the ideal versus the real a brief history of secure
play

The ideal versus the real: a brief history of secure isolatoo io - PowerPoint PPT Presentation

The ideal versus the real: a brief history of secure isolatoo io virtual machioes aod cootaioers Allisoo Raodal University of Cambridge Except where otherwise ooted, liceosed uoder Creatve Commoos Atributoo ShareAlike 4.0 Ioteroatooal. Between


  1. The ideal versus the real: a brief history of secure isolatoo io virtual machioes aod cootaioers Allisoo Raodal University of Cambridge Except where otherwise ooted, liceosed uoder Creatve Commoos Atributoo ShareAlike 4.0 Ioteroatooal.

  2. Between the idea And the reality Between the moton And the act Falls the Shadow –T.S. Eliot, “The Hollow Meo”

  3. Secure Isolatoo Host OS Host OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS

  4. Secure Isolatoo Host OS Host OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS

  5. Secure Isolatoo Host OS Host OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS

  6. Secure Isolatoo Host OS OS OS OS OS OS OS OS OS OS

  7. Secure Isolatoo Host OS OS OS OS OS OS OS OS OS OS

  8. a securely isolated process, ruooiog oo a keroel, cootaioiog ao OS image

  9. Capsicum BSD jails chroot SunOS Solaris Zones Multics UNIX Borg Kubernetes VServer Chicago Magic Number Machine OpenVZ MINIX Linux LXC Docker OCI CAL-TSS Plessey System 250 POSIX POSIX.1e Kata capabilities B5000 QEMU NEMU CAP KVM iAPX 432 multiprogramming Denali ukvm hvt System/38 AWS CP-40/CMS CP-67/CMS VM/370 Disco VMware Xen LightVM M44/44X 1950 1960 1970 1980 1990 2000 2010 today

  10. BSD chroot SunOS Solar Multics UNIX Chicago Magic Number Machine MINIX Linux CAL-TSS Plessey System 250 POSIX PO capabilities B5000 CAP iAPX 432 multiprogramming System/38 CP-40/CMS CP-67/CMS VM/370 M44/44X 1950 1960 1970 1980 1990

  11. 1950s ● Multprogrammiog 1 2 – multtaskiog – multprocessiog: I/qO processors aod multple CPUs – tme-shariog – iocrease utlizatoo – risk of disruptoo – complex to program ● keroel isolatoo 3 2 1 E. F. Codd, E. S. Lowry, E. McDooough, aod C. A. Scalzi. Multprogrammiog STRETCH: Feasibility Coosideratoos. Communicatons of the ACM , 2(11):13–17, Nov. 1959. 2 A. Opler aod N. Baird. Multprogrammiog: The Programmer’s View. In Proceedings of the 14th Natonal Meetng of the Associaton for Computng Machinery , 1–4, 1959. 3 J. P. Buzeo aod U. O. Gagliardi. The Evolutoo of Virtual Machioe Architecture. In Proceedings of the Natonal Computer Conference and Expositon, AFIPS ’73, 291– PDP-1, (C) 2006, Mathew Hutchiosoo, CC BY 2.0 299, 1973.

  12. BSD chroot SunOS Solar Multics UNIX Chicago Magic Number Machine MINIX Linux CAL-TSS Plessey System 250 POSIX PO capabilities B5000 CAP iAPX 432 multiprogramming System/38 CP-40/CMS CP-67/CMS VM/370 M44/44X 1950 1960 1970 1980 1990

  13. 1960s ● Capabilites – B5000 1 descriptors – theoretcal 2 protected memory, owoership, subsets – MIT implemeotatoo oo (modifed) PDP-1 3 – Chicago Magic Number Machioe 4 Burroughs B5000, origio uokoowo htp:/q /qwww.retrocomputogtasmaoia.com/qhome/qprojects/q burroughs-b5500/qb5000_b5500_gallery – CAL-TSS 4 – Provably Secure Operatog System 5 6 1 A. J. W. Mayer. The Architecture of the Burroughs B5000: 20 Years Later aod Stll Ahead of the Times? SIGARCH Comput. Archit. News , 10(4):3–10, Juoe 1982. 2 J. B. Deoois aod E. C. Vao Horo. Programmiog Semaotcs for Multprogrammed Computatoos. Communicatons of the ACM , 9(3):143–155, Mar. 1966. 3 W. B. Ackermao aod W. W. Plummer. Ao Implemeotatoo of a Multprocessiog Computer System. In Proceedings of the First ACM Symposium on Operatng System Principles (SOSP ’67), 5.1–5.10, 1967. 4 H. M. Levy. Capability-Based Computer Systems . Digital Press, 1984. 5 P. G. Neumaoo. A Provably Secure Operatog System: The system, its applicatoos, aod proofs. Technical report, Computer Science Laboratory, SRI Internatonal , 1980. 6 P. G. Neumaoo aod R. J. Feiertag. PSOS revisited. In Proceedings of the 19 th Annual Computer Security Applicatons Conference , 208–216, Dec. 2003.

  14. 1960s ● VMs – M44/q44X 1 virtual memory – CP-40/qCMS 2 , CP-67/qCMS 3 for IBM System/q360 ioterrupt separatoo, paged guest memory, simulated devices, efcieot utlizatoo ● OS – Multcs 4 – Uoix 5 1 R. A. Nelsoo. Mapping Devices and the M44 Data Processing System . Research Report RC-1303, IBM Thomas J. Watsoo Research Ceoter. 1964. 2 R. J. Adair, R. U. Bayles, L. W. Comeau, aod R. J. Creasy. A Virtual Machine System for the 360/40 . Techoical Report 36.010, IBM Cambridge Scieotfc Ceoter, May 1966. 3 Control Program-67 Cambridge Monitor System . IBM Type III Release No. 360D-05.2.005. IBM Corporatoo, Oct. 1971. 4 J. B. Deoois. Segmeotatoo aod the Desigo of Multprogrammed Computer Systems. Journal of the ACM , 12(4):589–602, Oct. 1965. 5 D. Ritchie. The Evolutoo of the Uoix Time-Shariog System. In Proceedings of a Symposium on Language Design and Programming Methodology , 25–36, 1980. Sprioger-Verlag.

  15. BSD jails chroot SunOS Solaris Multics UNIX VSer Chicago Magic Number Machine O MINIX Linux CAL-TSS Plessey System 250 POSIX POSIX.1e capabilities B5000 CAP iAPX 432 ming System/38 CP-40/CMS CP-67/CMS VM/370 Disco VMware M44/44X 1960 1970 1980 1990 2000

  16. 1970s ● Capabilites – Plessey System 250 1 telephooe-switch cootroller – CAP 2 hardware aod OS – Iotel iAPX 432 3 poor performaoce 4 – IBM System/q38 5 CAP, (C) 2004, Daderot, CC BY-SA 3.0 1 D. M. Eoglaod. Capability Coocept Mechaoism aod Structure io System 250. In Proceedings of the Internatonal Workshop on Protecton in Operatng Systems , 63–82, Aug. 1974. IRIA. 2 R. M. Needham aod R. D. H. Walker. The Cambridge CAP Computer aod its protectoo system. In Proceedings of the Sixth ACM Symposium on Operatng Systems Principles , 1– 10, Nov. 1977. ACM. 3 iAPX 432 General Data Processor Architecture Reference Manual . Iotel Corporatoo, 1981. 4 P. M. Haoseo, M. A. Liotoo, R. N. Mayo, M. Murphy, aod D. A. Patersoo. A Performaoce Evaluatoo of the Iotel iAPX 432. SIGARCH Comput. Archit. News , 10(4):17–26, Juoe 1982. 5 M. E. Houdek, F. G. Solts, aod R. L. Hofmao. IBM System/q38 Support for Capability-based Addressiog. In Proceedings of the 8th Annual Symposium on Computer Architecture , 341–348, 1981. IEEE.

  17. 1970s ● VMs – VM/q370 1 for IBM System/q370 virtual memory hardware – “Sioce a privileged sofware oucleus has, io priociple, oo way of determioiog whether it is ruooiog oo a virtual or a real machioe, it has oo way of spyiog oo or alteriog aoy other virtual machioe that may be coexistog with it io the same system. […] Io practce oo virtual machioe is completely equivaleot to its real machioe couoterpart.” 2 ● OS – BSD 3 – chroot 4 flesystem oamespaces 1 R. J. Creasy. The Origio of the VM/q370 Time-Shariog System. IBM Journal of Research and Development , 25(5):483–490, Sept. 1981. 2 J. P. Buzeo aod U. O. Gagliardi. The Evolutoo of Virtual Machioe Architecture. In Proceedings of the Natonal Computer Conference and Expositon, AFIPS ’73, 291–299, 1973. 3 M. K. McKusick, M. J. Karels, K. Sklower, K. Fall, M. Teitelbaum, aod K. Bostc. Curreot Research by The Computer Systems Research Group of Berkeley. In Proceedings of the European UNIX Users Group , Apr. 1989. 4 B. Keroighao aod M. McIlroy. UNIX Time-sharing System: UNIX Programmer’s Manual, volume 1, Seventh Editon . Bell Telephooe Laboratories, 1979.

  18. Caps BSD jails chroot SunOS Solaris Zones Multics UNIX Borg VServer Chicago Magic Number Machine OpenVZ MINIX Linux LXC CAL-TSS Plessey System 250 POSIX POSIX.1e capabilities QEMU CAP KV iAPX 432 Denali System/38 AWS CP-40/CMS CP-67/CMS VM/370 Disco VMware Xen 44/44X 1970 1980 1990 2000

  19. 1980s ● persooal computog 1 & mooolithic servers ● hardware without virtualizatoo support 2 ● geoeral purpose OS ● Iotel x86 3 “a crash program…to IMSAI 8080 from “WarGames”, (C) 1983, MGM/qUA save Iotel’s market share” 4 ● RISC 5 vs CISC 1 R. J. Creasy. The Origio of the VM/q370 Time-Shariog System. IBM Journal of Research and Development , 25(5):483–490, Sept. 1981. 2 L. I. Dickmao. Small Virtual Machioes: A Survey. In Proceedings of the Workshop on Virtual Computer Systems , 191–202, 1973. ACM. 3 S. P. Morse, B. W. Raveiel, S. Mazor aod W. B. Pohimao. Iotel Microprocessors–8008 to 8086. IEEE Computer , 13(10): 42-60, Oct. 1980. 4 S. Mazor. Iotel’s 8086. IEEE Annals of the History of Computng , 32(1):75–79, Jao. 2010. 5 D. A. Patersoo aod C. H. Sequio. RISC I: A Reduced Iostructoo Set VLSI Computer. In Proceedings of the 8th Annual Symposium on Computer Architecture , 443–457, 1981. IEEE.

  20. Capsicum BSD jails chroot SunOS Solaris Zones UNIX Borg Kubernetes VServer ber Machine OpenVZ MINIX Linux LXC Docker OCI CAL-TSS Plessey System 250 POSIX POSIX.1e QEMU CAP KVM iAPX 432 Denali System/38 AWS -67/CMS VM/370 Disco VMware Xen 1970 1980 1990 2000 2010

Recommend


More recommend