Transcript and Project Overview

Hardware, Languages, and
Architectures for Defense Against
Hostile Operating Systems
(DHOSA)
Vikram Adve, Krste Asanović,
David Evans, Sam King, Greg
Morrisett, R. Sekar, Dawn Song,
David Wagner (PI)
http://www.dhosa.org/
Vikram Adve
(UIUC)
Greg Morrisett
(Harvard)
Krste Asanović
(UC Berkeley)
R. Sekar
(Stony Brook)
David Evans
(U Virginia)
Dawn Song
(UC Berkeley)
Sam King
(UIUC)
David Wagner
(UC Berkeley)
Overview
Conventional wisdom: If the OS is
malicious or subverted, you are hosed.
This project: Actually, maybe there is
hope…
Project goal: Explore new approaches to
defend against a malicious OS.
Problem Statement
Defend against a compromised, hostile,
or malicious operating system.
Today: If the OS is malicious, all is lost.
Desired end state: We can survive a
malicious OS, perhaps with degraded
functionality or availability.
Exploring New Territory
• This is exploratory research.
(Not an engineering project.)
• We are exploring many approaches to
the problem. We do not know which
will prove most effective. Some may
fail.
• We hope some of our ideas will have
applications to other security problems
outside of the hostile OS problem.
Cryptographic
secure
computation
SVA
Binary
translation and
emulation
e.g., Enforce
properties
on a
malicious OS
Data-centric
security
Formal methods
TRANSFORMATION
Hardware support
for isolation
Dealing with
malicious hardware
HARDWARE
Secure browser
appliance
e.g., Prevent
data
exfiltration
Secure servers
WEB-BASED ARCHITECTURES
SYSTEM ARCHITECTURES
e.g., Enable
complex
distributed
systems,
with resilience to
hostile OS’s
Agenda
8:30- 9:00
9:00- 9:30
9:30- 9:50
9:50-10:20
10:20-10:35
Welcome + Overview
Secure Virtual Architecture
Binary translation
Formal methods
Testing binary emulators
10:50-11:10 Hardware support
11:10-11:25 Defenses against malicious hardware
11:25-11:40 Cryptographic secure computation
11:40-12:20 Lunch
12:20-12:50 Data-centric security
12:50- 1:20 Secure web-based architecture
1:20- 1:45 Discussion and feedback