SwitchBlade : Policy-Driven Disk Segmentation

As it becomes more common for multiple operating systems to run machines to run on a single machine, strict isolation mechanisms have become increasingly critical. While OS-level isolation protects against some attacks, all OS protections can be subverted by directly accessing a shared disk. In this paper, we introduce SwitchBlade, a disk protection model that confines operating systems stored on the same disk into segments. Users physically insert policy-carrying tokens into the drive to access specific segments. Without the capability to access an OS segment, it is fully isolated from the user. We implemented SwitchBlade on a real prototype. We describe our architecture and implementation, and comment on the user experience and tools we have developed to work with the system. We provide a security analysis showing SwitchBlade’s resistance to attack and evaluate its performance on real systems – the disk can realistically boot in about 8 seconds with our current prototype. We thus can provide the isolation guarantees equivalent to physically separate systems without the enormous usability burdens such systems entail.

[1]  Gregory R. Ganger,et al.  On the Feasibility of Intrusion Detection Inside Workstation Disks , 2003 .

[2]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[3]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4]  Erez Zadok,et al.  Type-safe disks , 2006, OSDI '06.

[5]  Jim Zelenka,et al.  A cost-effective, high-bandwidth storage architecture , 1998, ASPLOS VIII.

[6]  Craig A. N. Soules,et al.  Storage-based Intrusion Detection: Watching Storage Activity for Suspicious Behavior , 2003, USENIX Security Symposium.

[7]  Eugene H. Spafford,et al.  The internet worm program: an analysis , 1989, CCRV.

[8]  F. Meade A Guide to Understanding Audit in Trusted Systems , 1988 .

[9]  Erez Zadok,et al.  Selective Versioning in a Secure Disk System , 2008, USENIX Security Symposium.

[10]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[11]  Gil Neiger,et al.  IntelŴVirtualization Technology: Hardware Support for Efficient Processor Virtualization , 2006 .

[12]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[13]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[14]  Radu Sion,et al.  Strong WORM , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[15]  Andrea C. Arpaci-Dusseau,et al.  Semantically-Smart Disk Systems , 2003, FAST.

[16]  Garth A. Gibson,et al.  A Case for Network-Attached Secure Disks, , 1996 .

[17]  Trent Jaeger,et al.  Firma : Disk-Based Foundations for Trusted Operating Systems , 2009 .

[18]  Marianne Shaw,et al.  Scale and performance in the Denali isolation kernel , 2002, OSDI '02.

[19]  Craig A. N. Soules,et al.  Self-securing storage: protecting data in compromised systems , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[20]  William S. McPhee Operating System Integrity in OS/VS2 , 1974, IBM Syst. J..

[21]  Peter Ferrie Attacks on Virtual Machine Emulators , 2007 .

[22]  Wenke Lee,et al.  Lares: An Architecture for Secure Active Monitoring Using Virtualization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[23]  Julian Satran,et al.  Internet Small Computer Systems Interface (iSCSI) , 2004, RFC.

[24]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[25]  Mary Ellen Zurko,et al.  A Retrospective on the VAX VMM Security Kernel , 1991, IEEE Trans. Software Eng..

[26]  Stuart G. Stubblebine,et al.  Recent-secure authentication: enforcing revocation in distributed systems , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[27]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[28]  Patrick D. McDaniel,et al.  Rootkit-resistant disks , 2008, CCS.

[29]  Michael Baentsch,et al.  The Zurich Trusted Information Channel - An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks , 2008, TRUST.