ECE Seminar: Nathan Dautenhahn
- Starts: 11:00 am on Tuesday, February 20, 2018
- Ends: 12:00 pm on Tuesday, February 20, 2018
ECE Seminar: Nathan Dautenhahn Tuesday, February 20, 2018 Nathan Dautenhahn Postdoc Researcher University of Pennsylvania Photonics Center, 8 Saint Mary's Street, Room 339 Refreshments will be available at 10:45am outside of PHO 339 Title: Abstractions, Mechanisms, and Policies for Intra-Kernel Privilege Separation Abstract: Many layers of our computing stacks are implicitly trusted, but are themselves no more secure than the applications they seek to protect. In this talk I describe one of my explorations into making trusted software more trustworthy. The Nested Kernel organization retrofits a small isolated security monitor directly into monolithic operating system design. The security monitor is the only component permitted to access memory protection policies and is isolated at a single privilege level in a single address space. The result is that the Nested Kernel significantly reduces (232 times) the code permitted to modify memory protection policies, defends against code-injection attacks, works in commodity systems on commodity hardware, and is portable to diverse hardware (ARM, x86, Hypervisor privilege) and software (FreeBSD, Linux, Xen), while being efficient and requiring only minimal refactoring. Overall, the Nested Kernel prototypes (FreeBSD and Xen) demonstrate that it is possible to retrofit powerful security into existing and popular systems. In the talk I describe the Nested Kernel and sketch a path forward for incrementally "micro-evolving" overprivileged commodity systems towards safer variants. In the future I plan to exploit these results for verification and hardening of commodity operating systems: a must for gaining any assurance in our computing stacks. Bio: Nathan Dautenhahn is a postdoctoral researcher in the Department of Computer and Information Science at the University Pennsylvania. He earned his doctorate in Computer Science from the University of Illinois at Urbana-Champaign in August of 2016. Dautenhahn actively contributes to graduate education and service by participating in many activities, such as creating the Doctoral Education Perspectives seminar, formally mentoring undergraduate and graduate students, and serving on the Computer Science Graduate Academic Council and the Engineering Graduate Student Advisory Committee. Dautenhahn's research investigates trustworthy system design by developing experimental operating systems, compilers, and hardware components, which has led to publications in key security and systems venues, including IEEE S&P, CCS, NDSS, ASPLOS, and ISCA. His dissertation, on the Nested Kernel, identifies solutions for defending against insecure and malicious operating systems. The Nested Kernel is under consideration for inclusion in HardenedBSD (a variant of FreeBSD) and employed by others integrating it into Linux.
- Photonics Center, 8 Saint Mary's Street, Room 339