PhD Dissertation Defense by ZHAO Siqi | Secure Enforcement of Isolation Policy on Multicore Platforms with Virtualization Techniques

Secure Enforcement of Isolation Policy on Multicore Platforms with Virtualization Techniques

About The Talk

Kernel level adversaries had been always been a serious threat in a computer system. The highest privilege obtained by the attackers allows arbitrary violation of security policies. The virtualization based approach attempted at addressing this threat by utilizing the higher-privilege provided by the hardware virtualization mechanisms. Since the kernel is de-privileged, the policy violation by the attackers is also contained. However, a fundamental conflict inside the conceptual design model, the reference monitor, impairs the effectiveness of this approach because the enforcement capability of the virtualization based systems is limited by the semantics available inside the architectural trust boundary. The efforts to overcome this limitation, however, is met with a challenge that involves semantics from the untrusted kernel. To address the shortcomings, the Fully Isolated Micro-Computing Environment (FIMCE) is proposed. FIMCE controls the involvement of such semantics and constructs a fully isolated execution environment. Besides security, FIMCE is also flexible and can be applied to various applications. One such application is the Immersive Execution Environment (ImEE) which consistently and efficiently introspect the memory of a target virtual machine. ImEE features secure introspection and substantial performance improvement.

Speaker Biography

Siqi Zhao is a PhD candidate in the School of Information System, Singapore Management University. His research focuses on the policy enforcement and system design in virtualization based system. The aim is to guarantee security policy enforcement when such systems are applied for security purposes that include isolated execution, access control, virtual machine introspection etc.