学术报告：SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes

题目: SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes

报告人: Sun Kun 教授，美国乔治梅森大学 

时间：2012年11月22日 （周四），下午  2:00-3:00

地点：中国科学院信息工程研究所4号楼 会议室 4303

摘要: 

Protecting commodity systems running commercial Operating Systems (OSes) without significantly degrading performance or usability still remains an open problem. To make matters worse, the overall security depends on complex applications that perform multiple inter-dependent tasks with Internet-borne code. Recent research has shown the need for context-dependent trustworthy environments that can segregate different user activities to lower risk of cross-contamination and safeguard private information. 

In this paper, we introduce a novel BIOS-assisted mechanism for secure instantiation and management of trusted execution environments. A key design characteristic of our system is usability: the ability to quickly and securely switch between operating environments without requiring any specialized hardware or code modifications. Our aim is to eliminate any mutable, non-BIOS code sharing while securely reusing existing hardware: even when an un-trusted environment is compromised, there is no potential for exfiltration or inference attacks. To safeguard against spoofing attacks, we can force the user to physically set a hardware switch, an action that cannot be reproduced by software. In addition, we provide visible indication to the user about the current running environment leveraging one of the front panel Light Emitting Diodes (LEDs). In our prototype, the entire switching process takes approximately six seconds on average. This empowers users to frequently and seamlessly alternate between trusted and un-trusted environments. 

报告人简介: 

Dr Kun Sun is a Research Professor of Center for Secure Information Systems at George Mason University, Fairfax, VA. He has gotten his Ph.D degree of Computer Science from North Carolina State University in 2006. His current research interests include: System security: trustworthy computing environments, system integrity monitoring; Moving target defense: Against the experts in defense, the enemy does not know where to attack; Security in MANET and wireless sensor networks: key management, secure time synchronization, intrusion detection; and Security in Cloud Computing.