Commodity operating system kernels are the foundation of our software systems, providing access control, I/O mechanisms, and memory management. However, operating system kernels are vulnerable to a variety of security attacks. Compromising the kernel allows an attacker to render any security protections, provided by the kernel or the applications running on the kernel, useless.

Secure Virtual Architecture (SVA) is a compiler-based infrastructure designed to address the challenges of securing commodity operating systems. SVA compiles the kernel down to a virtual instruction set that is designed for aggressive static analysis and compiler instrumentation. SVA also provides instructions for manipulating hardware state (such as the MMU) and performing state manipulation (such as context switching). With these features, SVA can protect both operating system and application code via compiler instrumentation techniques.

In this talk, I will present my work on designing and building SVA and on using it to secure commodity systems. I will describe how I built the first SVA system that enforces strong memory safety guarantees on commodity operating system kernels, protecting them from buffer overflow attacks and providing nearly the same level of safety as a type-safe language. I will also describe Virtual Ghost: a system that protects applications from kernel-level rootkits and other kernel compromises. Virtual Ghost provides applications with private, incorruptible memory and secure key delivery and is faster than previous solutions that rely on hypervisor-based approaches.

John Criswell is a research programmer and Ph.D. student at the University of Illinois at Urbana-Champaign. His research interests focus on computer security and automatic compiler transformations that can be used to enforce security policies on commodity software. John's primary research work is on the Secure Virtual Architecture (SVA). SVA enforces security policies on commodity operating system and application code via compiler instrumentation. Using SVA, John has built systems that protect commodity operating systems from buffer overflows and other memory safety attacks. More recently, John used SVA to create the Virtual Ghost system that protects application data and control-flow integrity from a compromised operating system kernel.

Prior to joining the University of Illinois, John worked at Argus Systems Group, Inc. While there, John worked on adding mandatory access controls to the networking subsystem of the AIX operating system.