Secure virtual architecture: A safe execution environment for commodity operating systems

John Criswell, Andrew Lenharth, Dinakar Dhurjati, Vikram Adve

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper describes an efficient and robust approach to provide a safe execution environment for an entire operating system, such as Linux, and all its applications. The approach, which we call Secure Virtual Architecture (SVA), defines a virtual, low-level, typed instruction set suitable for executing all code on a system, including kernel and application code. SVA code is translated for execution by a virtual machine transparently, offline or online. SVA aims to enforce fine-grained (object level) memory safety, control-flow integrity, type safety for a subset of objects, and sound analysis. A virtual machine implementing SVA achieves these goals by using a novel approach that exploits properties of existing memory pools in the kernel and by preserving the kernel's explicit control over memory, including custom allocators and explicit deallocation. Furthermore, the safety properties can be encoded compactly as extensions to the SVA type system, allowing the (complex) safety checking compiler to be outside the trusted computing base. SVA also defines a set of OS interface operations that abstract all privileged hardware instructions, allowing the virtual machine to monitor all privileged operations and control the physical resources on a given hardware platform. We have ported the Linux kernel to SVA, treating it as a new architecture, and made only minimal code changes (less than 300 lines of code) to the machine-independent parts of the kernel and device drivers. SVA is able to prevent 4 out of 5 memory safety exploits previously reported for the Linux 2.4.22 kernel for which exploit code is available, and would prevent the fifth one simply by compiling an additional kernel library.

Original languageEnglish (US)
Title of host publicationSOSP'07
Subtitle of host publicationProceedings of the 21st ACM Symposium on Operating Systems Principles
Pages351-366
Number of pages16
DOIs
StatePublished - 2007
EventSOSP'07: 21st ACM Symposium on Operating Systems Principles - Stevenson, WA, United States
Duration: Oct 14 2007Oct 17 2007

Publication series

NameOperating Systems Review (ACM)
ISSN (Print)0163-5980

Other

OtherSOSP'07: 21st ACM Symposium on Operating Systems Principles
CountryUnited States
CityStevenson, WA
Period10/14/0710/17/07

Keywords

  • Compiler
  • Memory safety
  • Operating systems
  • Security
  • Type safety
  • Typed assembly language
  • Virtual machine

ASJC Scopus subject areas

  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Secure virtual architecture: A safe execution environment for commodity operating systems'. Together they form a unique fingerprint.

Cite this