DOCSLIB.ORG

Disk Encryption in Redox OS

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Disk Encryption in Redox OS Masaryk University Faculty of Informatics Disk Encryption in Redox OS Master’s Thesis Tomáš Ritter Brno, Fall 2019 Masaryk University Faculty of Informatics Disk Encryption in Redox OS Master’s Thesis Tomáš Ritter Brno, Fall 2019 This is where a copy of the official signed thesis assignment and a copy ofthe Statement of an Author is located in the printed version of the document. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Tomáš Ritter Advisor: RNDr. Petr Ročkai, Ph.D. i Acknowledgements I would like to thank Petr for his guidance during the process of writing of this thesis. I would also like to thank my parents for supporting me throughout my studies and not giving up on me, even though it took 6 and a half years. ii Abstract Rust is a fairly new programming language that is focused on mem- ory safety while still achieving high performance. Many open-source projects are using it, among those an operating system called Redox. The goal of this thesis is to study the architecture of the Redox operat- ing system, with the focus being on the filesystem, and implement a block-layer encryption that will work alongside it. This should result in a contribution to the Redox operating system and possibly other libraries. iii Keywords rust, redox, disk encryption ... iv Contents 1 Introduction 1 1.1 Rust Programming Language ................2 1.2 Organization of the thesis ...................5 2 Redox OS 6 2.1 Why write an operating system in Rust ...........6 2.2 URLs, Schemes and Resources ................6 2.3 Microkernel ..........................8 2.4 Filesystem ...........................9 3 Disk Encryption 11 3.1 Keys in encryption ...................... 11 3.1.1 Salt and key derivation function . 11 3.1.2 Key management . 12 3.2 Filesystem and block device encryption ............ 14 3.2.1 Stacked filesystem encryption . 15 3.2.2 Block device encryption . 15 3.2.3 Comparison . 15 3.3 Stream and block ciphers ................... 16 3.4 Block cipher modes of operation ................ 17 3.4.1 Electronic Code Book - ECB . 17 3.4.2 Cipher Block Chaining - CBC . 18 3.4.3 XEX-based tweaked-codebook mode with ci- phertext stealing – XTS . 19 3.5 Initialization vector ...................... 22 4 High-Level Design 24 5 Implementation 27 5.1 First iteration ......................... 27 5.1.1 Cipher trait . 27 5.1.2 The typenum and generic_array crates . 28 5.1.3 Crates which implement block cipher and block cipher modes of operation . 29 5.1.4 Initialization vector generation . 31 5.1.5 Putting all the parts together . 31 v 5.2 Second iteration ........................ 33 5.2.1 Volume metadata . 33 5.2.2 Creating the filesystem . 34 5.2.3 Mounting the disk . 36 5.3 XTS addition ......................... 37 5.4 Replacement of dynamic dispatch ............... 38 5.4.1 Enumerated types in Rust . 38 5.4.2 Using crate enum_dispatch ............ 40 5.5 Testing ............................. 41 6 Conclusions 43 Bibliography 44 Index 46 A Electronic attachment 46 vi List of Figures 2.1 Difference between the monolithic kernel and the microkernel, from [10] 8 2.2 High level structure of the Redox filesystem 10 3.1 Structure of a LUKS header, from [15] 13 3.2 Recovery process of the master key 14 3.3 ECB encryption, from [19] 17 3.4 ECB decryption, from [19] 18 3.5 Comparison of encryption between ECB and CBC, which results in seemingly pseudorandom output, from [19] 18 3.6 CBC encryption, from [19] 19 3.7 CBC decryption, from [19] 19 3.8 XTS encryption without ciphertext stealing, from [19] 20 3.9 XTS encryption showing ciphertext stealing, from [19] 21 3.10 Computation of the tweak value 22 4.1 Architecture of the block-layer encryption module 25 5.1 Disk trait from redoxfs without the size function 28 5.2 Cipher trait 28 5.3 Generic array within a structure using const generics 29 5.4 Generic array within a structure using GenericArray crate 29 5.5 C++ generic array within a structure 29 5.6 The BlockCipher trait used to generically implement block modes of operation in block_modes for block ciphers 30 5.7 Trait that generators of initialization vectors need to implement 31 5.8 Writing of a u128 number as big endian 31 5.9 Cipher implementation 32 5.10 Example use of static lifetime 32 5.11 BlockEncrypt structure with a dynamically dispatched Cipher implementation 33 vii 5.12 Definition of C-type packed header aligned to the sizeof the filesystem block 34 5.13 Generic serialization of a structure to a byte array 34 5.14 Rust enumerated type representing an IP address, from [6] 38 5.15 Rust enumerated type representing an IP address with enumerated type values, from [6] 39 5.16 Pattern matching on enumerated types with enum items 39 5.17 Usage of pattern matching on structures implementing Cipher trait 39 5.18 Usage of enum_dispatch 40 5.19 Example of enum_dispatch not changing the syntax of the call 41 5.20 Setup for unit testing in Rust 42 viii 1 Introduction The demand for new technologies with ever-increasing performance, safety and usability has never been higher. Every day there seems to be some new buzzword and associated technique, program or device aiming to solve the problems within a particular domain. Often, it dies before it gains any attention. Much less often, there comes a project that the early adopters are able to push into the mainstream, usually with the help of a major sponsor. In the area of programming languages, we have seen many technologies rise and fall, only to be used in legacy systems dependent upon it. Some languages try to have a very narrow focus and are unable to capture a substantial share of the market, while others aim too wide and lose focus of their overall goal. With the rapid pace of iteration in the software world, a lot of languages aim to "be the new" C or C++ while not providing enough benefits to abandon these time-tested tools. Even when a feature from a less known language is touted as useful, these older languages can incorporate it, rendering the new one obsolete. On the other hand, the need to keep the language backward compatible also means that a lot of features cannot be easily removed from the language. This creates friction in the language, leaving users confused about what subset of features it is recommended to use. That is where Rust comes along. With its unique focus on safety, while still having high performance, it has captured a significant user base in its relatively short existence. Major companies such as Google and Microsoft are starting to use it within their products, which shows that there is demand for such a language. [1] [2] Open-source projects ranging from simple web development, game engines and software for embedded devices are being actively developed. One of the projects is Redox OS, an experimental operating system built in Rust. It is still very much in its infancy, but provides a look into what is possible to create with features provided by this language. Redox contains many "reimplementations" of popular programs under Linux but disk encryption is currently not one of them. This thesis will focus on a simple design and implementation of block-layer disk encryption working with the currently implemented filesystem 1 1. Introduction in Redox. It will discuss the challenges stemming from the usage of this language and how to overcome them. In the end, it will present a fully functioning block-layer encryption working with the Redox filesystem. 1.1 Rust Programming Language Rust is a multi-paradigm programming language that supports object- oriented, functional, imperative and concurrent programming style. It aims to provide an alternative to system-level programming languages, such as C and C++, while achieving a high degree of safety and performance. Since a lot of Rust’s usage is aimed at a similar market compared to C++, many comparisons in this thesis will be made to the C++ language. Work on the language started in 2006 by Mozilla Foundation em- ployee Graydon Hoare. Mozilla became interested in the project and started sponsoring it in 2009. Work shifted to the compiler and in 2011 it became self-compiled. Rust compiler uses LLVM as its backend. The first stable version was released in 2015. Stable releases are currently released every 6 weeks. New features are developed in the nightly version, and then tested in the alpha and the beta phase for six weeks each. Syntax of Rust is somewhat similar to C and C++, but it takes a lot of its patterns from the ML family of languages and the Haskell lan- guage. Almost all parts of a function body are an expression, including the control flow operators. Return expressions are often superfluous since omitting the semicolon at the end of an expression automatically creates a return value. The Ruby language operates in the same way and its closure syntax is therefore very similar. Since Rust provides a high level of abstraction and safety but still tries to compete with C in low-level domains such as embedded and operating system development, it must provide a way to interact with hardware at a lower level. By putting the code in an unsafe block, one can for example use inline assembly or another language more suited to the domain to deal with the details.
Load more

Recommended publications
  • Water Quality Monitoring System Operating Manual February 2002
    Water Quality Monitoring System Operating Manual February 2002 (Revision A) Hydrolab Corporation 8700 Cameron Road, Suite 100 Austin, Texas 78754 USA (800)949-3766 or (512)832-8832 fax: (512)832-8839 www.hydrolab.com Quanta•G Display Operations Tree Calib Salin SpC TDS DO DO% ORP pH BP Depth 00:002 mg/L 100% YMDHM [Standard, Scale Factor, or BP] Calib Review Screen Store [Index#] Screen 1⇔2⇔32 [Index#] Clear ClearAll Screen Screen Review Screen Setup Circ Temp Salin/TDS Depth On Off °C °F PSS g/L m ft Setup Notes: 1. Pressing the Esc ∞ key always exits to the previous operation level except at the top level where it toggles the circulator on or off. 2. RTC calibration (Calib ! 00:00) and Screen 3 are only available if the RTC/PC-Dump option is installed. 3. If the RTC/PC-Dump option is installed, pressing and holding the Esc ∞ key down during power-up causes the Quanta Display to enter PC-Dump mode. Table of Contents 1 Introduction ...........................................................................................................................1 1.1 Foreword.........................................................................................................................1 1.2 Specifications..................................................................................................................1 1.3 Components ....................................................................................................................2 1.4 Assembly.........................................................................................................................3
    [Show full text]
  • Wookey: USB Devices Strike Back
    WooKey: USB Devices Strike Back Ryad Benadjila, Mathieu Renard, Philippe Trebuchet, Philippe Thierry, Arnauld Michelizza, Jérémy Lefaure [email protected] ANSSI Abstract. The USB bus has been a growing subject of research in recent years. In particular, securing the USB stack (and hence the USB hosts and devices) started to draw interest from the academic community since major exploitable flaws have been revealed by the BadUSB threat [41]. The work presented in this paper takes place in the design initiatives that have emerged to thwart such attacks. While some proposals have focused on the host side by enhancing the Operating System’s USB sub-module robustness [53, 54], or by adding a proxy between the host and the device [12, 37], we have chosen to focus our efforts on the de- vice side. More specifically, our work presents the WooKey platform: a custom STM32-based USB thumb drive with mass storage capabilities designed for user data encryption and protection, with a full-fledged set of in-depth security defenses. The device embeds a firmware with a secure DFU (Device Firmware Update) implementation featuring up-to-date cryptography, and uses an extractable authentication token. The runtime software security is built upon EwoK: a custom microkernel implementa- tion designed with advanced security paradigms in mind, such as memory confinement using the MPU (Memory Protection Unit) and the integra- tion of safe languages and formal methods for very sensitive modules. This microkernel comes along with MosEslie: a versatile and modular SDK that has been developed to easily integrate user applications in C, Ada and Rust.
    [Show full text]
  • Rust and IPC on L4re”
    Rust and Inter-Process Communication (IPC) on L4Re Implementing a Safe and Efficient IPC Abstraction Name Sebastian Humenda Supervisor Dr. Carsten Weinhold Supervising Professor Prof. Dr. rer. nat. Hermann Härtig Published at Technische Universität Dresden, Germany Date 11th of May 2019 Contents 1 Introduction 5 2 Fundamentals 8 2.1 L4Re . 8 2.2 Rust....................................... 11 2.2.1 Language Basics . 11 2.2.2 Ecosystem and Build Tools . 14 2.2.3 Macros . 15 3 Related Work 17 3.1 Rust RPC Libraries . 17 3.2 Rust on Other Microkernels . 18 3.3 L4Re IPC in Other Languages . 20 3.4 Discussion . 21 3.4.1 Remote Procedure Call Libraries . 21 3.4.2 IDL-based interface definition . 22 3.4.3 L4Re IPC Interfaces In Other Programming Languages . 23 4 L4Re and Rust Infrastructure Adaptation 24 4.1 Build System Adaptation . 25 4.1.1 Libraries . 26 4.1.2 Applications . 27 4.2 L4rust Libraries . 29 4.2.1 L4 Library Split . 29 4.2.2 Inlining vs. Reimplementing . 30 4.3 Rust Abstractions . 31 4.3.1 Error Handling . 31 4.3.2 Capabilities . 32 5 IPC Framework Implementation 35 5.1 A Brief Overview of the C++ Framework . 36 5.2 Rust Interface Definition . 37 5.2.1 Channel-based Communication . 37 5.2.2 Macro-based Interface Definition . 39 5.3 Data Serialisation . 43 2 5.4 Server Loop . 46 5.4.1 Vector-based Service Registration . 46 5.4.2 Pointer-based Service Registration . 48 5.5 Interface Export . 52 5.6 Implementation Tests .
    [Show full text]
  • A Microkernel Written in Rust
    Objectives Introduction Rust Redox A microkernel written in Rust Porting the UNIX-like Redox OS to Arm v8.0 Robin Randhawa Arm February 2019 Robin Randhawa (arm) FOSDEM 2019 A microkernel written in Rust Objectives Introduction Rust Redox I want to talk about on Robin Randhawa (arm) FOSDEM 2019 A microkernel written in Rust Objectives Introduction Rust Redox Redox is written in Rust - a fairly new programming language Robin Randhawa (arm) FOSDEM 2019 A microkernel written in Rust Objectives Introduction Rust Redox So it is important to discuss Rust too Robin Randhawa (arm) FOSDEM 2019 A microkernel written in Rust Objectives Introduction Rust Redox My goals with this presentation are ● Lightweight intro to the Rust language ● Unique features that make it shine To primarily ● Explain why Rust is interesting for arm talk about ● Rust’s support for arm designs these ● Introduce Redox’s history, design, community ● Status, plans … and some relevant anecdotes from the industry Robin Randhawa (arm) FOSDEM 2019 A microkernel written in Rust Objectives Introduction Rust Redox Open Source Software Division System Software Architecture Team Safety Track Track Charter Firmware Kernel Middleware Platform “Promote the uptake of Arm IP in safety critical domains using open source software as a medium” Robin Randhawa (arm) FOSDEM 2019 A microkernel written in Rust Objectives Introduction Rust Redox My areas of Interest Systems programming languages Operating Arm system architecture design extensions Arm based Open source system communities design Software
    [Show full text]
  • Graduate Division
    Offshore Application of Self-Potential Prospecting Robert Frederic Corwin ,'/ B.S. (university of Missouri at ~olla)1964 M.S. (university of ~alifornia)1969 DISSERTATION Submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY iR Engineering in the GRADUATE DIVISION . "-I 1 . of the UNIVERSITY OF CALIFORMIA, BERKELEY Committee in Charge OFFSHORE APPLICATION OF SELF-POTENTIAL PROSPECTING ABSTRACT Robert Frederic Corwin Degree: Ph .D. Eng inear i rlg Geosc ience Ocean Eng i neering An offshore self-potential prospecting system, consisting of a portable chart recorder and a pair of towed electrodes, is shown to be capable of locating both onshore and submerged offshore deposits of conductive minerals. The silver - silver chloride electrodes, specially designed for this work, are shown to have a small and predictable response to changes in environmental parameters. The background noise level is generally less than a few tenths of a millivolt, allowing visual recognition of offshore self- potential anomalies with a gradient in excess of one miiiivolt over the electrode sepa ration. However, somc man-made str-uctures, or areas of geothermal activity, may generate fields large enough to interfere with self-potential profiling. 1 :! 4:"'4 extending from a reducing sea floor into oxidizing sea water, generates a potential field consistent in magnitude and polarity with those seen over sulfide ore bodies on land. As an oxidation - reduction mechanism appears to offer the best explanation for the self- potential
    [Show full text]
  • Effect of Textural Properties and Presence of Co-Cation on NH3-SCR Activity of Cu-Exchanged ZSM-5
    catalysts Article Effect of Textural Properties and Presence of Co-Cation on NH3-SCR Activity of Cu-Exchanged ZSM-5 Magdalena Jabło ´nska 1,* , Kinga Góra-Marek 2 , Miha Grilc 3 , Paolo Cleto Bruzzese 4 , David Poppitz 1, Kamila Pyra 2 , Michael Liebau 1, Andreas Pöppl 4, Blaž Likozar 3 and Roger Gläser 1 1 Institute of Chemical Technology, Universität Leipzig, Linnéstr. 3, 04103 Leipzig, Germany; [email protected] (D.P.); [email protected] (M.L.); [email protected] (R.G.) 2 Faculty of Chemistry, Jagiellonian University in Kraków, Gronostajowa 2, 30-387 Kraków, Poland; [email protected] (K.G.-M.); [email protected] (K.P.) 3 Department of Catalysis and Chemical Reaction Engineering, National Institute of Chemistry, Hajdrihova 19, 1001 Ljubljana, Slovenia; [email protected] (M.G.); [email protected] (B.L.) 4 Felix Bloch Institute for Solid State Physics, Universität Leipzig, Linnéstr. 5, 04103 Leipzig, Germany; [email protected] (P.C.B.); [email protected] (A.P.) * Correspondence: [email protected] Abstract: Comparative studies over micro-/mesoporous Cu-containing zeolites ZSM-5 prepared by top-down treatment involving NaOH, TPAOH or mixture of NaOH/TPAOH (tetrapropylammonium hydroxide) were conducted. The results of the catalytic data revealed the highest activity of the Cu-ZSM-5 catalyst both in the absence and presence of water vapor. The physico-chemical charac- terization (diffuse reflectance UV-Vis (DR UV-Vis), Fourier transform infrared (FT-IR) spectroscopy, electron paramagnetic resonance (EPR) spectroscopy, temperature-programmed desorption of NOx Citation: Jabło´nska,M.; Góra-Marek, (TPD-NO ), and microkinetic modeling) results indicated that the microporous structure of ZSM-5 K.; Grilc, M.; Bruzzese, P.C.; Poppitz, x D.; Pyra, K.; Liebau, M.; Pöppl, A.; effectively stabilized isolated Cu ion monomers.
    [Show full text]
  • The Kinetic and Radiolytic Aspects of Control of the Redox Speciation of Neptunium in Solutions of Nitric Acid
    AN ABSTRACT OF THE DISSERTATION OF Martin Precek for the degree of Doctor of Philosophy in Chemistry presented on August 29, 2012. Title: The Kinetic and Radiolytic Aspects of Control of the Redox Speciation of Neptunium in Solutions of Nitric Acid Abstract approved: ________________________________________________ Alena Paulenova Neptunium, with its rich redox chemistry, has a special position in the chemistry of actinides. With a decades-long history of development of aqueous separation methods for used nuclear fuel (UNF), management of neptunium remains an unresolved issue because of its not clearly defined redox speciation. Neptunium is present in two, pentavalent (V) and hexavalent (VI) oxidation states, both in their dioxocation O=Np=O neptunyl form, which differ greatly in their solvent extraction behavior. While the neptunium(VI) dioxocation is being very well extracted, the dioxocation of pentavalent neptunium is practically non-extractable by an organic solvent. As a result, neptunium is not well separated and remains distributed in both organic and aqueous extraction phases. The aim of this study was to develop or enhance the understanding of several key topics governing the redox behavior of neptunium in nitric acid medium, which are of vital importance for the engineering design of industrial-scale liquid-liquid separation systems. In this work, reactions of neptunium(V) and (VI) with vanadium(V) and acetohydroxamic acid - two redox agents envisioned for adjusting the neptunium oxidation state in aqueous separations – were studied in order to determine their kinetic characteristics, rate laws and rate constants, as a function of temperature and nitric acid concentration. Further were analyzed the interactions of neptunium(V) and (VI) with nitrous acid, which is formed as a product of radiolytic degradation of nitric acid caused by high levels of radioactivity present in such systems.
    [Show full text]
  • A Secure Computing Platform for Building Automation Using Microkernel-Based Operating Systems Xiaolong Wang University of South Florida, [email protected]
    University of South Florida Scholar Commons Graduate Theses and Dissertations Graduate School November 2018 A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems Xiaolong Wang University of South Florida, [email protected] Follow this and additional works at: https://scholarcommons.usf.edu/etd Part of the Computer Sciences Commons Scholar Commons Citation Wang, Xiaolong, "A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems" (2018). Graduate Theses and Dissertations. https://scholarcommons.usf.edu/etd/7589 This Dissertation is brought to you for free and open access by the Graduate School at Scholar Commons. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Scholar Commons. For more information, please contact [email protected]. A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems by Xiaolong Wang A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science and Engineering Department of Computer Science and Engineering College of Engineering University of South Florida Major Professor: Xinming Ou, Ph.D. Jarred Ligatti, Ph.D. Srinivas Katkoori, Ph.D. Nasir Ghani, Ph.D. Siva Raj Rajagopalan, Ph.D. Date of Approval: October 26, 2018 Keywords: System Security, Embedded System, Internet of Things, Cyber-Physical Systems Copyright © 2018, Xiaolong Wang DEDICATION In loving memory of my father, to my beloved, Blanka, and my family. Thank you for your love and support. ACKNOWLEDGMENTS First and foremost, I would like to thank my advisor, Dr. Xinming Ou for his guidance, encouragement, and unreserved support throughout my PhD journey.
    [Show full text]
  • Safe Kernel Programming with Rust
    DEGREE PROJECT IN COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2018 Safe Kernel Programming with Rust JOHANNES LUNDBERG KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE Safe Kernel Programming with Rust JOHANNES LUNDBERG Master in Computer Science Date: August 14, 2018 Supervisor: Johan Montelius Examiner: Mads Dam Swedish title: Säker programmering i kärnan med Rust School of Computer Science and Communication iii Abstract Writing bug free computer code is a challenging task in a low-level language like C. While C compilers are getting better and better at de- tecting possible bugs, they still have a long way to go. For application programming we have higher level languages that abstract away de- tails in memory handling and concurrent programming. However, a lot of an operating system’s source code is still written in C and the kernel is exclusively written in C. How can we make writing kernel code safer? What are the performance penalties we have to pay for writing safe code? In this thesis, we will answer these questions using the Rust programming language. A Rust Kernel Programming Inter- face is designed and implemented, and a network device driver is then ported to Rust. The Rust code is analyzed to determine the safeness and the two implementations are benchmarked for performance and compared to each other. It is shown that a kernel device driver can be written entirely in safe Rust code, but the interface layer require some unsafe code. Measurements show unexpected minor improvements to performance with Rust. iv Sammanfattning Att skriva buggfri kod i ett lågnivåspråk som C är väldigt svårt.
    [Show full text]
  • Theseus: a State Spill-Free Operating System
    Theseus: A State Spill-free Operating System Kevin Boos Lin Zhong Rice Efficient Computing Group Rice University PLOS 2017 October 28 Problems with Today’s OSes • Modern single-node OSes are vast and very complex • Results in entangled web of components • Nigh impossible to decouple • Difficult to maintain, evolve, update safely, and run reliably 2 Easy Evolution is Crucial • Computer hardware must endure longer upgrade cycles[1] • Exacerbated by the (economic) decline of Moore’s Law • Evolutionary advancements occur mostly in software • Extreme example: DARPA’s challenge for systems to “remain robust and functional in excess of 100 years”[2] [2] DARPA seeks to create software systems that could last 100 years. https://www.darpa.mil/news-events/2015-04-08. [1] The PC upgrade cycle slows to every ve to six years, Intel’s CEO says. PCWorld article. 3 What do we need? Easier evolution by reducing complexity without reducing size (and features). We need a disentangled OS that: • allows every component to evolve independently at runtime • prevents failures in one component from jeopardizing others 4 “But surely existing systems have solved this already?” – the astute audience member 5 Existing attempts to decouple systems 1. Traditional modularization 2. Encapsulation-based 3. Privilege-level separation 4. Hardware-driven 6 Existing attempts to decouple systems 1. Traditional modularization • Decompose large monolithic system into smaller entities of related functionality (separation of concerns) 2. Encapsulation-based Achieves some goals: code reuse • Often causes tight coupling, which inhibits other goals 3. Privilege-level separation • Evidence: Linux is highly modular, but requires substantial effort to realize live update [3, 4, 5, 6] 4.
    [Show full text]
  • Refactoring the Freebsd Kernel with Checked C
    Refactoring the FreeBSD Kernel with Checked C Junhan Duan,∗ Yudi Yang,∗ Jie Zhou, and John Criswell Department of Computer Science University of Rochester Abstract—Most modern operating system kernels are written pointer is safe at compile time or inserts run-time checks to in C, making them vulnerable to buffer overflow and buffer ensure safety at run-time. Checked C has low performance over-read attacks. Microsoft has developed an extension to the overhead (only 8.6% on selected benchmarks [25]), and its C language named Checked C which provides new source language constructs that allow the compiler to prevent NULL spatial safety checks mitigate both control-data [43], [48] and pointer dereferences and spatial memory safety errors through non-control data [17] attacks. static analysis and run-time check insertion. We evaluate the use In this paper, we investigate the use of Checked C in of Checked C on operating system kernel code by refactoring refactoring parts of an OS kernel to be spatially memory parts of the FreeBSD kernel to use Checked C extensions. We safe. Specifically, we quantify the performance and code size describe our experience refactoring the code that implements system calls and UDP and IP networking. We then evaluate the overheads of using Checked C on OS kernel code and identify refactoring effort and the performance of the refactored kernel. challenges and solutions to using Checked C on OS kernel It took two undergraduate students approximately three months code. We chose FreeBSD 12 stable to harden with Checked C to refactor the system calls, the network packet (mbuf) utility as FreeBSD uses Clang and LLVM [35] as its default compiler; routines, and parts of the IP and UDP processing code.
    [Show full text]
  • Computer Programming and Cyber Security for Beginners
    Computer Programming and Cyber Security for Beginners This Book Includes : Python Machine Learning , SQL , Linux , Hacking with Kali Linux , Ethical Hacking . Coding and Cybersecurity Fundamentals Zach Codings Download the Audio Book Version of This Book for FREE If you love listening to audio books on-the-go, I have great news for you. You can download the audio book version of this book for FREE just by signing up for a FREE 30-day audible trial! See below for more details! Audible Trial Benefits As an audible customer, you will receive the below benefits with your 30- day free trial: FREE audible book copy of this book After the trial, you will get 1 credit each month to use on any audiobook Your credits automatically roll over to the next month if you don’t use them Choose from Audible’s 200,000 + titles Listen anywhere with the Audible app across multiple devices Make easy, no-hassle exchanges of any audiobook you don’t love Keep your audiobooks forever, even if you cancel your membership And much more Click the links below to get started! For Audible US For Audible UK For Audible FR For Audible DE © Copyright 2019 by Zach Codings All rights reserved. The content contained within this book may not be reproduced, duplicated or transmitted without direct written permission from the author or the publisher. Under no circumstances will any blame or legal responsibility be held against the publisher, or author, for any damages, reparation, or monetary loss due to the information contained within this book, either directly or indirectly.
    [Show full text]