CS Guest Seminar: John Criswell

Date: February 20, 2017
Time: 11:00 am – 12:00 pm

Computer Science Seminar

Featuring Visiting Lecturer: John Criswell (University of Illinois at Urbana-Champaign)

Wednesday, February 20, 2017

NPB 3.108A—CS Conference Room

11:00am - 12:00pm


Title: Virtual Ghost: Protecting Applications from Compromised Operating Systems


Abstract: Commodity operating system kernels are the foundation of our software systems, providing access control, I/O mechanisms, and memory management. However, operating system kernels are vulnerable to a variety of security attacks. Compromising the kernel allows an attacker to render any security protections, provided by the kernel or the applications running on the kernel, useless.

In this talk, he will present Virtual Ghost: a system that protects the confidentiality and integrity of application data from an operating system kernel that is completely under an attacker’s control. Virtual Ghost provides applications with private, incorruptible memory, incorruptible control flow, and secure key delivery. With these features, applica-tions can protect their data from the operating system kernel. Unlike previous systems, Virtual Ghost employs compil-er techniques to protect applications and is faster than previous solutions that rely on hypervisor-based approaches.


Short Bio: Dr. Criswell is an assistant professor in the Department of Computer Science at the University of Roches-ter. He earned both his B.S. in Computer Science (2003) and Ph.D. in Computer Science (2014) at the University of Illi-nois at Urbana-Champaign.

His research interests focus on computer security and novel applications of compiler and operating system technology. His primary research work is on the Secure Virtual Architecture (SVA). SVA enforces security policies on commodity operating system and application code via compiler instrumentation, thereby providing strong protection against so-phisticated attacks. Using SVA, he built the first systems that provide strong automated memory safety protection and complete control-flow integrity enforcement to commodity operating system kernels such as Linux and FreeBSD. More recently, he has used SVA to create the Virtual Ghost system that protects application data and control-flow from a compromised operating system kernel. For this work, he won an Honorable Mention for the 2014 ACM Doctoral Dis-sertation Award, the Honorable Mention for the 2014 ACM SIGOPS Dennis M. Ritchie Doctoral Dissertation Award, and the 2015 David J. Kuck Outstanding Ph.D. Thesis Award.