Deep Introspection

From wiki.ucalgary.ca
Jump to: navigation, search

Deep Introspection is a concept for bridging the semantic gap between high-level security policy and low-level system facilities for trapping, aggregating low-level events, and extracting low-level state in an efficient fashion.

Deep Introspection is an attempt to bridge the semantic gap between high-level security policy languages, the primitives that exist in these languages, and the efficient event aggregation and state extraction that such data implies or assumes.

This page is a collection of work related to the idea of Security Acceleration, or speeding up security checks / security policy interpretation and enforcement.

Research Page

http://tsg.cpsc.ucalgary.ca/research/deepi

Research Notes / Links

http://www.muppetlabs.com/~breadbox/software/ELF.txt

Debug registers: http://www.logix.cz/michal/doc/i386/chp12-02.htm

do_debug() kernel function

GCC attributes: http://gcc.gnu.org/onlinedocs/gcc-3.2/gcc/Variable-Attributes.html (useful for declaring in source that a particular variables belongs to a particular ELF section)

GCC inline assembly: http://ibiblio.org/gferg/ldp/GCC-Inline-Assembly-HOWTO.html

http://www.cl.cam.ac.uk/research/security/capsicum/documentation.html

Related Work

  • Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection. Brendan Dolan-­‐Gavitt, Tim Leek, Michael Zhivich, Jonathon Giffin, and Wenke Lee. In Proceedings of The 2011 IEEE Symposium on Security and Privacy. Oakland, CA, May 2011.
  • Edmund B. Nightingale, Daniel Peek, Peter M. Chen, and Jason Flinn, "Parallelizing Security Checks on Commodity Hardware", in Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '08), Seattle, WA, March 2008

Own Related Work

(see related work quoted herein)

Blurbs

From our VMSec 2009 paper "The ill-fated Intel iAPX-432 [4] implemented the concept of “roles” and “objects” at the hardware level and encouraged separation of OS duties similar to our concept of vertical isolation, but it never caught on. Burroughs 5000 machines [1] also employed a tagged architecture, but only used 3 bits for the tag and explicitly defined the meaning of all values, disallowing arbitrary semantics."