Efficient virtualization-based application protection against untrusted operating system

ASIACCS 2015 - Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

Volumn , Issue , 2015, Pages 345-356

  Cheng, Yueqiang ^a   Ding, Xuhua ^b   Deng, Robert H ^b  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b SINGAPORE MANAGEMENT UNIVERSITY   (Singapore)

Author keywords

Address Space Isolation; Application Protection; Isolated Execution Environment; Untrusted OS

Indexed keywords

COMPUTER OPERATING SYSTEMS;

ADDRESS SPACE; CRITICAL APPLICATIONS; DESIGN AND IMPLEMENTATIONS; EXECUTION ENVIRONMENTS; EXECUTION INTEGRITY; HARDWARE MODIFICATIONS; SECURITY CONSIDERATIONS; TRUSTED COMPUTING BASE;

VIRTUALIZATION;

EID: 84942511833     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2714576.2714618     Document Type: Conference Paper

References (35)

1. Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the art of virtualization. In SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 164-177, New York, NY, USA, 2003. ACM.
2. D. Champagne and R.B. Lee. Scalable architectural support for trusted software. In High Performance Computer Architecture (HPCA), 2010 IEEE 16th International Symposium on, pages 1-12. IEEE, 2010.
3. David Champagne and Ruby B. Lee. Scalable architectural support for trusted software. pages 1-12. IEEE Computer Society, 2010.
4. Stephen Checkoway and Hovav Shacham. Iago attacks: why the system call api is a bad untrusted rpc interface. In Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems, ASPLOS '13, pages 253-264, New York, NY, USA, 2013. ACM.
5. H. Chen, F. Zhang, C. Chen, Z. Yang, R. Chen, B. Zang, P.C. Yew, and W. Mao. Tamper-resistant execution in an untrusted operating system using a virtual machine monitor. Technical Report FDUPPITR-2007-0801, Parallel Processing Institute, Fudan University, August 2007.
6. Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R.K. Ports. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of the 13th international conference on Architectural support for programming languages and operating systems, ASPLOS XIII, pages 2-13, New York, NY, USA, 2008. ACM.
7. Yueqiang Cheng and Xuhua Ding. Guardian: Hypervisor as security foothold for personal computers. In Trust and Trustworthy Computing, pages 19-36. Springer Berlin Heidelberg, 2013.
8. Yueqiang Cheng, Xuhua Ding, and Robert H. Deng. Driverguard: a fine-grained protection on I/O flows. In Proceedings of the 16th European conference on Research in computer security, ESORICS'11, pages 227-244, Berlin, Heidelberg, 2011. Springer-Verlag.
9. Siddhartha Chhabra, Brian Rogers, Yan Solihin, and Milos Prvulovic. Secureme: a hardware-software approach to full system security. In Proceedings of the international conference on Supercomputing, ICS '11, pages 108-119, New York, NY, USA, 2011. ACM.
10. Intel Corporation. Innovative instructions and software model for isolated execution. http://privatecore.com/wp-content/uploads/2013/06/HASPinstruction-presentation-release.pdf.
11. Standard Performance Evaluation Corporation. Spec cint2006. http://www.spec.org/.
12. John Criswell, Nathan Dautenhahn, and Vikram Adve. Virtual ghost: Protecting applications from hostile operating systems. ASPLOS '14, pages 81-96. ACM, 2014.
13. Paul England, Butler Lampson, John Manferdelli, Marcus Peinado, and Bryan Willman. A trusted open platform. Computer, 36(7):55-62, July 2003.
14. Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. Terra: a virtual machine-based platform for trusted computing. In Proceedings of the 9th ACM Symposium on Operating Systems Principles, pages 193-206, New York, NY, USA, 2003. ACM.
15. Abel Gordon, Nadav Amit, Nadav Har'El, Muli Ben-Yehuda, Alex Landau, Assaf Schuster, and Dan Tsafrir. Eli: bare-metal performance for i/o virtualization. In Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XVII, pages 411-422, New York, NY, USA, 2012. ACM.
16. H. Hartig, M. Hohmuth, N. Feske, C. Helmuth, A. Lackorzynski, F. Mehnert, and M. Peter. The nizza secure-system architecture. In Collaborative Computing: Networking, Applications and Worksharing, 2005 International Conference on, pages 10-pp. IEEE, 2005.
17. Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. Inktag: secure applications on an untrusted operating system. In Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems, ASPLOS '13, pages 265-278, New York, NY, USA, 2013. ACM.
18. Intel. Intel Trusted Execution Technology (Intel TXT) software development guide. Dec 2009.
19. Intel. Intel 64 and IA-32 architectures software developer's manual combined volumes: 1, 2a, 2b, 2c, 3a, 3b and 3c. October 2011.
20. Yanlin Li, Adrian Perrig, Jonathan M McCune, James Newsome, Brandon Baker, and Will Drewry. Minibox: A two-way sandbox for x86 native code (cmu-cylab-14-001). 2014.
21. David Lie, Chandramohan A. Thekkath, and Mark Horowitz. Implementing an untrusted operating system on trusted hardware. In Proceedings of the nineteenth ACM symposium on Operating systems principles, SOSP '03, pages 178-192, New York, NY, USA, 2003. ACM.
22. Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. Trustvisor: Efficient tcb reduction and attestation. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP '10, pages 143-158, Washington, DC, USA, 2010. IEEE Computer Society.
23. Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. Flicker: an execution infrastructure for tcb minimization. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, Eurosys '08, pages 315-328, New York, NY, USA, 2008. ACM.
24. B. Pfitzmann, J. Riordan, C. Stüble, M. Waidner, and A. Weber. The perseus system architecture. In VIS, pages 1-18, 2001.
25. R. Sahita, U. Warrier, and P. Dewan. Dynamic software application protection. Intel Corporation, Apr, 2009.
26. J.S. Shapiro. EROS: A capability system. PhD thesis, University of Pennsylvania, 1999.
27. Monirul I. Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi. Secure in-vm monitoring using hardware virtualization. In Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pages 477-487, New York, NY, USA, 2009. ACM.
28. Raoul Strackx and Frank Piessens. Fides: selectively hardening software application components against kernel-level or process-level malware. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pages 2-13, New York, NY, USA, 2012. ACM.
29. G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, and Srinivas Devadas. Aegis: architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th annual international conference on Supercomputing, ICS '03, pages 160-171, New York, NY, USA, 2003. ACM.
30. Kun Sun, Jiang Wang, Fengwei Zhang, and Angelos Stavrou. Secureswitch: Bios-assisted isolation and switch between trusted and untrusted commodity oses. In Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012.
31. Richard Ta-Min, Lionel Litty, and David Lie. Splitting interfaces: making trust between applications and operating systems configurable. In Proceedings of the 7th symposium on Operating systems design and implementation, OSDI '06, pages 279-292, Berkeley, CA, USA, 2006. USENIX Association.
32. Trusted Computing Group. TPM main specification. Main Specification Version 1.2 rev. 85, February 2005.
33. Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, and Adrian Perrig. Lockdown: towards a safe and practical architecture for security applications on commodity platforms. In Proceedings of the 5th international conference on Trust and Trustworthy Computing, TRUST'12, pages 34-54, Berlin, Heidelberg, 2012. Springer-Verlag.
34. Jisoo Yang and Kang G. Shin. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, VEE '08, pages 71-80, New York, NY, USA, 2008. ACM.
35. Zongwei Zhou, Virgil D. Gligor, James Newsome, and Jonathan M. McCune. Building verifiable trusted path on commodity x86 computers. In Proceedings of the IEEE Symposium on Security and Privacy, May 2012.