DOCSLIB.ORG

Virtual Ghost: Protecting Applications from Hostile Operating Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Virtual Ghost: Protecting Applications from Hostile Operating Systems Virtual Ghost: Protecting Applications from Hostile Operating Systems John Criswell Nathan Dautenhahn Vikram Adve University of Illinois at University of Illinois at University of Illinois at Urbana-Champaign Urbana-Champaign Urbana-Champaign [email protected] [email protected] [email protected] Abstract Categories and Subject Descriptors D.4.6 [Operating Sys- Applications that process sensitive data can be carefully de- tems]: Security and Protection signed and validated to be difficult to attack, but they are General Terms Security usually run on monolithic, commodity operating systems, which may be less secure. An OS compromise gives the Keywords software security; inlined reference monitors; attacker complete access to all of an application’s data, re- software fault isolation; control-flow integrity; malicious op- gardless of how well the application is built. We propose a erating systems new system, Virtual Ghost, that protects applications from a compromised or even hostile OS. Virtual Ghost is the first 1. Introduction system to do so by combining compiler instrumentation and Applications that process sensitive data on modern commod- run-time checks on operating system code, which it uses to ity systems are vulnerable to compromises of the under- create ghost memory that the operating system cannot read lying system software. The applications themselves can be or write. Virtual Ghost interposes a thin hardware abstrac- carefully designed and validated to be impervious to attack. tion layer between the kernel and the hardware that provides However, all major commodity operating systems use large a set of operations that the kernel must use to manipulate monolithic kernels that have complete access to and control hardware, and provides a few trusted services for secure ap- over all system resources [9, 25, 32, 34]. These operating plications such as ghost memory management, encryption systems are prone to attack [21] with large attack surfaces, and signing services, and key management. Unlike previous including large numbers of trusted device drivers developed solutions, Virtual Ghost does not use a higher privilege level by numerous hardware vendors and numerous privileged ap- than the kernel. plications that are as dangerous as the OS itself. A compro- Virtual Ghost performs well compared to previous ap- mise of any of these components or of the kernel gives the proaches; it outperforms InkTag on five out of seven of the attacker complete access to all data belonging to the appli- LMBench microbenchmarks with improvements between cation, whether in memory or offline. Developers of secure 1.3x and 14.3x. For network downloads, Virtual Ghost ex- applications running on such a system generally have no periences a 45% reduction in bandwidth at most for small control over any of these components and must trust them files and nearly no reduction in bandwidth for large files implicitly for their own security. and web traffic. An application we modified to use ghost Several previous projects [11, 16, 22, 37] have created memory shows a maximum additional overhead of 5% due systems that protect applications from a compromised, or to the Virtual Ghost protections. We also demonstrate Vir- even a hostile, operating system. These systems have all tual Ghost’s efficacy by showing how it defeats sophisticated used hardware page protection through a trusted hypervi- rootkit attacks. sor to achieve control over the operating system capabilities. They rely on a technique called shadowing or cloaking that Permission to make digital or hard copies of all or part of this work for personal or automatically encrypts (i.e., shadows or cloaks) and hashes classroom use is granted without fee provided that copies are not made or distributed any application page that is accessed by the operating sys- for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the tem, and then decrypts it and checks the hash when it is next author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or accessed by the application. System call arguments must be republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. copied between secure memory and memory the OS is al- ASPLOS ’14, March 1–5, 2014, Salt Lake City, Utah, USA. lowed to examine. While these solutions are effective, they Copyright is held by the owner/author(s). Publication rights licensed to ACM. ACM 978-1-4503-2305-5/14/03. $15.00. have several drawbacks. First, they rely upon encrypting any http://dx.doi.org/10.1145/2541940.2541986 of an application’s memory that is accessed by the OS; an application cannot improve performance by protecting only Another set of differences from previous work is in the a selected subset of data, or requesting only integrity checks programming model. First, applications can use ghost mem- on data but not confidentiality (i.e., only using hashing and ory selectively for all, some, or none of their data. When not encryption). Second, they assume the OS runs as a guest using it for all their data, the secure features can be obtained on a standard hypervisor, which may not be attractive in transparently via a modified language library (e.g., libc for C certain settings, such as energy-constrained mobile devices. applications), just as in previous work. Second, applications Third, they require that all system call arguments must al- can pass non-ghost memory to system calls without the per- ways be copied, even if the data being transferred is not formance overheads of data copying. Third, when sending security-sensitive, which is the common case in many ap- sensitive data through the operating system (e.g., for I/O), plications. Fourth, these solutions do not provide any secu- ghost applications can choose which encryption and/or cryp- rity benefits to the kernel itself; for example, control flow tographic signing algorithms to use to obtain desired perfor- integrity or memory safety for the operating system kernel mance/security tradeoffs, whereas previous systems gener- cannot reuse the mechanisms developed for shadowing. ally baked this choice into the system design. Finally, a use- We propose a new approach we call ghosting that ad- ful point of similarity with previous work is that the usability dresses all these limitations. Our system, Virtual Ghost, is features provided by previous systems (e.g., secure file sys- the first to enforce application security from a hostile OS us- tem services in InkTag) are orthogonal to the design choices ing compiler instrumentation of operating system code; this in Virtual Ghost and can be directly incorporated. is used to create secure memory called ghost memory, which We have developed a prototype of Virtual Ghost and cannot be read or modified at all by the operating system (in ported the FreeBSD 9.0 kernel to it. To evaluate its effec- contrast, previous systems like Overshadow [11] and Ink- tiveness, we ported three important applications from the Tag [16] do not prevent such writes and only guarantee that OpenSSH application suite to Virtual Ghost, using ghost the tampering will be detected before use by the applica- memory for the heap: ssh, ssh-keygen, and ssh-agent. tion). Virtual Ghost introduces a thin hardware abstraction These three can exchange data securely by sharing a com- layer that provides a set of operations the kernel must use to mon application key, which they use to encrypt the private manipulate hardware, and the secure application can use to authentication keys used by the OpenSSH protocols. obtain essential trusted services for ghost memory manage- Since exploiting a kernel that runs on Virtual Ghost via an ment, encryption, signing, and key management. Although external attack is difficult, we evaluated the effectiveness of the positioning of, and some of the mechanisms in, this layer Virtual Ghost by adding a malicious module to the FreeBSD are similar to a hypervisor, Virtual Ghost is unique because kernel, replacing the read system call handler. This module (a) unlike a traditional hypervisor, there is no software that attempted to perform two different attacks on ssh-agent, runs at a higher privilege level than the kernel – in partic- including a sophisticated one that tries to alter application ular, the hardware abstraction layer runs at the same privi- control flow via signal handler dispatch. When running with- lege level; (b) Virtual Ghost uses (simple, reliable) compiler out Virtual Ghost, both exploits successfully steal the desired techniques rather than hardware page protection to secure its data from ssh-agent. Under Virtual Ghost, both exploits own code and data; and (c) Virtual Ghost completely denies fail and ssh-agent continues execution unaffected. OS accesses to secure memory pages, not just encrypting Our performance results show that Virtual Ghost outper- and signing the pages to detect OS tampering. forms InkTag [16] on five out of seven of the LMBench Moreover, the compiler instrumentation in Virtual Ghost microbenchmarks, with improvements between 1.3x and inherently provides strong protection against external ex- 14.3x. The overheads for applications that perform mod- ploits of the OS. First, traditional exploits, such as those that erate amounts of I/O (thttpd and sshd) is negligible, but the inject binary code, are not even expressible: all OS code must overhead for a completely I/O-dominated application (post- first go through LLVM bitcode form and be translated to na- mark) was high. We are investigating ways to reduce the tive code by the Virtual Ghost compiler. Second, attacks that overhead of postmark. leverage existing native code, like return-oriented program- The rest of the paper is organized as follows.
Load more

Recommended publications
  • Nginx 1 Web Server Implementation Cookbook
    Nginx 1 Web Server Implementation Cookbook Over 100 recipes to master using the Nginx HTTP server and reverse proxy Dipankar Sarkar BIRMINGHAM - MUMBAI This material is copyright and is licensed for the sole use by 2135 Lymington on 26th March 2012 2135 Lymington, Carrollton, 75007 Nginx 1 Web Server Implementation Cookbook Copyright © 2011 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: May 2011 Production Reference: 1180511 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-849514-96-5 www.packtpub.com Cover Image by Javier Barria ([email protected]) This material is copyright and is licensed for the sole use by 2135 Lymington
    [Show full text]
  • Additional Software 1 Additional Software
    Additional Software 1 Additional Software 1 Additional Software 15 Feb 2014 1 1.1 Description 1.1 Description Where to get software written by other parties that might be useful (or necessary) when running mod_perl. 1.2 Perl Perl is probably already installed on your machine, but you should at least check the version you are using. It is highly recommended that you have at least Perl version 5.004. You can get the latest perl version from http://cpan.org/src/. Try the direct download link http://cpan.org/src/stable.tar.gz. You can get Perl documentation from the same location (although copious documentation is included in the downloaded Perl distribution). 1.3 CPAN Downloads You can download most of the Perl modules from CPAN. There are many mirrors of this site. The main site’s URL is http://cpan.org/. You may want to search the Perl modules database by using http://search.cpan.org/. Either use the search form, or type in the name of the package the module is distributed in. For example if you are looking for Apache::DumpHeaders, you can type: http://search.cpan.org/search?dist=Apache-DumpHeaders . 1.4 Apache Get the latest Apache webserver and documentation from http://httpd.apache.org. Try the direct download link http://httpd.apache.org/dist/. 1.5 Squid - Internet Object Cache http://www.squid-cache.org/ Squid Linux 2.x Redhat RPMs : http://home.earthlink.net/~intrep/linux/ 1.6 thttpd - tiny/turbo/throttling HTTP server http://www.acme.com/software/thttpd/ 1.7 mod_proxy_add_forward Ask Bjoern Hansen has written the mod_proxy_add_forward.c module for Apache that sets the X-Forwarded-For field when doing a ProxyPass, similar to what Squid does.
    [Show full text]
  • Server: Apache
    Modern Trends in Network Fingerprinting SecTor [11.21.07] Jay Graver Ryan Poppa // Fingerprinting Topics Why, What, Who & How? Tools in action Why Tools Break Tools EOL New Approaches New Tool // Why Fingerprint? WhiteHat needs accurate identification of hosts in a PenTest report BlackHat reconnaissance SysAdmins track down and identify new services or hosts when they appear on their network // What is a Fingerprint? Looking at something common … 192.168.2.187:8004 192.168.2.187 [152] 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK. 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f .Connection: clo 73 65 0d 0a 41 6c 6c 6f 77 3a 20 4f 50 54 49 4f se..Allow: OPTIO 4e 53 2c 20 47 45 54 2c 20 48 45 41 44 2c 20 50 NS, GET, HEAD, P 4f 53 54 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e OST..Content‐Len 67 74 68 3a 20 30 0d 0a 44 61 74 65 3a 20 46 72 gth: 0..Date: Fr 69 2c 20 30 32 20 4e 6f 76 20 32 30 30 37 20 32 i, 02 Nov 2007 2 32 3a 32 35 3a 31 38 20 47 4d 54 0d 0a 53 65 72 2:25:18 GMT..Ser 76 65 72 3a 20 6c 69 67 68 74 74 70 64 2f 31 2e ver: lighttpd/1. 34 2e 31 35 0d 0a 0d 0a 4.15...
    [Show full text]
  • Next Generation Web Scanning Presentation
    Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By Andrew Horton aka urbanadventurer NZ Web Recon Goal: To scan all of New Zealand's web-space to see what's there. Requirements: – Targets – Scanning – Analysis Sounds easy, right? urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets What does 'NZ web-space' mean? It could mean: •Geographically within NZ regardless of the TLD •The .nz TLD hosted anywhere •All of the above For this scan it means, IPs geographically within NZ urbanadventurer (Andrew Horton) www.morningstarsecurity.com Finding Targets We need creative methods to find targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com DNS Zone Transfer urbanadventurer (Andrew Horton) www.morningstarsecurity.com Find IP addresses on IRC and by resolving lots of NZ websites 58.*.*.* 60.*.*.* 65.*.*.* 91.*.*.* 110.*.*.* 111.*.*.* 113.*.*.* 114.*.*.* 115.*.*.* 116.*.*.* 117.*.*.* 118.*.*.* 119.*.*.* 120.*.*.* 121.*.*.* 122.*.*.* 123.*.*.* 124.*.*.* 125.*.*.* 130.*.*.* 131.*.*.* 132.*.*.* 138.*.*.* 139.*.*.* 143.*.*.* 144.*.*.* 146.*.*.* 150.*.*.* 153.*.*.* 156.*.*.* 161.*.*.* 162.*.*.* 163.*.*.* 165.*.*.* 166.*.*.* 167.*.*.* 192.*.*.* 198.*.*.* 202.*.*.* 203.*.*.* 210.*.*.* 218.*.*.* 219.*.*.* 222.*.*.* 729,580,500 IPs. More than we want to try. urbanadventurer (Andrew Horton) www.morningstarsecurity.com IP address blocks in the IANA IPv4 Address Space Registry Prefix Designation Date Whois Status [1] -----
    [Show full text]
  • Confine: Automated System Call Policy Generation for Container
    Confine: Automated System Call Policy Generation for Container Attack Surface Reduction Seyedhamed Ghavamnia Tapti Palit Azzedine Benameur Stony Brook University Stony Brook University Cloudhawk.io Michalis Polychronakis Stony Brook University Abstract The performance gains of containers, however, come to the Reducing the attack surface of the OS kernel is a promising expense of weaker isolation compared to VMs. Isolation be- defense-in-depth approach for mitigating the fragile isola- tween containers running on the same host is enforced purely in tion guarantees of container environments. In contrast to software by the underlying OS kernel. Therefore, adversaries hypervisor-based systems, malicious containers can exploit who have access to a container on a third-party host can exploit vulnerabilities in the underlying kernel to fully compromise kernel vulnerabilities to escalate their privileges and fully com- the host and all other containers running on it. Previous con- promise the host (and all the other containers running on it). tainer attack surface reduction efforts have relied on dynamic The trusted computing base in container environments analysis and training using realistic workloads to limit the essentially comprises the entire kernel, and thus all its set of system calls exposed to containers. These approaches, entry points become part of the attack surface exposed to however, do not capture exhaustively all the code that can potentially malicious containers. Despite the use of strict potentially be needed by future workloads or rare runtime software isolation mechanisms provided by the OS, such as conditions, and are thus not appropriate as a generic solution. capabilities [1] and namespaces [18], a malicious tenant can Aiming to provide a practical solution for the protection leverage kernel vulnerabilities to bypass them.
    [Show full text]
  • Simplifying Server Configuration Management Björn Tackmann
    Universit¨atKarlsruhe (TH) Institut f¨ur Betriebs- und Dialogsysteme Lehrstuhl Systemarchitektur Simplifying Server Configuration Management Bj¨ornTackmann Studienarbeit Verantwortlicher Betreuer: Prof. Dr. Frank Bellosa Betreuender Mitarbeiter: Joshua LeVasseur 11. Mai 2005 Hiermit erkl¨areich, die vorliegende Arbeit selbst¨andig verfasst und keine anderen als die angegebenen Literaturhilfsmittel verwendet zu haben. I hereby declare that this thesis is a work of my own, and that only cited sources have been used. Karlsruhe, den 11. Mai 2005 Bj¨ornTackmann Abstract Network services have gained great importance during the last years. Follow- ing the current trend, the number of computers and applications that collabo- rate to provide these services will grow steadily in the future. The dependencies between the collaborating systems along with heterogeneous management inter- faces will continue to increase the complexity of the administration task. This thesis presents a new approach to server configuration management. The inte- gration of the applications into diverse local environments is simplified, and the availability of services is improved by freeing the applications from error-prone tasks. Contents 1 Introduction 1 2 Related Work 3 2.1 Management of Configuration Data . 3 2.2 Dynamic Reconfiguration . 3 3 Proposed Solution 5 3.1 The Traditional Approach . 6 3.2 The Configuration Linking Approach . 7 3.2.1 Separating the Parser from the Application . 8 3.2.2 Configuration Data Bases . 9 3.2.3 Generating the Object Files . 10 3.3 Dynamic Reconfiguration . 10 3.3.1 A Classification of Configuration Parameters . 10 3.3.2 Local Parameters . 11 3.3.3 Global Parameters . 11 4 Evaluation 15 4.1 The thttpd WebServer.......................
    [Show full text]
  • Operating System Support for Run-Time Security with a Trusted Execution Environment
    Operating System Support for Run-Time Security with a Trusted Execution Environment - Usage Control and Trusted Storage for Linux-based Systems - by Javier Gonz´alez Ph.D Thesis IT University of Copenhagen Advisor: Philippe Bonnet Submitted: January 31, 2015 Last Revision: May 30, 2015 ITU DS-nummer: D-2015-107 ISSN: 1602-3536 ISBN: 978-87-7949-302-5 1 Contents Preface8 1 Introduction 10 1.1 Context....................................... 10 1.2 Problem....................................... 12 1.3 Approach...................................... 14 1.4 Contribution.................................... 15 1.5 Thesis Structure.................................. 16 I State of the Art 18 2 Trusted Execution Environments 20 2.1 Smart Cards.................................... 21 2.1.1 Secure Element............................... 23 2.2 Trusted Platform Module (TPM)......................... 23 2.3 Intel Security Extensions.............................. 26 2.3.1 Intel TXT.................................. 26 2.3.2 Intel SGX.................................. 27 2.4 ARM TrustZone.................................. 29 2.5 Other Techniques.................................. 32 2.5.1 Hardware Replication........................... 32 2.5.2 Hardware Virtualization.......................... 33 2.5.3 Only Software............................... 33 2.6 Discussion...................................... 33 3 Run-Time Security 36 3.1 Access and Usage Control............................. 36 3.2 Data Protection................................... 39 3.3 Reference
    [Show full text]
  • Webserver WEBSER  Shell-Zugriff Via Webbrowser Debian 6.0 S
    COMMUNITY-EDITION Frei kopieren und beliebig weiter verteilen ! 04.2011 04.2011 APACHE-ALTERNATIVEN: WEBSITES AUFSETZEN UND PFLEGEN VER WEBSERVER WEBSER Shell-Zugriff via Webbrowser Debian 6.0 S. 6 Live- und Install-DVDs So verwalten Sie mit PHP Shell und Shell in a Box für 32- und 64-Bit-PCs den Webserver über die Kommandozeile S. 33, DVD Analyse-Tools für die Website Server-Logs grafisch aufbereiten und Benutzerzugriffe detailliert auswerten mit Webalizer und Piwik S. 38, 42, DVD Fünf Apache-Alternativen für alle Fälle S. 20, 28, DVD Profi-Server Nginx, hochsicherer Hiawatha, Allrounder Lighttpd, Minimalist Thttpd, schneller Einstieg mit Monkey HTTP Daemon MoonOS 4 S. 12 Schicke Mac-Optik für Ubuntu „Maverick“ Laptop-Schnäppchen Aspire 5253 Acers neuer 15,6-Zöller auf AMD-Fusion-Basis mit satter Grafik-Leistung und langer Laufzeit S. 80 Texterkennung in Platzfresser von Profi-Qualität S. 48, DVD der Platte putzen S. 70 Unity 2010.2 S. 8 Cuneiform: multilinguale OCR Dateileichen und Altlasten Maßgeschneiderte mit intuitiver Oberfläche aufspüren mit JDiskReport Distro auf Knopfdruck MythTV-Export Geballtes Wissen auf Knopfdruck S. 66 stets zur Hand S. 82, DVD Aufnahmen unkompliziert Goldendict vereint On- und wandeln, streamen, brennen Offline-Lexika in einer GUI ATI FIREPRO 3D • GOLDENDICT LOUT LUCIDOR MYTHTV OCR ATI 4 196067 008502 04 www.linux-user.de EDITORIAL Klare Ansage Sehr geehrte Leserinnen und Leser, im Vorfeld von Ubuntu 11.04 Wohlgemerkt: Die MIT-Lizenz des statt Lizenzgebühren zu verlan- sorgte Canonical immer wieder für Banshee-Projekts hätte jegliche gen. Diesem Geschäftsmodell fol- Schlagzeilen – zuletzt im Zusam- Änderungen auch ganz ohne Nach- gend, werde man grundsätzlich wo menhang mit der Ablösung des frage erlaubt, formaljuristisch war immer möglich aus der Software bisherigen Mediaplayers Rhythm- Canonicals Ansinnen völlig in der freien Upstream-Projekte Ge- box durch Banshee: Der nämlich Ordnung.
    [Show full text]
  • Comparison of Web Server Software from Wikipedia, the Free Encyclopedia
    Create account Log in Article Talk Read Edit ViewM ohrisetory Search Comparison of web server software From Wikipedia, the free encyclopedia Main page This article is a comparison of web server software. Contents Featured content Contents [hide] Current events 1 Overview Random article 2 Features Donate to Wikipedia 3 Operating system support Wikimedia Shop 4 See also Interaction 5 References Help 6 External links About Wikipedia Community portal Recent changes Overview [edit] Contact page Tools Server Developed by Software license Last stable version Latest release date What links here AOLserver NaviSoft Mozilla 4.5.2 2012-09-19 Related changes Apache HTTP Server Apache Software Foundation Apache 2.4.10 2014-07-21 Upload file Special pages Apache Tomcat Apache Software Foundation Apache 7.0.53 2014-03-30 Permanent link Boa Paul Phillips GPL 0.94.13 2002-07-30 Page information Caudium The Caudium Group GPL 1.4.18 2012-02-24 Wikidata item Cite this page Cherokee HTTP Server Álvaro López Ortega GPL 1.2.103 2013-04-21 Hiawatha HTTP Server Hugo Leisink GPLv2 9.6 2014-06-01 Print/export Create a book HFS Rejetto GPL 2.2f 2009-02-17 Download as PDF IBM HTTP Server IBM Non-free proprietary 8.5.5 2013-06-14 Printable version Internet Information Services Microsoft Non-free proprietary 8.5 2013-09-09 Languages Jetty Eclipse Foundation Apache 9.1.4 2014-04-01 Čeština Jexus Bing Liu Non-free proprietary 5.5.2 2014-04-27 Galego Nederlands lighttpd Jan Kneschke (Incremental) BSD variant 1.4.35 2014-03-12 Português LiteSpeed Web Server LiteSpeed Technologies Non-free proprietary 4.2.3 2013-05-22 Русский Mongoose Cesanta Software GPLv2 / commercial 5.5 2014-10-28 中文 Edit links Monkey HTTP Server Monkey Software LGPLv2 1.5.1 2014-06-10 NaviServer Various Mozilla 1.1 4.99.6 2014-06-29 NCSA HTTPd Robert McCool Non-free proprietary 1.5.2a 1996 Nginx NGINX, Inc.
    [Show full text]
  • Frankencode: Creating Diverse Programs Using Code Clones
    Frankencode: Creating Diverse Programs Using Code Clones Hayley Borck, Mark Boddy, Ian J De Silva, Steven Harp, Ken Hoyme, Steven Johnston, August Schwerdfeger, and Mary Southern Adventium Labs, Minneapolis, MN 55401 Email: fi[email protected] Abstract enable not just new attacks, but new kinds of attacks. Apparently-minor vulnerabilities can be chained to- In this paper, we present an approach to detecting gether in successful attacks, even on software that is novel cyber attacks though a form of program diversifi- extensively tested and generally viewed as secure.1 cation, similar to the use of n-version programming for In this paper, we describe our research on the Func- fault tolerant systems. Building on extensive previous tionally Equivalent Variants using Information Syn- and ongoing work by others on the use of code clones chronization (FEVIS) system. Part of the Cyber Fault- in a wide variety of areas, our Functionally Equivalent tolerant Attack Recovery (CFAR) program, funded by Variants using Information Synchronization (FEVIS) the U.S. Government’s Defense Advanced Research system automatically generates program variants to be Projects Agency (DARPA), FEVIS builds on previ- run in parallel, seeking to detect attacks through diver- ous and ongoing work on “code clones,” substituting gence in behavior. Unlike approaches to diversification redundant code fragments as a means to generate that only change program memory layout and behavior, program variants automatically. These variants are in- FEVIS can detect attacks exploiting vulnerabilities in tended for use in a multi-variant execution environ- execution timing, string processing, and other logic ment, to be used for attack detection and resistance in errors.
    [Show full text]
  • Ipv6 in Freebsd.Pdf
    The FreeBSD Project http://www.freebsd.org/ 1/28 IPv6 in FreeBSD Joseph Koshy [email protected] i ? P Structure of this talk What is FreeBSD? 2/28 • The FreeBSD development model • The KAME project • IPv6 support in FreeBSD • Configuring IPv6 in FreeBSD • Available IPv6 capable application software. • Tracking IPv6 development under FreeBSD • Conformance and performance • A look at IPv6 in operation; demos • Conclusion • i ? P What is FreeBSD? http://www.freebsd.org/ 3/28 A high-performance, volunteer developed, open source, protected mode operating • system. University of California, Berkeley heritage (BSD4.4-Lite). BSD License. • Released for Intel (x86) PCs, laptops and Alpha workstations. • Most recent stable release: FreeBSD v4.2 • Linux, SVR4 (Solaris), SCO application compatibility. • A large number of ported applications (over 4000). • used in very high load scenarios (YAHOO,HOTMAIL, . ); excellent as a worksta- • tion OS. Possesses an excellent IPv6 stack. i ? • P The BSD License very open to commercial use 4/28 • unlike the GPL, there is no requirement that you have to release your modified • sources to the public only requires you to acknowledge authorship of the code • no warranties on the code • many companies are using the FreeBSD code base in their products • e.g. the Interjet from Whistle Inc. (an internet appliance), many router products . i ? P The FreeBSD Organization 5/28 USER COMMUNITY COMMITTERS CORE FreeBSD.ORG FreeBSD is developed and managed by its users. • 3-level organization: • – Over 75% of changes to the source tree originate from the FreeBSD user com- munity. – COMMITTERS are individuals who have the rights to change the source tree.
    [Show full text]
  • Master Thesis
    Charles University in Prague Faculty of Mathematics and Physics MASTER THESIS Petr Koupý Graphics Stack for HelenOS Department of Distributed and Dependable Systems Supervisor of the master thesis: Mgr. Martin Děcký Study programme: Informatics Specialization: Software Systems Prague 2013 I would like to thank my supervisor, Martin Děcký, not only for giving me an idea on how to approach this thesis but also for his suggestions, numerous pieces of advice and significant help with code integration. Next, I would like to express my gratitude to all members of Hele- nOS developer community for their swift feedback and for making HelenOS such a good plat- form for works like this. Finally, I am very grateful to my parents and close family members for supporting me during my studies. I declare that I carried out this master thesis independently, and only with the cited sources, literature and other professional sources. I understand that my work relates to the rights and obligations under the Act No. 121/2000 Coll., the Copyright Act, as amended, in particular the fact that the Charles University in Pra- gue has the right to conclude a license agreement on the use of this work as a school work pursuant to Section 60 paragraph 1 of the Copyright Act. In Prague, March 27, 2013 Petr Koupý Název práce: Graphics Stack for HelenOS Autor: Petr Koupý Katedra / Ústav: Katedra distribuovaných a spolehlivých systémů Vedoucí diplomové práce: Mgr. Martin Děcký Abstrakt: HelenOS je experimentální operační systém založený na mikro-jádrové a multi- serverové architektuře. Před započetím této práce již HelenOS obsahoval početnou množinu moderně navržených subsystémů zajišťujících různé úkoly v rámci systému.
    [Show full text]