Hardware, Languages, and Architectures for Defense Against

Hostile Operating Systems(DHOSA)

Vikram Adve, Krste Asanović, David Evans, Sam King, Greg

Morrisett, R. Sekar, Dawn Song, David Wagner (PI)

http://www.dhosa.org/

Vikram Adve(UIUC)

Krste Asanović(UC Berkeley)

David Evans(U Virginia)

Sam King(UIUC)

Greg Morrisett(Harvard)

R. Sekar(Stony Brook)

Dawn Song(UC Berkeley)

David Wagner(UC Berkeley)

OverviewConventional wisdom: If the OS is malicious or subverted, you are hosed.

This project: Actually, maybe there is hope…

Project goal: Explore new approaches to defend against a malicious OS.

Problem StatementDefend against a compromised, hostile, or malicious operating system.

Today: If the OS is malicious, all is lost.

Desired end state: We can survive a malicious OS, perhaps with degraded functionality or availability.

Exploring New Territory• This is exploratory research.

(Not an engineering project.)• We are exploring many approaches to

the problem. We do not know which will prove most effective. Some may fail.

• We hope some of our ideas will have applications to other security problems outside of the hostile OS problem.

TRANSFORMATION

HARDWARE SYSTEM ARCHITECTURES

SVA

Binary translation and

emulation

Formal methods

Hardware support for isolation

Dealing with malicious hardware

Cryptographic secure

computation

Data-centric security

Secure browser appliance

Secure servers

WEB-BASED ARCHITECTURES

e.g., Enforce properties on a malicious OS

e.g., Prevent dataexfiltration

e.g., Enable complex distributed systems, with resilience to hostile OS’s

Agenda 8:30- 9:00 Welcome + Overview 9:00- 9:30 Secure Virtual Architecture 9:30- 9:50 Binary translation 9:50-10:20 Formal methods10:20-10:35 Testing binary emulators

10:50-11:10 Hardware support11:10-11:25 Defenses against malicious hardware11:25-11:40 Cryptographic secure computation

11:40-12:20 Lunch

12:20-12:50 Data-centric security12:50- 1:20 Secure web-based architecture

1:20- 1:45 Discussion and feedback