Princeton University

School of Engineering & Applied Science

Nested Kernel: A Protection Architecture for Intra-Kernel Privilege Separation

Nathan Dautenhahn, University Pennsylvania
Engineering Quadrangle B205
Tuesday, December 12, 2017 - 11:00am to 12:00pm

Abstract:  Computing is both increasingly pervasive and relied on in many domains.Systems software, which provides an abstraction of hardware for programmability and secure resource multiplexing, is an essential element.
Unfortunately, today’s systems software threatens the stability and security of these environments.  By incorporating functionality from thousands of developers and being unsafe, enormous, and monolithic, they resemble a modern day Titanic that forces users to implicitly trust a systemically sinkable ecosystem.
The Nested Kernel is a new operating system organization that retrofits an efficient, tamper-proof security monitor directly into traditional system designs, restricting security policy modifications to a small portion of the system. To ensure isolation, the Nested Kernel virtualizes both the memory management unit (MMU) and supervisor privilege modes using the MMU itself and static code de-privileging. The Nested Kernel also exposes data protection services that can be used to secure elements inside the operating system in ways not presently possible. These techniques make the design both portable and efficient while preserving monitor integrity.
The Nested Kernel has been retrofitted into FreeBSD and Xen, resulting in minimal reorganization effort and runtime overheads. Overall, the Nested Kernel presents a practical in-situ protection paradigm that enables incrementally deployable security enhancements to the most common and privileged elements of our software stacks.
Bio: Nathan Dautenhahn is a postdoctoral researcher in the Department of Computer and Information Science at the University Pennsylvania. He earned his doctorate in Computer Science from the University of Illinois at Urbana-Champaign in August of 2016. His research investigates trustworthy system design by developing experimental operating systems, compilers, and hardware components. This research has led to publications in key security and systems venues, including IEEE S&P, CCS, NDSS, ASPLOS, and ISCA. His work, on the Nested Kernel, identifies solutions for defending against insecure and malicious operating systems—the topic of his thesis. The Nested Kernel is under consideration for inclusion in HardenedBSD (a variant of FreeBSD) and employed by others integrating it into Linux. Dautenhahn actively contributes to graduate education and service by participating in many activities, such as establishing the Doctoral Education Perspectives seminar, formally mentoring undergraduate and graduate students, and serving on the Computer Science Graduate Academic Council and the Engineering Graduate Student Advisory Committee.