|
Sam King, “Designing, implementing, and defending against malicious hardware” "Trust and Protection in the Illinois Browser Operating System" |
|
University of Illinois at Urbana Champaign, Department of Computer Science
|
MAY 3, 2011 - 11:00 am cst Abstract:
I will discuss BlueChip, a defensive strategy that has both a design-time component and a runtime component. During the design verification phase, BlueChip invokes hardware testing algorithms to identify suspicious circuitry---those circuits not used or otherwise activated by any of the design verification tests. BlueChip removes the suspicious circuitry and replaces it with exception generation hardware. The exception handler software is responsible for providing forward progress by emulating the effect of the exception-generating instruction in software, effectively providing a detour around suspicious hardware. In our experiments, BlueChip is able to prevent all hardware attacks we evaluate while incurring a small runtime overhead. I will also discuss the Illinois Browser Operating System (IBOS), a new OS from my research group designed to improve the security of low-level system software for web browsers. Current web browsers are complex, have enormous trusted computing bases, and provide attackers with easy access to modern computer systems. IBOS is a new operating system and a new browser that reduces the trusted computing base for web browsers. In our architecture we expose browser-level abstractions at the lowest software layer, enabling us to remove almost all traditional OS components and services from our trusted computing base by mapping browser abstractions to hardware abstractions directly. We show that this architecture is flexible enough to enable new browser security policies, can still support traditional applications, and adds little overhead to the overall browsing experience. |
|
|