XFI: Software Guards for System Address Spaces

XFI is a comprehensive protection system that offers both flexible access control and fundamental integrity guarantees, at any privilege level and even for legacy code in commodity systems.  For this purpose, XFI combines static analysis with inline software guards and a two-stack execution model.  We have implemented XFI for Windows on the x86 architecture using binary rewriting and a simple, stand-alone verifier; the implementation's correctness depends on the verifier, but not on the rewriter.  Our experiments confirm that XFI offers pervasive protection with only modest enforcement overheads.  We have applied XFI to software such as device drivers and multimedia codecs; the resulting modules function safely within both kernel and user-mode address spaces.  This is joint work with Martin Abadi, Michael Vrable, Mihai Budiu, and George Necula and will appear in OSDI 2006.  The paper can be found here.  

BIO:

Úlfar Erlingsson is a researcher at Microsoft Research's Silicon Valley Center.  He did his graduate work in the mid-to-late 90's at Cornell University's Information Assurance Institute on specifying and enforcing security properties using program rewriting techniques.  Later, he was director of privacy protection for deCODE Genetics, where he oversaw the security design of a centralized healthcare database.  After this, he co-founded and was CTO of Green Border Technologies, a Silicon Valley security software company.  Recently, Úlfar's research has focused on low-level security mitigation and dependability techniques (e.g., involving hypervisors, hardware devices, and the precise syntax and semantics of x86 opcodes) in the Gleipnir project.