Despite years of research and development, the security of our software infrastructure is still a critical problem. The breadth and diversity of software vulnerabilities demand new security solutions that combine the speed and practicality of hardware approaches with the flexibility and robustness of software systems. Towards this goal, this talk will describe two full system security prototypes, Raksha and Loki.
Raksha builds on dynamic information flow tracking (DIFT) in order to protect existing binaries vulnerabilities ranging from low-level memory corruptions to high-level SQL injections or directory traversals. At the hardware level, Raksha provides three novel features: programmable security policies that enable software to direct hardware analysis; multiple active security policies that can protect the system against concurrent attacks; and low-overhead security handlers that allow software to correct, complement, or extend the hardware-based analysis without the overhead associated with operating system traps. Apart from describing the hardware and software components of the Raksha, we will discuss the security policies used to provide robust protection without the false positives or false negatives for real-world binaries (including the Linux kernel).
Loki is an architecture that allows for hardware enforcement of application security policies for data access. Loki uses tags on physical resources (memory and devices) to provide a single, unambiguous abstraction for fine-grain access control. Loki helps minimize the trusted code base (TCB) in modern operating systems while enforcing application security policies about data access at minimal runtime overhead. We will describe how Loki interacts with a secure operating system (HiStar) and how the implementation avoids the storage overhead of fine-grain tags.