Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Security and Legacy at Microsoft MATTHEW PARKINSON PRINCIPAL RESEARCHER, CONFIDENTIAL COMPUTING, MICROSOFT RESEARCH
Motivation Microsoft cares about security Microsoft cares about legacy
Fixing individual bugs not scaling 130 109 141 163 234 224 155 305 317 474 417 603 600 2006 2007 2008 2009 2010 2011 2012 ...
Microsoft cares about security slide courtesy of Matt Miller, Partner Security Engineer, MSRC 32 24 21 22 26 13 4 11 4 1 3...
What is Microsoft doing? Remove classes of vulnerabilities ◦ Probabilistic prevention not considered suitable - servicing ...
Our research in Cambridge Mitigations Language design Compartmentalisation
Project Verona A new language for safe infrastructure programming With David Chisnall, Sylvan Clebsch, Manuel Costa, Sophi...
The application spectrum C# C/C++ Asm Today Boot loader/HAL Core OS components Schedulers/Memory management Exchange/ ASP....
The space • Fine grained control • Resource management • Latency sensitive • Close to machine • No abstraction over memory...
The application spectrum C# C/C++ Asm Today Boot loader/HAL Core OS components Schedulers/Memory management Exchange/ ASP....
The space • Fine grained control • Resource management • Latency sensitive • Close to machine • No abstraction over memory...
Core ideas • Give up concurrent mutation, to enable scalable memory management. Data-race freedom • New concurrency model ...
Shared immutable region Linear mutable region Single entry pointRegions are only accessed by one computation at a time
Pervasive sandboxing Verona program C++ runtime library C library C / Assembly library C++ library C/C++ library C++ libra...
Libraries are special untrusted regions
Project Verona status Production quality runtime Prototype interpreter and type checker Compiler not started Open-sourcing...
CHERI
CHERI for mitigations Which exploit chains does CHERI break? What gadgets can exist on CHERI? Can temporal safety be achie...
CHERI for legacy Lightweight compartmentalisation • Contain existing libraries • Single address space • How can we build a...
Conclusions Microsoft needs security for legacy! Can we capitalise on CHERI to use existing assets? Can we architect softw...
Backup slides
Memory Safety Scalability Global GC Malloc/Free
Regions open up new possibilities • Compartmentalisation • Different regions can be compiled with different trust. • Distr...
Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free
Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free Ownership Single mutator
Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free Ownership
Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free Ownership
The Sea of Objects
Region access is single-threaded C#/C++ Region-based ownership Only one thread operating on a region at a time
Region ownership is hierarchical C#/C++ Region-based ownership Regions have a single entry point
Upcoming SlideShare
Loading in …5
×

of

Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 1 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 2 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 3 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 4 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 5 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 6 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 7 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 8 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 9 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 10 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 11 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 12 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 13 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 14 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 15 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 16 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 17 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 18 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 19 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 20 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 21 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 22 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 23 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 24 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 25 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 26 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 27 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 28 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 29 Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft Slide 30
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.
Design
Nov. 26, 2019
7,172 views

7 Likes

Share

Download to read offline

Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft

Download to read offline

Design
Nov. 26, 2019
7,172 views

Following the Collaborators' Workshop held on 26th Sept (presentations available on KTN's SlideShare account), EPSRC/ESRC are running a Collaboration Development workshop on 22nd November 2019 in London to facilitate academia-industry and academia-academia collaboration ahead of the closing dates for the EPSRC and ESRC ISCF Digital Security by Design calls.

The calls need to be led by academic institutions. Industrial involvement, while not mandatory, is highly desirable and will be required for future competitions. Hence this workshop aims to have a mix of academic and industrial participants.

The Digital Security by Design challenge was announced in July. This challenge, amounting to £70 million of government funding over 5 years, will be delivered by UK Research and Innovation (UKRI) through the Industrial Strategy Challenge Fund (ISCF).


Find out more: https://ktn-uk.co.uk/news/iscf-digital-security-by-design-collaboration-development-workshop

Recommended

Related Books

Free with a 30 day trial from Scribd

See all
My Mother's Wedding Dress: The Life and Afterlife of Clothes Justine Picardie
(3.5/5)
Free
The Style Strategy: A Less-Is-More Approach to Staying Chic and Shopping Smart Nina Garcia
(4/5)
Free
Dreaming of Dior: Every Dress Tells a Story Charlotte Smith
(4.5/5)
Free
Empress of Fashion: A Life of Diana Vreeland Amanda Mackenzie Stuart
(3.5/5)
Free
Gunn's Golden Rules: Life's Little Lessons for Making It Work Tim Gunn
(4/5)
Free
Women From the Ankle Down: The Story of Shoes and How They Define Us Rachelle Bergstein
(4.5/5)
Free
Lessons from Madame Chic: 20 Stylish Secrets I Learned While Living in Paris Jennifer L. Scott
(4/5)
Free
Diane: A Signature Life Diane von Furstenberg
(4/5)
Free
The Towering World of Jimmy Choo: A Glamorous Story of Power, Profits, and the Pursuit of the Perfect Shoe Lauren Goldstein Crowe
(4/5)
Free
The Little Black Book of Style Nina Garcia
(4/5)
Free
The Essence of Style: How the French Invented High Fashion, Fine Food, Chic Cafes, Style, Sophistication, and Glamour Joan DeJean
(4.5/5)
Free
The Power of Glamour: Longing and the Art of Visual Persuasion Virginia Postrel
(4/5)
Free
A Gentleman Gets Dressed Up Revised and Expanded: What to Wear, When to Wear It, How to Wear It John Bridges
(4/5)
Free
The Secret of Chanel No. 5: The Intimate History of the World's Most Famous Perfume Tilar J. Mazzeo
(3.5/5)
Free
Style Clinic: How to Look Fabulous All the Time, at Any Age, for Any Occasion Paula Reed
(3/5)
Free
Tim Gunn's Fashion Bible: The Fascinating History of Everything in Your Closet Tim Gunn
(4/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
Shikake: The Japanese Art of Shaping Behavior Through Design Naohiro Matsumura
(0/5)
Free
Cozy Minimalist Home: More Style, Less Stuff Myquillyn Smith
(4.5/5)
Free
Stoned: Jewelry, Obsession, and How Desire Shapes the World Aja Raden
(4.5/5)
Free
The Steal Like an Artist Audio Trilogy: How to Be Creative, Show Your Work, and Keep Going Austin Kleon
(5/5)
Free
The Golden Thread: How Fabric Changed History Kassia St Clair
(4.5/5)
Free
Enchanted Objects: Design, Human Desire, and the Internet of Things David Rose
(0/5)
Free
Sacred Space: Clearing and Enhancing the Energy of Your Home Denise Linn
(5/5)
Free
Mademoiselle: Coco Chanel and the Pulse of History Rhonda Garelick
(5/5)
Free
Love the Home You Have: Simple Ways to…Embrace Your Style *Get Organized *Delight in Where You Are Melissa Michaels
(4/5)
Free
Move Your Stuff, Change Your Life: How to Use Feng Shui to Get Love, Money, Respect, and Happiness Karen Rauch Carter
(4.5/5)
Free
House of Versace: The Untold Story of Genius, Murder, and Survival Deborah Ball
(4/5)
Free
Design Thinking for dummies: A Wiley Brand Christian Muller-Roterberg
(4/5)
Free
Two-Dimensional Man Paul Sahre
(0/5)
Free
Brilliance and Fire: A Biography of Diamonds Rachelle Bergstein
(0/5)
Free
Creating Things That Matter: The Art and Science of Innovations That Last David Edwards
(4.5/5)
Free
The Little Black Book of Style Nina Garcia
(4.5/5)
Free
Show More

Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft

  1. 1. Security and Legacy at Microsoft MATTHEW PARKINSON PRINCIPAL RESEARCHER, CONFIDENTIAL COMPUTING, MICROSOFT RESEARCH
  2. 2. Motivation Microsoft cares about security Microsoft cares about legacy
  3. 3. Fixing individual bugs not scaling 130 109 141 163 234 224 155 305 317 474 417 603 600 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 #ofCVEs Patch Year # of CVEs by patch year
  4. 4. Microsoft cares about security slide courtesy of Matt Miller, Partner Security Engineer, MSRC 32 24 21 22 26 13 4 11 4 1 3 7 8 36 35 43 45 64 30 36 35 28 61 71 104 79 12 16 18 22 44 57 39 113 186 183 87 81 99 4 4 13 30 21 14 7 15 25 25 36 71 81 6 4 8 8 11 6 5 6 9 22 19 82 61 1 1 2 4 9 5 7 13 17 39 76 88 55 44 30 44 41 59 103 61 120 59 159 139 197 221 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Root cause of CVEs by patch year Stack Corruption Heap Corruption Use After Free Type Confusion Uninitialized Use Heap OOB Read Other Top root causes since 2016:
  5. 5. What is Microsoft doing? Remove classes of vulnerabilities ◦ Probabilistic prevention not considered suitable - servicing a vulnerability still required ◦ MemGC - https://msrc-blog.microsoft.com/2016/01/12/triaging-the-exploitability-of-ieedge-crashes/ ◦ Killing Uninitialized Memory: Protecting the OS Without Destroying Performance - https://cppcon2019.sched.com/event/SfYc/killing-uninitialized-memory-protecting-the-os-without-destroying- performance Investing in safe(r) systems programming languages: ◦ Rust investigations, https://msrc-blog.microsoft.com/2019/07/18/we-need-a-safer-systems-programming-language/ ◦ Project Verona, research project ◦ Cannot simply throw away old code!
  6. 6. Our research in Cambridge Mitigations Language design Compartmentalisation
  7. 7. Project Verona A new language for safe infrastructure programming With David Chisnall, Sylvan Clebsch, Manuel Costa, Sophia Drossopoulou, Juliana Franco, Mads Torgersen, …
  8. 8. The application spectrum C# C/C++ Asm Today Boot loader/HAL Core OS components Schedulers/Memory management Exchange/ ASP.NET Azure Storage/ Cosmos/ Data lake Azure functions Desktop Apps Device drivers Systems Programming
  9. 9. The space • Fine grained control • Resource management • Latency sensitive • Close to machine • No abstraction over memory • No type safety Systems Programming
  10. 10. The application spectrum C# C/C++ Asm Today Boot loader/HAL Core OS components Schedulers/Memory management Exchange/ ASP.NET Azure Storage/ Cosmos/ Data lake Azure functions Desktop Apps Device drivers Infrastructure Programming
  11. 11. The space • Fine grained control • Resource management • Latency sensitive • Close to machine • No abstraction over memory • No type safety Inherently unsafe Possible for safe by construction
  12. 12. Core ideas • Give up concurrent mutation, to enable scalable memory management. Data-race freedom • New concurrency model that provides lightweight asynchronous coordination. Concurrent Owners • passing groups of objects • memory management strategies per region (reference counting, tracing, arenas, …) • Compartmentalisation for legacy components Linear Regions
  13. 13. Shared immutable region Linear mutable region Single entry pointRegions are only accessed by one computation at a time
  14. 14. Pervasive sandboxing Verona program C++ runtime library C library C / Assembly library C++ library C/C++ library C++ library TCB, needs careful auditing Sandboxed, scope of vulnerabilities limited
  15. 15. Libraries are special untrusted regions
  16. 16. Project Verona status Production quality runtime Prototype interpreter and type checker Compiler not started Open-sourcing to github soon to enable collaborations Ask me for a demo!
  17. 17. CHERI
  18. 18. CHERI for mitigations Which exploit chains does CHERI break? What gadgets can exist on CHERI? Can temporal safety be achieved? Microsoft Red team (attack) internship analysed security of CHERI – 12 weeks not long enough to be conclusive Need a thorough security analysis before it can be adopted as a mitigation.
  19. 19. CHERI for legacy Lightweight compartmentalisation • Contain existing libraries • Single address space • How can we build application that have hundreds of sandboxed libraries? Low-cost containers • Density important for the cloud • Can CHERI improve density in Cloud applications?
  20. 20. Conclusions Microsoft needs security for legacy! Can we capitalise on CHERI to use existing assets? Can we architect software to integrate safe new code with old unsafe legacy code? Project Verona for compartmentalisation research collaborations
  21. 21. Backup slides
  22. 22. Memory Safety Scalability Global GC Malloc/Free
  23. 23. Regions open up new possibilities • Compartmentalisation • Different regions can be compiled with different trust. • Distributed and heterogenous hardware • Moving collections of objects between devices – can be part of the programming model • Dynamic update of running code • Each object accessed by at most one thread, updates can exploit this in the running system
  24. 24. Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free
  25. 25. Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free Ownership Single mutator
  26. 26. Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free Ownership
  27. 27. Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free Ownership
  28. 28. The Sea of Objects
  29. 29. Region access is single-threaded C#/C++ Region-based ownership Only one thread operating on a region at a time
  30. 30. Region ownership is hierarchical C#/C++ Region-based ownership Regions have a single entry point

  • steshaw

    Mar. 21, 2021

  • ssuserd1b62f

    Aug. 9, 2020

  • JavierAPorras

    Dec. 6, 2019

  • ssuserad616d

    Dec. 4, 2019

  • JunshanHe

    Dec. 4, 2019

  • alexclear

    Dec. 3, 2019

  • SandeepKowligi1

    Dec. 3, 2019

Following the Collaborators' Workshop held on 26th Sept (presentations available on KTN's SlideShare account), EPSRC/ESRC are running a Collaboration Development workshop on 22nd November 2019 in London to facilitate academia-industry and academia-academia collaboration ahead of the closing dates for the EPSRC and ESRC ISCF Digital Security by Design calls. The calls need to be led by academic institutions. Industrial involvement, while not mandatory, is highly desirable and will be required for future competitions. Hence this workshop aims to have a mix of academic and industrial participants. The Digital Security by Design challenge was announced in July. This challenge, amounting to £70 million of government funding over 5 years, will be delivered by UK Research and Innovation (UKRI) through the Industrial Strategy Challenge Fund (ISCF). Find out more: https://ktn-uk.co.uk/news/iscf-digital-security-by-design-collaboration-development-workshop

Views

Total views

7,172

On Slideshare

0

From embeds

0

Number of embeds

131

Actions

Downloads

43

Shares

0

Comments

0

Likes

7

×