Virtual Ghost

Virtual Ghost1:

  • Compiler instrumentation of operating system code: creating ghost memory, which kernel cannot access;

  • A thin hardware abstraction layer (SVA-based): kernel must use to be restricted; user application use them to protect themselves via ghost memory management, encryption, signing, and key management;

Compiler Instrumentation

  • ghost memory protection.
  • LLVM bitcode translation and validation.
  • CFI on kernel code: ensures the compiler instrumentation is not bypassed.

Evaluation

Implimentation:

FreeBSD 9.0; Three OpenSSH applications: ssh, ssh-keygen, ssh-agent: share same application key, exchange data securely.

Security Evaluation: defeats rootkit attacks.

  • .svamem

    • Q&A Why not all sva code be put into svamem section, instead, just a selected portion of data structures in libsva? Linker Script .svamem section // file // sys/conf/ldscript.amd64 /* Create the SVA data section */ _svastart = ALIGN(0x1000); .svamem ALIGN(0x1000) : { SVAPTPages = .; . = . + 4194304; *(svamem) _svaend = .; } Variables: _svastart, _svaend, SVAPTPages, Used in

  1. Virtual Ghost: Protecting Applications from Hostile Operating Systems. ASPLOS, 2014. ↩
Created Aug 2, 2019 // Last Updated Aug 31, 2020

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?