Dancing with giants: Wimpy kernels for on-demand isolated I/O

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2014, Pages 308-323

  Zhou, Zongwei ^a   Yu, Miao ^a   Gligor, Virgil D ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMMODITY OPERATING SYSTEMS; COMMODITY SYSTEMS; KERNEL ARCHITECTURE; KERNEL SIZE; PERFORMANCE MEASUREMENTS; SECURITY ARCHITECTURE; SENSITIVE APPLICATION; TRUSTED COMPUTING BASE;

SECURITY OF DATA;

EID: 84914102853     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2014.27     Document Type: Conference Paper

References (70)

1. eXtensible Modular Hypervisor Framework. http://xmhf.org [Accessed on 21 Feb 2014].
2. GNU Pth - The GNU Portable Threads. http://www.gnu.org/software/pth/ [Accessed on 21 Feb 2014].
3. SeaBIOS. http://www.coreboot.org/SeaBIOS [Accessed on 9 Nov 2013].
4. Universal Serial Bus Specification, Revision 2.0, 2000.
5. Enhanced Host Controller Interface Specification for Universal Serial Bus, 2002.
6. AMD. AMD I/O virtualization technology (IOMMU) specification. AMD Pub. no. 34434 rev. 1.26, 2009.
7. AMD. AMD 64 Architecture Programmer's Manual: Volume 2: System Programming. Pub. no. 24593 rev. 3.23, 2013.
8. J. P. Anderson. Computer security technology planning study. volume 2. Technical Report ESD-TR-73-51, Air Force Electronic Systems Division, 1972.
9. P. Anderson and T. Teitelbaum. Software inspection using codesurfer. In Workshop on Inspection in Software Engineering, 2001.
10. BAE Systems Information Technology LLC. Security Target, Version 1.11 for XTS-400, Version 6, 2004.
11. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proc. ACM Symposium on Operating Systems Principles, 2003.
12. S. Boyd-Wickizer and N. Zeldovich. Tolerating malicious device drivers in linux. In Proc. USENIX Annual Technical Conference, 2010.
13. H. Chen, F. Zhang, C. Chen, Z. Yang, R. Chen, B. Zang, and W. Mao. Tamper-resistant execution in an untrusted operating system using a virtual machine monitor. Technical Report FDUPPITR-2007-0801, Parallel Processing Institute, Fudan University, 2007.
14. X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D. R. Ports. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In Proc. Architectural Support for Programming Languages and Operating Systems, 2008.
15. Y. Cheng and X. Ding. Guardian: Hypervisor as security foothold for personal computers. In Proc. International Confer-ence on Trust and Trustworthy Computing. 2013.
16. Y. Cheng, X. Ding, and R. Deng. Appshield: Protecting applications against untrusted operating system. Technical Report SMU-SIS-13-101, Singapore Management University, 2013.
17. Y. Cheng, X. Ding, and R. H. Deng. Driver Guard: Virtualization-based fine-grained protection on i/o flows. ACM Transaction on Information and System Security, 16(2):1-30, 2013.
18. P. Colp, M. Nanavati, J. Zhu, W. Aiello, G. Coker, T. Deegan, P. Loscocco, and A. Warfield. Breaking up is hard to do: Security and functionality in a commodity hypervisor. In Proc. ACM Symposium on Operating Systems Principles, 2011.
19. D. Denning. Cryptographic checksums for multilevel database security. In Proc. IEEE Symposium on Security and Privacy, 1984.
20. D. R. Engler, M. F. Kaashoek, et al. Exokernel: An operating system architecture for application-level resource management. 29(5):251-266, 1995.
21. A. Filyanov, J. M. McCune, A.-R. Sadeghi, and M. Winandy. Uni-directional trusted path: Transaction confirmation on just one device. In Proc. IEEE/IFIP Conference on Dependable Systems and Networks, 2011.
22. K. Fraser, S. Hand, R. Neugebauer, I. Pratt, A. Warfield, and M. Williamson. Safe hardware access with the xen virtual machine monitor. In Proc. Workshop on Operating System and Architectural Support for the on demand IT Infra Structure (OASIS), 2004.
23. V. Ganapathy, M. J. Renzelmann, A. Balakrishnan, M. M. Swift, and S. Jha. The design and implementation of microdrivers. In Proc. International Conference on Architectural Support for Programming Languages and Operating Systems, 2008.
24. R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In Proc. of CRYPTO, 2010.
25. V. D. Gligor. Security limitations of virtualization and how to overcome them. In Proc. International Workshop on Security Protocols, Cambridge University, 2010.
26. V. D. Gligor and B. G. Lindsay. Object migration and authentication. IEEE Transactions on Software Engineering, SE-5(6):607-611, 1979.
27. R. Graubart. The integrity lock approach to secure database mangement. In Proc. IEEE Symposium on Security and Privacy, 1984.
28. I. Green Hills Software. Integrity-178b separation kernel security target. http://www.niap-ccevs.org/st/st vid10362-st.pdf [Accessed on 7 Nov 2013], 2010.
29. T. C. Group. TPM specification version 1.2, 2009.
30. M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, and J. Del Cuvillo. Using innovative instructions to create trustworthy software solutions. In Proc. International Workshop on Hardware and Architectural Support for Security and Privacy, 2013.
31. O. S. Hofmann, S. Kim, A. M. Dunn, M. Z. Lee, and E. Witchel. Inktag: secure applications on an untrusted operating system. In Proc. international conference on Architectural support for programming languages and operating systems, 2013.
32. Intel. Intel virtualization technology for directed I/O architecture specification. Intel Pub. no. D51397-006 rev. 2.2, 2013.
33. Intel Corporation. Intel 64 and IA-32 architectures software developer's manual: Volume 3: System programming guide. Pub. no. 253668-048US, 2013.
34. Intel LAN Access Division. PCI-SIG SR-IOV Primer: An Introduction to SR-IOV Technology. http://download.intel.com/design/network/applnots/321211.pdf, 2011.
35. P. A. Janson. Removing the dynamic linker from the security kernel of a computing utility. Technical Report MIT-LCS-TR-132, 1974, 1974.
36. A. Kadav and M. M. Swift. Understanding modern device drivers. In Proc. International Conference on Architectural Support for Programming Languages and Operating Systems, 2012.
37. P. A. Karger, M. E. Zurko, D. W. Bonin, A. H. Mason, and C. E. Kahn. A retrospective on the VAX VMM security kernel. IEEE Transactions on Software Engineering, SE-17(11):1147-1165, 1991.
38. E. Keller, J. Szefer, J. Rexford, and R. B. Lee. NoHype: virtualized cloud infrastructure without the virtualization. In Proc. annual International Symposium on Computer Architecture, 2010.
39. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: formal verification of an OS kernel. In Proc. ACM Symposium on Operating Systems Principles, 2009.
40. N. Knupffer. Intel Insider What Is It? (IS it DRM? And yes it delivers top quality movies to your PC). http://blogs.intel.com/technology/2011/01/intel insider - what is it no/ [Accessed on 30 Oct 2013].
41. B. Lampson. Software components: Only the giants survive. Computer Systems: Theory, Technology, and Applications, (9):137-145, 2004.
42. B. Leslie, P. Chubb, N. Fitzroy-dale, S. Gotz, C. Gray, L. Macpherson, D. Potts, Y. Shen, K. Elphinstone, and G. Heiser. User-level device drivers: Achieved performance. Journal of Computer Science and Technology, 20(5):654-664, 2005.
43. J. LeVasseur, V. Uhlig, J. Stoess, and S. Götz. Unmodified device driver reuse and improved system dependability via virtual machines. In Proc. Symposium on Operating Systems Design and Implementation, 2004.
44. Y. Li, A. Perrig, J. McCune, J. Newsome, B. Baker, and W. Drewry. Minibox: A two-way sandbox for x86 native code. Technical Report CMU-CyLab-14-001, Carnegie Mellon University, 2014.
45. S. Lipner, T. Jaeger, and M. E. Zurko. Lessons from VAX/SVS for high assurance VM systems. IEEE Security and Privacy, 10(6):26-35, 2012.
46. J. Liu, W. Huang, B. Abali, and D. K. Panda. High performance VMM-bypass I/O in virtual machines. In Proc. USENIX Annual Technical Conference, 2006.
47. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. Trust Visor: Efficient TCB reduction and attestation. In Proc. IEEE Symposium on Security and Privacy, 2010.
48. J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In Proc. European Conference in Computer Systems, 2008.
49. J. M. McCune, A. Perrig, and M. K. Reiter. Safe passage for passwords and other sensitive data. In Proc. Network and Distributed Systems Security Symposium, 2009.
50. F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In Proc. International Workshop on Hardware and Architectural Support for Security and Privacy, 2013.
51. R. Nikolaev and G. Back. Virtuos: an operating system with kernel virtualization. In Proc. ACM Symposium on Operating Systems Principles, 2013.
52. B. Parno, J. R. Lorch, J. R. Douceur, J. Mickens, and J. M. McCune. Memoir: Practical state continuity for protected modules. In Proc. IEEE Symposium on Security and Privacy, 2011.
53. M. Peinado, Y. Chen, P. Engl, and J. Manferdelli. NGSCB: A Trusted Open System. In Proc. Australasian Conference on Information Security and Privacy, 2004.
54. D. E. Porter, S. Boyd-Wickizer, J. Howell, R. Olinsky, and G. C. Hunt. Rethinking the library os from the top down. In Proc. International Conference on Architectural Support for Programming Languages and Operating Systems, 2011.
55. J. M. Rushby. Design and verification of secure systems. 15(5):12-21, 1981.
56. R. Sahita, U. Warrier, and P. Dewan. Protecting critical applications on mobile platforms, 2009.
57. R. Schell, T. Tao, and M. Heckman. Designing the GEMSOS security kernel for security and performance. In Proc. National Computer Security Conference, 1985.
58. M. D. Schroeder, D. D. Clark, and J. H. Saltzer. The Multics kernel design project. In Proc. ACM Symposium on Operating Systems Principles, 1977.
59. J. S. Shapiro, J. M. Smith, and D. J. Farber. Eros: a fast capability system. In Proc. ACM symposium on Operating systems principles, 1999.
60. T. Shinagawa, H. Eiraku, K. Tanimoto, K. Omote, S. Hasegawa, T. Horie, M. Hirano, K. Kourai, Y. Oyama, E. Kawai, K. Kono, S. Chiba, Y. Shinjo, and K. Kato. Bitvisor: a thin hypervisor for enforcing I/O device security. In Proc. ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2009.
61. U. Steinberg and B. Kauer. NOVA: a microhypervisor-based secure virtualization architecture. In Proc. European Conference on Computer Systems, 2010.
62. R. Strackx and F. Piessens. Fides: selectively hardening software application components against kernel-level or processlevel malware. In Proc. ACM conference on Computer and Communications Security, 2012.
63. M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the reliability of commodity operating systems. In Proc. ACM Symposium on Operating Systems Principles, 2003.
64. W. R. Systems. Wind river vxworks mils platform. http://www.windriver.com/products/platforms/vxworks-mils/MILS-3 PO.pdf [Accessed on 7 Nov 2013], 2013.
65. J. Szefer, E. Keller, R. Lee, and J. Rexford. Eliminating the hypervisor attack surface for a more secure cloud. In Proc. ACM Conference on Computer and Communications Security, 2011.
66. A. Vasudevan, S. Chaki, L. Jia, J. McCune, J. Newsome, and A. Datta. Design, implementation and verification of an extensible and modular hypervisor framework. In Proc. IEEE Symposium on Security and Privacy, 2013.
67. T. Weigold, T. Kramp, R. Hermann, F. Höring, P. Buhler, and M. Baentsch. The zurich trusted information channel - an efficient defence against man-in-the-middle and malicious software attacks. In Proc. International Conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications, 2008.
68. D. Williams, P. Reynolds, K. Walsh, E. G. Sirer, and F. B. Schneider. Device driver safety through a reference validation mechanism. In Proc. USENIX Conference on Operating Systems Design and Implementation, 2008.
69. Z. Zhou, V. D. Gligor, J. Newsome, and J. M. McCune. Building verifiable trusted path on commodity x86 computers. In Proc. IEEE Symposium on Security and Privacy, 2012.
70. Z. Zhou, J. Han, Y.-H. Lin, A. Perrig, and V. Gligor. Kiss: Key it simple and secure corporate key management. In Proc. International Conference on Trust and Trustworthy Computing, 2013.