The operating system (OS) exercises complete control over applications, thus a compromise of the OS compromises every application. Software developers have little recourse to improve security in the face of system compromise---they cannot defend against OS vulnerabilities, nor can they reasonably substitute a secure version of the millions of lines of code that constitute a modern OS.

Rather than require applications to blindly trust OS interactions, this project investigates a system architecture that enables trusted applications to efficiently verify OS interactions with the help of a small, trusted hypervisor. Most verification work is performed within the C language runtime, minimizing changes to legacy code and shielding developers from increased programming complexity. The prototype system, called InkTag,improves upon prior work in several key areas: it provides more efficient techniques to verify system call results, implements usable access control for resources managed by an untrusted OS, and introduces hardware and software techniques to further reduce the size of the trusted computing base.

Cloud computing provides energy and economic efficiencies, but suffers from the inability to give meaningful security guarantees to hosted applications. This project demonstrates that system security is possible without trusting the OS---a large part of the hosted infrastructure. This project is also developing new materials for undergraduate and graduate curricula that combine core knowledge of systems with an understanding of how systems provide security properties, equipping future computer professionals with a better understanding of what security guarantees a system can meaningfully provide.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
1228843
Program Officer
Deborah Shands
Project Start
Project End
Budget Start
2012-09-01
Budget End
2016-08-31
Support Year
Fiscal Year
2012
Total Cost
$500,000
Indirect Cost
Name
University of Texas Austin
Department
Type
DUNS #
City
Austin
State
TX
Country
United States
Zip Code
78759