Xiaoguang Wang,Yong Qi,Zhi Wang,Yue Chen,Yajin Zhou

DOI: https://doi.org/10.1109/tdsc.2017.2675991

2019-01-01

Abstract:The OS kernel is critical to the security of a computer system. Many systems have been proposed to improve its security. A fundamental weakness of those systems is that page tables, the data structures that control the memory protection, are not isolated from the vulnerable kernel, and thus subject to tampering. To address that, researchers have relied on virtualization for reliable kernel memory protection. Unfortunately, such memory protection requires to monitor every update to the guest's page tables. This fundamentally conflicts with the recent advances in the hardware virtualization support. In this paper, we propose SecPod, an extensible framework for virtualization-based security systems that can provide both strong isolation and the compatibility with modern hardware. SecPod has two key techniques: paging delegation delegates and audits the kernel's paging operations to a secure space; execution trapping intercepts the (compromised) kernel's attempts to subvert SecPod by misusing privileged instructions. We have implemented a prototype of SecPod based on KVM. Our experiments show that SecPod is both effective and efficient.

Zheng Wei,Wu Ying,Wu Xiaoxue,Feng Chen,Sui Yulei,Luo Xiapu,Zhou Yajin

DOI: https://doi.org/10.1007/s11704-019-9096-y

IF: 2.6688

2020-01-01

Frontiers of Computer Science

Abstract:This paper presents a comprehensive survey on the development of Intel SGX (software guard extensions) processors and its applications. With the advent of SGX in 2013 and its subsequent development, the corresponding research works are also increasing rapidly. In order to get a more comprehensive literature review related to SGX, we have made a systematic analysis of the related papers in this area. We first search through five large-scale paper retrieval libraries by keywords (i.e., ACM Digital Library, IEEE/IET Electronic Library, SpringerLink, Web of Science, and Elsevier Science Direct). We read and analyze a total of 128 SGX-related papers. The first round of extensive study is conducted to classify them. The second round of intensive study is carried out to complete a comprehensive analysis of the paper from various aspects. We start with the working environment of SGX and make a conclusive summary of trusted execution environment (TEE). We then focus on the applications of SGX. We also review and study multifarious attack methods to SGX framework and some recent security improvements made on SGX. Finally, we summarize the advantages and disadvantages of SGX with some future research opportunities. We hope this review could help the existing and future research works on SGX and its application for both developers and users.

Soo Yee Lim,Sidhartha Agrawal,Xueyuan Han,David Eyers,Dan O'Keeffe,Thomas Pasquier

2024-04-12

Abstract:Monolithic operating systems, where all kernel functionality resides in a single, shared address space, are the foundation of most mainstream computer systems. However, a single flaw, even in a non-essential part of the kernel (e.g., device drivers), can cause the entire operating system to fall under an attacker's control. Kernel hardening techniques might prevent certain types of vulnerabilities, but they fail to address a fundamental weakness: the lack of intra-kernel security that safely isolates different parts of the kernel. We survey kernel compartmentalization techniques that define and enforce intra-kernel boundaries and propose a taxonomy that allows the community to compare and discuss future work. We also identify factors that complicate comparisons among compartmentalized systems, suggest new ways to compare future approaches with existing work meaningfully, and discuss emerging research directions.

Cryptography and Security,Operating Systems

Francesco Gadaleta,Raoul Strackx,Nick Nikiforakis,Frank Piessens,Wouter Joosen

DOI: https://doi.org/10.48550/arXiv.1405.6058

2014-05-22

Abstract:Protecting commodity operating systems and applications against malware and targeted attacks has proven to be difficult. In recent years, virtualization has received attention from security researchers who utilize it to harden existing systems and provide strong security guarantees. This has lead to interesting use cases such as cloud computing where possibly sensitive data is processed on remote, third party systems. The migration and processing of data in remote servers, poses new technical and legal questions, such as which security measures should be taken to protect this data or how can it be proven that execution of code wasn't tampered with. In this paper we focus on technological aspects. We discuss the various possibilities of security within the virtualization layer and we use as a case study \HelloRootkitty{}, a lightweight invariance-enforcing framework which allows an operating system to recover from kernel-level attacks. In addition to \HelloRootkitty{}, we also explore the use of special hardware chips as a way of further protecting and guaranteeing the integrity of a virtualized system.

Cryptography and Security

Elena Reshetova,Janne Karhunen,Thomas Nyman,N. Asokan

DOI: https://doi.org/10.48550/arXiv.1407.4245

2014-07-16

Cryptography and Security

Abstract:The need for flexible, low-overhead virtualization is evident on many fronts ranging from high-density cloud servers to mobile devices. During the past decade OS-level virtualization has emerged as a new, efficient approach for virtualization, with implementations in multiple different Unix-based systems. Despite its popularity, there has been no systematic study of OS-level virtualization from the point of view of security. In this report, we conduct a comparative study of several OS-level virtualization systems, discuss their security and identify some gaps in current solutions.

Shahidullah Kaiser,Ali Saman Tosun,Turgay Korkmaz

2024-12-04

Abstract:The rapid expansion of IoT devices and their real-time applications have driven a growing need for edge computing. To meet this need, efficient and secure solutions are required for running such applications on resource-constrained devices with limited power, CPU, and memory. Unikernel, with its minimalistic design and application-specific approach, offers a promising alternative to traditional virtualization and container technologies in these environments. The existing research does not thoroughly examine the feasibility of using unikernel for edge computing. This paper investigates the potential of unikernel for ARM-powered edge computing by evaluating the performance and efficiency of three prominent unikernel systems such as OSv, Nanos, and Unikraft against Docker container. We experiment with real-world edge computing applications and utilize key metrics such as boot time, execution time, memory usage, CPU overhead, and network performance to determine how unikernel performs under the constraints of edge devices. Our findings reveal the potential advantages of unikernel in terms of reduced resource consumption and faster startup times while highlighting areas where they may need further optimization for edge deployment. This study provides valuable insights for researchers and practitioners considering unikernel as a lightweight, efficient solution for edge computing on ARM architectures.

Distributed, Parallel, and Cluster Computing

Nanzi Yang,Wenbo Shen,Jinku Li,Yutian Yang,Kangjie Lu,Jietao Xiao,Tianyu Zhou,Chenggang Qin,Wang Yu,Jianfeng Ma,Kui Ren

DOI: https://doi.org/10.1145/3460120.3484744

2021-01-01

Abstract:Due to its faster start-up speed and better resource utilization efficiency, OS-level virtualization has been widely adopted and has become a fundamental technology in cloud computing. Compared to hardware virtualization, OS-level virtualization leverages the shared-kernel design to achieve high efficiency and runs multiple user-space instances (a.k.a., containers) on the shared kernel. However, in this paper, we reveal a new attack surface that is intrinsic to OS-level virtualization, affecting Linux, FreeBSD, and Fuchsia. The root cause is that the shared-kernel design in OS-level virtualization results containers in sharing thousands of kernel variables and data structures directly and indirectly. Without exploiting any kernel vulnerabilities, a non-privileged container can easily exhaust the shared kernel variables and data structure instances to cause DoS attacks against other containers. Compared with the physical resources, these kernel variables or data structure instances (termed abstract resources) are more prevalent but underprotected. To show the importance of confining abstract resources, we conduct abstract resource attacks that target different aspects of the OS kernel. The results show that attacking abstract resources is highly practical and critical. We further conduct a systematic analysis to identify vulnerable abstract resources in the Linux kernel, which successfully detects 1,010 abstract resources and 501 of them can be repeatedly consumed dynamically. We also conduct the attacking experiments in the self-deployed shared-kernel container environments on the top 4 cloud vendors. The results show that all environments are vulnerable to abstract resource attacks. We conclude that containing abstract resources is hard and give out multiple strategies for mitigating the risks.

Nanzi Yang,Wenbo Shen,Jinku Li,Yutian Yang,Kangjie Lu,Jietao Xiao,Tianyu Zhou,Chenggang Qin,Wang Yu,Jianfeng Ma,Kui Ren

DOI: https://doi.org/10.1145/3460120.3484744

2021-01-01

Abstract:Due to its faster start-up speed and better resource utilization efficiency, OS-level virtualization has been widely adopted and has become a fundamental technology in cloud computing. Compared to hardware virtualization, OS-level virtualization leverages the shared-kernel design to achieve high efficiency and runs multiple user-space instances (a.k.a., containers) on the shared kernel. However, in this paper, we reveal a new attack surface that is intrinsic to OS-level virtualization, affecting Linux, FreeBSD, and Fuchsia. The root cause is that the shared-kernel design in OS-level virtualization results containers in sharing thousands of kernel variables and data structures directly and indirectly. Without exploiting any kernel vulnerabilities, a non-privileged container can easily exhaust the shared kernel variables and data structure instances to cause DoS attacks against other containers. Compared with the physical resources, these kernel variables or data structure instances (termed abstract resources) are more prevalent but under-protected. To show the importance of confining abstract resources, we conduct abstract resource attacks that target different aspects of the OS kernel. The results show that attacking abstract resources is highly practical and critical. We further conduct a systematic analysis to identify vulnerable abstract resources in the Linux kernel, which successfully detects 1,010 abstract resources and 501 of them can be repeatedly consumed dynamically. We also conduct the attacking experiments in the self-deployed shared-kernel container environments on the top 4 cloud vendors. The results show that all environments are vulnerable to abstract resource attacks. We conclude that containing abstract resources is hard and give out multiple strategies for mitigating the risks.

Priyanka Prakash Surve,Oleg Brodt,Mark Yampolskiy,Yuval Elovici,Asaf Shabtai

2023-11-07

Abstract:The Unified Extensible Firmware Interface (UEFI) is a linchpin of modern computing systems, governing secure system initialization and booting. This paper is urgently needed because of the surge in UEFI-related attacks and vulnerabilities in recent years. Motivated by this urgent concern, we undertake an extensive exploration of the UEFI landscape, dissecting its distribution supply chain, booting process, and security features. We carefully study a spectrum of UEFI-targeted attacks and proofs of concept (PoCs) for exploiting UEFI-related vulnerabilities. Building upon these insights, we construct a comprehensive attack threat model encompassing threat actors, attack vectors, attack types, vulnerabilities, attack capabilities, and attacker objectives. Drawing inspiration from the MITRE ATT&CK framework, we present a MITRE ATT&CK-like taxonomy delineating tactics, techniques, and sub-techniques in the context of UEFI attacks. This taxonomy can provide a road map for identifying existing gaps and developing new techniques for rootkit prevention, detection, and removal. Finally, the paper discusses existing countermeasures against UEFI attacks including a variety of technical and operational measures that can be implemented to lower the risk of UEFI attacks to an acceptable level. This paper seeks to clarify the complexities of UEFI and equip the cybersecurity community with the necessary knowledge to strengthen the security of this critical component against a growing threat landscape.

Cryptography and Security

Ilias Mavridis,Helen Karatza

DOI: https://doi.org/10.1002/cpe.6365

2021-05-24

Concurrency and Computation: Practice and Experience

Abstract:<p>Containers emerge as the prevalent virtualization technology in cloud computing. Containers are more light-weight and agile compared to traditional virtual machines (VMs), since they provide virtualization at the operating system level. There are specific factors driving the container adoption in cloud, however, the main disadvantage of container-based virtualization technologies is poor isolation. To address isolation and security-related issues, new container runtimes appeared. In this study we present and evaluate the most common security-oriented runtimes, Kata, gVisor and Nabla, running with Docker, Containerd, and CRI-O. We deploy containers for all the aforementioned container solutions, as well as the default Kubernetes runtime runc, on a Kubernetes cluster and additionally on a Docker node. Moreover, in a similar way to containers, we deploy and evaluate unikernels and security-oriented lightweight Linux-based VMs running on Kubernetes cluster. To evaluate container runtimes, we take under consideration Firecracker microVM too. To automate the deployment of high isolated containers and VMs on Kubernetes clusters, we have developed our own tool. Finally, we recognize the increasing interest on Function-as-a-Service and other serverless architectures. In the same direction with these emerging cloud computing services, we have extended the Kubeless serverless framework to support security-oriented container runtimes.</p>

Jack Edmonds,Fatemeh Tehranipoor

DOI: https://doi.org/10.48550/arXiv.2011.13450

2020-11-27

Abstract:In today's digital age, the ease of data collection, transfer, and storage continue to shape modern society and the ways we interact with our world. The advantages are numerous, but there is also an increased risk of information unintentionally falling into the wrong hands. Finding methods of protecting sensitive information at the hardware level is of utmost importance, and in this paper, we aim to provide a survey on recent developments in attacks on lightweight hardware-based security primitives (LHSPs) designed to do just that. Specifically, we provide an analysis of the attack resilience of these proposed LHSPs in an attempt to bring awareness to any vulnerabilities that may exist. We do this in the hope that it will encourage the continued development of attack countermeasures as well as completely new methods of data protection in order to prevent the discussed methods of attack from remaining viable in the future. The types of LHSPs discussed include physical unclonable functions (PUFs) and true random number generators (TRNGs), with a primary emphasis placed on PUFs.

Cryptography and Security

Xu Zhou,Pengfei Wang,Lei Zhou,Peng Xun,Kai Lu

DOI: https://doi.org/10.3390/s23229221

2023-11-16

Abstract:Embedded devices are pervasive nowadays with the rapid development of the Internet of Things (IoT). This brings significant security issues that make the security analysis of embedded devices important. This paper presents a survey on the security analysis research of embedded devices. First, we analyze the embedded device types and their operating systems. Then, we describe a major dynamic security analysis method for an embedded device, i.e., simulating the firmware of the embedded device and performing fuzzing on the web interface provided by the firmware. Third, we discuss some other issues in embedded security analysis, such as analyzing the attack surface, applying static analysis, and performing large-scale analysis. Based on these analyses, we finally conclude three challenges in the current research and present our insights for future research directions.

Munmun Bhattacharya,Sandip Roy,Samiran Chattopadhyay,Ashok Kumar Das,Sachin Shetty

DOI: https://doi.org/10.1002/spy2.275

2022-10-19

Security and Privacy

Abstract:Over the past few years, online social networks (OSNs) have become an inseparable part of people's daily lives. Instead of being passive readers, people are now enjoying their role as content contributors. OSN has permitted its users to share their information including the multimedia content. OSN users can express themselves in virtual communities by providing their opinions and interacting with others. As a consequence, the privacy and security threats in OSNs have emerged as a major concern to the research and business world. In the recent past, a number of survey works have been conducted to discuss different security and privacy threats in OSNs. However, till date, no survey work has been conducted that aims to classify and analyze various machine learning (ML)‐based solutions adapted for the security defense of OSNs. In this survey article, we present a detailed taxonomy with a classification of various works done on various security attacks in OSNs. We then review and summarize the existing state of art survey works on OSN security, and indicate the merits and limitations of these survey works. Next, we review all recent works that aim to provide ML‐based solutions toward defense of security attacks on OSNs. Finally, we discuss the future road‐map on OSN security and provide a comprehensive analysis on the open research issues with feasible measurements and possible solutions.

English Else

Yongwang Zhao,David Sanan,Fuyuan Zhang,Yang Liu

DOI: https://doi.org/10.48550/arXiv.1701.01535

2017-01-06

Abstract:Separation kernels provide temporal/spatial separation and controlled information flow to their hosted applications. They are introduced to decouple the analysis of applications in partitions from the analysis of the kernel itself. More than 20 implementations of separation kernels have been developed and widely applied in critical domains, e.g., avionics/aerospace, military/defense, and medical devices. Formal methods are mandated by the security/safety certification of separation kernels and have been carried out since this concept emerged. However, this field lacks a survey to systematically study, compare, and analyze related work. On the other hand, high-assurance separation kernels by formal methods still face big challenges. In this paper, an analytical framework is first proposed to clarify the functionalities, implementations, properties and standards, and formal methods application of separation kernels. Based on the proposed analytical framework, a taxonomy is designed according to formal methods application, functionalities, and properties of separation kernels. Research works in the literature are then categorized and overviewed by the taxonomy. In accordance with the analytical framework, a comprehensive analysis and discussion of related work are presented. Finally, four challenges and their possible technical directions for future research are identified, e.g. specification bottleneck, multicore and concurrency, and automation of full formal verification.

Software Engineering

Samuel P. Mullinix,Erikton Konomi,Renee Davis Townsend,Reza M. Parizi

DOI: https://doi.org/10.48550/arXiv.2008.04814

2020-08-12

Abstract:Linux containers have risen in popularity in the last few years, making their way to commercial IT service offerings (such as PaaS), application deployments, and Continuous Delivery/Integration pipelines within various development teams. Along with the wide adoption of Docker, security vulnerabilities and concerns have also surfaced. In this survey, we examine the state of security for the most popular container system at the moment: Docker. We will also look into its origins stemming from the Linux technologies built into the OS itself; examine intrinsic vulnerabilities, such as the Docker Image implementation; and provide an analysis of current tools and modern methodologies used in the field to evaluate and enhance its security. For each section, we pinpoint metrics of interest, as they have been revealed by researchers and experts in the domain and summarize their findings to paint a holistic picture of the efforts behind those findings. Lastly, we look at tools utilized in the industry to streamline Docker security scanning and analytics which provide built-in aggregation of key metrics.

Cryptography and Security,Software Engineering

J. Alexander Curtis,Nasir U. Eisty

DOI: https://doi.org/10.48550/arXiv.2409.04647

2024-09-07

Abstract:Kubernetes, the go-to container orchestration solution, has swiftly become the industry standard for managing containers at scale in production environments. Its widespread adoption, particularly in large organizations, has elevated its profile and made it a prime target for security concerns. This study aims to understand how prevalent security concerns are among Kubernetes practitioners by analyzing all Kubernetes posts made on Stack Overflow over the past four years. We gathered security insights from Kubernetes practitioners and transformed the data through machine learning algorithms for cleaning and topic clustering. Subsequently, we used advanced AI tools to automatically generate topic descriptions, thereby reducing the analysis process. In our analysis, security-related posts ranked as the fourth most prevalent topic in these forums, comprising 12.3% of the overall discussions. Furthermore, the findings indicated that although the frequency of security discussions has remained constant, their popularity and influence have experienced significant growth. Kubernetes users consistently prioritize security topics, and the rising popularity of security posts reflects a growing interest and concern for maintaining secure Kubernetes clusters. The findings underscore key security issues that warrant further research and the development of additional tools to resolve them.

Cryptography and Security,Software Engineering

Swaroop Ghosh,Suryansh Upadhyay,Abdullah Ash Saki

DOI: https://doi.org/10.48550/arXiv.2305.02505

2023-05-04

Abstract:Quantum computing is an emerging computing paradigm that can potentially transform several application areas by solving some of the intractable problems from classical domain. Similar to classical computing systems, quantum computing stack including software and hardware rely extensively on third parties many of them could be untrusted or less-trusted or unreliable. Quantum computing stack may contain sensitive Intellectual Properties (IP) that requires protection. From hardware perspective, quantum computers suffer from crosstalk that couples two programs in a multi-tenant setting to facilitate traditionally known fault injection attacks. Furthermore, third party calibration services can report incorrect error rates of qubits or mis-calibrate the qubits to degrade the computation performance for denial-of-service attacks. Quantum computers are expensive and access queue is typically long for trusted providers. Therefore, users may be enticed to explore untrusted but cheaper and readily available quantum hardware which can enable stealth of IP and tampering of quantum programs and/or computation outcomes. Recent studies have indicated the evolution of efficient but untrusted compilation services which presents risks to the IPs present in the quantum circuits. The untrusted compiler can also inject Trojans and perform tampering. Although quantum computing can involve sensitive IP and private information and can solve problems with strategic impact, its security and privacy has received inadequate attention. This paper provides comprehensive overview of the basics of quantum computing, key vulnerabilities embedded in the quantum systems and the recent attack vectors and corresponding defenses. Future research directions are also provided to build a stronger community of quantum security investigators.

Quantum Physics

Keyang Hu,Wang Huang,Lei Wang,Ce Mo,Runxiang Wang,Yu Chen,Ju Ren,Bo Jiang

DOI: https://doi.org/10.1016/j.sysarc.2024.103199

IF: 5.836

2024-01-01

Journal of Systems Architecture

Abstract:Unikernels are simple, customizable, efficient, and small in code size, which makes them highly applicable to embedded scenarios. However, most existing unikernels are developed and optimized for cloud computing, and they do not fully meet the requirements of high reliability and platform customization in embedded environments. We propose Unishyper, a reliable and high-performance embedded unikernel in Rust. To support memory isolation between user applications, user code, and kernel code, Unishyper designs the Zone mechanism on top of Intel MPK. Unishyper further proposes a thread-level unwind strategy for safe fault handling while avoiding memory leakage. Finally, Unishyper supports fine-grained customization, seamlessly integrates with the Rust ecosystem, and uses Unilib for function offloading to further reduce image size. Our evaluation results show that Unishyper achieves better performance than peer unikernels on major micro-benchmarks, can effectively stop illegal memory accesses across application boundaries, and has a minimal memory footprint of less than 100 KB.

Olivier Nicole,Matthieu Lemerre,Sébastien Bardin,Xavier Rival

DOI: https://doi.org/10.48550/arXiv.2003.08915

2020-03-19

Cryptography and Security

Abstract:Operating system kernels are the security keystone of most computer systems, as they provide the core protection mechanisms. Kernels are in particular responsible for their own security, i.e. they must prevent untrusted user tasks from reaching their level of privilege. We demonstrate that proving such absence of privilege escalation is a pre-requisite for any definitive security proof of the kernel. While prior OS kernel formal verifications were performed either on source code or crafted kernels, with manual or semi-automated methods requiring significant human efforts in annotations or proofs, we show that it is possible to compute such kernel security proofs using fully-automated methods and starting from the executable code of an existing microkernel with no modification, thus formally verifying absence of privilege escalation with high confidence for a low cost. We applied our method on two embedded microkernels, including the industrial kernel AnonymOS: with only 58 lines of annotation and less than 10 minutes of computation, our method finds a vulnerability in a first (buggy) version of AnonymOS and verifies absence of privilege escalation in a second (secure) version.

Fan Chen,Lei Jiang,Hausi Muller,Philip Richerme,Cheng Chu,Zhenxiao Fu,Zhenxiao Fu,Hausi Müller,Min Yang

DOI: https://doi.org/10.1109/mcas.2024.3349665

IF: 4.04

2024-03-08

IEEE Circuits and Systems Magazine

Abstract:Quantum computing (QC) demonstrates substantial theoretical promise in addressing classically intractable problems. Recent investments and advancements across QC system stacks, including hardware, software, and algorithms, underscore a pivotal shift from theoretical exploration to the practical realization of applications. Despite this progress, the prevailing emphasis has predominantly centered on performance enhancement, often overlooking security considerations. In response to this gap, our article presents a comprehensive tutorial and survey aimed at identifying and categorizing vulnerabilities inherent in quantum computing systems. Beginning with an overview encompassing essential principles, ecosystem components, and unique attributes in the quantum computing system stack, we also provide a summary of development resources to facilitate efficient initiation in this domain. Building on this foundational knowledge, we introduce a taxonomy of QC security organized by victim layer and security attack objectives. Utilizing this taxonomy as a guiding framework, the article delivers an extensive survey of the latest advancements in QC security, with the overarching goal of equipping the reader with a comprehensive understanding of quantum computing system principles and an informed awareness of diverse and dynamic QC security threats. The intention is to benefit both industry stakeholders and research communities, ultimately aiming to proactively identify and mitigate security concerns within QC systems, thereby establishing a robust foundation for secure quantum computing environments.

engineering, electrical & electronic