Secure virtual architecture: A safe execution environment for commodity operating systems

John Criswell, Andrew Lenharth, Dinakar Dhurjati, Vikram Adve

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper describes an efficient and robust approach to provide a safe execution environment for an entire operating system, such as Linux, and all its applications. The approach, which we call Secure Virtual Architecture (SVA), defines a virtual, low-level, typed instruction set suitable for executing all code on a system, including kernel and application code. SVA code is translated for execution by a virtual machine transparently, offline or online. SVA aims to enforce fine-grained (object level) memory safety, control-flow integrity, type safety for a subset of objects, and sound analysis. A virtual machine implementing SVA achieves these goals by using a novel approach that exploits properties of existing memory pools in the kernel and by preserving the kernel's explicit control over memory, including custom allocators and explicit deallocation. Furthermore, the safety properties can be encoded compactly as extensions to the SVA type system, allowing the (complex) safety checking compiler to be outside the trusted computing base. SVA also defines a set of OS interface operations that abstract all privileged hardware instructions, allowing the virtual machine to monitor all privileged operations and control the physical resources on a given hardware platform. We have ported the Linux kernel to SVA, treating it as a new architecture, and made only minimal code changes (less than 300 lines of code) to the machine-independent parts of the kernel and device drivers. SVA is able to prevent 4 out of 5 memory safety exploits previously reported for the Linux 2.4.22 kernel for which exploit code is available, and would prevent the fifth one simply by compiling an additional kernel library.

Original languageEnglish (US)
Title of host publicationSOSP'07 - Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles
Pages59-72
Number of pages14
StatePublished - 2007
Event21st ACM SIGOPS Symposium on Operating Systems Principles, SOSP'07 - Stevenson, WA, United States
Duration: Oct 14 2007Oct 17 2007

Publication series

NameSOSP'07 - Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles

Other

Other21st ACM SIGOPS Symposium on Operating Systems Principles, SOSP'07
Country/TerritoryUnited States
CityStevenson, WA
Period10/14/0710/17/07

Keywords

  • Compiler
  • Memory safety
  • Operating systems
  • Security
  • Type safety
  • Typed assembly language
  • Virtual machine

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Secure virtual architecture: A safe execution environment for commodity operating systems'. Together they form a unique fingerprint.

Cite this