From owner-svn-doc-all@FreeBSD.ORG  Wed Apr 15 03:47:11 2015
Return-Path: <owner-svn-doc-all@FreeBSD.ORG>
Delivered-To: svn-doc-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A22F46A8;
 Wed, 15 Apr 2015 03:47:11 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8357C11B;
 Wed, 15 Apr 2015 03:47:11 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t3F3lBIf094602;
 Wed, 15 Apr 2015 03:47:11 GMT (envelope-from bjk@FreeBSD.org)
Received: (from bjk@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t3F3lBsX094601;
 Wed, 15 Apr 2015 03:47:11 GMT (envelope-from bjk@FreeBSD.org)
Message-Id: <201504150347.t3F3lBsX094601@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: bjk set sender to bjk@FreeBSD.org
 using -f
From: Benjamin Kaduk <bjk@FreeBSD.org>
Date: Wed, 15 Apr 2015 03:47:11 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r46554 - head/en_US.ISO8859-1/htdocs/news/status
X-SVN-Group: doc-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 03:47:11 -0000

Author: bjk
Date: Wed Apr 15 03:47:10 2015
New Revision: 46554
URL: https://svnweb.freebsd.org/changeset/doc/46554

Log:
  Add report on the nested kernel project
  
  Approved by:	hrs (mentor, implicit)

Modified:
  head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml

Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml	Wed Apr 15 03:02:06 2015	(r46553)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml	Wed Apr 15 03:47:10 2015	(r46554)
@@ -1851,4 +1851,164 @@ WITHOUT_FORTH=y</pre>
 
     <sponsor>The &os; Foundation</sponsor>
   </project>
+
+  <project cat='arch'>
+    <title>Nested Kernel</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Nathan</given>
+	  <common>Dautenhahn</common>
+	</name>
+	<email>dautenh1@illinois.edu</email>
+      </person>
+
+      <person>
+	<name>
+	  <given>Theodoros</given>
+	  <common>Kasampalis</common>
+	</name>
+	<email>kasampa2@illinois.edu</email>
+      </person>
+
+      <person>
+	<name>
+	  <given>Will</given>
+	  <common>Dietz</common>
+	</name>
+	<email>wdietz2@illinois.edu</email>
+      </person>
+    </contact>
+
+    <links>
+      <url href="nestedkernel.org">Home page for the project that includes links to papers and build instructions.</url>
+      <url href="http://web.engr.illinois.edu/~dautenh1//downloads/publications/asplos200-dautenhahn.pdf">Conference publication detailing the problem, design, implementation, and evaluation of our prototype.</url>
+      <url href="http://prezi.com/in6qr3l92ffc/?utm_campaign=share&amp;utm_medium=copy">Presentation on the nested kernel</url>
+      <url href="https://github.com/HardenedBSD/hardenedBSD/tree/hardened/9/kernsep">HardenedBSD branch of the nested kernel being refactored.</url>
+    </links>
+
+    <body>
+      <p>This work on a nested kernel architecture is part of
+	Nathan's doctoral thesis work at the University of Illinois at
+	Urbana-Champaign.  It attempts to improve upon the traditional
+	monolithic operating sytsem kernel, where a single exploit
+	anywhere in the kernel grants the attacker full superuser
+	privileges.  The nested kernel operating system architecture
+	addresses this problem by "nesting" a small, isolated kernel
+	within a traditional monolithic kernel.  This "nested kernel"
+	interposes on all updates to virtual memory translations to
+	assert protections on physical memory, thus significantly
+	reducing the trusted computing base for memory access control
+	enforcement.  We incorporated the nested kernel
+	architecture into &os; on x86-64 hardware by write-protecting
+	Memory-Management Unit (MMU) translations and de-privileging the
+	untrusted part of the kernel, thereby enabling the entire
+	operating system, trusted and untrusted components alike, to
+	operate at the highest hardware privilege level.  Our
+	implementation inherently enforces kernel code integrity while
+	still allowing dynamically loaded kernel modules, thus defending
+	against code injection attacks.  We also demonstrate, by
+	introducing write-mediation and write-logging services, that the
+	nested kernel architecture allows kernel developers to isolate
+	memory in ways not possible in monolithic kernels.  The
+	performance of the nested kernel prototype shows modest
+	overheads: less than 1% average for Apache, 3.7% average for
+	sshd, and 2.7% average for kernel compilation.  Overall, our
+	results and experience show that the nested kernel design can be
+	retrofitted onto existing monolithic kernels, providing defense
+	in depth.</p>
+
+      <p>The basic idea is that the nested kernel initializes the
+	system so that all page tables are mapped as read-only.  Then
+	all MMU-modifying operations are removed from the untrusted
+	portion of the kernel; runtime code integrity is enforced by
+	write-protecting all code pages, marking all non-code
+	pages as non-executable (NX-bit), and preventing execution of
+	privileged MMU operations located in userspace mappings
+	(Supervisor Mode Execution Prevention, SMEP).  Because the
+	nested kernel has control of the page tables it can enforce
+	these integrity properties leading to virtualization of the
+	MMU.</p>
+
+      <p>The links include a recent conference publication that
+	details the design, implementation, and evaluation of our
+	prototype nested kernel architecture on top of &os; 9.0.  We are
+	also bringing up a site with instructions on how to get the
+	source and build the project.  There is also a link to a
+	presentation on the nested kernel.</p>
+
+      <p>We are very interested in feedback on the design of the
+	nested kernel, and having discussions about how it might get
+	upstreamed.  This is our first time contributing to an open
+	source project, so even simple advice is likely to be useful.</p>
+
+      <p>We are also hoping to gain additional contributors and
+	interest in the project!  The nested kernel has the potential to
+	enhance commodity operating system design, and &os; is a major
+	operating system in use today which has high impact.  The source
+	code of our research prototype as evaluated for the paper are in
+	the process of being made available &mdash; the website and code
+	are almost ready but may take another week to complete.
+	However, the implementation is merely a research prototype and
+	requires significant effort to make production-ready (see the
+	list of tasks).  Some of this work is underway during
+	refactoring for an implementation in the <a
+	href="https://www.freebsdfoundation.org/journal/articles">HardenedBSD
+	project</a>, which is a much cleaner version of the core system
+	and is integrated into the &os; build system, but is only about
+	50% completed.</p>
+
+      <p>Finally, we have developed an interface to write-protect
+	data structures in the kernel and are soliciting ideas for uses
+	of this service.  Section 2.4 in the paper details the
+	interface, and section 4 presents some simple uses of the nested
+	kernel services.  We are interested in ways that the nested
+	kernel could be used to protect critical kernel data structures
+	from malware or even just buggy code.</p>
+    </body>
+
+    <sponsor>University of Illinois at Urbana-Champaign</sponsor>
+    <sponsor>ONR via grant number N00014-12-1-0552</sponsor>
+
+    <help>
+      <task>
+	<p>Finish implementing core mechanisms: verify DMAP is
+	  properly protected and that we are not using superpages (I think
+	  we have this completed but need to fully verify), full NX
+	  support for all non-kernel code pages (we might need to
+	  specially consider the stack if it is used to execute code),
+	  protect IDT and SMM, and add IOMMU protections.  We also need to
+	  do some optimizations where we batch calls into the nested
+	  kernel on process creation (FORK) and mmap operations.  The
+	  motivation for these implementation directives can be reviewed
+	  in the paper.</p>
+      </task>
+
+      <task>
+	<p>Implement SMP functionality and evaluate performance.</p>
+      </task>
+
+      <task>
+	<p>Port and refactor for a newer version of &os;.  The
+	  current implementation is a research prototype and requires some
+	  refactoring to make it clean and consistent, as well as make it
+	  relevant to modern versions of &os;.</p>
+      </task>
+
+      <task>
+	<p>The nested kernel isolation depends upon certain
+	  hardware instructions to be completely removed from a subset of
+	  the kernel.  Therefore, we need to utilize automated linker/loader
+	  techniques to identify and remove privileged MMU operations from
+	  untrusted kernel components to make it maintainable in
+	  practice.</p>
+      </task>
+
+      <task>
+	<p>Detailed review on the design and implementation with
+	  particular focus on a plan for upstreaming.</p>
+      </task>
+    </help>
+  </project>
 </report>