|
15.
12.
2014
Improving System Security Through TCB Reduction
Bernhard Kauer
TU Dresden
Sondertermin: 16:30 Uhr, INF/1004
The OS (Operating System) is the primary target of todays attacks. A single
exploitable defect can be sufficient to break the security of the system and
give fully control over all the software on the machine. Because current
operating systems are basically too large to be defect-free, the best approach
to improve the system security is to reduce their code to more manageable
levels. This work shows how the security critical part of the OS, the so called
TCB (Trusted Computing Base), can be reduced from millions to less than hundred
thousand lines of code to achieve these security goals. Shrinking the software
stack by more than an order of magnitude is an open challenge, since no single
technique can currently achieve this. We therefore followed a holistic approach
and improved the design and implementation of several system layers starting
with a new OS called NOVA. NOVA provides a small TCB for both newly written
applications but also for legacy code running inside virtual machines.
Virtualization is thereby the key technique to ensure that compatibility
requirements will not increase the minimal TCB of our system. The main
contribution of this work is to show how the Virtual Machine Monitor for NOVA
was implemented with significantly less lines of code without affecting the
performance of its guest OS. To reduce the overall TCB of our system other
parts had to be improved as well. Additional contributions are the
simplification of the OS debugging interface, the reduction of the boot-stack
and a new programming language called B1 that can be more easily compiled.
15.
12.
2014
Computing and Communications Resilience: The Keystone of Modern Global Applications
Paulo Verissimo
University of Luxembourg
Sondertermin: 15:00 Uhr, INF/2101
Computing and communications have become commodities which societies
largely depend on. However, security and dependability are often
neglected, and partial fixes have been the usual way to mend specific
problems and situations. The large-scale systems composing today's
internet-cloud complex must be able to cope as well with performance
crises, as with cascading failures, massive attacks, or persistent
stealth threats. Yet, the society has been incurring ever larger cyber
risks, without an effective protection, which can no longer be assured by
classical paradigms.
We have been arguing, as well as some other colleagues, for the need of a
paradigm shift that may result in a comprehensive approach to all those
threats, from first principles: "architecting and designing for
resilience", which in a nutshell, means: simultaneously coping with
accidental and malicious faults; providing protection in an incremental
way; and automatically adapting to a dynamic range of severity and
persistence of threats, some of which maybe a priori unknown.
This talk illustrates the problem, the fascinating research challenges it
places, and some avenues for solutions, laying out the general lines that
will guide the research of the CritiX group (Critical and Extreme
Security and Dependability) at SnT, the Interdisciplinary Centre for
Security, Reliability and Trust at the University of Luxembourg, within
the strategic PEARL-FNR programme on Information Infrastructure Security
and Dependability.
|