Betriebssysteme · Institut für Systemarchitektur · Fakultät Informatik · TU Dresden

15. 12. 2014

Improving System Security Through TCB Reduction

Bernhard Kauer

TU Dresden

Sondertermin: 16:30 Uhr, INF/1004

The OS (Operating System) is the primary target of todays attacks. A single exploitable defect can be sufficient to break the security of the system and give fully control over all the software on the machine. Because current operating systems are basically too large to be defect-free, the best approach to improve the system security is to reduce their code to more manageable levels. This work shows how the security critical part of the OS, the so called TCB (Trusted Computing Base), can be reduced from millions to less than hundred thousand lines of code to achieve these security goals. Shrinking the software stack by more than an order of magnitude is an open challenge, since no single technique can currently achieve this. We therefore followed a holistic approach and improved the design and implementation of several system layers starting with a new OS called NOVA. NOVA provides a small TCB for both newly written applications but also for legacy code running inside virtual machines. Virtualization is thereby the key technique to ensure that compatibility requirements will not increase the minimal TCB of our system. The main contribution of this work is to show how the Virtual Machine Monitor for NOVA was implemented with significantly less lines of code without affecting the performance of its guest OS. To reduce the overall TCB of our system other parts had to be improved as well. Additional contributions are the simplification of the OS debugging interface, the reduction of the boot-stack and a new programming language called B1 that can be more easily compiled.

15. 12. 2014

Computing and Communications Resilience: The Keystone of Modern Global Applications

Paulo Verissimo

University of Luxembourg

Sondertermin: 15:00 Uhr, INF/2101

Computing and communications have become commodities which societies largely depend on. However, security and dependability are often neglected, and partial fixes have been the usual way to mend specific problems and situations. The large-scale systems composing today's internet-cloud complex must be able to cope as well with performance crises, as with cascading failures, massive attacks, or persistent stealth threats. Yet, the society has been incurring ever larger cyber risks, without an effective protection, which can no longer be assured by classical paradigms.

We have been arguing, as well as some other colleagues, for the need of a paradigm shift that may result in a comprehensive approach to all those threats, from first principles: "architecting and designing for resilience", which in a nutshell, means: simultaneously coping with accidental and malicious faults; providing protection in an incremental way; and automatically adapting to a dynamic range of severity and persistence of threats, some of which maybe a priori unknown.

This talk illustrates the problem, the fascinating research challenges it places, and some avenues for solutions, laying out the general lines that will guide the research of the CritiX group (Critical and Extreme Security and Dependability) at SnT, the Interdisciplinary Centre for Security, Reliability and Trust at the University of Luxembourg, within the strategic PEARL-FNR programme on Information Infrastructure Security and Dependability.
16. Jan 2018
· Copyright © 2001-2010 Operating Systems Group, TU Dresden | Impressum ·