The University of Arizona

Events & News

CS Colloquium

DateTuesday, October 11, 2016
Time11:00 am
Concludes12:15 pm
LocationGould-Simpson 906
DetailsPlease join us for coffee and light refreshments at 10:45am, Gould-Simpson, 9th Floor Atrium

Faculty Host: Dr. David Lowenthal
SpeakerNathan Dautenhahn
AffiliationDept. of Computer and Information Science, University of Pennsylvania

Protection in Commodity Operating Systems

Computing is pervasive and relied upon in almost every arena of society. One of its fundamental elements, the operating system, is deployed on over 3 billion devices worldwide. Unfortunately commodity operating systems are enormous, employ monolithic designs, and are written in unsafe languages—traits exploited by attackers. This talk presents a new operating system organization, the Nested Kernel, that nests a memory protection domain into traditional monolithic design. The Nested Kernel provides data protection and separation services
that are used to decompose and secure elements inside the operating system in ways not presently possible. The Nested Kernel has been implemented in a commodity operating system requiring minimal modifications while resulting in modest runtime overheads. The implementation introduces a novel technique to allow both the protection mechanism and the rest of the operating system to operate at a single hardware privilege level—virtualizing supervisor mode—making it both portable and efficient. Overall, the Nested Kernel presents a
practical in-situ protection mechanism that enables incrementally deployable security enhancements to one of the most common and privileged elements of our software stacks.


Nathan Dautenhahn is a postdoctoral researcher in the Department of Computer and Information Science at the University Pennsylvania. He earned his doctorate in Computer Science from the University of Illinois at Urbana-Champaign in August of 2016. His research investigates trustworthy system design by developing experimental operating systems, compilers, and hardware components. This research has led to publications in key security and systems venues, including
IEEE S&P, CCS, NDSS, ASPLOS, and ISCA. His work, on the Nested Kernel
Architecture, identifies solutions for defending against insecure and malicious operating systems—the topic of his thesis. The Nested Kernel Architecture is also under consideration for inclusion in HardenedBSD, a variant of FreeBSD.

Dautenhahn actively contributes to graduate education and service by participating in many activities, such as establishing the Doctoral Education Perspectives seminar, formally mentoring undergraduate and graduate students, and serving on the Computer Science Graduate Academic Council and the Engineering Graduate Student Advisory Committee.