115,883 research outputs found
Time Protection: the Missing OS Abstraction
Timing channels enable data leakage that threatens the security of computer
systems, from cloud platforms to smartphones and browsers executing untrusted
third-party code. Preventing unauthorised information flow is a core duty of
the operating system, however, present OSes are unable to prevent timing
channels. We argue that OSes must provide time protection in addition to the
established memory protection. We examine the requirements of time protection,
present a design and its implementation in the seL4 microkernel, and evaluate
its efficacy as well as performance overhead on Arm and x86 processors
Expected loss analysis of thresholded authentication protocols in noisy conditions
A number of authentication protocols have been proposed recently, where at
least some part of the authentication is performed during a phase, lasting
rounds, with no error correction. This requires assigning an acceptable
threshold for the number of detected errors. This paper describes a framework
enabling an expected loss analysis for all the protocols in this family.
Furthermore, computationally simple methods to obtain nearly optimal value of
the threshold, as well as for the number of rounds is suggested. Finally, a
method to adaptively select both the number of rounds and the threshold is
proposed.Comment: 17 pages, 2 figures; draf
Secure and efficient application monitoring and replication
Memory corruption vulnerabilities remain a grave threat to systems software written in C/C++. Current best practices dictate compiling programs with exploit mitigations such as stack canaries, address space layout randomization, and control-flow integrity. However, adversaries quickly find ways to circumvent such mitigations, sometimes even before these mitigations are widely deployed. In this paper, we focus on an "orthogonal" defense that amplifies the effectiveness of traditional exploit mitigations. The key idea is to create multiple diversified replicas of a vulnerable program and then execute these replicas in lockstep on identical inputs while simultaneously monitoring their behavior. A malicious input that causes the diversified replicas to diverge in their behavior will be detected by the monitor; this allows discovery of previously unknown attacks such as zero-day exploits. So far, such multi-variant execution environments (MVEEs) have been held back by substantial runtime overheads. This paper presents a new design, ReMon, that is non-intrusive, secure, and highly efficient. Whereas previous schemes either monitor every system call or none at all, our system enforces cross-checking only for security critical system calls while supporting more relaxed monitoring policies for system calls that are not security critical. We achieve this by splitting the monitoring and replication logic into an in-process component and a cross-process component. Our evaluation shows that ReMon offers same level of security as conservative MVEEs and run realistic server benchmarks at near-native speeds
- …