1 / 13

Architectures for Secure Systems

Architectures for Secure Systems. David Evans University of Virginia. Systems-Level Issues. Many scientific and engineering issues appear between layers Combining secure primitives is not always secure Functionality and performance Policy

thom
Download Presentation

Architectures for Secure Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Architectures for Secure Systems David Evans University of Virginia

  2. Systems-Level Issues • Many scientific and engineering issues appear between layers • Combining secure primitives is not always secure • Functionality and performance • Policy • Techniques for enforcing policies on untrusted systems • Need to understand what policies work for real systems

  3. Traditional Model Data Client Once your data has left the building, all control is lost.

  4. Client-in-Field Scenario Client Server When is it safe to send data to a possibly-compromised client? How can we securely control what is done with that data? Data Secure Data Center

  5. Client-in-Field Scenario Client Server When is it safe to trust data from a possibly-compromised client? How can we securely track provenance of data? Data Secure Data Center

  6. Cloud Scenario Producer Code Data Consumer Data

  7. Distributed Trust Cloud Scenario Producer 1 Code Data Data Policy Policy Producer 2 Code

  8. End-to-End Web Systems Java Script Renderer Browser Kernel Data Policy Security Kernel Network TPM Validator Client Server

  9. Bootstrapping Trust Java Script Renderer Browser Kernel Data Policy Security Kernel TPM Validator Server Client TPM attests to valid Security Kernel Security Kernel enforces policy

  10. Data-Oriented Computing • Bind data with a policy: across server and client • Policy constrains what code can operate on data • Platform enforces policy constraints • Binary rewriting, hardware mechanisms • Cryptographic mechanisms ensure integrity of data+policy across systems • No reliance on OS for protection: only on security kernel to ensure rewriting

  11. Research Directions: Web Systems • System design • Trusted external host validates client • Producers and consumers validate cloud • Validating hosts • Minimizing the trusted base: verify the rewriter • Attestation approaches: • Late launch: new security and browser kernel • Continuous validation: external host models client, sends repeated challenges

  12. Research Directions: Data-Oriented Computing • Data-oriented security policies • Fine-grained types: enforceable by SVA • Richer policies: enforceable by binary-rewriting • Support throughout tool-chain • Automate production of information flow policies from source code • Identify code fragments that manipulate critical data: • Restrict data to be modified by that code • Rearrange code to minimize critical code size

  13. Questions

More Related