nailgun breaking the privilege isolation on arm
play

Nailgun: Breaking the Privilege Isolation on ARM Zhenyu Ning - PowerPoint PPT Presentation

Oct 19, 2023 •259 likes •1.44k views

Nailgun: Breaking the Privilege Isolation on ARM Zhenyu Ning COMPASS Lab Wayne State University Sep 23, 2019 Nailgun: Breaking the Privilege Isolation on ARM 1 Outline I Background I Introduction I Obstacles for Misusing the Traditional

  1. Inter-Processor Debugging We can use one processor on the chip to debug another one on the same chip, and we refer it as inter-processor debugging . I Memory-mapped debugging registers. - Introduced since ARMv7. I No JTAG, No physical access. Nailgun: Breaking the Privilege Isolation on ARM 44

  2. Inter-Processor Debugging Debug Authentication Memory-mapped Interface Debug Target Debug Host (TARGET) (HOST) Nailgun: Breaking the Privilege Isolation on ARM 45

  3. Obstacles for Misusing the Traditional Debugging Obstacles for attackers: I Obstacle 1 : Physical access. I Obstacle 2 : Debug authentication mechanism. Does debug authentication work as expected? Nailgun: Breaking the Privilege Isolation on ARM 46

  4. Processor in Normal State TARGET (Normal State) ... pc MOV x3, #3 x4, #4 MOV animation by animate[2015/03/11] MOV x0, x3 x1, x4 MOV LDR pc, [pc, #-0x10] ... TARGET is executing instructions pointed by pc Nailgun: Breaking the Privilege Isolation on ARM 47

  5. Processor in Non-invasive Debugging TARGET (Normal State) ... pc MOV x3, #3 x4, #4 MOV animation by animate[2015/03/11] MOV x0, x3 x1, x4 MOV LDR pc, [pc, #-0x10] ... Non-invasive Debugging : Monitoring without control Nailgun: Breaking the Privilege Isolation on ARM 48

  6. Processor in Invasive Debugging TARGET (Debug State) ... MOV x3, #3 pc x4, #4 MOV animation by animate[2015/03/11] MOV x0, x3 x1, x4 MOV LDR pc, [pc, #-0x10] ... Invasive Debugging : Control and change status Nailgun: Breaking the Privilege Isolation on ARM 49

  7. ARM Debug Authentication Mechanism TARGET (Normal State) ... Debug pc Disabled MOV x3, #3 x4, #4 MOV animation by animate[2015/03/11] MOV x0, x3 x1, x4 MOV LDR pc, [pc, #-0x10] ... Debug Authentication Signal : Whether debugging is allowed Nailgun: Breaking the Privilege Isolation on ARM 50

  8. ARM Debug Authentication Mechanism TARGET (Normal State) ... Debug pc Disabled MOV x3, #3 x4, #4 MOV animation by animate[2015/03/11] MOV x0, x3 x1, x4 MOV LDR pc, [pc, #-0x10] ... Four signals for: Secure/Non-secure, Invasive/Non-invasive Nailgun: Breaking the Privilege Isolation on ARM 51

  9. ARM Ecosystem ARM SoC Vendor OEM User Nailgun: Breaking the Privilege Isolation on ARM 52

  10. ARM Ecosystem ARM SoC Vendor OEM User I ARM licenses technology to the System-On-Chip (SoC) Vendors. - E.g., ARM architectures and Cortex processors I Defines the debug authentication signals. Nailgun: Breaking the Privilege Isolation on ARM 53

  11. ARM Ecosystem ARM SoC Vendor OEM User I The SoC Vendors develop chips for Original Equipment Manufacturers (OEMs). - E.g., Qualcomm Snapdragon SoCs I Implement the debug authentication signals. Nailgun: Breaking the Privilege Isolation on ARM 54

  12. ARM Ecosystem ARM SoC Vendor OEM User I The OEMs produce devices for the users. - E.g., Samsung Galaxy Series and Huawei Mate Series I Configure the debug authentication signals. Nailgun: Breaking the Privilege Isolation on ARM 55

  13. ARM Ecosystem ARM SoC Vendor OEM User I Finally, the User can enjoy the released devices. - Tablets, smartphones, and other devices I Learn the status of debug authentication signals. Nailgun: Breaking the Privilege Isolation on ARM 56

  14. Obstacles for Misusing the Traditional Debugging Obstacles for attackers: I Obstacle 1 : Physical access. I Obstacle 2 : Debug authentication mechanism. Does debug authentication work as expected? Nailgun: Breaking the Privilege Isolation on ARM 57

  15. Debug Authentication Signals I What is the status of the signals in real-world device? I How to manage the signals in real-world device? Nailgun: Breaking the Privilege Isolation on ARM 58

  16. Debug Authentication Signals Table: Debug Authentication Signals on Real Devices. Debug Authentication Signals Category Platform / Device DBGEN NIDEN SPIDEN SPNIDEN ARM Juno r1 Board 4 4 4 4 Development Boards NXP i.MX53 QSB 6 4 6 6 IoT Devices Raspberry PI 3 B+ 4 4 4 4 64-bit ARM miniNode 4 4 4 4 Cloud Packet Type 2A Server 4 4 4 4 Platforms Scaleway ARM C1 Server 4 4 4 4 Google Nexus 6 6 4 6 6 Samsung Galaxy Note 2 4 4 6 6 Mobile Huawei Mate 7 4 4 4 4 Devices Motorola E4 Plus 4 4 4 4 Xiaomi Redmi 6 4 4 4 4 Nailgun: Breaking the Privilege Isolation on ARM 59

  17. Debug Authentication Signals Table: Debug Authentication Signals on Real Devices. Debug Authentication Signals Category Platform / Device DBGEN NIDEN SPIDEN SPNIDEN ARM Juno r1 Board 4 4 4 4 Development Boards NXP i.MX53 QSB 6 4 6 6 IoT Devices Raspberry PI 3 B+ 4 4 4 4 64-bit ARM miniNode 4 4 4 4 Cloud Packet Type 2A Server 4 4 4 4 Platforms Scaleway ARM C1 Server 4 4 4 4 Google Nexus 6 6 4 6 6 Samsung Galaxy Note 2 4 4 6 6 Mobile Huawei Mate 7 4 4 4 4 Devices Motorola E4 Plus 4 4 4 4 Xiaomi Redmi 6 4 4 4 4 Nailgun: Breaking the Privilege Isolation on ARM 60

  18. Debug Authentication Signals Table: Debug Authentication Signals on Real Devices. Debug Authentication Signals Category Platform / Device DBGEN NIDEN SPIDEN SPNIDEN ARM Juno r1 Board 4 4 4 4 Development Boards NXP i.MX53 QSB 6 4 6 6 IoT Devices Raspberry PI 3 B+ 4 4 4 4 64-bit ARM miniNode 4 4 4 4 Cloud Packet Type 2A Server 4 4 4 4 Platforms Scaleway ARM C1 Server 4 4 4 4 Google Nexus 6 6 4 6 6 Samsung Galaxy Note 2 4 4 6 6 Mobile Huawei Mate 7 4 4 4 4 Devices Motorola E4 Plus 4 4 4 4 Xiaomi Redmi 6 4 4 4 4 Nailgun: Breaking the Privilege Isolation on ARM 61

  19. Debug Authentication Signals How to manage the signals in real-world device? I For both development boards with manual, we cannot fully control the debug authentication signals. - Signals in i.MX53 QSB can be enabled by JTAG. - The DBGEN and NIDEN in ARM Juno board cannot be disabled. I In some mobile phones, we find that the signals are controlled by One-Time Programmable (OTP) fuse. For all the other devices, nothing is publicly available. Nailgun: Breaking the Privilege Isolation on ARM 62

  20. Obstacles for Misusing the Traditional Debugging Obstacles for attackers: I Obstacle 1 : Physical access. We don’t need physical access to debug a processor. I Obstacle 2 : Debug authentication mechanism. The debug authentication mechanism allows us to debug the processor. Nailgun: Breaking the Privilege Isolation on ARM 63

  21. Outline I Background I Introduction I Obstacles for Misusing the Traditional Debugging I Nailgun Attack I Mitigations I Conclusion Nailgun: Breaking the Privilege Isolation on ARM 64

  22. Inter-processor Debugging Memory-mapped Interface Debug Target Debug Host (TARGET) (HOST) Nailgun: Breaking the Privilege Isolation on ARM 65

  23. Inter-processor Debugging Memory-mapped Interface Debug Target Debug Host (TARGET) (HOST) Nailgun: Breaking the Privilege Isolation on ARM 66

  24. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Privilege Escalation Request TARGET HOST (Normal State) (Normal State) (High Privilege) (High Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) An example SoC system: I Two processors as HOST and TARGET , respectively. I Low-privilege and High-privilege resource. Nailgun: Breaking the Privilege Isolation on ARM 67

  25. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Privilege Escalation Request TARGET HOST (Normal State) (Normal State) (High Privilege) (High Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) I Low-privilege refers to non-secure kernel-level privilege I High-privilege refers to any other higher privilege Nailgun: Breaking the Privilege Isolation on ARM 68

  26. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Debug TARGET HOST Request (Normal State) (Normal State) (Low Privilege) (Low Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) Both processors are only access low-privilege resource. I Normal state I Low-privilege mode Nailgun: Breaking the Privilege Isolation on ARM 69

  27. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Debug TARGET HOST Request (Normal State) (Normal State) (Low Privilege) (Low Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) HOST sends a Debug Request to TARGET , I TARGET checks its authentication signal. I Privilege of HOST is ignored. Nailgun: Breaking the Privilege Isolation on ARM 70

  28. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Debug TARGET HOST Request (Normal State) (Normal State) (Low Privilege) (Low Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) HOST sends a Debug Request to TARGET , I TARGET checks its authentication signal. I Privilege of HOST is ignored. Nailgun: Breaking the Privilege Isolation on ARM 71

  29. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Debug TARGET HOST Request (Normal State) (Normal State) (Low Privilege) (Low Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) Implication: A low-privilege processor can make an arbitrary proces- sor (even a high-privilege processor) enter the debug state. Nailgun: Breaking the Privilege Isolation on ARM 72

  30. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Debug TARGET HOST Request (Debug State) (Normal State) (Low Privilege) (Low Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) TARGET turns to Debug State according to the request. I Low-privilege mode I No access to high-privilege resource Nailgun: Breaking the Privilege Isolation on ARM 73

  31. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Privilege Escalation TARGET HOST Request (Debug State) (Normal State) (Low Privilege) (Low Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) HOST sends a Privilege Escalation Request to TARGET , I E.g., executing DCPS series instructions. I The instructions can be executed at any privilege level. Nailgun: Breaking the Privilege Isolation on ARM 74

  32. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Privilege Escalation TARGET HOST Request (Debug State) (Normal State) (Low Privilege) (Low Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) Implication: The privilege escalation instructions enable a processor running in the debug state to gain a high privilege without restric- tion. Nailgun: Breaking the Privilege Isolation on ARM 75

  33. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Privilege Escalation TARGET HOST Request (Debug State) (Normal State) (Low Privilege) (High Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) TARGET turns to High-privilege Mode according to the request. I Debug state, high-privilege mode I Gained access to high-privilege resource Nailgun: Breaking the Privilege Isolation on ARM 76

  34. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Resource Access TARGET HOST Request (Debug State) (Normal State) (Low Privilege) (High Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) HOST sends a Resource Access Request to TARGET , I E.g., accessing secure RAM/register/peripheral. I Privilege of HOST is ignored. Nailgun: Breaking the Privilege Isolation on ARM 77

  35. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Resource Access TARGET HOST Request (Debug State) (Normal State) (Low Privilege) (High Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) Implication: The instruction execution and resource access in TARGET does not take the privilege of HOST into account. Nailgun: Breaking the Privilege Isolation on ARM 78

  36. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Debug TARGET HOST Response (Debug State) (Normal State) (Low Privilege) (High Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) TARGET return the result to HOST , I i.e., content of the high-privilege resource. I Privilege of HOST is ignored. Nailgun: Breaking the Privilege Isolation on ARM 79

  37. Nailgun Attack A Multi-processor SoC System High-privilege Resource (Secure RAM/Register/Peripheral) Debug TARGET HOST Response (Debug State) (Normal State) (Low Privilege) (High Privilege) Low-privilege Resource (Non-Secure RAM/Register/Peripheral) HOST gains access to the high-privilege resource while running in, I Normal state I Low-privilege mode Nailgun: Breaking the Privilege Isolation on ARM 80

  38. Nailgun Attack Nailgun: Break the privilege isolation of ARM platform. I Achieve access to high-privilege resource via misusing the ARM debugging features. I Can be used to craft di ff erent attacks. Nailgun: Breaking the Privilege Isolation on ARM 81

  39. Attack Scenarios I Implemented Attack Scenarios: - Inferring AES keys from TrustZone. - Read Secure Configuration Register (SCR). - Arbitrary payload execution in TrustZone. I Covered Architectures: - ARMv7, 32-bit ARMv8, and 64-bit ARMv8 architecture. I Vulnerable Devices: - Development boards, IoT devices, cloud platforms, mobile devices. Nailgun: Breaking the Privilege Isolation on ARM 82

  40. Attack Scenarios I Implemented Attack Scenarios: - Inferring AES keys from TrustZone. - Read Secure Configuration Register (SCR). - Arbitrary payload execution in TrustZone. I Covered Architectures: - ARMv7, 32-bit ARMv8, and 64-bit ARMv8 architecture. I Vulnerable Devices: - Development boards, IoT devices, cloud platforms, mobile devices. Nailgun: Breaking the Privilege Isolation on ARM 83

  41. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... DLR EL0 ... mov X0, #1 ... eret VBAR EL3 VBAR EL3 + 0x400 + 0x400 b handler ... I DLR EL0 points to the debug return address. I VBAR EL3 points to the exception vector in EL3. Nailgun: Breaking the Privilege Isolation on ARM 84

  42. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: DLR EL0 ... mov X0, #1 ... ... VBAR EL3 VBAR EL3 + 0x400 + 0x400 b handler ... I With Nailgun, we can directly copy the payload to the secure memory. Nailgun: Breaking the Privilege Isolation on ARM 85

  43. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: DLR EL0 ... smc #0 ... ... VBAR EL3 VBAR EL3 + 0x400 + 0x400 b handler ... I Modify the instruction pointed by DLR EL0 to get into TrustZone. Nailgun: Breaking the Privilege Isolation on ARM 86

  44. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: DLR EL0 ... smc #0 ... ... VBAR EL3 VBAR EL3 + 0x400 + 0x400 b payload ... I Manipulate the exception vector to execute the payload while the SMC exception is routed to EL3. Nailgun: Breaking the Privilege Isolation on ARM 87

  45. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: DLR EL0 ... smc #0 ... eret VBAR EL3 VBAR EL3 + 0x400 + 0x400 b payload ... I The last instruction of the payload should be eret . Nailgun: Breaking the Privilege Isolation on ARM 88

  46. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: PC ... smc #0 ... eret VBAR EL3 VBAR EL3 + 0x400 + 0x400 b payload ... I Make TARGET exit the debug state. Nailgun: Breaking the Privilege Isolation on ARM 89

  47. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: ... smc #0 ELR EL3 ... eret VBAR EL3 PC + 0x400 b payload ... I ELR EL3 points to the exception return address. Nailgun: Breaking the Privilege Isolation on ARM 90

  48. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: PC ... smc #0 ELR EL3 ... eret VBAR EL3 VBAR EL3 + 0x400 + 0x400 b payload ... I The payload get executed. Nailgun: Breaking the Privilege Isolation on ARM 91

  49. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: PC ... smc #0 ELR EL3 ... eret VBAR EL3 VBAR EL3 + 0x400 + 0x400 b handler ... I In the payload, we first restore the exception vector. Nailgun: Breaking the Privilege Isolation on ARM 92

  50. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: ELR EL3 PC ... mov X0, #1 ... eret VBAR EL3 VBAR EL3 + 0x400 + 0x400 b handler ... I Roll back the ELR EL3 register. I Revert the modified instruction. Nailgun: Breaking the Privilege Isolation on ARM 93

  51. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: ELR EL3 ... mov X0, #1 PC ... eret VBAR EL3 VBAR EL3 + 0x400 + 0x400 b handler ... I The eret instruction will finish the exception handle process. Nailgun: Breaking the Privilege Isolation on ARM 94

  52. Arbitrary Code Execution in TrustZone Non-secure Memory Secure Memory ... payload: PC ... mov X0, #1 ... eret VBAR EL3 VBAR EL3 + 0x400 + 0x400 b handler ... I After that, everything goes back to the original state. Nailgun: Breaking the Privilege Isolation on ARM 95

  53. Nailgun Attack Fingerprint extraction in commercial mobile phone. I Deivce: Huawei Mate 7 (MT-L09) I Firmware: MT7-L09V100R001C00B121SP05 I Fingerprint sensor: FPC1020 We choose this phone because the manual and driver of the fingerprint sensor is publicly available. Similar attack can be demonstrated on other devices with enabled debug authentication signals. Nailgun: Breaking the Privilege Isolation on ARM 96

  54. Nailgun Attack I Step 1: Learn the location of fingerprint data in secure RAM. - Achieved by reverse engineering. I Step 2: Extract the data. - With the inter-processor debugging in Nailgun. I Step 3: Restore fingerprint image from the extracted data. - Read the publicly available sensor manual. Nailgun: Breaking the Privilege Isolation on ARM 97

  55. Nailgun Attack I The right part of the image is blurred for privacy concerns. I Source code: https://compass.cs.wayne.edu/nailgun/ I The issue has been fixed in Huawei devices. Nailgun: Breaking the Privilege Isolation on ARM 98

  56. Nailgun Attack

  57. Disclosure March 2018 Preliminary findings are reported to ARM August 2018 Report to ARM and related OEMs with enriched result October 2018 Issue is reported to MITRE February 2019 PoCs and demos are released April 2019 CVE-2018-18068 is released Nailgun: Breaking the Privilege Isolation on ARM 100

Recommend

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel and Suman Janna Some slides are from

1.03k views • 58 slides
X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native

X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native

X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers Zhiming Shen Cornell University Joint work with Zhen Sun, Gur-Eyal Sela, Eugene Bagdasaryan, Christina Delimitrou, Robbert Van Renesse, Hakim

266 views • 26 slides
Privilege separation and isolation Deian Stefan Slides adopted from John Mitchell, Dan Boneh, and

Privilege separation and isolation Deian Stefan Slides adopted from John Mitchell, Dan Boneh, and

CSE 127: Computer Security Privilege separation and isolation Deian Stefan Slides adopted from John Mitchell, Dan Boneh, and Stefan Savage Chromium security architecture Browser ("kernel") Full privileges (file system,

603 views • 29 slides
Privilege: An Update Litigation Privilege: a brief definition Confidential Made for

Privilege: An Update Litigation Privilege: a brief definition Confidential Made for

Privilege: An Update Litigation Privilege: a brief definition Confidential Made for dominant purpose of civil or criminal litigation Relate to litigation which is pending, reasonably contemplated, or existing Legal Advice Privilege:

532 views • 20 slides
Least privilege and privilege separation Deian Stefan Slides adopted from John Mitchell, Dan

Least privilege and privilege separation Deian Stefan Slides adopted from John Mitchell, Dan

CSE 127: Computer Security Least privilege and privilege separation Deian Stefan Slides adopted from John Mitchell, Dan Boneh, and Stefan Savage This week How to build secure systems Least privilege and privilege separation

578 views • 46 slides
Outline Secure use of the OS Bernsteins perspective CSci 5271 Techniques for privilege

Outline Secure use of the OS Bernsteins perspective CSci 5271 Techniques for privilege

Outline Secure use of the OS Bernsteins perspective CSci 5271 Techniques for privilege separation Introduction to Computer Security Announcements intermission Day 9: OS security basics OS security: protection and isolation Stephen

649 views • 13 slides
Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable Isolation Dan Ports Kevin Grittner MIT Wisconsin Court System Saturday, May 21, 2011 1 Overview Serializable isolation makes it easier to reason

922 views • 60 slides
Legal Privilege, Client Communication and Discovery Cayman Islands Legal Practitioners

Legal Privilege, Client Communication and Discovery Cayman Islands Legal Practitioners

Legal Privilege, Client Communication and Discovery Cayman Islands Legal Practitioners Association Adam Huckle 27 March 2019 Overview What is Privilege? Types: Legal Advice Privilege Litigation Privilege Recent cases

226 views • 18 slides
Privilege Escala-on Manual privilege escala/on techniques on Unix

Privilege Escala-on Manual privilege escala/on techniques on Unix

Privilege Escala-on Manual privilege escala/on techniques on Unix and Windows Michal Knapkiewicz, May 2016 whoami Senior Consultant at Advanced Security

884 views • 51 slides
+ The Primacy of Client Privilege: Designing a Statutory Advice Privilege for Accredited

+ The Primacy of Client Privilege: Designing a Statutory Advice Privilege for Accredited

+ The Primacy of Client Privilege: Designing a Statutory Advice Privilege for Accredited Non-Lawyer Tax Advisors Nicole Wilson-Rogers, Annette Morgan and Dale Pinto + Structure Snapshot: Argument advanced in the paper Current Privileges

422 views • 17 slides
Attorney-Client Privilege Between Affiliated Entities: Who Owns the Privilege When Interests

Attorney-Client Privilege Between Affiliated Entities: Who Owns the Privilege When Interests

Presenting a live 90-minute webinar with interactive Q&A Attorney-Client Privilege Between Affiliated Entities: Who Owns the Privilege When Interests Diverge? Navigating the Complexities of Joint Representations During Litigation, Spinoffs,

889 views • 42 slides
Zones - Containers Server Consolidation Run multiple workloads on system Improve utilization of

Zones - Containers Server Consolidation Run multiple workloads on system Improve utilization of

Zones - Containers Server Consolidation Run multiple workloads on system Improve utilization of resources Reduce costs Run workloads in isolation Cannot observe others Security Isolation Running apps as different user not enough - privilege

274 views • 15 slides
I Control Your Code Attack Vectors through the Eyes of Software-based Fault Isolation Mathias

I Control Your Code Attack Vectors through the Eyes of Software-based Fault Isolation Mathias

I Control Your Code Attack Vectors through the Eyes of Software-based Fault Isolation Mathias Payer <mathias.payer@nebelwelt.net> Motivation Current exploits are powerful because Applications run on coarse-grained user-privilege

800 views • 39 slides
Side-channels Deian Stefan Slides adopted from Stefan Savage, Nadia Heninger, Sunjay Cauligi

Side-channels Deian Stefan Slides adopted from Stefan Savage, Nadia Heninger, Sunjay Cauligi

CSE 127: Computer Security Side-channels Deian Stefan Slides adopted from Stefan Savage, Nadia Heninger, Sunjay Cauligi Context Isolation is key to building secure systems Used to implement privilege separation, least privilege and

1.21k views • 103 slides
ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating

ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating

ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating auxiliary isolation rooms (CDC) SCRUBBERS - 1 ea to serve patient room, and 1 for Airlock Typically deployed on supplied wheel platform

144 views • 3 slides
Protecting Privilege in Post-Accident Investigations Successfully Asserting Attorney-Client

Protecting Privilege in Post-Accident Investigations Successfully Asserting Attorney-Client

Presenting a live 90-minute webinar with interactive Q&A Protecting Privilege in Post-Accident Investigations Successfully Asserting Attorney-Client Privilege, Self-Critical Analysis Privilege, Work Product Doctrine and More TUESDAY, MARCH

471 views • 36 slides
Principle of Least Privilege Dawn Song Principle of least privilege Privilege Ability to

Principle of Least Privilege Dawn Song Principle of least privilege Privilege Ability to

Computer Security Course. Dawn Computer Security Course. Dawn Song Song Principle of Least Privilege Dawn Song Principle of least privilege Privilege Ability to access or modify a resource Principle of least privilege A

429 views • 39 slides
Virtual Machine Introspection Isolation Interpretation Interposition Isolation

Virtual Machine Introspection Isolation Interpretation Interposition Isolation

Virtual Machine Introspection Isolation Interpretation Interposition Isolation From in-guest kernel/userspace Provided by Xen Buggy emulation blurres the line From trusted computing base (TCB) Possible via Xen

286 views • 26 slides
Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Dr Nick Saville Breaking out of the box Understanding rela5onships between learning and assessment Breaking out of the box - a metaphor for thinking about rela5onships and interpreta5ons breaking out breaking out of the box of the

895 views • 68 slides
2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The

2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The

1 Self Healing Network (Centralized Restoration Gateway) IEEE PES 2015 General Meeting 2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The operator makes switching decisions Automatic Fault Location

724 views • 22 slides
GCC Highlighted Products GSure Gel Extraction kit GSure Soil DNA Isolation kit GSure Sputum DNA

GCC Highlighted Products GSure Gel Extraction kit GSure Soil DNA Isolation kit GSure Sputum DNA

GSure Bacterial genomic DNA isolation kit GCC Highlighted Products GSure Gel Extraction kit GSure Soil DNA Isolation kit GSure Sputum DNA Isolation Kit GSure Stool DNA Isolation Kit GSure Urine DNA Isolation Kit GSure Yeast RNA

455 views • 23 slides
Introduction to pixel track isolation The purpose of track isolation algorithm is an additional

Introduction to pixel track isolation The purpose of track isolation algorithm is an additional

Introduction to pixel track isolation The purpose of track isolation algorithm is an additional improvement of level-1 pixel trigger performance. Procedure of pixel track isolation Reconstructed pixel tracks using kinematic parameters

669 views • 27 slides
#KEEPTHECONVERSATIONGOING Sick pay and self isolation Day one right SSP for up to 14 days

#KEEPTHECONVERSATIONGOING Sick pay and self isolation Day one right SSP for up to 14 days

#KEEPTHECONVERSATIONGOING Sick pay and self isolation Day one right SSP for up to 14 days will be reimbursed Self isolation notes from online 111 Self isolation and pay Working from Home Everyone should be working

398 views • 12 slides
Using technology to reduce social isolation: research on dementia and social isolation Professor

Using technology to reduce social isolation: research on dementia and social isolation Professor

Using technology to reduce social isolation: research on dementia and social isolation Professor Josie Tetley Dr Emma-Reetta Koivunen Ageing and Long Term Conditions Group Faculty of Health, Psychology & Social Care Manchester

338 views • 19 slides

More recommend