SICE: A hardware-level strongly isolated computing environment for x86 multi-core platforms

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2011, Pages 375-388

  Azab, Ahmed M ^a   Ning, Peng ^a   Zhang, Xiaolan ^b  

^a NORTH CAROLINA STATE UNIVERSITY   (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Isolation; Trusted computing; Virtualization security

Indexed keywords

COMPUTING ENVIRONMENTS; CONTEXT SWITCHING; HARDWARE ARCHITECTURE; HARDWARE IMPLEMENTATIONS; HARDWARE PLATFORM; HYPERVISOR; ISOLATION; ISOLATION TECHNIQUES; LINES OF CODE; MULTI-CORE PLATFORMS; MULTI-CORE PROCESSOR; SOFTWARE COMPONENT; SYSTEM MANAGEMENT MODE; TRUSTED COMPUTING; TRUSTED COMPUTING BASE; UNIQUE FEATURES; VIRTUAL MACHINES; VIRTUALIZATIONS;

COMPUTER OPERATING SYSTEMS; HARDWARE; SECURITY OF DATA;

COMPUTER HARDWARE;

EID: 80755169488     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2046707.2046752     Document Type: Conference Paper

References (34)

1. Advanced Micro Devices. Amd64 architecture programmer's manual: Volume 2: System programming, September 2007.
2. A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM conference on Computer and communications security (CCS '10), pages 38-49, 2010.
3. S. Berger, R. Cáceres, D. Pendarakis, R. Sailer, E. Valdez, R. Perez, W. Schildhauer, and D. Srinivasan. TVDc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev., 42(1):40-47, 2008.
4. BusyBox. http://www.busybox.net/.
5. X. Chen, T. Garfinkel, E. C. Lewis, P Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D.R.K Ports. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of the 13th international conference on Architectural support for programming languages and operating systems (ASPLOS'13), pages 2-13, 2008. (Pubitemid 351585389)
6. L. Duflot. Getting into the SMRAM: SMM reloaded. In Proceedings of the 10th CanSecWest conference, 2009.
7. S. Embleton, S. Sparks, and C. Zou. SMM rootkits: a new breed of OS independent malware. In Proceedings of the 4th international conference on Security and privacy in communication networks, pages 1-12, August 2008.
8. Niels Ferguson. Aes-cbc + elephant diffuser: A disk encryption algorithm for windows vista. Microsoft Corporation Technical Report, 2006.
9. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machine-based platform for trusted computing. In Proceedings of the 19th ACM symposium on Operating systems principles (SOSP '03), pages 193-206, 2003. (Pubitemid 40929697)
10. Hewlett-Packard, Intel, Microsoft, Phoenix, and Toshiba. Advanced configuration and power interface specification. revision 3.0b, October 2006.
11. Intel Corporation. Trusted eXecution Technology preliminary architecture specification and enabling considerations. Document number 31516803, 2006.
12. Intel Corporation. Intel virtualization technology for directed I/O. Document number 31516803, 2007.
13. Intel Corporation. Software developer's manual vol. 3: System programming guide, June 2009.
14. E. Keller, J. Szefer, J. Rexford, and R. B. Lee. Nohype: virtualized cloud infrastructure without the virtualization. In Proceedings of the 37th annual international symposium on Computer architecture (ISCA '10), pages 350-361, 2010.
15. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. sel4: formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles (SOSP '09), pages 207-220, 2009.
16. K. Kortchinsky. Hacking 3D (and breaking out of VMWare). In Black Hat conference, 2009.
17. Dartmouth PKI Lab. TPM reset attack. http://www.cs.dartmouth.edu/~pkilab/ sparks/. Accessed in August 2011.
18. Kernel Based Virtual Machine. http://www.linux-kvm.org/.
19. J. McCune, Y. Li, N. Qu, A. Datta, V. Gligor, and A. Perrig. Efficient TCB reduction and attestation. In the 31st IEEE Symposium on Security and Privacy, May 2010.
20. J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. Flicker: an execution infrastructure for TCB minimization. In Proceedings of the ACM European Conference on Computer Systems (EuroSys), March/April 2008.
21. R. Sahita, U. Warrier, and P. Dewan. Dynamic software application protection. Intel Corporation, April 2009.
22. R. Sailer, T. Jaeger, E. Valdez, R. Caceres, R. Perez, S. Berger, J. Griffin, and L. van Doorn. Building a MAC-based security architecture for the xen opensource hypervisor. In Proceedings of the 21 st Annual Computer Security Applications Conference (ACSAC), pages 276-285, 2005. (Pubitemid 46116484)
23. Secunia. Vulnerability report: Vmware esx server 3.x. http://secunia.com/advisories/product/10757/. Accessed in August 2011.
24. Secunia. Xen multiple vulnerability report. http://secunia.com/ advisories/44502/. Accessed in August 2011.
25. E. Shi, A. Perrig, and L. van Doorn. BIND: A fine-grained attestation service for secure distributed systems. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, May 2005.
26. K. Shimizu, H. P. Hofstee, and J. S. Liberty. Cell broadband engine processor vault security architecture. IBM J. Res. Dev., pages 521-528, September 2007. (Pubitemid 350031352)
27. U. Steinberg and B. Kauer. NOVA: a microhypervisor-based secure virtualization architecture. In Proceedings of the 5th European conference on Computer systems (EuroSys'10), pages 209-222. ACM, 2010.
28. Trusted Computing Group. https://www.trustedcomputinggroup.org/.
29. Trusted Computing Group. TPM specifications version 1.2. https://www.trustedcomputinggroup.org/downloads/specifications/tpm/tpm, July 2005.
30. J. Wang, A. Stavrou, and A. K. Ghosh. HyperCheck: A hardware-assisted integrity monitor. In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID'10), September 2010.
31. Z. Wang and X. Jiang. HyperSafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In Proceedings of the 31st IEEE Symposium on Security and Privacy, May 2010.
32. R. Wojtczuk and J. Rutkowska. Xen 0wning trilogy. In Black Hat conference, 2008.
33. R. Wojtczuk and J. Rutkowska. Attacking SMM memory via Intel CPU cache poisoning. Invisible Things Lab, 2009.
34. J. Yang and K. G. Shin. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments (VEE'08), pages 71-80, 2008.