Michael Peter

XNPro: Low-Impact Hypervisor-Based Execution Prevention on ARM

As virtually all smartphones today run general purpose operating systems, they have to consider malware attacks, with rootkits being among the most hideous ones. Since rootkits execute with the same privileges as the OS kernel, traditional countermeasures are inherently fragile. While virtualization-based technologies have proven themselves capable means to see off rootkit attacks, being especially effective when used to foil code injection attacks, the approach has been dismissed so far as impractical for mobile devices on grounds of constrained resources. In this paper we make the case for using virtualization to counter kernel code injection on mobile devices. To that end, we designed EXecute Never Protection (XNPro), a small Type-I hypervisor that ensures that only authorized code is executed by the guest OS kernel even in the case that an adversary gains unfettered control over the guest. Our design emphasizes a small size of the hypervisor, ease of porting guests, and good runtime performance. To validate our design, we implemented a prototype on a ARM Cortex A7 platform. Various benchmark measurements of the prototype prove the feasibility of our approach.

A Secure System Architecture for Measuring Instruments in Legal Metrology

Embedded systems show the tendency of becoming more and more connected. This fact combined with the trend towards the Internet of Things, from which measuring instruments are not immune (e.g., smart meters), lets one assume that security in measuring instruments will inevitably play an important role soon. Additionally, measuring instruments have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone. In this paper, a flexible software system architecture is presented that addresses these challenges within the framework of essential requirements laid down in the Measuring Instruments Directive of the European Union. This system architecture tries to eliminate the risks general-purpose operating systems have by wrapping them, together with dedicated applications, in secure sandboxes, while supervising the communication between the essential parts and the outside world.

Undermining Isolation through Covert Channels in the Fiasco.OC Microkernel

System designers have come to recognize the merits of building critical systems on top of small kernels for their ability to provide strong isolation at system level. This is due to the fact that enforceable isolation is the prerequisite for any reasonable security policy. Towards this goal we examine some internals of Fiasco.OC, a microkernel of the prominent L4 family. Despite its recent success in certain high-security projects for governmental use, we prove that Fiasco.OC is not suited to ensure strict isolation between components meant to be separated. Unfortunately, in addition to the construction of system-wide denial of service attacks, our identified weaknesses of Fiasco.OC also allow covert channels across security perimeters with high bandwidth. We verified our results in a strong affirmative way through many practical experiments. Indeed, for all potential use cases of Fiasco.OC we implemented a full-fledged system on its respective archetypical hardware: Desktop server/workstation on AMD64 x86 CPU, Tablet on Intel Atom CPU, Smartphone on ARM Cortex A9 CPU. The measured peak channel capacities ranging from (sim )13,500 bits/s (Cortex-A9 device) to (sim )30,500 bits/s (desktop system) clearly falsify Fiasco.OC’s isolation guarantee.

Uncloaking Rootkits on Mobile Devices with a Hypervisor-Based Detector

Cell phones have evolved into general purpose computing devices, which are tightly integrated into many IT infrastructures. As such, they provide a potential malware entry point that cannot be easily dismissed if attacks by determined adversaries are considered. Most likely, such targeted attacks will employ rootkit technologies so as to hide their presence for as long as possible.

Achieving Software Security for Measuring Instruments under Legal Control.

In recent years measuring instruments have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone. Additionally the trend to the internet of things from which measuring instruments are not immune, e.g. smart meters and traffic enforcement cameras just to name a few, brings forth security questions. In this paper, a flexible software system architecture that can be constructed out of freely available open source software is presented which addresses these challenges within the framework of essential requirements laid down in the Measuring Instruments Directive of the European Union. The system architecture is based on a modular design assuring correct collaboration between modules by encapsulating them in different virtual machines and supervising their communication.

A secure software framework for Measuring Instruments in legal metrology

Measuring instruments tend to be powerful devices, that have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone. In this paper, a flexible software system architecture that can be constructed out of freely available open source software is presented which addresses these challenges within the framework of essential requirements laid down in the Measuring Instruments Directive of the European Union. This system architecture tries to eliminate the risks general-purpose operating systems have by wrapping them, together with dedicated applications, in secure sandboxes while supervising the communication between the essential parts and the outside world.