Secure Computing on Untrusted Computer Systems
Tuesday February 26, 2008
Hamerschlag Hall D-210
4:00 pm
Arvind Seshadri
Carnegie Mellon University
Today computer systems are under attack from increasingly
sophisticated malware, which operate stealthily and selectively target
sensitive information such as passwords and financial data. Defences,
such as anti-virus scanners, are unable to cope with such malware. The
situation makes it difficult to say with confidence that any given
computing device is not compromised by malware. In this talk, I will
describe our research to answer the question: "How can we compute
securely on malware compromised computing devices?", by discussing two
of our projects, SecVisor and Pioneer.
SecVisor is a tiny hypervisor that guarantees code integrity for
commodity OS kernels over the system lifetime. The attacker can
control all hardware and software on the system, other than the CPU,
the memory controller, and the memory chips, and can have the
knowledge of zero-day kernel exploits. SecVisor defends against a wide
variety of attacks including several kinds of kernel rootkits,
hardware-based DMA attacks, and code injection via kernel buffer
overflow exploits. Further, its small code size makes SecVisor amenable
to formal verification and manual code audit.
Pioneer is a software-based primitive to dynamically instantiate a
trusted execution environment on an untrusted computer system. The
trusted environment provides that property that no malware potentially
present on the untrusted system can interfere with the code that
executes inside the environment. The primitive also allows an external
verifier to verifiably invoke code for execution on the untrusted
system. In particular, the verifier can verify if the trusted
execution environment has been correctly instantiated on the untrusted
system, and if the expected code has been invoked for execution. We
have implemented Pioneer for a wide variety of computing devices:
sensor nodes, cell phones, and personal computers.
Arvind Seshadri is a Ph.D. candidate in the Department of Electrical
and Computer Engineering at Carnegie Mellon University. He is advised
by Adrian Perrig and Pradeep Khosla. Arvind's research interest lies
in the area of Computer Systems Security. In particular, he hopes to
answer the question: "How can I compute securely on a potentially
compromised computing device?"
For his thesis, Arvind has worked on the Pioneer primitive for
Externally-verifiable Code Execution, and SecVisor, a tiny security
hypervisor. More information about Arvind's research may be found on
his webpage.
|