Sam King Browser m otivation Browsers most commonly used application today Browsers are an application platform Email banking investing shopping television and more Browsers are plagued with vulnerabilities ID: 230402
Download Presentation The PPT/PDF document "Secure web browsers, malicious hardware,..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Secure web browsers, malicious hardware, and hardware support for binary translation
Sam KingSlide2
Browser motivation
Browsers most commonly used application today
Browsers are an application platform
Email, banking, investing, shopping, television, and more!
Browsers are plagued with vulnerabilitiesInternet Explorer: 57 vulnerabilitiesMozilla/Firefox: 122 vulnerabilitiesSafari + Opera: 66 vulnerabilitiesStudies from Microsoft, Google, and University of Washington show web browser is attacker target
2
/14Slide3
The OP Browser
Goal: build a secure web browserProvide an architecture for secure web browsingMaintain security guarantees even when compromised
Driven by OS and formal methods design principles
3
/14Slide4
OP design
Decompose into browser subsystemsWeb page instance further divided
Use message passing
All messages through browser kernel
Dedicated subsystems for OS operationsHost OS sandboxing
4
/14Slide5
Design enables security
Partitioning and constrained communication enable new security mechanismsClean separation of browser functionality and security
Policy
Plugin
security policies, xssFormal methodsSOP + URL address bar invariant 5
/14Slide6
Research questions
OP: more secure browser can be practicalHopefully no longer weakest link in comp. stack
Can you operate with a malicious OS?
What
portions of the OS does browser kernel replicate?What portions of the OS does browser kernel rely on?6/14Slide7
Replicate portions of the OS
Extracts parts of OS needed for web client secCustom labeling and access control systemRPC / message passing layer
Window manager (limited extent)
7
/14Slide8
Assumptions about OS
Process-level isolation (easy)Memory protection
well-known IPC mechanisms
System-level
sandboxing (moderate)Isolate processes from system resourcesRestrict system call capabilitiesResource management (hard)Create processes, message forwarding and namingNetwork, disk, screenPossible techniques for
enforcing assumptions
Bottom up: SVA
, binary
trans,
hardware isolation
primitives
Top down: Simple web client, not a full browser
8
/14Slide9
Untrusted computing base: defending
against malicious hardwareSlide10
Building secure systems
We make assumptions when designing secure systemsBreak secure system, break assumptionsE.g., look for crypto keys in memory
People assume hardware is correct
What if we break this assumption?
10/14Slide11
Malicious hardware
Is it possible to modify design of
processors?
Implementing hardware is difficult
Implementing HW-based attacks is easy!Small hardware level footholds
Execute
high-level high-value attacks WITHOUT exploiting any software bugs
11
/14Slide12
Defenses
Based on insights from foothold devel.Analyze circuit at design time
Highlight potentially malicious circuits
Closely related to operating systems
Both have symbolic representation, compiled3rd party tools and librariesPrinciples learned from exercise could apply to OSFundamentally an issue untrusted lower layers
12
/14Slide13
Hardware support for dynamic binary translationSlide14
H/W for dynamic bin. trans.
Problem: instrument individual inst is slowEspecially true for security applications
Goal: amortize the cost across
mult
. instructionsFast path for common case, efficient check for correctE.g., don’t read tainted memorySlow path for correct (fully instrumented) case
Solution: hardware support
HW signatures
(e.g., bloom filter) to
summarize
E.g., addresses for load / store instructions
Apply
known tricks to security case
Extra
registers,
parallel optimization
,
a
tomic regions, etc.
14
/14Slide15
Questions?
15/14Slide16
Performance
Load latencies do not impact usability
Load time in seconds
16
/14