Sam King,
Assistant Professor, CS
University of illinois
at Urbana-Champaign
“Designing, implementing, and defending against malicious hardware”
"Trust and Protection in the Illinois Browser Operating System"
Bio:
Samuel T. King is an assistant professor in the Computer Science department at the University of Illinois. His research interests include security, experimental software systems, operating systems, and computer architecture. His current research focuses include defending against malicious hardware, designing and implementing secure web browsers, and applying machine learning to systems problems. Sam received his PhD in Computer Science and Engineering from the University of Michigan in 2006.
University of Illinois at Urbana Champaign, Department of Computer Science
MAY 3, 2011 - 11:00 am cst
ACES, Room 2.302 AVAYA
Department of Computer Science
The University of Texas at Austin
Abstract:
The computer systems security arms race between attackers and defenders has largely taken place in the domain of software systems, but as hardware complexity and design processes have evolved, novel and potent hardware-based security threats are now possible. In this talk I will discuss a hybrid hardware/software approach to defending against malicious hardware.
I will discuss BlueChip, a defensive strategy that has both a design-time component and a runtime component. During the design verification phase, BlueChip invokes hardware testing algorithms to identify suspicious circuitry---those circuits not used or otherwise activated by any of the design verification tests. BlueChip removes the suspicious circuitry and replaces it with exception generation hardware. The exception handler software is responsible for providing forward progress by emulating the effect of the exception-generating instruction in software, effectively providing a detour around suspicious hardware. In our experiments, BlueChip is able to prevent all hardware attacks we evaluate while incurring a small runtime overhead.
I will also discuss the Illinois Browser Operating System (IBOS), a new OS from my research group designed to improve the security of low-level system software for web browsers. Current web browsers are complex, have enormous trusted computing bases, and provide attackers with easy access to modern computer systems. IBOS is a new operating system and a new browser that reduces the trusted computing base for web browsers. In our architecture we expose browser-level abstractions at the lowest software layer, enabling us to remove almost all traditional OS components and services from our trusted computing base by mapping browser abstractions to hardware abstractions directly. We show that this architecture is flexible enough to enable new browser security policies, can still support traditional applications, and adds little overhead to the overall browsing experience.