Call for Papers

Immunization Techniques against the Side Channel Attack ( Vortrag )

Separation and Virtualization for Secure System Software

Referent: Arun Subbarao, Lynx Software Technologies Inc
Vortragsreihe: Security
Zeit: 04.12.18 10:35-11:15

Zielgruppe

Entwicklung

Themenbereiche

Sichere Software

Schwerpunkt

Technologie

Voraussetzungen

Expertenwissen

Kurzfassung

Meltdown and Spectre, two recent side channel attacks have demonstrated all too clearly how some multi-core processor based software can be exploited, resulting in loss of confidentiality. The media attention has indicated it was a largely hardware design issue that forced software suppliers to provide workarounds. We contend that secure systems can be designed using separation and virtualization to isolate security components, and minimize or even immunize the system from severe side channel attacks such as Meltdown and Spectre. Modern multicore processor architecture has evolved to the point where analyzing complexities and emergent behavior is a significant problem for system architects, this paper will define technical approaches to addressing these challenges.

Gliederung

This paper will take the audience through an explanation of side channel attacks & Meltdown and spectre specifically. We will then discuss multi-core processor capabilities that can be used to mitigate & avoid these attacks through system software architecture & design. In effect we will show how to make multi-core system software resilient and secured by design, isolating hosted OS’s and applications which become vulnerable to these attacks.
We will show that these multi-core capabilities can supplant many capabilities normally assumed to need to reside in an OS or RTOS, where they are vulnerable to these attacks due to insufficient attention to least-privilege software design as they extended their services across multiple cores.
This approach has been adopted by Automotive supplier as they adopt Adaptive Autosar & by many of the world’s largest Integrated Modular Avionics platform developers, who have independently tested & validated the approach we describe in this paper.

Nutzen und Besonderheiten

The audience will be taken through implementation strategies for multi-core systems for the delivery of secure separation through virtualization techniques, combined with a rigorous attention to detail for using the processor to deliver the very best secure implementation of least privilege system software development. When brought together it will become clear how system architects can deliver a secure by design infrastructure that is immune to, or mitigates side channel attacks, even ones where the hardware itself creates the potential for such an attack vector.

Über den Referenten

Arun Subbarao is Vice President of Engineering & Technology at Lynx Software Technologies, responsible for the development of products for the Automotive, IoT and Cyber-security markets. He has over 20 years of experience in the software industry working on security, safety, virtualization, operating systems and networking technologies. In this role, he spearheaded the development of the LynxSecure separation kernel & hypervisor product as well as other software innovations in cyber-security