Advertisement

Programming and Computer Software

, Volume 38, Issue 1, pp 24–33 | Cite as

Using virtualization to protect application address space inside untrusted environment

  • D. V. SilakovEmail author
Article
  • 153 Downloads

Abstract

The paper describes a virtualization-based approach to protecting context of trusted processes running inside potentially compromised environment. Suggested protection system is based on a hypervisor that monitors all events inside operating system and prevents unauthorized access to process resources. The approach does not require modification of OS or applications; the only requirement for hardware is support for virtualization.

Keywords

information security virtualization hypervisor 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Lipaev, V.V., Methods for Quality Maintenance of Large-Scale Software Systems, Moscow: SYNTEG, 2003.Google Scholar
  2. 2.
    Swift, M.M., Bershad, B.N., and Levy, H.M., Improving the Reliability of Commodity Operating Systems, ACM Trans. Comput. Syst., 2005, vol. 23, no. 1, pp. 77–110.CrossRefGoogle Scholar
  3. 3.
    Chou, A., Yang, J., Chelf, B., Hallem, S., and Engler, D.R., An Empirical Study of Operating System Errors, in SOSP, 2001, pp. 73–88.Google Scholar
  4. 4.
    Kroah-Hartman, G., How Linux Supports More Devices Than Any Other os, Ever, O’Reilly Media Interview, Oct. 2008, [Online] http://broadcast.oreilly.com /2008/10/how-linux-supports-more-device.html
  5. 5.
    Tanenbaum, A.S., Herder, J.N., and Bos, H., Can We Make Operating Systems Reliable and Secure?, Computer, 2006, vol. 39, pp. 44–51. [Online] http://portal.acm.org/citation.cfm?id=1137232.1137291 CrossRefGoogle Scholar
  6. 6.
    Gold, B.D., Linde, R.R., Schaefer, M., and Scheid, J. F., VM/370 Security Retrofit Program, Proc. of the 1977 Annual Conference (ACM’ 77). ACM, New York, NY, USA, 1977, pp. 411–418. [Online] http://portal.acm.org/citation.cfm?id=1124634
  7. 7.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., and Boneh, D., Terra: A Virtual Machine-Based Platform for Trusted Computing, SIGOPS Oper. Syst. Rev., 2003, vol. 37, pp. 193–206. [Online] http://doi.acm.org/10.1145/1165389.945464 CrossRefGoogle Scholar
  8. 8.
    Ta-Min, R., Litty, L., and Lie, D., Splitting Interfaces: Making Trust between Applications and Operating Systems Configurable, Proc. of the 7th Symposium on Operating Systems Design and Implementation, ser. OSDI’ 06, Berkeley, CA, USA: USENIX Association, 2006, pp. 279–292. [Online] http://portal.acm.org/citation.cfm?id=1298455.1298482 Google Scholar
  9. 9.
    Dwoskin, J.S. and Lee, R.B., Hardware-Rooted Trust for Secure Key Management and Transient Trust, Proc. of the 14th ACM Conference on Computer and Communications Security, ser. CCS’ 07, New York, NY, USA: ACM, 2007, pp. 389–400. [Online] http://doi.acm.org/10.1145/1315245.1315294 CrossRefGoogle Scholar
  10. 10.
    Lee, R.B., Kwan, P.C.S., McGregor, J.P., Dwoskin, J., and Wang, Z., Architecture for Protecting Critical Secrets in Microprocessors, SIGARCH Comput. Archit. News, 2005, vol. 33, pp. 2–13. [Online] http://doi.acm.org/10.1145/1080695.1069971 CrossRefGoogle Scholar
  11. 11.
    Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., and Ports, D.R., Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems, SIGOPS Oper. Syst. Rev., 2008, vol. 42, pp. 2–13. [Online] http://doi.acm.org/10.1145/1353535.1346284 CrossRefGoogle Scholar
  12. 12.
    Yang, J. and Shin, K.G., Using Hypervisor to Provide Data Secrecy for User Applications on a Per-Page Basis, Proc. of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, ser. VEE’ 08, New York, NY, USA: ACM, 2008, pp. 71–80. [Online] http://doi.acm.org/10.1145/1346256.1346267 CrossRefGoogle Scholar
  13. 13.
    Fisher-Ogden, J., Hardware Support for Efficient Virtualization, 2006 [Online] http://www.cse.ucsd.edu/-jfisherogden/hardwareVirt.pdf
  14. 14.
    Iakovenko, P., Transparent Mechanism for Remote System Call Execution, Proceedings of ISPRAS, Moscow, 2010, vol. 18, pp. 221–242.Google Scholar
  15. 15.
    Petersson, J., What Is Linux-Gate.so.1?, 2005. [Online] http://www.trilithium.com/johan/2005/08/linux-gate/
  16. 16.
    Garg, M., About Elf Auxiliary Vectors, 2006. [Online] http://articles.manugarg.com/aboutelfauxiliaryvectors.html
  17. 17.
    Yefremov, D. and Iakovenko, P., An Approach to On-Demand Activation and Deactivation of Virtualization-Based Security Systems, Proc. of the Fourth Spring/Summer Young Researchers’ Colloquium on Software Engineering (SYRCoSE 2010), 2010, pp. 157–161. [Online] http://syrcose.ispras.ru/2010/files/syrcose10-submission 5.pdf
  18. 18.
    Yakovenko, P., Ensuring Privacy of Data Handled on a Computer Connected to Network, in Problems of Information Security. Computer Systems, 2009, no. 4, pp. 23–41.Google Scholar
  19. 19.
    Loukos, F., Injecting Code at a Running Process, 2010. [Online] http://fotis.loukos.me/blog/?p=145
  20. 20.
    Burdonov, I., Kosachev, A., and Yakovenko, P., Virtualization-Based Separation of Privilege: Working with Sensitive Data in Untrusted Environment, Proc. of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems, ser. VDTS’ 09, New York, NY, USA: ACM, 2009, pp. 1–6. [Online] http://doi.acm.org/10.1145/1518684.1518685 CrossRefGoogle Scholar
  21. 21.
    Burdonov, I., Kosachev, A., and Yakovenko, P., Using Hardware-Assisted Virtualization Technology to Protect Execution of Application Inside Untrusted Operating System, Proc. of Methods and Technical Means of Ensuring Information Security Conference, St. Petersburg: SPbU, 2009, pp. 38–39.Google Scholar
  22. 22.
    Burdonov, I., Kosachev, A., and Yakovenko, P., Protection of Integrity of Files on External Storage Devices Inside Untrusted Operating System, Proc. of Methods and Technical Means of Ensuring Information Security Conference, St. Petersburg: SPbU, 2010.Google Scholar

Copyright information

© Pleiades Publishing, Ltd. 2012

Authors and Affiliations

  1. 1.Institute for System Programming of the Russian Academy of SciencesMoscowRussia

Personalised recommendations