Link to CALCM Home  

Secure Computing on Untrusted Computer Systems

Tuesday February 26, 2008
Hamerschlag Hall D-210
4:00 pm

Arvind Seshadri
Carnegie Mellon University

Today computer systems are under attack from increasingly sophisticated malware, which operate stealthily and selectively target sensitive information such as passwords and financial data. Defences, such as anti-virus scanners, are unable to cope with such malware. The situation makes it difficult to say with confidence that any given computing device is not compromised by malware. In this talk, I will describe our research to answer the question: "How can we compute securely on malware compromised computing devices?", by discussing two of our projects, SecVisor and Pioneer.

SecVisor is a tiny hypervisor that guarantees code integrity for commodity OS kernels over the system lifetime. The attacker can control all hardware and software on the system, other than the CPU, the memory controller, and the memory chips, and can have the knowledge of zero-day kernel exploits. SecVisor defends against a wide variety of attacks including several kinds of kernel rootkits, hardware-based DMA attacks, and code injection via kernel buffer overflow exploits. Further, its small code size makes SecVisor amenable to formal verification and manual code audit.

Pioneer is a software-based primitive to dynamically instantiate a trusted execution environment on an untrusted computer system. The trusted environment provides that property that no malware potentially present on the untrusted system can interfere with the code that executes inside the environment. The primitive also allows an external verifier to verifiably invoke code for execution on the untrusted system. In particular, the verifier can verify if the trusted execution environment has been correctly instantiated on the untrusted system, and if the expected code has been invoked for execution. We have implemented Pioneer for a wide variety of computing devices: sensor nodes, cell phones, and personal computers.

Arvind Seshadri is a Ph.D. candidate in the Department of Electrical and Computer Engineering at Carnegie Mellon University. He is advised by Adrian Perrig and Pradeep Khosla. Arvind's research interest lies in the area of Computer Systems Security. In particular, he hopes to answer the question: "How can I compute securely on a potentially compromised computing device?"

For his thesis, Arvind has worked on the Pioneer primitive for Externally-verifiable Code Execution, and SecVisor, a tiny security hypervisor. More information about Arvind's research may be found on his webpage.


Department of Electrical and Computer EngineeringCarnegie Mellon UniversitySchool of Computer Science