Sego: Pervasive trusted metadata for efficiently verified untrusted system services

International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

Volumn 02-06-April-2016, Issue , 2016, Pages 277-290

  Kwon, Youngjin ^a   Dunn, Alan M ^b   Lee, Michael Z ^c   Hofmann, Owen S ^b   Xu, Yuanzhong ^a   Witchel, Emmett ^a  

^a UNIVERSITY OF TEXAS AT AUSTIN   (United States)

^b GOOGLE INC   (United States)

^c FACEBOOK   (United States)

Author keywords

Application protection; Crash consistency; Paraverification; Virtualization based security

Indexed keywords

COMPUTATIONAL LINGUISTICS; FILE ORGANIZATION;

CRASH CONSISTENCY; FAULT INJECTOR; GUEST OPERATING SYSTEMS; PARAVERIFICATION; RECOVERY PROTOCOLS; SYSTEM SERVICES; TRUSTED APPLICATIONS; VIRTUALIZATION-BASED SECURITIES;

METADATA;

EID: 84975270356     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2872362.2872372     Document Type: Conference Paper

References (39)

1. DokuWiki. https://www.dokuwiki.org/.
2. HPC Graph Analysis. http://www.graphanalysis.org/benchmark/.
3. Intel Trusted Execution Technology. http://www.intel.com/technology/security/.
4. OpenLDAP. http://www.openldap.org/.
5. Intel SHA Extensions, 2013. https://software.intel.com/en-us/articles/intel-sha-extensions.
6. AES-GCM Encryption Performance on Intel Xeon E5 v3 Processors, 2015. https://software.intel.com/en-us/articles/aes-gcm-encryption-performance-onintel-xeon-e5-v3-processors.
7. AES-NI SSL performance, 2015. https://calomel.org/aesni-ssl-performance.html.
8. FlashArray//m Technical Specs, 2015. http://www.purestorage.com/products/technical-specifications/.
9. Samsung V-NAND SSD, 2015. http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/ssd850pro/specifications.html.
10. Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee, and Daniel Starin. Persona: an online social network with user-defined privacy. In SIGCOMM, 2009.
11. Andrew Baumann, Marcus Peinado, and Galen Hunt. Shielding applications from an untrusted cloud with haven. In OSDI, 2014.
12. Stephen Checkoway and Hovav Shacham. Iago attacks: Why the system call API is a bad untrusted RPC interface. In ASPLOS, March 2013.
13. Peter M. Chen, Wee Teck Ng, Subhachandra Chandra, Christopher Aycock, and David Rajamani, Gurushankarand Lowell. The rio file cache: Surviving operating system crashes. In ASPLOS, pages 74-83, 1996.
14. Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffery Dwoskin, and Dan R. K. Ports. Overshadow: A virtualizationbased approach to retrofitting protection in commodity operating systems. In ASPLOS, May 2008.
15. Andy Chou, Junfeng Yang, Benjamin Chelf, Seth Hallem, and Dawson Engler. An empirical study of operating systems errors. In SOSP, pages 73-88, 2001.
16. John Criswell. Secure virtual architecture: security for commodity software systems. PhD thesis, University of Illinois at Urbana-Champaign, 2014.
17. John Criswell, Nathan Dautenhahn, and Vikram Adve. Virtual Ghost: Protecting Applications from Hostile Operating Systems. In ASPLOS, 2014.
18. Tim Dierks and Eric Rescorla. RFC 5246: The Transport Layer Security (TLS) Protocol: Version 1.2. http://tools.ietf.org/html/rfc5246, 2008.
19. Jaeyoung Do, Yang-Suk Kee, Jignesh M. Patel, Chanik Park, Kwanghyun Park, and David J. DeWitt. Query processing on smart ssds: Opportunities and challenges. In ACM International Conference on Management of Data (SIGMOD), 2013.
20. Morris Dworkin. NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf, 2007.
21. Frank Ch. Eigler. Problem solving with systemtap. In The Ottawa Linux Symposium, pages 261-268, 2006.
22. Ariel J Feldman, Aaron Blankstein, Michael J Freedman, and Edward W Felten. Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider. In USENIX Security, 2012.
23. Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. InkTag: Secure Applications on an Untrusted Operating System. In ASPLOS, 2013.
24. Intel Corporation. Software Guard Extensions Programming Reference, 2015. https://software.intel. com/sites/default/files/managed/48/88/329298-002.pdf.
25. Yanlin Li, Adrian Perrig, Jonathan McCune, James Newsome, Brandon Baker, andWill Drewry. MiniBox: A two-way sandbox for x86 native code. Technical Report CMU-CyLab-14-001, CyLab, Carnegia Mellon University, 2014.
26. Lanyue Lu, Andrea C Arpaci-Dusseau, Remzi H Arpaci-Dusseau, and Shan Lu. A study of linux file system evolution. In FAST, pages 31-44, 2013.
27. Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE S&P, May 2010.
28. Gil Neiger, Amy Santoni, Felix Leung, Dion Rodgers, and Rich Uhlig. Intel virtualization technology: Hardware support for efficient processor virtualization. In Intel Technology Journal, volume 10, 2006.
29. Nicolas Palix, Gaël Thomas, Suman Saha, Christophe Calvès, Julia Lawall, and Gilles Muller. Faults in linux: Ten years later. In ASPLOS, pages 305-318, 2011.
30. Jianbao Ren, Yong Qi, Yuehua Dai, Xiaoguang Wang, and Yi Shi. Appsec: A safe execution environment for security sensitive applications. In VEE, 2015.
31. Mendel Rosenblum and John K. Ousterhout. The design and implementation of a log-structured file system. ACM Trans. Comput. Syst., 10 (1), February 1992.
32. Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. Using ARM trustzone to build a trusted language runtime for mobile applications. In ASPLOS, 2014.
33. Adam Sweeney, Doug Doucette, Wei Hu, Curtis Anderson, Mike Nishimoto, and Geoff Peck. Scalability in the xfs file system. In USENIX ATC, 1996.
34. Michael M. Swift, Brian N. Bershad, and Henry M. Levy. Improving the reliability of commodity operating systems. In SOSP, pages 207-222, 2003.
35. Xiaoguang Wang, Yue Chen, Zhi Wang, Yong Qi, and Yajin Zhou. Secpod: a framework for virtualization-based security systems. In USENIX ATC, 2015.
36. Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In IEEE S&P, 2015.
37. Jisoo Yang and Kang G. Shin. Using hypervisor to provide data secrecy for user applications on a per-page basis. In VEE, pages 71-80, 2008.
38. Takeshi Yoshimura, Hiroshi Yamada, and Kenji Kono. Is linux kernel oops useful or not. In HotDep, 2012.
39. Kim Zetter. Hacking team leak shows how secretive zero-day exploit sales work. Wired, 2015.