Colloquium: Flexible Security with Virtual Instruction Set Computing

Abstract: Commodity operating system kernels are the foundation of our software systems, providing access control, I/O mechanisms, and memory management.  However, operating system kernels are vulnerable to a variety of security attacks.  Compromising the kernel allows an attacker to render any security protections, provided by the kernel or the applications running on the kernel, useless.  Additionally, control of the kernel can be used to launch powerful side-channel attacks against protection systems like Intel SGX.

In this talk, I will present our virtual instruction set computing system named Secure Virtual Architecture (SVA).  SVA is a compiler-based virtual machine interposed between the software stack and the processor that enforces security policies on operating system kernel and application code.  I will also present Apparition: an SVA-based system which protects the confidentiality and integrity of application data.  Apparition protects application data from both direct attacks as well as page-fault and last-level-cache side-channel attacks launched by a compromised operating system kernel.

Speaker's Biography: John Criswell is an assistant professor in the Department of Computer Science at the University of Rochester.  He earned both his B.S. in Computer Science (2003) and Ph.D. in Computer Science (2014) at the University of Illinois at Urbana-Champaign.

Criswell's research interests focus on computer security and novel applications of compiler and operating system technology.  He built the first systems that provide strong automated memory safety protection and complete control-flow integrity enforcement to commodity operating system kernels such as Linux and FreeBSD, and his recent work mitigates side-channel attacks launched by compromised operating system kernels.  Criswell has won an Honorable Mention for the 2014 ACM Doctoral Dissertation Award, the Honorable Mention for the 2014 ACM SIGOPS Dennis M. Ritchie Doctoral Dissertation Award, and the 2015 David J. Kuck Outstanding Ph.D. Thesis Award.

 

Share this event:

facebook linked in twitter email

Media Contact: Gang Tan

 
 

About

The School of Electrical Engineering and Computer Science was created in the spring of 2015 to allow greater access to courses offered by both departments for undergraduate and graduate students in exciting collaborative research in fields.

We offer B.S. degrees in electrical engineering, computer science, computer engineering and data science and graduate degrees (master's degrees and Ph.D.'s) in electrical engineering and computer science and engineering. EECS focuses on the convergence of technologies and disciplines to meet today’s industrial demands.

School of Electrical Engineering and Computer Science

The Pennsylvania State University

207 Electrical Engineering West

University Park, PA 16802

814-863-6740

Department of Computer Science and Engineering

814-865-9505

Department of Electrical Engineering

814-865-7667