safe kernel extensions without run-time checking15712/papers/necula96.pdfgeorge c. necula and peter...

16

The following paper was originally published in the Proceedings of the USENIX 2nd Symposium on Operating Systems Design and Implementation Seattle, Washington, October 1996 For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email: [email protected] 4. WWW URL: http://www.usenix.org Safe Kernel Extensions Without Run-Time Checking George C. Necula and Peter Lee Carnegie Mellon University

Upload: others

Post on 05-Mar-2020

2 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

The following paper was originally published in theProceedings of the USENIX 2nd Symposium onOperating Systems Design and Implementation

Seattle, Washington, October 1996

For more information about USENIX Association contact:1. Phone: 510 528-86492. FAX: 510 548-57383. Email: [email protected]. WWW URL: http://www.usenix.org

Safe Kernel Extensions Without Run-Time Checking

George C. Necula and Peter LeeCarnegie Mellon University

Page 2: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Page 3: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

CPU

CODE PRODUCERUSER PROCESSUNTRUSTED CLIENT

CODE CONSUMEROS KERNELNETWORK SERVER

SAFETYPOLICY

PROOFENABLE VALIDATION

SOURCE PROGRAM

COMPILATION&

CODE

SAFETYBINARY

SCC

NATIVE

CERTIFICATION

PROOF

Page 4: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Page 5: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Page 6: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Page 7: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Page 8: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Page 9: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

SECTION

NATIVE CODESECTION

220

RELOCATION

PROOF

45

0

340

SECTION

Page 10: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Page 11: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

2.0

1.5

PCC

1.0

0.5

Filter 1 Filter 2 Filter 3 Filter 4

us

0.78

1.92

0.11 0.08

1.46

0.18 0.150.24

0.170.23

0.17

1.71

0.20 0.250.31 0.33

BPF

SFIM3-VIEW

Page 12: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

0

5

10

15

20

0 5 10 15 20 25 30 35 40 45 50

ms

thousands of packets

BPFM3-VIEW

SFIPCC

Page 13: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Page 14: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Page 15: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Page 16: Safe Kernel Extensions Without Run-Time Checking15712/papers/necula96.pdfgeorge c. necula and peter lee carnegie mellon university. cpu code producer user process untrusted client

Secure Execution of Untrusted Code

Novell GroupWise Multiple Untrusted Pointer Dereferences Exploitation

Cloud Terminal: Secure Access to Sensitive Applications ... · untrusted OS, it is not designed to prevent denial-of-service attacks from the untrusted OS: for instance, the untrusted

Photographic A uthentication through Untrusted terminals

Standard Bundle Methods: Untrusted Models and Dualityeprints.adm.unipi.it/2378/1/StandardBundle.pdf · Dipartimento di Informatica Technical Report Standard Bundle Methods: Untrusted

Prof. Necula CS 164 Lecture 141 Run-time Environments Lecture 8

FAUST: Fail-Aware Untrusted Storage

Chess Review May 10, 2004 Berkeley, CA Verifying Data Structure Invariants in Device Drivers Scott McPeak (smcpeak@cs) George Necula (necula@cs)

Encrypted Databases for Untrusted Cloud

Prof. Necula CS 164 Lecture 51 Introduction to Parsing Lecture 4

with Enarx Trusting untrusted systems

HOSTING UNTRUSTED USERS UNDER XEN: LESSONS FROM THE …media.techtarget.com/searchSystemsChannel/downloads/The_book_of_Xen_ch... · HOSTING UNTRUSTED USERS UNDER XEN: LESSONS FROM

Secure Personal Content Networking over Untrusted Devices · Secure Personal Content Networking over Untrusted Devices ... distributed network without specifying where the ... untrusted

Towards Application Security On Untrusted Operating Systems

Haven: Shielding Applications from an Untrusted …. E. Porter, S. Boyd-Wickizer, ... Shielding Applications from an Untrusted Cloud ... Haven: Shielding Applications from an Untrusted

Version Control *Slides are modified from Prof. Necula from CS169

IP - Proiecteadiftene/Scoala/2019/ASET/Courses/ASET... · Master, Facultatea de Informatica, Universitatea la-yi Mircea CIRCEAC, MOCANU, Rãzvan Emilian MUNTEANU NECULA, Raluca NECULA

Sandboxing Untrusted JavaScript

Efﬁcient Integrity Checking of Untrusted Network Storage

SiRiUS: Securing Remote Untrusted Storage

Extensible Verification of Untrusted Code Bor-Yuh Evan Chang, Adam Chlipala, Kun Gao, George Necula, and Robert Schneck May 14, 2004 OSQ Retreat Santa

Contributions to Web Authentication for Untrusted Computers

SPORC: Group Collaboration using Untrusted Cloud Resources

· 2021. 1. 29. · savulescu marinela dr. humeniuc gabriel dr. necula liviu dr. cretoni laurentiu dr. humeniuc gabriel dr. purcarita dacian dr. cornean raluca dr. necula liviu

Simple and Precise Static Analysisof Untrusted Linux

Monitoring Untrusted Forests - System Center Operations ... · Monitoring Untrusted Forests Configuring Certificates Using a Windows 2008 Stand-alone Certificate Authority ... ***

Applied Cryptographic Access Control for Untrusted Cloud

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI 297 5.31.2005

Running Untrusted Application Code: Sandboxing

Private Editing Using Untrusted Cloud Services

Secure content distribution using untrusted servers

Integrity and access control in untrusted content ... · Integrity and access control in untrusted content distribution networks by ... Integrity and access control in untrusted content

Venus Verification Node for Untrusted Storage

Fine-grained policy enforcement for untrusted software

Certified Quantum Random Numbers from Untrusted Light