|
Reading List
|
[BN89]
|
David F.C. Brewer and Michael J. Nash.
The chinese wall security policy.
In Proceedings of the 1989 IEEE Symposium on Security and
Privacy, pages 206 - 214, May 1989.
[ .pdf ]
A policy is presented that is designed to prevent different workloads from running on a given system at the same time. The motivation for this policy comes from the comercial world where there is a business interest or law that prevents the disclosure of insider information. The policy is compared with BLP and a conclusion is made that the chinese wall policy cannot be modeled with BLP. It seems that the main functionality needed that's missing in BLP is the ability to dynamically change need-to-know access lists.
|
|
[CGL+08]
|
Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A.
Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R. K. Ports.
Overshadow: A virtualization-based approach to retrofitting
protection in commodity operating systems.
In Proceedings of the International Conference on Architectural
Support for Programming Languages and Operating Systems (ASPLOS), March
2008.
Introduces the idea of multi-shadow cloaking where one virtual address is represented by multiple physical addresses. This way you can keep encrypted and decrypted versions of the each page. Using the Overshadow system, you can then have an application's memory completely hidden from it's underlying OS, protecting it from a variety of attacks even when the OS isn't trusted.
This requires that the VMM is trusted. And it also assumes that you are only interested in protecting the application from the OS reading and/or modifying its information. The OS can still perform denial of service and perhaps other types of attacks.
This system is very interesting. It tries to extend some trust from the VMM to the applications, while completely ignoring the OS. I wish that the paper did a better job of explaining exactly how much trust they can provide in the applications, and what these means with regards the type of applications that can be run in this space. The intro casts a wide net by listing a lot of applications domains, but it is not immediately clear that this technique would be applicable to all of those domains.
Overall an interesting paper as it presents a useful and non-obvious technique. And this is very clearly written so it can be read quickly.
|
|
[GHJM05]
|
Dan Grossman, Michael Hicks, Trevor Jim, and Greg Morrisett.
Cyclone: A type-safe dialect of c.
C/C++ User's Journal, January 2005.
This article provides a brief introduction to Cyclone. Cyclone is interesting to me because it is a low-level type-safe language. It is intended to be used for applications that would normally be written in C (or perhaps C++). So this opens the door to having an operating system written in a type-safe language. And this, in my opinion, would be a huge win from a security point of view as it would basically eliminate buffer overflows and other classes of vulnerabilities from the kernel. The end result would be a kernel that is both more secure and less buggy.
|
|
[Kor07]
|
Jesse D. Kornblum.
Using every part of the buffalo in windows memory analysis.
Digital Investigation, 4(1):24 - 29, March 2007.
When a page in memory is marked as invalid (i.e., present bit is set to zero), there may still be more information to discover. Previous efforts in memory analysis have essentially stopped at this step, but this paper shows how to follow the path to find pages that may be in a swap file, or in some other location in memory. Low-level implementation details are given for the various scenarios.
|
|
[MD73]
|
Stuart E. Madnick and John J. Donovan.
Application and analysis of the virtual machine approach to
information system security and isolation.
In Proceedings of the Workshop on Virtual Computer Systems,
pages 210 - 224, March 1973.
[ http ]
Builds an argument using probability of failure and failure of host compromise to show that VMMs have an important role to play in systems security. The paper argues that using a VMM to isolate different processes improves the security over running the processes on a single OS.
|
|
[PCL07]
|
Bryan D. Payne, Martim Carbone, and Wenke Lee.
Secure and flexible monitoring of virtual machines.
In Proceedings of the 23rd Annual Computer Security Applications
Conference (ACSAC), pages 385 - 397, December 2007.
[ .pdf ]
|
|
[PSC+07]
|
Bryan D. Payne, Reiner Sailer, Ramon Caceres, Ronald Perez, and Wenke Lee.
A layered approach to simplified access control in virtualized
systems.
ACM SIGOPS Operating Systems Review, 41(4):12 - 19, July
2007.
|
|
[PWFA06]
|
Nick L. Petroni, Jr., AAron Walters, Timothy Fraser, and William A. Arbaugh.
Fatkit: A framework for the extraction and analysis of digital
forensic data from volatile system memory.
Digital Investigation, 3(4):197 - 210, December 2006.
This article presents a toolkit that can be used for forensic investigation of volitale memory images (e.g., the physical memory image you get using dd to collect from /dev/mem). One particularly interesting contribution is an automated technique for extracting type definitions from C code. The article show how this process works and the authors indicate that they have it working for the linux kernel (2.4 series). Other contributions include the overall toolkit architecture, extensible modules, and memory visualization (although the visualization is really just a view into the raw memory space and not a visualization per se).
|
|
[Sch06]
|
Andreas Schuster.
Searching for processes and threads in microsoft windows memory
dumps.
In Proceedings of the 6th Annual Digital Forensic Research
Workshop (DFRWS), August 2006.
This paper presented several invariants that can be used for windows memory analysis. Specifically, it is looking at invariants that are usful for finding processes and threads by doing an exhaustive scan of the memory space. A proof of concept of these techniques was created with the PTfinder tool. These techniques are complimentary to following linked list data structures (e.g., kntlist tool).
|
|
[SLQP07]
|
Arvind Seshadri, Mark Luk, Ning Qu, and Adrian Perrig.
Secvisor: A tiny hypervisor to provide lifetime kernel code integrity
for commodity oses.
In Proceedings of the ACM Symposium on Operating System
Principles (SOSP), October 2007.
[ .pdf ]
This paper presents the construction of a small hypervisor whose purpose is to protect the integrity of an operating system's kernel code. The hypervisor is intentially kept very simple, only running one OS and only serving this single protection purpose. This work makes extensive use of AMD's SVM extensions, which provides the necessary security functionality to support the hypervisor. I feel that this paper offers a nice introduction to the capabilities of SVM and provides good insight into the design decisions that one much make when construction such a system. However, the end result is perhaps only useful as a proof of concept. Ideally, one would want this functionality to not exclude the use of a full featured hypervisor on the same system.
|
|
|
|
