested that an OS or RM should be tamper proof that means OS programs are not alterable, OS should always be invoked and OS must be small enough for analysis and testing purposes so that completeness of which can be assured. These OS design requirements became the deriving principle of OS development. A wide range of operating systems follow Anderson’s design principles in modern time. It was also observed in [2] that most of the attacks are imposed either on OS itself or on the programs running on the OS. The attacks on OS can be mitigated through formal verification to a great extent which prove the properties of OS code on various criteria like safeness, reliability, validity and completeness etc. Also, formal verification of OS is an intricate task which is feasible only when RVM or RM is small enough for analysis and testing within a reasonable time frame. Other way of attacking an OS is to attack the programs like device drivers running on top of it and subsequently inject malware through these programs interfacing with the OS. Thus, a malware can be injected in to the sensitive kernel code to make OS malfunction.
    [Show full text]
  • November 1981
    ... - ~.~ AMERICAN VIOLA SOCIETY American Chapter of the INTERNATIONALE VIOLA FORSCHUNGSGESELLSCHAFr November NKtNSLETTEFt 21 19t5l A MESSAGE -.FftOK OUR- NEW- PRESIDENT-_.-_-- A Tribute to Myron ftoaenblulD I want to thank the members of the American Viola Society for trle honor you have beatowed on me in the recent electiona. I am indeed grateful, but alac awed by the responsibility of being the prei1dent of the American Viola Society. It wll1~be very difficult to fill the ahoes of Myron Roaenblum, the founder of our Society. Durin! hi. tenure as prealdemt, the society member­ ah1p has grown to over 38' memberlil. For many yearl, Myron was the preslden.t, secretary, treasurer, and edltorof the Newsletter of our organization. In addition, his home was stored with booka, music, and recordinga w·hich were ma.de available to members of the Society at reduced ratel. Mra. Pto8enblum ahould a1ao receive due credit for a811atanoe and interest in this project, which did not include any monetary profit. The New.letter, which Myron hal ed1ted, hag been a. source of information 1n all ares.& perralnin~ to the viola. ",:tTe all regret that this will be the la&t Newiletter written by Myron. He will continue, however, to contribute articles and act a8 .n advlaer for future issues. The recently ratified iy-La.wl of the American Viola Society provide that the immediate Past-Prealdent will contluue to serve aa an officer. Thil 1. indeed fortunate for the new president. I aha.II rely on Myren for advice and aaalatance during the next two yeara, whenever new problema confront the Society.
    [Show full text]
  • Advanced Development of Certified OS Kernels Prof
    Advanced Development of Certified OS Kernels Zhong Shao (PI) and Bryan Ford (Co-PI) Department of Computer Science Yale University P.O.Box 208285 New Haven, CT 06520-8285, USA {zhong.shao,bryan.ford}yale.edu July 15, 2010 1 Innovative Claims Operating System (OS) kernels form the bedrock of all system software—they can have the greatest impact on the resilience, extensibility, and security of today’s computing hosts. A single kernel bug can easily wreck the entire system’s integrity and protection. We propose to apply new advances in certified software [86] to the development of a novel OS kernel. Our certified kernel will offer safe and application-specific extensibility [8], provable security properties with information flow control, and accountability and recovery from hardware or application failures. Our certified kernel builds on proof-carrying code concepts [74], where a binary executable includes a rigorous machine-checkable proof that the software is free of bugs with respect to spe- cific requirements. Unlike traditional verification systems, our certified software approach uses an expressive general-purpose meta-logic and machine-checkable proofs to support modular reason- ing about sophisticated invariants. The rich meta-logic enables us to verify all kinds of low-level assembly and C code [10,28,31,44,68,77,98] and to establish dependability claims ranging from simple safety properties to advanced security, correctness, and liveness properties. We advocate a modular certification framework for kernel components, which mirrors and enhances the modularity of the kernel itself. Using this framework, we aim to create not just a “one-off” lump of verified kernel code, but a statically and dynamically extensible kernel that can be incrementally built and extended with individual certified modules, each of which will provably preserve the kernel’s overall safety and security properties.
    [Show full text]
  • And Big Companies
    The Pmarca Blog Archives (select posts from 2007-2009) Marc Andreessen copyright: Andreessen Horowitz cover design: Jessica Hagy produced using: Pressbooks Contents THE PMARCA GUIDE TO STARTUPS Part 1: Why not to do a startup 2 Part 2: When the VCs say "no" 10 Part 3: "But I don't know any VCs!" 18 Part 4: The only thing that matters 25 Part 5: The Moby Dick theory of big companies 33 Part 6: How much funding is too little? Too much? 41 Part 7: Why a startup's initial business plan doesn't 49 matter that much THE PMARCA GUIDE TO HIRING Part 8: Hiring, managing, promoting, and Dring 54 executives Part 9: How to hire a professional CEO 68 How to hire the best people you've ever worked 69 with THE PMARCA GUIDE TO BIG COMPANIES Part 1: Turnaround! 82 Part 2: Retaining great people 86 THE PMARCA GUIDE TO CAREER, PRODUCTIVITY, AND SOME OTHER THINGS Introduction 97 Part 1: Opportunity 99 Part 2: Skills and education 107 Part 3: Where to go and why 120 The Pmarca Guide to Personal Productivity 127 PSYCHOLOGY AND ENTREPRENEURSHIP The Psychology of Entrepreneurial Misjudgment: 142 Biases 1-6 Age and the Entrepreneur: Some data 154 Luck and the entrepreneur: The four kinds of luck 162 Serial Entrepreneurs 168 THE BACK PAGES Top 10 science Dction novelists of the '00s ... so far 173 (June 2007) Bubbles on the brain (October 2009) 180 OK, you're right, it IS a bubble (October 2009) 186 The Pmarca Guide to Startups Part 1: Why not to do a startup In this series of posts I will walk through some of my accumu- lated knowledge and experience in building high-tech startups.
    [Show full text]
  • A Survey of Security Research for Operating Systems∗
    A Survey of Security Research for Operating Systems∗ Masaki HASHIMOTOy Abstract In recent years, information systems have become the social infrastructure, so that their security must be improved urgently. In this paper, the results of the sur- vey of virtualization technologies, operating system verification technologies, and access control technologies are introduced, in association with the design require- ments of the reference monitor introduced in the Anderson report. Furthermore, the prospects and challenges for each of technologies are shown. 1 Introduction In recent years, information systems have become the social infrastructure, so that improving their security has been an important issue to the public. Besides each of security incidents has much more impact on our social life than before, the number of security incident is increasing every year because of the complexity of information systems for their wide application and the explosive growth of the number of nodes connected to the Internet. Since it is necessary for enhancing information security to take drastic measures con- cerning technologies, managements, legislations, and ethics, large numbers of researches are conducted throughout the world. Especially focusing on technologies, a wide variety of researches is carried out for cryptography, intrusion detection, authentication, foren- sics, and so forth, on the assumption that their working basis is safe and sound. The basis is what is called an operating system in brief and various security enhancements running on it are completely useless if it is vulnerable and unsafe. Additionally, if the operating system is safe, it is an urgent issue what type of security enhancements should be provided from it to upper layers.
    [Show full text]
  • June 28, 2019, NIH Record, Vol. LXXI, No. 13
    June 28, 2019 Vol . LXXI, No . 13 of the Center for Genomic Medicine at Massachusetts General Hospital, director of the Cardiovascular Disease Initiative at the Broad Institute and professor of ‘SMOOTHIE, NOT FRUIT SALAD’ medicine at Harvard Medical School—at Role of Genes, Lifestyle least until he gives all these up to become CEO of a company called Verve in mid-July— Explored in Heart Attack described new avenues of preventing BY RICH MCMANUS coronary artery disease, the leading global What if you knew you could spare yourself cause of mortality. and your loved ones the devastation of heart It has long been known that heart attacks attack—especially while you are still young— run in families and that the younger the by paying attention to data you could have victim is, the more likely he or she drew discovered at birth? an unfortunate inheritance. There are Owing largely to the massive amounts three main paths to one’s genetic risk of of data from large-scale genome-wide myocardial infarction (MI), said Kathiresan: association studies funded by NIH and new the monogenic model (4 genes stand out, population-based biorepositories such as especially FH, among a survey of many Dr . Sekar Kathiresan the UK Biobank, scientists can now tease thousands, as conferring a 2- to 5-fold risk of out the respective contributions of genetic MI); the polygenic model (common variant predisposition and environmental exposure In a Wednesday Afternoon Lecture on association studies have linked some 95 to the development of diseases, including May 22 titled “Genes, lifestyle and risk for genetic loci to coronary risk.
    [Show full text]
  • Part II: Company Profiles
    Leading in Local | From National to Local: Mobile Advertising Zeros In| Part II, Company Profiles Leading in Local From National to Local: Mobile Advertising Zeros In Part II: Company Profiles February 2013 © Copyright February 2013, All Rights Reserved, BIA/Kelsey Copyright © BIA/Kelsey 2013 i Leading in Local | From National to Local: Mobile Advertising Zeros In| Part II, Company Profiles Contents Summary .......................................................................................................................... 1 Duda Mobile ...................................................................................................................... 2 Facebook .......................................................................................................................... 3 Google .............................................................................................................................. 4 Marchex ............................................................................................................................ 5 Millennial Media ................................................................................................................. 6 Telenav ............................................................................................................................. 7 Telmetrics ......................................................................................................................... 8 Verve Mobile.....................................................................................................................
    [Show full text]
  • Memory-Safe Network Services Through a Userspace Networking Switch
    Technische Universität Berlin, Germany Korea Advanced Institute of Science and Faculty IV – Electrical Engineering and Technology (KAIST), South Korea Computer Science, Department of School of Computing Telecommunication Systems Advanced Networking Lab Internet Network Architectures (FG INET) Master Thesis Memory-safe Network Services Through A Userspace Networking Switch Kai Lüke [email protected] Dual-Degree Master Computer Science Supervisors: Prof. Anja Feldmann (TU Berlin) Prof. Sue Moon (KAIST) January 11, 2019 Erklärung der Urheberscha Hiermit erkläre ich, dass ich die vorliegende Arbeit selbstständig und eigenhändig sowie ohne uner- laubte fremde Hilfe und ausschließlich unter Verwendung der aufgeührten Quellen und Hilfsmittel angefertigt habe. Berlin 11. Januar 2019 Unterschrift I hereby declare that the thesis submitted is my own, unaided work, completed without any unper- mitted external help. Only the sources and resources listed were used. Berlin January 11, 2019 Signature Abstract A network service needs to be resilient against malicious input from the Internet. Specially programs wrien in C are prone to memory corruption bugs which are the basis for remote code execution at- tacks. Memory-safe languages solve this problem for application code running in userspace. The TCP/IP network stack however runs in the operating system kernel, which is wrien in C and vulnerable to mem- ory corruption. Therefore, this work explored moving the TCP/IP stack into the memory-safe userspace process while providing a compatible API. The process should share an IP address with the kernel and integrate with the kernel’s loopback interface. This solution keeps the benefits of a full-featured OS and does not impose different IPs per process or changes in the application logic.
    [Show full text]