Programming and Computer Software

, Volume 38, Issue 1, pp 24–33 | Cite as

Using virtualization to protect application address space inside untrusted environment

  • D. V. SilakovEmail author


The paper describes a virtualization-based approach to protecting context of trusted processes running inside potentially compromised environment. Suggested protection system is based on a hypervisor that monitors all events inside operating system and prevents unauthorized access to process resources. The approach does not require modification of OS or applications; the only requirement for hardware is support for virtualization.


information security virtualization hypervisor 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lipaev, V.V., Methods for Quality Maintenance of Large-Scale Software Systems, Moscow: SYNTEG, 2003.Google Scholar
  2. 2.
    Swift, M.M., Bershad, B.N., and Levy, H.M., Improving the Reliability of Commodity Operating Systems, ACM Trans. Comput. Syst., 2005, vol. 23, no. 1, pp. 77–110.CrossRefGoogle Scholar
  3. 3.
    Chou, A., Yang, J., Chelf, B., Hallem, S., and Engler, D.R., An Empirical Study of Operating System Errors, in SOSP, 2001, pp. 73–88.Google Scholar
  4. 4.
    Kroah-Hartman, G., How Linux Supports More Devices Than Any Other os, Ever, O’Reilly Media Interview, Oct. 2008, [Online] /2008/10/how-linux-supports-more-device.html
  5. 5.
    Tanenbaum, A.S., Herder, J.N., and Bos, H., Can We Make Operating Systems Reliable and Secure?, Computer, 2006, vol. 39, pp. 44–51. [Online] CrossRefGoogle Scholar
  6. 6.
    Gold, B.D., Linde, R.R., Schaefer, M., and Scheid, J. F., VM/370 Security Retrofit Program, Proc. of the 1977 Annual Conference (ACM’ 77). ACM, New York, NY, USA, 1977, pp. 411–418. [Online]
  7. 7.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., and Boneh, D., Terra: A Virtual Machine-Based Platform for Trusted Computing, SIGOPS Oper. Syst. Rev., 2003, vol. 37, pp. 193–206. [Online] CrossRefGoogle Scholar
  8. 8.
    Ta-Min, R., Litty, L., and Lie, D., Splitting Interfaces: Making Trust between Applications and Operating Systems Configurable, Proc. of the 7th Symposium on Operating Systems Design and Implementation, ser. OSDI’ 06, Berkeley, CA, USA: USENIX Association, 2006, pp. 279–292. [Online] Google Scholar
  9. 9.
    Dwoskin, J.S. and Lee, R.B., Hardware-Rooted Trust for Secure Key Management and Transient Trust, Proc. of the 14th ACM Conference on Computer and Communications Security, ser. CCS’ 07, New York, NY, USA: ACM, 2007, pp. 389–400. [Online] CrossRefGoogle Scholar
  10. 10.
    Lee, R.B., Kwan, P.C.S., McGregor, J.P., Dwoskin, J., and Wang, Z., Architecture for Protecting Critical Secrets in Microprocessors, SIGARCH Comput. Archit. News, 2005, vol. 33, pp. 2–13. [Online] CrossRefGoogle Scholar
  11. 11.
    Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., and Ports, D.R., Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems, SIGOPS Oper. Syst. Rev., 2008, vol. 42, pp. 2–13. [Online] CrossRefGoogle Scholar
  12. 12.
    Yang, J. and Shin, K.G., Using Hypervisor to Provide Data Secrecy for User Applications on a Per-Page Basis, Proc. of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, ser. VEE’ 08, New York, NY, USA: ACM, 2008, pp. 71–80. [Online] CrossRefGoogle Scholar
  13. 13.
    Fisher-Ogden, J., Hardware Support for Efficient Virtualization, 2006 [Online]
  14. 14.
    Iakovenko, P., Transparent Mechanism for Remote System Call Execution, Proceedings of ISPRAS, Moscow, 2010, vol. 18, pp. 221–242.Google Scholar
  15. 15.
    Petersson, J., What Is, 2005. [Online]
  16. 16.
    Garg, M., About Elf Auxiliary Vectors, 2006. [Online]
  17. 17.
    Yefremov, D. and Iakovenko, P., An Approach to On-Demand Activation and Deactivation of Virtualization-Based Security Systems, Proc. of the Fourth Spring/Summer Young Researchers’ Colloquium on Software Engineering (SYRCoSE 2010), 2010, pp. 157–161. [Online] 5.pdf
  18. 18.
    Yakovenko, P., Ensuring Privacy of Data Handled on a Computer Connected to Network, in Problems of Information Security. Computer Systems, 2009, no. 4, pp. 23–41.Google Scholar
  19. 19.
    Loukos, F., Injecting Code at a Running Process, 2010. [Online]
  20. 20.
    Burdonov, I., Kosachev, A., and Yakovenko, P., Virtualization-Based Separation of Privilege: Working with Sensitive Data in Untrusted Environment, Proc. of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems, ser. VDTS’ 09, New York, NY, USA: ACM, 2009, pp. 1–6. [Online] CrossRefGoogle Scholar
  21. 21.
    Burdonov, I., Kosachev, A., and Yakovenko, P., Using Hardware-Assisted Virtualization Technology to Protect Execution of Application Inside Untrusted Operating System, Proc. of Methods and Technical Means of Ensuring Information Security Conference, St. Petersburg: SPbU, 2009, pp. 38–39.Google Scholar
  22. 22.
    Burdonov, I., Kosachev, A., and Yakovenko, P., Protection of Integrity of Files on External Storage Devices Inside Untrusted Operating System, Proc. of Methods and Technical Means of Ensuring Information Security Conference, St. Petersburg: SPbU, 2010.Google Scholar

Copyright information

© Pleiades Publishing, Ltd. 2012

Authors and Affiliations

  1. 1.Institute for System Programming of the Russian Academy of SciencesMoscowRussia

Personalised recommendations