Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems

ACM SIGPLAN Notices

Volumn 43, Issue 3, 2008, Pages 2-13

  Chen, Xiaoxin ^a   Garfinkel, Tal ^a   Lewis, E Christopher ^a   Subrahmanyam, Pratap ^a   Waldspurger, Carl A ^a   Boneh, Dan ^a,b   Dwoskin, Jeffrey ^a,c   Ports, Dan R K ^a,d  

^a VMWARE INC   (United States)

^b STANFORD UNIVERSITY   (United States)

^c PRINCETON UNIVERSITY   (United States)

^d MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Cloaking; Hypervisors; Memory Protection; Multi Shadowing; Operating Systems; Virtual Machine Monitors; VMM

Indexed keywords

CLOAKING; HYPERVISORS; MEMORY PROTECTION; MULTI-SHADOWING; OPERATING SYSTEMS; VIRTUAL MACHINE MONITORS; VMM;

COMPUTER ARCHITECTURE; HIERARCHICAL SYSTEMS; RETROFITTING;

COMPUTER OPERATING SYSTEMS;

EID: 67650067345     PISSN: 15232867     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (30)

1. K. Adams and O. Agesen. A Comparison of Software and Hardware Techniques for x86 Virtualization. In Proceedings of the Twelfth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 2-13, October 2006.
2. AMD. AMD64 Virtualization Technology: Secure Virtual Machine Architecture Reference Manual, May 2005.
3. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Wareld. Xen and the Art of Virtualization. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pages 164-177, October 2003.
4. E. Bugnion, S. Devine, and M. Rosenblum. Disco: Running Commodity Operating Systems on Scalable Multiprocessors. In Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles, pages 143-156, October 1997.
5. C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, and A. Wareld. Live Migration of Virtual Machines. In Proceedings of the Second Symposium on Networked Systems Design and Implementation, pages 273-286, May 2005.
6. J. S. Dwoskin and R. B. Lee. Hardware-rooted Trust for Secure Key Management and Transient Trust. In Proceedings of the Fourteenth ACM Conference on Computer and Communications Security, pages 389-400, October 2007.
7. J. Dyer, M. Lindemann, R. Perez, R. Sailer, S. Smith, L. van Doorn, and S. Weingart. Building the IBM 4758 Secure Coprocessor. IEEE Computer, 34:57-66, October 2001.
8. P. Englund, B. Lampson, J. Manferdelli, M. Peinado, and B. Willman. A Trusted Open Platform. IEEE Spectrum, pages 55-62, July 2003.
9. K. Fu, M. F. Kaashoek, and D. Mazières. Fast and Secure Distributed Read-only File System. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation, pages 181-196, October 2000.
10. T. Garnkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A Virtual Machine-Based Platform for Trusted Computing. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pages 193-206, October 2003.
11. E.-J. Goh, H. Shacham, N. Modadugu, and D. Boneh. SiRiUS: Securing Remote Untrusted Storage. In Proceedings of the Network and Distributed System Security Symposium, pages 131-145, February 2003.
12. H. Ḧ artig, M. Hohmuth, N. Feske, C. Helmuth, A. Lackorzynski, F. Mehnert, and M. Peter. The Nizza Secure-System Architecture. In Proceedings of the International Conference on Collaborative Computing, December 2005.
13. Intel. Intel Trusted Execution Technology Preliminary Architecture Specication, November 2006.
14. S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau. Antfarm: Tracking Processes in a Virtual Machine Environment. In Proceedings of the USENIX Annual Technical Conference, pages 1-14, June 2006.
15. P. Kocher. Timing Attacks on Implementations of Dife-Hellman, RSA, DSS, and Other Systems. In Proceedings of Crypto '96, pages 104-113, 1996.
16. R. B. Lee, P. C. S. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang. Architecture for Protecting Critical Secrets in Microprocessors. In Proceedings of the 32nd International Symposium on Computer Architecture, pages 2-13, June 2005.
17. J. Li, M. N. Krohn, D. Mazières, and D. Shasha. Secure Untrusted Data Repository (SUNDR). In Proceedings of the Sixth Symposium on Operating Systems Design and Implementation, pages 121-136, December 2004.
18. D. Lie, C. A. Thekkath, and M. Horowitz. Implementing an Untrusted Operating System on Trusted Hardware. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pages 178-192, October 2003.
19. D. Lie, C. A. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. C. Mitchell, and M. Horowitz. Architectural Support for Copy and Tamper Resistant Software. In Proceedings of the Ninth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 168-177, November 2000.
20. U. Maheshwari, R. Vingralek, and W. Shapiro. How to Build a Trusted Database System on Untrusted Storage. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation, pages 135-150, October 2000.
21. R. Merkle. Protocols for Public Key Cryptosystems. In Proceedings of the IEEE Symposium on Security and Privacy, pages 122-134, April 1980.
22. G. Neiger, A. Santoni, F. Leung, D. Rodgers, and R. Uhlig. Intel Virtualization Technology: Hardware Support for Efcient Processor Virtualization. Intel Technology Journal, 10(3), August 2006.
23. M. Nelson, B.-H. Lim, and G. Hutchins. Fast Transparent Migration for Virtual Machines. In Proceedings of the USENIX Annual Technical Conference, pages 391-394, April 2005.
24. R.P. Goldberg. Survey of Virtual Machine Research. IEEE Computer, 7(6):34-45, June 1974.
25. M. D. Schroeder and J. H. Saltzer. A Hardware Architecture for Implementing Protection Rings. Communications of the ACM, 15(3):157-170, March 1972.
26. J. S. Shapiro, J. M. Smith, and D. J. Farber. EROS: A Fast Capability System. In Proceedings of the Seventeenth ACM Symposium on Operating Systems Principles, pages 170-185, December 1999.
27. W. Shi, J. B. Fryman, G. Gu, H.-H. Lee, Y. Zhang, and J. Yang. InfoShield: A Security Architecture for Protecting Information Usage in Memory. In Proceedings of the Twelfth International Symposium on High-Performance Computer Architecture, pages 222-231, February 2006.
28. L. Singaravelu, C. Pu, H. Ḧ artig, and C. Helmuth. Reducing TCB Complexity for Security-Sensitive Applications: Three Case Studies. In Proceedings of the First ACM EuroSys Conference, pages 161-174, 2006.
29. R. Ta-Min, L. Litty, and D. Lie. Splitting Interfaces: Making Trust Between Applications and Operating Systems Congurable. In Proceedings of the Seventh Symposium on Operating Systems Design and Implementation, pages 279-292, November 2006.
30. C. A. Waldspurger. Memory Resource Management in VMware ESX Server. In Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, pages 181-194, December 2002.