InkTag: Secure Applications on an Untrusted Operating System

被引:101
|
作者
Hofmann, Owen S. [1 ]
Kim, Sangman [1 ]
Dunn, Alan M. [1 ]
Lee, Michael Z. [1 ]
Witchel, Emmett [1 ]
机构
[1] Univ Texas Austin, Austin, TX 78712 USA
来源
ACM SIGPLAN NOTICES | 2013年 / 48卷 / 04期
关键词
Security; Verification; Application protection; Virtualization-based security; Paraverification;
D O I
10.1145/2499368.2451146
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of its hypervisor and in the ability to run useful applications without trusting the operating system. We introduce paraverification, a technique that simplifies the InkTag hypervisor by forcing the untrusted operating system to participate in its own verification. Attribute-based access control allows trusted applications to create decentralized access control policies. InkTag is also the first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes.
引用
收藏
页码:265 / 278
页数:14
相关论文
共 50 条
  • [31] A secure operating system for data centers: A survey
    Ejaz, Sikandar
    Iqbal, Muhammad Javed
    Bibi, Hafsa
    Pervez, Shahbaz
    Al-Dhlan, Kawther A.
    Hosseini, Seyed Ebrahim
    INTERNATIONAL JOURNAL OF ADVANCED AND APPLIED SCIENCES, 2020, 7 (08): : 53 - 64
  • [32] SECRECY: Secure collaborative analytics in untrusted clouds
    Liagouris, John
    Kalavri, Vasiliki
    Faisal, Muhammad
    Varia, Mayank
    PROCEEDINGS OF THE 20TH USENIX SYMPOSIUM ON NETWORKED SYSTEMS DESIGN AND IMPLEMENTATION, NSDI 2023, 2023, : 1031 - 1056
  • [33] Secure Set Intersection with Untrusted Hardware Tokens
    Fischlin, Marc
    Pinkas, Benny
    Sadeghi, Ahmad-Reza
    Schneider, Thomas
    Visconti, Ivan
    TOPICS IN CRYPTOLOGY - CT-RSA 2011, 2011, 6558 : 1 - +
  • [34] Trusted Operating System-Based Model-Driven Development of Secure Web Applications
    Pathak, Nitish
    Sharma, Girish
    Singh, B. M.
    SOFTWARE ENGINEERING (CSI 2015), 2019, 731 : 421 - 432
  • [35] NOSArmor: Building a Secure Network Operating System
    Jo, Hyeonseong
    Nam, Jaehyun
    Shin, Seungwon
    SECURITY AND COMMUNICATION NETWORKS, 2018,
  • [36] A policy flexible architecture for secure operating system
    Zhiqiang, Lin
    Chao, Wang
    Bing, Mao
    Li, Xie
    Operating Systems Review (ACM), 2005, 39 (03): : 24 - 33
  • [37] Architectural Design for a Secure Linux Operating System
    Narayanan, Hari
    Radhakrishnan, Vivek
    Shiju-Sathyadevan
    Poroor, Jayaraj
    2017 2ND IEEE INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, SIGNAL PROCESSING AND NETWORKING (WISPNET), 2017, : 949 - 953
  • [38] Using a Network of Untrusted Computers for Secure Computing
    Maly, Michal
    PROCEEDINGS OF THE SEVENTH INTERNATIONAL CONFERENCE ON AUTONOMIC AND AUTONOMOUS SYSTEMS (ICAS 2011), 2011, : 57 - 61
  • [39] Cooperative Secure Transmission in the Presence of Untrusted Relay
    Chen, Dechuan
    Yang, Weiwei
    Hu, Jianwei
    Cai, Yueming
    Zhu, Sen
    INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS, 2016,
  • [40] Thalos: Secure File Storage in Untrusted Clouds
    Castiglione, Luca Maria
    Romano, Simon Pietro
    FUTURE NETWORK SYSTEMS AND SECURITY, FNSS 2018, 2018, 878 : 178 - 192
12345