טכניון מכון טכנולוגי לישראל
הטכניון מכון טכנולוגי לישראל - בית הספר ללימודי מוסמכים  
Ph.D Thesis
Ph.D StudentShalev Noam
SubjectImproving System Security and Reliability with OS
Help
DepartmentDepartment of Electrical Engineering
Supervisor Professor Idit Keidar
Full Thesis textFull thesis text - English Version


Abstract

In this thesis we research key security and reliability challenges in modern computer systems that arise due to today's growth in cyber security threats and economies of scale. We tackle three problems: securing organizations from privileged insiders, detecting similarities in binary codes, and providing tolerance to commodity systems in face of hardware faults. Our proposed solutions include new operating system kernel abstractions and mechanisms, unique use of existing software and hardware components, and machine learning aided strategies. 
We present WatchIT, a strategy that constrains IT personnel's view of the system and monitors their actions, thus allowing organizations to mitigate the security threats that their system administrators pose. 
We propose Lava, a tool for detecting similarities between binaries that were compiled differently. By drawing concepts from image processing and using machine learning-based predictors, we provide a scalable solution that can take a vulnerable code snippet and look for that vulnerability in other platforms in binary form.
We introduce CSR, a strategy for overcoming hardware faults that happen in the CPU. By exploiting hardware transactional memory, our mechanism can tolerate faults that happen in any execution context, and keep the system alive and running while virtually incurring no overhead.
We implement our approaches and evaluate them by empirically experimenting on real systems and by conducting a case study in a real production environment. 

The results show that our proposed solutions are effective and significantly improve state-of-the-art systems and tools.