II-EN: Enhancing Secure Virtual Architecture for Advanced Operating System Research
University Of Rochester, Rochester NY
Investigators
Abstract
Commodity operating system kernels employ designs that are efficient but insecure. As a result, modern computing systems are insecure at their core. Fortunately, the Secure Virtual Architecture (SVA) infrastructure has allowed researchers to develop strong defenses for existing operating systems on existing hardware. This work seeks to improve SVA so that researchers can use it to develop defenses against increasingly sophisticated security attacks and build tools that evaluate the efficacy of those defenses. SVA is a compiler-based system that, to date, has been used to thwart memory safety errors and to protect applications running on a compromised operating system kernel. This research will make three primary enhancements to SVA to enable it to perform advanced security research. First will be to enhance SVA?s static analysis features to handle flexible and changing code generation and optimization techniques in existing compilers and to handle difficult-to-analyze source code constructs commonly used in operating system kernel code. Second, this work will enhance SVA?s ability to analyze operating system behavior at run-time via arbitrary metadata attached to memory objects. Finally, the plan is to enhance SVA to analyze machine code; this feature will enable SVA to be used in research on the efficacy of defenses against attacks.
View original record on NSF Award Search →