Operating systems nowadays are facing im minent security threats\, due to the complexity of applications\, OSes and hardware components\, and the exposure to adversaries in new computing en vironments such as public clouds. To isolate applications from these threa ts\, new operating system architectures are invented\, including mutually- isolating guest OSes\, and host-isolating execution environments like the Intel SGX enclaves. To securely adopt millions of legacy applications\, a secure OS architecture must guarantee both the backward-compatibility of s ystem features and the thoroughness of defending the interface to the untr usted world. We present the Graphene library OS\, which encapsulates the L inux idiosyncratic behaviors and abstractions in a guest or an enclave\, w ith a narrowed host interface that is highly portable and easy to design d efense strategies for. When used as a guest OS\, Graphene can enforce simp le isolation rules\, such as blocking file access\, network connection and pipe communication\, to fence all the operations on OS states sharable by multiple processes. As a result\, Graphene has security isolation compati ble to virtual machines\, but costs much less memory than a full VM and al lows dynamic isolation of processes. When used in an Intel SGX enclave\, G raphene (also called Graphene-SGX) restraints minimal entry points to shie ld applications from malicious host inputs. The defense of Graphene is eas y to verify and trust\, due to the simplicity of its host interface\, and keeping sensitive but vulnerable OS states internal. To evaluate the backw ard-compatibility of Graphene to Linux applications\, we also design a met hodology of measuring the completeness of supporting system APIs\, weighed by the popularity of applications. The methodology has guided the develop ment of Graphene\, to maximize the API support in progress. Graphene has s hown competitive results of securing sophisticated applications like web s ervers\, shell scripts and Java virtual machine runtimes right off the she lf. By supporting the JVM runtimes\, Graphene becomes an important buildin g block for introducing Intel SGX protection as a feature and first-class citizen to Java applications. As Graphene unlocks the limitation of suppor ting Java in enclaves\, and connects the low-level hardware features with the language-level semantics\, it allows further hardening an isolated app lication by partitioning it using a combination of hardware protection (i. e.\, SGX) and language protection (e.g.\, type-safety\, object-proxying\, information flow filtering).
Chia-Che Tsa i is a PhD candidate in the department of computer science\, at Stony Broo k University. His research involves improving the modern operating system designs with security\, efficiency\, scalability\, and compatibility. He i s the main contributor to the Graphene library OS (Eurosys 2014)\, an open -source\, Linux-compatible guest operating system used by many companies a nd research labs (source: https://github.com/oscarlab/graphene). He received the best paper awa rd in Eurosys 2016\, for inventing a practical measurement of system API c ompatibility (evaluation tool and result: http://www.oscar.cs.stonybrook.edu/api-co mpat-study/). He is also author to several publications in top confere nces\, such as SOSP\, OSDI\, Eurosys\, HotOS\, and the \;login: magazine. More information: http://chiachetsai.co m
DTSTAMP:20260620T144200Z CREATED:20170106T074123Z LAST-MODIFIED:20170123T075439Z END:VEVENT END:VCALENDAR