Genode - OS Security By Design Dr.-Ing. Norman Feske < norman.feske@genode-labs.com >
Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 2
Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 3
Universal Truths Assurance Scalability Accountability Utilization Security Ease of use Genode - OS Security By Design 4
Problem: Complexity Today’s commodity OSes Exceedingly complex trusted computing base (TCB) TCB of an application on Linux: Kernel + loaded kernel modules Daemons X Server + window manager Desktop environment All running processes of the user → User credentials are exposed to millions of lines of code Genode - OS Security By Design 5
Problem: Complexity (II) Implications: High likelihood for bugs (need for frequent security updates) Huge attack surface for directed attacks Zero-day exploits Genode - OS Security By Design 6
Universal Truths Assurance Scalability Accountability Utilization Security Ease of use Genode - OS Security By Design 7
Problem: Resource management Pretension of unlimited resources Lack of accounting → Largely indeterministic behavior → Need for complex heuristics, schedulers Genode - OS Security By Design 8
Universal Truths Assurance Scalability Accountability Utilization Security Ease of use Genode - OS Security By Design 9
Key technologies Microkernels Componentization, kernelization Capability-based security Virtualization ...but how to compose those? Genode - OS Security By Design 10
Genode architecture → Application-specific TCB Genode - OS Security By Design 11
Combined with virtualization Genode - OS Security By Design 12
Components Genode - OS Security By Design 13
Components Genode - OS Security By Design 14
Components Genode - OS Security By Design 15
Components Genode - OS Security By Design 16
Components Genode - OS Security By Design 17
Components Genode - OS Security By Design 18
Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 19
Object capabilities Delegation of authority between components Each component lives in a virtual environment A component that possesses a capability can ◮ Use it (invoke) ◮ Delegate it to acquainted components Genode - OS Security By Design 20
Recursive system structure Genode - OS Security By Design 21
Service announcement Genode - OS Security By Design 22
Session creation Genode - OS Security By Design 23
Session creation Genode - OS Security By Design 24
Resource management Explicit assignment of physical resources to components Genode - OS Security By Design 25
Resource management (II) Resources can be attached to sessions Genode - OS Security By Design 26
Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 27
Faithful Virtualization Unmodified Guest OS Kernel virtual virtual virtual CPU RAM device Resource Device VMM Multiplexer Driver Init Core User Mode NOVA Hypervisor Privileged Mode Genode - OS Security By Design 28
OS-level Virtualization Genode - OS Security By Design 29
Rich applications Testnit Nitpicker Virtual Launchpad Arora Framebuffer GUI Web Browser TCP/IP Init Nitpicker Loader Menu GUI Init Genode - OS Security By Design 30
Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 31
Current Topics Eating our own dog food ◮ Noux (GCC, VIM, bash, coreutils...) ◮ Wireless networking Capability-based user interface seL4 kernel as base platform ARM Virtualization Package management Genode - OS Security By Design 32
Thank you Genode OS Framework http://genode.org Genode Labs GmbH http://www.genode-labs.com Source code at GitHub http://github.com/genodelabs/genode Genode - OS Security By Design 33
Recommend
More recommend