InkTag: Secure Applications on an Untrusted Operating System

被引:101
|
作者
Hofmann, Owen S. [1 ]
Kim, Sangman [1 ]
Dunn, Alan M. [1 ]
Lee, Michael Z. [1 ]
Witchel, Emmett [1 ]
机构
[1] Univ Texas Austin, Austin, TX 78712 USA
来源
ACM SIGPLAN NOTICES | 2013年 / 48卷 / 04期
关键词
Security; Verification; Application protection; Virtualization-based security; Paraverification;
D O I
10.1145/2499368.2451146
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of its hypervisor and in the ability to run useful applications without trusting the operating system. We introduce paraverification, a technique that simplifies the InkTag hypervisor by forcing the untrusted operating system to participate in its own verification. Attribute-based access control allows trusted applications to create decentralized access control policies. InkTag is also the first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes.
引用
收藏
页码:265 / 278
页数:14
相关论文
共 50 条
  • [1] A secure jailing system for confining untrusted applications
    van 't Noordende, Guido
    Balogh, Adam
    Hofman, Rutger
    Brazier, Frances M. T.
    Tanenbaum, Andrew S.
    SECRYPT 2007: PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2007, : 414 - +
  • [2] Secure isolation of untrusted legacy applications
    Potter, Shaya
    Nieh, Jason
    Selsky, Matt
    USENIX ASSOCIATION PROCEEDING OF THE 21ST LARGE INSTALLATION SYSTEMS ADMINISTRATION CONFERENCE, 2007, : 117 - 130
  • [3] Providing secure environments for untrusted network applications
    Zhong, Q
    SIXTH IEEE WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, PROCEEDINGS, 1997, : 277 - 283
  • [4] Providing secure environments for untrusted network applications
    Hewlett Packard Lab, Bristol, United Kingdom
    Journal of Engineering and Applied Science, 1997, : 277 - 283
  • [5] A secure environment for untrusted helper applications - Confining the wily hacker
    Goldberg, I
    Wagner, D
    Thomas, R
    Brewer, EA
    PROCEEDINGS OF THE SIXTH ANNUAL USENIX SECURITY SYMPOSIUM: FOCUSING ON APPLICATIONS OF CRYPTOGRAPHY, 1996, : 1 - 13
  • [6] A secure run of an untrusted program code in the PIVO system
    Rojec, Ziga
    ELEKTROTEHNISKI VESTNIK, 2021, 88 (1-2): : 54 - 60
  • [7] Secure fingerprint authentication system on an untrusted computing environment
    Chung, Y
    Moon, D
    Kim, T
    Pan, S
    TRUST, PRIVACY, AND SECURITY IN DIGITAL BUSINESS, 2005, 3592 : 299 - 310
  • [8] A secure run of an untrusted program code in the PIVO system
    Varen zagon nepreverjene programske kode v sistemu PIVO
    1600, Electrotechnical Society of Slovenia (88): : 54 - 60
  • [9] A secure online image trading system for untrusted cloud environments
    Munadi, Khairul
    Arnia, Fitri
    Syaryadhi, Mohd
    Fujiyoshi, Masaaki
    Kiya, Hitoshi
    SPRINGERPLUS, 2015, 4
  • [10] AppGuard: A Hardware Virtualization Based Approach on Protecting User Applications from Untrusted Commodity Operating System
    Zha, Zili
    Li, Min
    Zang, Wanyu
    Yu, Meng
    Chen, Songqing
    2015 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC), 2015, : 685 - 689
12345