Improving security at the system-call boundary in a type-safe operating system
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2019
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/1721.1/121686 |
| _version_ | 1826209388797362176 |
|---|---|
| author | Weisblat, Jakob H. |
| author2 | Howard Shrobe, Hamed Okhravi and Bryan Ward. |
| author_facet | Howard Shrobe, Hamed Okhravi and Bryan Ward. Weisblat, Jakob H. |
| author_sort | Weisblat, Jakob H. |
| collection | MIT |
| description | This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. |
| first_indexed | 2024-09-23T14:21:44Z |
| format | Thesis |
| id | mit-1721.1/121686 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T14:21:44Z |
| publishDate | 2019 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/1216862019-07-24T03:08:13Z Improving security at the system-call boundary in a type-safe operating system Weisblat, Jakob H. Howard Shrobe, Hamed Okhravi and Bryan Ward. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Electrical Engineering and Computer Science. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2019 Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 44-50). Historically, most approaches to operating sytems security aim to either protect the kernel (e.g., the MMU) or protect user applications (e.g., W [symbol] X). However, little study has been done into protecting the boundary between these layers. We describe a vulnerability in Tock, a type-safe operating system, at the system-call boundary. We then introduce a technique for providing memory safety at the boundary between userland and the kernel in Tock. We demonstrate that this technique works to prevent against the aforementioned vulnerability and a class of similar vulnerabilities, and we propose how it might be used to protect against simliar vulnerabilities in other operating systems. Supported by the Assistant Secretary of Defense for Research and EngineeringAir Force Contract No. FA8702- 15-D-0001 by Jakob H. Weisblat. M. Eng. M.Eng. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science 2019-07-15T20:34:10Z 2019-07-15T20:34:10Z 2018 2019 Thesis https://hdl.handle.net/1721.1/121686 1102057671 eng MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582 50 pages application/pdf Massachusetts Institute of Technology |
| spellingShingle | Electrical Engineering and Computer Science. Weisblat, Jakob H. Improving security at the system-call boundary in a type-safe operating system |
| title | Improving security at the system-call boundary in a type-safe operating system |
| title_full | Improving security at the system-call boundary in a type-safe operating system |
| title_fullStr | Improving security at the system-call boundary in a type-safe operating system |
| title_full_unstemmed | Improving security at the system-call boundary in a type-safe operating system |
| title_short | Improving security at the system-call boundary in a type-safe operating system |
| title_sort | improving security at the system call boundary in a type safe operating system |
| topic | Electrical Engineering and Computer Science. |
| url | https://hdl.handle.net/1721.1/121686 |
| work_keys_str_mv | AT weisblatjakobh improvingsecurityatthesystemcallboundaryinatypesafeoperatingsystem |