InkTag: Secure Applications on an Untrusted Operating System

被引：101

作者：

Hofmann, Owen S. ^{[1
]}

Kim, Sangman ^{[1
]}

Dunn, Alan M. ^{[1
]}

Lee, Michael Z. ^{[1
]}

Witchel, Emmett ^{[1
]}

机构：

[1] Univ Texas Austin, Austin, TX 78712 USA

来源：

ACM SIGPLAN NOTICES | 2013年 / 48卷 / 04期

关键词：

Security; Verification; Application protection; Virtualization-based security; Paraverification;

D O I：

10.1145/2499368.2451146

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of its hypervisor and in the ability to run useful applications without trusting the operating system. We introduce paraverification, a technique that simplifies the InkTag hypervisor by forcing the untrusted operating system to participate in its own verification. Attribute-based access control allows trusted applications to create decentralized access control policies. InkTag is also the first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes.

引用

页码：265 / 278

页数：14

共 50 条

[41] On secure framework for web services in untrusted environment
Encheva, S
Tumin, S
ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS 2005: OTM 2005 WORKSHOPS, PROCEEDINGS, 2005, 3762 : 79 - 88
[42] IRS ASSISTED SECURE NOMA FOR UNTRUSTED USERS
Khatoon, Kaneez
Mishra, Deepak
Saini, Ravikant
2024 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH, AND SIGNAL PROCESSING WORKSHOPS, ICASSPW 2024, 2024, : 356 - 360
[43] Cryptographic support for secure logs on untrusted machines
Schneier, B
Kelsey, J
PROCEEDINGS OF THE SEVENTH USENIX SECURITY SYMPOSIUM, 1998, : 53 - 62
[44] Secure Web Service Composition with Untrusted Broker
Carminati, Barbara
Ferrari, Elena
Ngoc Hong Tran
2014 IEEE 21ST INTERNATIONAL CONFERENCE ON WEB SERVICES (ICWS 2014), 2014, : 137 - 144
[45] A secure virtual execution environment for untrusted code
Wen, Yan
Wang, Huaimin
INFORMATION SECURITY AND CRYPTOLOGY - ICISC 2007, 2007, 4817 : 156 - 167
[46] JVPFS: Adding robustness to a secure stacked file system with untrusted local storage components
Weinhold, Carsten
Härtig, Hermann
Proceedings of the 2011 USENIX Annual Technical Conference, USENIX ATC 2011, 2019, : 369 - 382
[47] Joint Resource Allocation in Secure OFDM Two-Way Untrusted Relay System
Jin, Yifeng
Li, Xunan
Lv, Guocheng
Zhao, Meihui
Jin, Ye
SENSORS, 2022, 22 (06)
[48] A PRACTICAL TRANSACTION MODEL AND UNTRUSTED TRANSACTION MANAGER FOR A MULTILEVEL-SECURE DATABASE SYSTEM
KANG, MOH
COSTICH, O
FROSCHER, JN
IFIP TRANSACTIONS A-COMPUTER SCIENCE AND TECHNOLOGY, 1993, 21 : 285 - 300
[49] Cooperative Jamming with Untrusted SUs for Secure Communication of Two-Hop Primary System
Wang, Dawei
Ren, Pinyi
Wang, Yichen
Du, Qinghe
Sun, Li
2015 INTERNATIONAL WIRELESS COMMUNICATIONS & MOBILE COMPUTING CONFERENCE (IWCMC), 2015, : 90 - 95
[50] Securing Time in Untrusted Operating Systems with TimeSeal
Anwar, Fatima M.
Garcia, Luis
Han, Xi
Srivastava, Mani
2019 IEEE 40TH REAL-TIME SYSTEMS SYMPOSIUM (RTSS 2019), 2019, : 80 - 92

← 1 2 3 4 5 →