A Common Code Base and Toolkit for Deployment of Applications to Secure and Reliable Virtual Execution Environments

Leistungen

Report on Communication and Dissemination Activities and Exploitation Plans - Initial

This report describes the 1st year results of all the activities for impact creation, including communication actions (also through project’s website), scientific publications, events participation as well as initial plans for the exploitation of the project outcomes.

Security, Safety and Validation Support Definition - Initial

This deliverable will describe the definition of the UNICORE security and safety primitives, which allow UNICORE applications to minimize the attack and failure surface in production. This is done both proactively (using software verification techniques) and reactively (using software hardening techniques). In addition, this deliverable will report on deterministic execution support for smart contracts.

Report on Communication and Dissemination Activities - Intermediate

This report describes the 2nd year results of all the activities form impact creation, including communication actions, scientific publications and events participation.

Platform Requirements - Final

This deliverable will describe the aggregated inputs and goals of the diverse partners will aligned into one consistent whole that will maximise the efficiency of the core implementation and developed toolsets for the selected and practical use-cases of Unikernels defined in WP5. This deliverable will contain: the initial description of the Scenarios, the initial description of business and trials requirements, the taxonomy of services where unikernels applies.

Security, Safety and Validation Support Definition - Final

This deliverable will describe the definition of the UNICORE security and safety primitives which allow UNICORE applications to minimize the attack and failure surface in production This is done both proactively using software verification techniques and reactively using software hardening techniques In addition this deliverable will report on deterministic execution support for smart contracts

Initial Deployment

This report will detail the results of the initial deployment of the core project tools/unikernels (i.e., the output of WP2, WP3 and WP4): what went well, what did not, what functionality is missing, etc. This input will be fed back to the core WPs in order to further refine the UNICORE tools to meet the demands of the project’s four use cases.

Final Report on Open Source Contributions, Exploitation Plans and Business Opportunities

This report will summarize the project contributions to standardization bodies and open source communities Moreover the report will describe the final exploitation plans analyzing the potential of the project outcomes to feed new market products and inspire future research activities

API Design - Final

This deliverable in close cooperation with WP3WP5 will provide the library categories API definitions and semantics annotations This will define the common interfaces prevailing throughout UNICORE to support decomposition and modularization of OS components and automated Unikernel construction

Platform Requirements - Initial

This deliverable will describe the conflicting inputs and goals of the diverse partners will aligned into one consistent whole that will maximise the efficiency of the core implementation and developed toolsets for the selected and practical use-cases of Unikernels defined in WP5. This deliverable will contain: the initial description of the Scenarios, the initial description of business and trials requirements, the taxonomy of services where unikernels applies.

Deployment Plan, Requirements and Business Cases

This report will provide a detailed deployment plan for the four different deployment targets in this WP. This will include infrastructure description, unikernel requirements for each particular use case and any orchestration/management integration requirements. Further, this report will provide an analysis and description of the business cases for each of the use cases, pointing out what the business models will be.

Data Management Plan

This deliverable provides the data management plan for open research data conforming to the guidelines of the H2020 framework programme.

Design & Implementation of Tools for Unikernel Deployment - Initial

A report on the development of the tools required during the unikernel life cycle. The report details the design of each tool used to build the unikernel, including a decomposition tool, dependency analysis tool, optimization tool and verification tool. Deployment tools are also described including any modifications or additions required to the orchestration tool. In addition, the design of the host environment is described and details how unikernels are supported for easy deployment, and reliable and secure execution without sacrificing performance. The report will be accompanied by an initial release of the open source tool set and host development and deployment environments.

Platform Integration

This deliverable will report on the results of the integration effort which will bring all of the UNICORE tools eg the build tool the verification one the performance optimization one etc under a common easytouse ecosystem It will further contain a section consisting of a user manual to explain how this ecosystem of tools should be used

Definition of APIs and Library Identification - Initial

This deliverable will describe the definition of the UNICORE APIs that allow libraries within a category (e.g., schedulers, memory allocators, etc.) to be able to easily swapped in and out (e.g., exchanging a co-operative scheduler with a pre-emptive one, or a slab allocator with a buddy one). In addition, this deliverable will identify the libraries that UNICORE will need to support the widest possible range of applications, along with a work plan as to how to quickly implement them (or port them).

Platform Evaluation

This deliverable will contain the results of the final implementation of the UNICORE use cases This final document will include an overall analysis of the performed evaluations and will provide a final assessment of the models underlying the tested control components This document will provide guidelines for future collaborative users of the system to maximize the tools usage

Design & Implementation of Tools for Unikernel Deployment - Intermediate

An updated report detailing the progress since the release of D4.1. The report includes the final design of all the tools and host environment which are now feature complete. An evaluation of the development and deployment environment is included, which is based on T2.4 Evaluation. A second release of the source code is also part of the deliverable, which has already been published as open source as part of D4.1.

API Design - Intermediate

This deliverable in close cooperation with WP3/WP5 will provide the library categories API definitions and semantics annotations. This will define the common interfaces prevailing throughout UNICORE to support decomposition and modularization of OS components, and automated Unikernel construction.

Innovation Strategy Report

This deliverable will provide a full report of the innovation activities of T13 including market analysis description of business opportunities and the development of business models for the deployments envisioned by project partners WP5 This document will further describe interactions with the advisory board regarding innovation opportunities as well as any developments coming from dissemination activities at industryled events

API Design - Initial

This deliverable in close cooperation with WP3/WP5 will provide the library categories API definitions and semantics annotations. This will define the common interfaces prevailing throughout UNICORE to support decomposition and modularization of OS components, and automated Unikernel construction.

Report on Communication and Dissemination Activities - Final

This report describes all the communication and dissemination results of the project including details of scientific publications organization of workshops advertising and communication materials participation in industrial events

Definition of APIs and Library Identification - Final

This deliverable will describe the definition of the UNICORE APIs that allow libraries within a category eg schedulers memory allocators etc to be able to easily swapped in and out eg exchanging a cooperative scheduler with a preemptive one or a slab allocator with a buddy one In addition this deliverable will identify the libraries that UNICORE will need to support the widest possible range of applications along with a work plan as to how to quickly implement them or port them

API, Library and Security Primitives Implementation - Initial

This deliverable will provide the initial implementation of the UNICORE APIs, along with an initial set of libraries. This initial set should be sufficient to at least support a few applications (e.g., a web server, or a Python unikernel) in order to start developing the project’s use cases. Further, this deliverable will describe an initial implementation of the security and safety primitives being developed in tasks T3.2 and T.3.3.

Design & Implementation of Tools for Unikernel Deployment - Final

The final report detailing the progress since the release of D42 Any modifications to the design that were implemented are included which may come about as a result of evaluation through the use cases

Final Deployment, Evaluation and Market Impact

This report will give a full description of the final deployment for all use cases including a performance evaluation and a final description of the business case and future plans that each deployment has in order to have market impact

API, Library and Security Primitives Implementation - Final

This deliverable will contain the description of the final implementation of the UNICORE APIs libraries and security and safety primitives At this stage this implementation will cover all of the functionality needed by the UNICORE use cases

Website, Social Accounts and Advertising Material

This report documents the web site and the social channels established, as well as the initial advertising material produced to widely disseminate the activities and the outcomes of the project.

Veröffentlichungen

PIBE: Practical Kernel Control-flow Hardening with Profile-guided Indirect Branch Elimination.

Autoren: Duta, V.; van der Kouwe, E.; Bos, H.; and Giuffrida, C
Veröffentlicht in: ASPLOS 2021: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2021
Herausgeber: ACM

Unikraft: Fast, Specialized Unikernels the Easy Way

Autoren: Felipe Huici
Veröffentlicht in: EuroSys '21: Proceedings of the Sixteenth European Conference on Computer Systems, 2021
Herausgeber: ACM
DOI: 10.1145/3447786.3456248

TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering

Autoren: Tatar, A.; Trujillo, D.; Giuffrida, C
Veröffentlicht in: USENIX Security, 2022
Herausgeber: USENIX

FlexOS: towards flexible OS isolation

Autoren: Lefeuvre, H.; Bădoiu, V-A.; Jung, A.; Teodorescu, S.L.; Rauch, S.; Huici, F.; Raiciu, C
Veröffentlicht in: In Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2022)., 2022
Herausgeber: ACM
DOI: 10.1145/3503222.3507759

FlexOS: Making OS Isolation Flexible

Autoren: Hugo Lefeuvre
Veröffentlicht in: HotOS '21: Proceedings of the Workshop on Hot Topics in Operating Systems, 2021
Herausgeber: ACM
DOI: 10.1145/3458336.3465292

Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks

Autoren: Barberis, E.; Frigo, P.; Muench, M.; Bos, H.; and Giuffrida, C.
Veröffentlicht in: USENIX Security, 2022
Herausgeber: USENIX

NetCAT: Practical Cache Attacks from the Network

Autoren: Kurth, M.; Gras, B.; Andriesse, D.; Giuffrida, C.; Bos, H
Veröffentlicht in: 2020 IEEE Symposium on Security and Privacy (SP), 2020
Herausgeber: IEEE
DOI: 10.1109/sp40000.2020.00082

DupeFS: Leaking Data Over the Network With Filesystem Deduplication Side Channels

Autoren: Bacs, A.; Musaev, S.; Razavi, K.; Giuffrida, C.; and Bos, H
Veröffentlicht in: FAST 2022, 2022
Herausgeber: USENIX

Practical Software Crash Recovery with Targeted Library-level Fault Injection

Autoren: Bhat, K.; van der Kouwe, E.; Bos, H.; and Giuffrida, C.
Veröffentlicht in: 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2021
Herausgeber: IEEE

Speculative Probing: Hacking Blind in the Spectre Era

Autoren: Enes Gkta, Kaveh Razavi, Georgios Portokalidis, Herbert Bos, and Cristiano Giuffrida
Veröffentlicht in: CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Ausgabe November 2020, 2020
Herausgeber: ACM
DOI: 10.1145/3372297.3417289

Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks

Autoren: Ragab, H.; Barberis, E.; Bos, H.; and Giuffrida, C
Veröffentlicht in: USENIX Security, 2021
Herausgeber: USENIX

TRRespass: Exploiting the Many Sides of Target Row Refresh

Autoren: Frigo, P.; Vannacci, E.; Hassan, H.; van der Veen, V.; Mutlu, O.; Giuffrida, C.; Bos, H.; and Razavi, K.
Veröffentlicht in: 2020 IEEE Symposium on Security and Privacy (SP), 2020
Herausgeber: IEEE
DOI: 10.1109/sp40000.2020.00090

CrossTalk: Speculative Data Leaks Across Cores Are Real

Autoren: Ragab, H.; Milburn, A.; Razavi, K.; Bos, H.; and Giuffrida, C
Veröffentlicht in: IEEE Symposium on Security and Privacy (SP), 2021
Herausgeber: IEEE

kMVX - Detecting Kernel Information Leaks with Multi-variant Execution

Autoren: Sebastian Österlund, Koen Koning, Pierre Olivier, Antonio Barbalace, Herbert Bos, Cristiano Giuffrida
Veröffentlicht in: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS '19, 2019, Seite(n) 559-572, ISBN 9781-450362405
Herausgeber: ACM Press
DOI: 10.1145/3297858.3304054

Unleashing the power of unikernels with unikraft

Autoren: S. Kuenzer, S. Santhanam, Y. Volchkov, F. Schmidt, F. Huici, Joel Nider, Mike Rapoport, Costin Lupu
Veröffentlicht in: Proceedings of the 12th ACM International Conference on Systems and Storage - SYSTOR '19, 2019, Seite(n) 195-195, ISBN 9781-450367493
Herausgeber: ACM Press
DOI: 10.1145/3319647.3325856

Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks

Autoren: Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos
Veröffentlicht in: 2019 IEEE Symposium on Security and Privacy (SP), 2019, Seite(n) 55-71, ISBN 978-1-5386-6660-9
Herausgeber: IEEE
DOI: 10.1109/sp.2019.00089

SoK: Benchmarking Flaws in Systems Security

Autoren: Erik van der Kouwe, Gernot Heiser, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida
Veröffentlicht in: 2019 IEEE European Symposium on Security and Privacy (EuroS&P), 2019, Seite(n) 310-325, ISBN 978-1-7281-1148-3
Herausgeber: IEEE
DOI: 10.1109/eurosp.2019.00031

VPS: excavating high-level C++ constructs from low-level binaries to protect dynamic dispatching

Autoren: Pawlowski, A., van der Veen, V., Andriesse, D., van der Kouwe, E., Holz, T., Giuffrida, C. and Bos, H.
Veröffentlicht in: 35th Annual Computer Security Applications Conference, ACSAC 2019, Dec 9-13 2019, 2019
Herausgeber: ACSAC
DOI: 10.5281/zenodo.3523939

Address space isolation in the linux kernel

Autoren: Joel Nider, Mike Rapoport, James Bottomley
Veröffentlicht in: Proceedings of the 12th ACM International Conference on Systems and Storage - SYSTOR '19, 2019, Seite(n) 194-194, ISBN 9781-450367493
Herausgeber: ACM Press
DOI: 10.1145/3319647.3325855

RIDL: Rogue In-Flight Data Load

Autoren: Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
Veröffentlicht in: 2019 IEEE Symposium on Security and Privacy (SP), 2019, Seite(n) 88-105, ISBN 978-1-5386-6660-9
Herausgeber: IEEE
DOI: 10.1109/sp.2019.00087

UNICORE: A toolkit to automatically build unikernels

Autoren: Gaulthier, G., Soldani, C. and Mathy, L.
Veröffentlicht in: Grascomp Doctoral Day, 22 November 2019, Namur, Belgium, 2019
Herausgeber: n/a

Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks

Autoren: Sanghyun Hong and Pietro Frigo and Yigitcan Kaya and Cristiano Giuffrida and Tudor Dumitras
Veröffentlicht in: 28th USENIX Security Symposium, Aug 14–16, 2019 SANTA CLARA, CA, USA, 2019, Seite(n) 497--514, ISBN 978-1-939133-06-9
Herausgeber: USENIX Association

ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks

Autoren: Radhesh Krishnan Konoth and Marco Oliverio and Andrei Tatar and Dennis Andriesse and Herbert Bos and Cristiano Giuffrida and Kaveh Razavi
Veröffentlicht in: 12th USENIX conference on Operating Systems Design and Implementation USENIX-ACM OSDI 2018, 2018, Seite(n) 697-710, ISBN 978-1-939133-08-3
Herausgeber: USENIX Association

Unikernels Made Easy with Unikraft

Autoren: S.Kuenzer
Veröffentlicht in: 14th Workshop on Virtualization in High-Performance Cloud Computing (VHPC'19), 2019
Herausgeber: VHPC

Threat Classification in Current Communication Infrastructures

Autoren: Ioan Constantin, Cristian Patachia, Carmen Patrascu, Andrei Avadanei, Lucian Nitescu
Veröffentlicht in: 11th edition of the Electronics, Computers and Artificial Intelligence - ECAI-2019, 2019
Herausgeber: ECAI

TagBleed: Breaking KASLR on the Isolated Kernel Address Space Using Tagged TLBs

Autoren: Koschel, J.; Giuffrida, C.; Bos, H.; and Razavi, K
Veröffentlicht in: 2020 IEEE European Symposium on Security and Privacy (EuroS&P), 2020
Herausgeber: IEEE
DOI: 10.1109/eurosp48549.2020.00027

SMASH: Synchronized Many-sided Rowhammer Attacks From JavaScript

Autoren: de Ridder, F.; Frigo, P.; Vannacci, E.; Bos, H.; Giuffrida, C.; and Razavi, K
Veröffentlicht in: USENIX Security, 2021
Herausgeber: USENIX

owards Highly Specialized, POSIX -compliant Software Stacks with Unikraft: Work-in-Progress

Autoren: S. Santhanam et al.
Veröffentlicht in: 2020 International Conference on Embedded Software (EMSOFT), 2020
Herausgeber: IEEE
DOI: 10.1109/emsoft51651.2020.9244044

Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization

Autoren: Giuffrida, C.; Borrello, D.; Cono, D.; Querzoni, L
Veröffentlicht in: CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, 2021
Herausgeber: ACM
DOI: 10.1145/3460120.3484583

Wayfinder: towards automatically deriving optimal OS configurations

Autoren: Jung, A.; Lefeuvre, H.; Rotsos, D.; Olivier, p.; Oñoro-Rubio, D.; Huici, F.; Niepert, M.
Veröffentlicht in: In Proceedings of the 12th ACM SIGOPS Asia-Pacific Workshop on Systems, 2021
Herausgeber: ACM

On the Effectiveness of Same-Domain Memory Deduplication

Autoren: Costi, A.; Johannesmeyer, B.; Bosman, E.; Giuffrida, C.; and Bos, H
Veröffentlicht in: EuroSec '22: Proceedings of the 15th European Workshop on Systems Security, 2022
Herausgeber: ACM

Scanning for Generalized Transient Execution Gadgets in the Linux Kernel

Autoren: Johannesmeyer, B.; Koschel, J.; Razavi, K.; Bos, H.; and Giuffrida, C
Veröffentlicht in: 2022 NDSS Symposium, 2022
Herausgeber: NDSS

ABSynthe: Automatic Blackbox Sidechannel Synthesis on Commodity Microarchitectures

Autoren: Gras, B.; Giuffrida, C.; Kurth, M.; Bos, H.; and Razavi, K
Veröffentlicht in: 2020 NDSS Symposium, 2020
Herausgeber: NDSS

Defeating Software Mitigations Against Rowhammer: A Surgical Precision Hammer

Autoren: Andrei Tatar, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
Veröffentlicht in: Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Heraklion, Crete, Greece, September 10-12, 2018, Proceedings, Ausgabe 11050, 2018, Seite(n) 47-66, ISBN 978-3-030-00469-9
Herausgeber: Springer International Publishing
DOI: 10.1007/978-3-030-00470-5_3

Unikraft: Unikernels Made Easy

Autoren: Simon Kuenzer
Veröffentlicht in: FOSDEM 2019, 2019
Herausgeber: n/a

Kernel Address Space Isolation

Autoren: Alexandre Chartre, Mike Rapoport, James Bottomley, Joel Nider
Veröffentlicht in: Linux Plumbers, 9-11 September 2019,, 2019
Herausgeber: n/a

Building DPDK Unikernel with Unikraft

Autoren: S. Santhanam, S.Kuenzer, F. Huici
Veröffentlicht in: DPDK Summit 2019,, 2019
Herausgeber: n/a

Is the Hypervisor the New Kernel?

Autoren: C. Lupu
Veröffentlicht in: EuroSys, Doctoral Workshop, 25-28 March 2019, 2019
Herausgeber: EuroSys

UNICORE Project: Unikernel Power

Autoren: J. Guijarro
Veröffentlicht in: OpenNebula Techday, 8 May 2019, Barcelona, Spain, 2019
Herausgeber: OpenNebula

Unikraft: Unikernels for NFV

Autoren: L. Mathy (speaker), F. Huici
Veröffentlicht in: The 3rd Future Network Development Conference, 2019
Herausgeber: N/A

Another Step Beyond Containers

Autoren: X. Peralta
Veröffentlicht in: Jornadas Técnicas RedIRIS, 28/30 May 2019, 2019
Herausgeber: n/a

UNICORE Presentation by Orange

Autoren: Cristian Patachia & Orange CEO
Veröffentlicht in: Digital Assembly, 13-14 June 2019,, 2019
Herausgeber: n/a

Address Space Isolation for Container Security

Autoren: Mike Rapoport, James Bottomley
Veröffentlicht in: Linux Plumbers, 9-11 September 2019, 2019
Herausgeber: n/a

Address Space Isolation inside Linux Kernel

Autoren: Mike Rapoport, James Bottomley
Veröffentlicht in: Open Source Summit Europe, 28-30 October 2019, 2019
Herausgeber: n/a

Memory management bits in arch/*

Autoren: Mike Rapoport
Veröffentlicht in: Kernel Summit, 9-11 September 2019, 2019
Herausgeber: n/a

Boot Time Memory Management

Autoren: Mike Rapoport
Veröffentlicht in: Embedded Linux Conference Europe, 28-30 October 2019, 2019
Herausgeber: n/a

Address Spaces for Namespaces

Autoren: Mike Rapoport, James Bottomley
Veröffentlicht in: Linux Security Summit Europe, 31 October - 1 November 2019, 2019
Herausgeber: n/a

UNICORE video

Autoren: UNICORE Consortium
Veröffentlicht in: UNICORE Project Video, 2019
Herausgeber: UNICORE Consortium

Digital Forensics

Autoren: Ioan Constantin
Veröffentlicht in: Orange Education Program Spring School, 8-10 March 2019, Bucharest, Romania, 2019
Herausgeber: “Alexandru Ioan Cuza” University of Iași, Romania

Cybersecurity in Mobile Networks

Autoren: Ioan Constantin
Veröffentlicht in: Cybersecurity Romania, 4 June 2019, Bucharest, Romania, 2019
Herausgeber: N/A

Lightweight virtualization with Unikraft

Autoren: Costin Raiciu
Veröffentlicht in: Microsoft Research Seminar, 5 September 2019, 2019
Herausgeber: Microsoft

Simjacker – billion dollar mobile security vs. one tiny piece of plastic

Autoren: Ioan Constantin
Veröffentlicht in: Def Camp 2019 - International Hacking & Information Security Conference, 7-8 November 2019, Bucharest, Romania, 2019
Herausgeber: Def Camp

Cristian Patachia, Ioan Constantin

Autoren: Orange Business Internet Security Report Ed. II
Veröffentlicht in: Online resource, 2019
Herausgeber: Orange Romania

Leistungen

Veröffentlichungen

Diese Seite teilen

Herunterladen