genode os security by design
play

Genode - OS Security By Design Dr.-Ing. Norman Feske < - PowerPoint PPT Presentation

Genode - OS Security By Design Dr.-Ing. Norman Feske < norman.feske@genode-labs.com > Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 2 Outline 1. Introduction 2.


  1. Genode - OS Security By Design Dr.-Ing. Norman Feske < norman.feske@genode-labs.com >

  2. Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 2

  3. Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 3

  4. Universal Truths Assurance Scalability Accountability Utilization Security Ease of use Genode - OS Security By Design 4

  5. Problem: Complexity Today’s commodity OSes Exceedingly complex trusted computing base (TCB) TCB of an application on Linux: Kernel + loaded kernel modules Daemons X Server + window manager Desktop environment All running processes of the user → User credentials are exposed to millions of lines of code Genode - OS Security By Design 5

  6. Problem: Complexity (II) Implications: High likelihood for bugs (need for frequent security updates) Huge attack surface for directed attacks Zero-day exploits Genode - OS Security By Design 6

  7. Universal Truths Assurance Scalability Accountability Utilization Security Ease of use Genode - OS Security By Design 7

  8. Problem: Resource management Pretension of unlimited resources Lack of accounting → Largely indeterministic behavior → Need for complex heuristics, schedulers Genode - OS Security By Design 8

  9. Universal Truths Assurance Scalability Accountability Utilization Security Ease of use Genode - OS Security By Design 9

  10. Key technologies Microkernels Componentization, kernelization Capability-based security Virtualization ...but how to compose those? Genode - OS Security By Design 10

  11. Genode architecture → Application-specific TCB Genode - OS Security By Design 11

  12. Combined with virtualization Genode - OS Security By Design 12

  13. Components Genode - OS Security By Design 13

  14. Components Genode - OS Security By Design 14

  15. Components Genode - OS Security By Design 15

  16. Components Genode - OS Security By Design 16

  17. Components Genode - OS Security By Design 17

  18. Components Genode - OS Security By Design 18

  19. Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 19

  20. Object capabilities Delegation of authority between components Each component lives in a virtual environment A component that possesses a capability can ◮ Use it (invoke) ◮ Delegate it to acquainted components Genode - OS Security By Design 20

  21. Recursive system structure Genode - OS Security By Design 21

  22. Service announcement Genode - OS Security By Design 22

  23. Session creation Genode - OS Security By Design 23

  24. Session creation Genode - OS Security By Design 24

  25. Resource management Explicit assignment of physical resources to components Genode - OS Security By Design 25

  26. Resource management (II) Resources can be attached to sessions Genode - OS Security By Design 26

  27. Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 27

  28. Faithful Virtualization Unmodified Guest OS Kernel virtual virtual virtual CPU RAM device Resource Device VMM Multiplexer Driver Init Core User Mode NOVA Hypervisor Privileged Mode Genode - OS Security By Design 28

  29. OS-level Virtualization Genode - OS Security By Design 29

  30. Rich applications Testnit Nitpicker Virtual Launchpad Arora Framebuffer GUI Web Browser TCP/IP Init Nitpicker Loader Menu GUI Init Genode - OS Security By Design 30

  31. Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 31

  32. Current Topics Eating our own dog food ◮ Noux (GCC, VIM, bash, coreutils...) ◮ Wireless networking Capability-based user interface seL4 kernel as base platform ARM Virtualization Package management Genode - OS Security By Design 32

  33. Thank you Genode OS Framework http://genode.org Genode Labs GmbH http://www.genode-labs.com Source code at GitHub http://github.com/genodelabs/genode Genode - OS Security By Design 33

Recommend


More recommend