Flexible Security with Virtual Instruction Set Computing

Speaker Name: 
John Criswell
Speaker Title: 
Assistant Professor
Speaker Organization: 
University of Rochester
Start Time: 
Monday, March 11, 2019 - 11:00am
End Time: 
Monday, March 11, 2019 - 12:15pm
Location: 
E2-599
Organizer: 
Chen Qian

Abstract: Commodity operating system kernels are the foundation of our software systems, providing access control, I/O mechanisms, and memory management.  However, operating system kernels are vulnerable to a variety of security attacks.  Compromising the kernel allows an attacker to render any security protections, provided by the kernel or the applications running on the kernel, useless.  Additionally, control of the kernel can be used to launch powerful side-channel attacks against protection systems like Intel SGX.

In this talk, I will present our virtual instruction set computing system named Secure Virtual Architecture (SVA).  SVA is a compiler-based virtual machine interposed between the software stack and the processor that enforces security policies on operating system kernel and application code.  I will also present Apparition: an SVA-based system which protects the confidentiality and integrity of application data.  Apparition protects application data from both direct attacks as well as page-fault and last-level-cache side-channel attacks launched by a compromised operating system kernel.

Bio: John Criswell is an assistant professor in the Department of Computer Science at the University of Rochester.  He earned both his B.S. in Computer Science (2003) and Ph.D. in Computer Science (2014) at the University of Illinois at Urbana-Champaign.

John’s research interests focus on computer security and novel applications of compiler and operating system technology.  John built the first systems that provide strong automated memory safety protection and complete control-flow integrity enforcement to commodity operating system kernels such as Linux and FreeBSD, and his recent work mitigates side-channel attacks launched by compromised operating system kernels.  John has won an Honorable Mention for the 2014 ACM Doctoral Dissertation Award, the Honorable Mention for the 2014 ACM SIGOPS Dennis M. Ritchie Doctoral Dissertation Award, and the 2015 David J. Kuck Outstanding Ph.D. Thesis Award.