sego pervasive trusted metadata for efficiently verified
play

Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted - PowerPoint PPT Presentation

Mar 31, 2024 •278 likes •1.06k views

Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services Youngjin Kwon , Alan Dunn, Michael Lee, Owen Hofmann, Yuanzhong Xu, Emmett Witchel 1 Securing OS is difficult OS vulnerabilities in 2014 from national

  1. Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services Youngjin Kwon , Alan Dunn, Michael Lee, Owen Hofmann, Yuanzhong Xu, Emmett Witchel 1

  2. Securing OS is difficult OS vulnerabilities in 2014 from national vulnerability database (NVD) 160 Mac OS • Large attack surfaces iOS • System calls Linux Kernel 120 Window 8.1 • Ioctl interface Windows Server 2012 • 3rd party device 80 driver 40 0 # of vulnerabilites # of high ranked 
 vulnerabilites 2

  3. Securing OS is not enough Vulnerability distribution in 2014 from NVD 4% Getting root leads to control OS • 13% Privilege escalation vulnerability • Many APPs run with root permission • 83% Application OS Hardware 3

  4. Protecting application from malicious OS With trusted hypervisor • Overshadow (ASPLOS 2008) TrustVisor (IEEE S&P 2010) Read / modify Application InkTag (ASPLOS 2013) code or data Sego (ASPLOS 2016) With compiler instrumentation • VirtualGhost (ASPLOS 2014) Operating system With hardware (SGX) support • Haven (OSDI 2014) 4

  5. Outline • Previous system • Sego eliminates encryption and hashing • Sego provides crash consistency and recovery • Conclusion 5

  6. How do previous systems work? 6

  7. Trust model System overview Sego library Secure APP Interpose syscall • APP cooperate with hypervisor • Sego library hypercall Guest operating system Hypervisor Trusted Hardware Untrusted 7

  8. Hypervisor encrypts memory for secrecy APP OS Hypervisor storage Plaintext Ciphertext RAM Software 8

  9. Hypervisor encrypts memory for secrecy 1. APP reads/writes memory page A APP B OS Hypervisor C storage Plaintext Ciphertext RAM Software 8

  10. Hypervisor encrypts memory for secrecy 1. APP reads/writes memory page A APP 2. OS wants to swap page B OS Hypervisor C storage Plaintext Ciphertext RAM Software 8

  11. Hypervisor encrypts memory for secrecy 1. APP reads/writes memory page A APP 2. OS wants to swap page 0110 OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage Plaintext Ciphertext RAM Software 8

  12. Hypervisor encrypts memory for secrecy 1. APP reads/writes memory page A APP 2. OS wants to swap page 0110 OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage 4. OS swaps encrypted page Plaintext Ciphertext RAM Software 8

  13. Hypervisor encrypts memory for secrecy 1. APP reads/writes memory page A APP 2. OS wants to swap page 0110 OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage 4. OS swaps encrypted page Plaintext Ciphertext RAM Software 8

  14. Hypervisor hashes memory for integrity APP OS Hypervisor storage Metadata Plaintext Ciphertext H Hash Hypervisor memory Software RAM 9

  15. Hypervisor hashes memory for integrity 1. APP reads/writes memory page a) HYP maintains metadata A APP B OS Hypervisor C storage mA Metadata mB Plaintext Ciphertext H Hash Hypervisor mC memory Software RAM 9

  16. Hypervisor hashes memory for integrity 1. APP reads/writes memory page a) HYP maintains metadata A APP 2. OS wants to swap page B OS Hypervisor C storage mA Metadata mB Plaintext Ciphertext H Hash Hypervisor mC memory Software RAM 9

  17. Hypervisor hashes memory for integrity 1. APP reads/writes memory page a) HYP maintains metadata A APP 2. OS wants to swap page 0110 OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage b) Hashes page mA Metadata mB Plaintext Ciphertext H Hash Hypervisor mC memory Software RAM 9

  18. Hypervisor hashes memory for integrity 1. APP reads/writes memory page a) HYP maintains metadata A APP 2. OS wants to swap page 0110 OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage b) Hashes page mA Metadata mB Plaintext H Ciphertext H Hash Hypervisor mC memory Software RAM 9

  19. Hypervisor hashes memory for integrity 1. APP reads/writes memory page a) HYP maintains metadata A APP 2. OS wants to swap page 0110 OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage b) Hashes page 4. OS swaps the encrypted page mA Metadata mB Plaintext H Ciphertext H Hash Hypervisor mC memory Software RAM 9

  20. Hypervisor hashes memory for integrity 1. APP reads/writes memory page a) HYP maintains metadata A APP 2. OS wants to swap page 0110 OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage b) Hashes page 4. OS swaps the encrypted page mA Metadata mB Plaintext H Ciphertext H Hash Hypervisor mC memory Software RAM 9

  21. Hypervisor hashes memory for integrity 1. APP reads/writes memory page a) HYP maintains metadata A APP 2. OS wants to swap page 0110 OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage b) Hashes page 4. OS swaps the encrypted page mA Metadata 5. APP accesses page mB Plaintext H a) OS swaps in Ciphertext H Hash Hypervisor mC b) HYP checks hash memory Software c) HYP decrypts page RAM 9

  22. Hypervisor hashes memory for integrity 1. APP reads/writes memory page a) HYP maintains metadata A APP 2. OS wants to swap page 0110 OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage b) Hashes page 4. OS swaps the encrypted page mA Metadata 5. APP accesses page mB Plaintext H a) OS swaps in Ciphertext H Hash Hypervisor mC b) HYP checks hash memory Software c) HYP decrypts page RAM 9

  23. Hypervisor hashes memory for integrity 1. APP reads/writes memory page a) HYP maintains metadata A APP 2. OS wants to swap page 0110 H OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage b) Hashes page 4. OS swaps the encrypted page mA Metadata 5. APP accesses page mB Plaintext H a) OS swaps in Ciphertext H Hash Hypervisor mC b) HYP checks hash memory Software c) HYP decrypts page RAM 9

  24. Hypervisor hashes memory for integrity 1. APP reads/writes memory page a) HYP maintains metadata A APP 2. OS wants to swap page 0110 B H OS 1010 3. Hypervisor blocks OS Hypervisor C a) Encrypts page storage b) Hashes page 4. OS swaps the encrypted page mA Metadata 5. APP accesses page mB Plaintext H a) OS swaps in Ciphertext H Hash Hypervisor mC b) HYP checks hash memory Software c) HYP decrypts page RAM 9

  25. Performance cost of encryption and hashing • Performance of encryption and hashing • AES-NI (GCM) supported in processor • 800MB/s - 1.2 GB/s • Performance of a single IO device • Commodity SSD : 520MB/s • Fusion-io ioDrive : 1GB ~ 1.5GB/s • IO bandwidth can overwhelm encryption bandwidth! 10

  26. OS Memory Services • Modern services require OS to touch memory • Transparent page sharing • Multiple virtual machines consume less memory • Overshadow/InkTag can not support it • Memory compaction • OS defragments memory for large pages • Better TLB utilization • We must make OS access to APP pages more efficient 11

  27. Sego eliminates encryption and hashing by using trusted metadata 12

  28. Replace encryption and hashing with hypercalls APP OS Sego hypervisor protected data Hypervisor Software memory 13

  29. Replace encryption and hashing with hypercalls 1. APP reads/writes memory page a) HYP maintains metadata APP A OS B Sego C hypervisor mA mB protected data mC Hypervisor Software memory 13

  30. Replace encryption and hashing with hypercalls 1. APP reads/writes memory page a) HYP maintains metadata APP A OS B Sego C hypervisor mA mB protected data mC Hypervisor Software memory 13

  31. Replace encryption and hashing with hypercalls 1. APP reads/writes memory page a) HYP maintains metadata APP A 2. OS is not allowed to access OS B protected memory pages Sego C hypervisor mA mB protected data mC Hypervisor Software memory 13

  32. Replace encryption and hashing with hypercalls 1. APP reads/writes memory page a) HYP maintains metadata APP A 2. OS is not allowed to access OS B protected memory pages Sego C hypercall hypervisor 3. OS sends hypercall to move memory pages mA mB protected data mC Hypervisor Software memory 13

  33. Replace encryption and hashing with hypercalls 1. APP reads/writes memory page B a) HYP maintains metadata APP A 2. OS is not allowed to access OS protected memory pages Sego C hypercall hypervisor 3. OS sends hypercall to move memory pages mA 4. Hypervisor moves the mB memory page protected data mC Hypervisor Software memory 13

  34. Sego persists data with metadata Virtualized block device • APP A Virtual hard disk/SSD • Sees/controls all I/O • OS B Buffers guest IO in host • Sego hypervisor C C memory Virtualized block device Hypervisor storage • mA Invisible to OS • mB Holds trusted metadata • protected mC mC Hypervisor data memory Software OS Hypervisor storage storage 14

  35. Sego persists data with metadata Virtualized block device • APP A Virtual hard disk/SSD • Sees/controls all I/O • OS B IO Buffers guest IO in host • Sego hypervisor buffer C C memory Virtualized block device Read Hypervisor storage • mA Invisible to OS • mB Holds trusted metadata • protected mC mC Hypervisor data memory Software OS Hypervisor storage storage 14

Recommend

Privacy laws and pervasive sensing / big data: forever incommensurate? Trusted Personal Data

Privacy laws and pervasive sensing / big data: forever incommensurate? Trusted Personal Data

Privacy laws and pervasive sensing / big data: forever incommensurate? Trusted Personal Data Management Panel, TdW Conference Max Mhlhuser Technische Universitt Darmstadt Information Self-Determination EU Charter of fundamental rights:

251 views • 7 slides
for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted

for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted

Towards Verified C specification for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted Computing, an initiative by major IT vendors Functions: integrity measurement, reporting & protected storage

374 views • 16 slides
Security for Pervasive Computing CS239 Kevin Eustice V. Ramakrishna 4/24/06 What is Pervasive

Security for Pervasive Computing CS239 Kevin Eustice V. Ramakrishna 4/24/06 What is Pervasive

Security for Pervasive Computing CS239 Kevin Eustice V. Ramakrishna 4/24/06 What is Pervasive Computing? One Vision of Pervasive Computing PHYSICAL INTEGRATION Coffee Shop Personal Network Change route! My location? L o c a t i

318 views • 20 slides
Pervasive Devices Pervasive Devices: Low memory, few gates Low power, no clock, little

Pervasive Devices Pervasive Devices: Low memory, few gates Low power, no clock, little

Authenticating Pervasive Devices with Human Protocols Ari Juels Stephen A. Weis RSA Laboratories MIT CSAIL Pervasive Devices Pervasive Devices: Low memory, few gates Low power, no clock, little state Low computational power

611 views • 20 slides
m e t a d a t a how much of a difference does metadata really make to your bottom line?

m e t a d a t a how much of a difference does metadata really make to your bottom line?

it might be the giant in the room, but it doesnt ha ve t o be scary l e t s t a l k a b o u t What is metadata? What differentiates great metadata from merely good? Do you really need to worry about it? As a publisher, m

253 views • 6 slides
BALANCE: Towards a Usable Pervasive Wellness Application with Pervasive Wellness Application with

BALANCE: Towards a Usable Pervasive Wellness Application with Pervasive Wellness Application with

BALANCE: Towards a Usable Pervasive Wellness Application with Pervasive Wellness Application with Accurate Activity Inference Tamara Denning, Adrienne Andrew, Rohit Chaudhri, Carl Hartung, Jonathan Lester, Gaetano Borriello, Glen Duncan

584 views • 23 slides
Pervasive Computing: Opportunities and Challenges Dimitris Kalofonos Pervasive Computing Group

Pervasive Computing: Opportunities and Challenges Dimitris Kalofonos Pervasive Computing Group

Pervasive Computing: Opportunities and Challenges Dimitris Kalofonos Pervasive Computing Group (PCG) Nokia Research Center, Boston 1 ASWN04 Panel Discussion, August 10, 2004, Dimitris Kalofonos The Vision for Pervasive Computing (PC)

128 views • 9 slides
PERVASIVE Home ! Work ! Play 2 2 Pervasive (Home) TURBOCHEF www.turbochef.com MOXI

PERVASIVE Home ! Work ! Play 2 2 Pervasive (Home) TURBOCHEF www.turbochef.com MOXI

Embedded Systems Silicon Valley 2011 ESC-202 Implementing Secure Remote Firmware Updates Tuesday May 3 rd , 8:00 9:15 Loren Shade loren@allegrosoft.com 1 1 PERVASIVE Home ! Work ! Play 2 2 Pervasive (Home) TURBOCHEF

435 views • 14 slides
From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA

From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA

From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA Airlines Omar SEFIANI - Stphane BOUGET, Boehringer Ingelheim DH13, PhUSE Barcelona 2016, October, 12 th Outline Background Metadata Driven

683 views • 19 slides
Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for

Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for

Esri International User Conference | San Diego, CA Technical Workshops | 2011-07-12 Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for Multiple Standards New Tools and Workflows Metadata Editor

332 views • 22 slides
MobiDIS A Pervasive A Pervasive MobiDIS Architecture for Emergency Architecture for

MobiDIS A Pervasive A Pervasive MobiDIS Architecture for Emergency Architecture for

MobiDIS A Pervasive A Pervasive MobiDIS Architecture for Emergency Architecture for Emergency Management Management Massimiliano de Leoni Fabio De Rosa Massimo Mecella Univ. Roma LA SAPIENZA, Italy Dipartimento di Informatica e

1.18k views • 33 slides
UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized

UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized

UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized metadata improves usability and comparability Metadata (and data) that follow specific standardized patterns: are easier for users to interpret

991 views • 19 slides
Scaling-up SLA Monitoring in Scaling-up SLA Monitoring in Pervasive Environments Pervasive

Scaling-up SLA Monitoring in Scaling-up SLA Monitoring in Pervasive Environments Pervasive

Istituto di Scienza e Tecnologie dell'Informazione A. Faedo Software Engineering Laboratory Scaling-up SLA Monitoring in Scaling-up SLA Monitoring in Pervasive Environments Pervasive Environments Engineering of Software Services for

677 views • 22 slides
DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following

DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following

DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following are design concerns for whatever new metadata system is written or adopted. They are written from the point of view of data management operations and

166 views • 4 slides
Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Differential Refinement Logic Sarah M. Loos and Andr Platzer Computer Science Department Carnegie Mellon University 1 Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j p x k x i

1.97k views • 179 slides
LinkChains: Trusted Personal Linked Data Allan Third and John Domingue

LinkChains: Trusted Personal Linked Data Allan Third and John Domingue

LinkChains: Trusted Personal Linked Data Allan Third and John Domingue {allan.third,john.domingue}@open.ac.uk Motivation Motivation Motivation The FAIR Principles F indable Globally persistent IDs and metadata A ccessible

700 views • 23 slides
Inducing Efficiently Inducing Efficiently optimizi optimizing outpati ng outpatient i ent

Inducing Efficiently Inducing Efficiently optimizi optimizing outpati ng outpatient i ent

Inducing Efficiently Inducing Efficiently optimizi optimizing outpati ng outpatient i ent induction nduction of labour of labour Janet Lyons Henry Woo MD FRCSC MD MPH CCFP FRCSC Medical Lead, High Risk Obstetrics

913 views • 54 slides
TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

703 views • 48 slides
Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and

Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and

Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and William E. Moen University of North Texas International conference Open Repositories 2013 Charlottetown, Prince Edward Island, Canada Paper presented at

474 views • 25 slides
Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus

Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus

From the office of Texas Conference of SDA Human Resources ___________________________________ Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus She will be working with every church and

279 views • 5 slides
Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and affordable caregivers to families on demand. Why create RestUp? Americans provide $470 Billion in unpaid care in 2015. Emergency Staffing

324 views • 8 slides
Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda What is Verified Boot? Description of Verified Boot Components Q&A What Is Verified Boot? Verified Boot establishes a chain of

432 views • 19 slides
Pervasive and ubiquitous computing and MazeMap Paper 4, 9 and 15 Sergi Orra Gener Pervasive

Pervasive and ubiquitous computing and MazeMap Paper 4, 9 and 15 Sergi Orra Gener Pervasive

Pervasive and ubiquitous computing and MazeMap Paper 4, 9 and 15 Sergi Orra Gener Pervasive Computing Vs Ubiquitous Computing Main goal and challenges The knowledge of human behaviour. Challenges: Too much data to process. Too

432 views • 4 slides
Where we are going Where we have been Where we are now PUSD Running ning Ef Efficiently

Where we are going Where we have been Where we are now PUSD Running ning Ef Efficiently

Where we are going Where we have been Where we are now PUSD Running ning Ef Efficiently iently Running efficiently despite our obstacles Desp spit ite e our Obsta tacles cles Miller Valley Elementary School Washington Elementary

341 views • 18 slides

More recommend