|
An operating system is the key software of a computer system that manages the hardware and software resources and provides essential services to computer programs. It plays a critical role in the security of the whole system. Unfortunately, modern operating systems are often bloated with millions of lines of source code, and serious vulnerabilities are routinely being discovered and exploited from them. Researchers have proposed various novel solutions based on the "one-layer-below" approach, in which a more privileged software component (i.e., a hypervisor) is introduced to monitor and/or regulate the operating system?s behavior. However, the large trusted computing base of modern hypervisors and the recent attacks against them put this approach into question. This project aims at developing a systematic approach to improve the trustworthiness of operating systems by enabling their self-defense, without resorting to other software layers that may be vulnerable themselves.
The goal of this project is being achieved in three key steps: first, the project develops a kernel-level security enclave that will provide a trusted, secure execution environment for other security systems and mechanisms. Second, based on the strong isolation provided by the enclave, the researchers design and implement several self-defense techniques for operating system kernels. Third, a cold-boot attack is a powerful physical attack that can extract sensitive information from the physical memory of a lost or stolen computer (including mobile devices). It has become a major security concern for corporations and governments. This project investigates a comprehensive defense against cold-boot attacks by encrypting the whole memory of a sensitive program on commodity hardware platforms. The results from this project could substantially improve our defensive capabilities against malicious and stealthy kernel-level malware and cold-boot attacks, and thus significantly improving the trustworthiness of computer systems. Research results are disseminated through publications, releasing of the tools developed, and integrating into the educational activities at both the graduate and undergraduate levels.
|
CAREER: Towards Trustworthy Operating Systems