Lightweight Capability Domains: Towards Secure Operating System Kernels
- Tuesday, March 21, 2017, 11:00 am - 12:00 pm PDTiCal
- ISI, 11th floor large conference room (1152)
This event is open to the public.
- Cyber Security Seminar
- Anton Burtsev
Despite a number of radical changes in how computer systems are used, the design principles behind the very core of the systems stack---an operating system kernel---has remained unchanged for decades. We run monolithic kernels developed with a combination of an unsafe programming language, global sharing of data structures, opaque interfaces, and no explicit knowledge of kernel protocols. Today, the monolithic architecture of a kernel is the main factor undermining security of the system---lack of isolation implies that in a modern operating system, an attacker is one kernel vulnerability away from taking control over the entire machine. Even worse, lack of isolation and modularity in the kernel limits its evolution towards a safe, secure environment.
Modern kernels need strong isolation of individual kernel subsystems as a practical means of confining the effects of individual attacks, and as a mechanism to enable practical kernel verification. The complexity of a monolithic, shared-memory kernel prevents a trivial decomposition effort. Decomposition requires cutting through a number of tightly-connected, well-optimized subsystems that use rich interfaces and complex interaction patterns. Several attempts to decompose the kernel code failed due to a lack of proper abstractions and automation tools. We argue that with proper language tools, and a general approach to breaking the code apart,decomposition into isolated subsystems is feasible. Our work on lightweight capability domains (LCDs) develops principles, mechanisms, and tools that enable incremental, practical decomposition of a commodity operating system kernel.
Anton Burtsev is an Assistant Adjunct Professor in the Department of Computer Science at the University of California, Irvine. Prior to this,
he was an Assistant Research Professor at the University of Utah where he received his PhD in 2013. Anton is a systems researcher with many years of research and low-level engineering experience of designing, and building novel operating system mechanisms for both commodity and experimental operating systems and hypervisors. Currently his is interested in both clean slate design of operating systems for novel hardware and software environments, and in the practical evolution of existing systems towards hardware, software, and security requirements in the age of warehouse computing. His research covers 1) secure operating systems, 2) security and access control in datacenter and enterprise networks, and 3) operating system support for datacenter environments.