Open Collections

UBC Theses and Dissertations

UBC Theses Logo
Featured Collection

UBC Theses and Dissertations

Eliminating the long-running process : separating code and state Colp, Patrick

Abstract

Many critical services are necessarily long-running. However, this creates a large temporal surface that is an alluring target for attackers, both in terms of the increased opportunity to find an exploit and the length of time a service is owned once exploited. While in some instances it may be possible to perform periodic restarts to reduce the window of exploitation and return a service to its fresh, unexploited operational status, this carries with it a high cost. The more often it is restarted, the larger the unavailability due to reinitialisation of the service. Furthermore, it must recover its persistent state, which is not always possible. In order to protect these services, we propose a form of virtual machine disaggregation which partitions a service into two parts: code (logic) and state (data). Each lives in its own virtual machine, with communication performed over a narrow, well defined interface on which policy can be externally enforced to ensure correctness. This separation enables a service to be continually restarted by rolling back only the code virtual machine to a snapshotted known good state, which can be measured and attested. This prevents exploits from persisting while still maintaining good performance.

Item Metadata

Title
Eliminating the long-running process : separating code and state
Creator
Colp, Patrick
Publisher
University of British Columbia
Date Issued
2010
Description
Many critical services are necessarily long-running. However, this creates a large temporal surface that is an alluring target for attackers, both in terms of the increased opportunity to find an exploit and the length of time a service is owned once exploited. While in some instances it may be possible to perform periodic restarts to reduce the window of exploitation and return a service to its fresh, unexploited operational status, this carries with it a high cost. The more often it is restarted, the larger the unavailability due to reinitialisation of the service. Furthermore, it must recover its persistent state, which is not always possible. In order to protect these services, we propose a form of virtual machine disaggregation which partitions a service into two parts: code (logic) and state (data). Each lives in its own virtual machine, with communication performed over a narrow, well defined interface on which policy can be externally enforced to ensure correctness. This separation enables a service to be continually restarted by rolling back only the code virtual machine to a snapshotted known good state, which can be measured and attested. This prevents exploits from persisting while still maintaining good performance.
Genre
Thesis/Dissertation
Type
Text
Language
eng
Date Available
2010-01-15
Provider
Vancouver : University of British Columbia Library
Rights
Attribution 3.0 Unported
DOI
10.14288/1.0051516
URI
http://hdl.handle.net/2429/18164
Degree
Master of Science - MSc
Program
Computer Science
Affiliation
Science, Faculty of; Computer Science, Department of
Degree Grantor
University of British Columbia
Graduation Date
2010-05
Campus
UBCV
Scholarly Level
Graduate
Rights URI
http://creativecommons.org/licenses/by/3.0/
Aggregated Source Repository
DSpace

Item Media

Item Citations and Data

Rights

Attribution 3.0 Unported