Skip to main content
SpringerLink
Log in

Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms

  • Conference paper
Trust and Trustworthy Computing (Trust 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7344))

Included in the following conference series:

Abstract

We investigate a new point in the design space of red/green systems [19,30], which provide the user with a highly-protected, yet also highly-constrained trusted (“green”) environment for performing security-sensitive transactions, as well as a high-performance, general-purpose environment for all other (non-security-sensitive or “red”) applications. Through the design and implementation of the Lockdown architecture, we evaluate whether partitioning, rather than virtualizing, resources and devices can lead to better security or performance for red/green systems. We also design a simple external interface to allow the user to securely learn which environment is active and easily switch between them. We find that partitioning offers a new tradeoff between security, performance, and usability. On the one hand, partitioning can improve the security of the “green” environment and the performance of the “red” environment (as compared with a virtualized solution). On the other hand, with current systems, partitioning makes switching between environments quite slow (13-31 seconds), which may prove intolerable to users.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Vmware esx server node evaluator’s guide, http://www.vmware.com/pdf/esx_vin_eval.pdf

  2. The l4ka project (2011), http://www.l4ka.org

  3. Source lines of code (2011), http://en.wikipedia.com/wiki/Source_lines_of_code

  4. Xen pcipassthrough (October 2011), http://wiki.xensource.com/xenwiki/XenPCIpassthrough

  5. Xen vgapassthrough (October 2011), http://wiki.xensource.com/xenwiki/XenVGAPassthrough

  6. Xen vtdhowto (October 2011), http://wiki.xensource.com/xenwiki/VTdHowTo

  7. Advanced Micro Devices. AMD64 architecture programmer’s manual: Volume 2: System programming. AMD Publication no. 24594 rev. 3.11 (December 2005)

    Google Scholar 

  8. Balfanz, D., Simon, D.R.: Windowbox: A simple security model for the connected desktop. In: Proceedings of the 4th USENIX Windows Systems Symposium (2000)

    Google Scholar 

  9. Bernstein, D.J.: Cache-timing attacks on aes (April 2005), http://cr.yp.to/papers.html

  10. Bhargava, R., Serebrin, B., Spadini, F., Manne, S.: Accelerating two-dimensional page walks for virtualized systems. In: ASPLOS (March 2008)

    Google Scholar 

  11. Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In: ASPLOS (2008)

    Google Scholar 

  12. Cox, R.S., Gribble, S.D., Levy, H.M., Hansen, J.G.: A safety-oriented platform for web applications. In: IEEE S&P, pp. 350–364 (May 2006)

    Google Scholar 

  13. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: SOSP (October 2003)

    Google Scholar 

  14. Hewlett-Packard, Intel, Microsoft, Phoenix, and Toshiba. Advanced configuration and power interface specification. Revision 3.0b (October 2006)

    Google Scholar 

  15. Intel Corporation. Trusted execution technology – preliminary architecture specification and enabling considerations. Document number 31516803 (November 2006)

    Google Scholar 

  16. Karger, P., Safford, D.: I/O for virtual machine monitors: Security and performance issues. IEEE Security and Privacy 6(5), 16–23 (2008)

    Article  Google Scholar 

  17. Keller, E., Szefer, J., Rexford, J., Lee, R.B.: Nohype: virtualized cloud infrastructure without the virtualization. In: International Symposium on Computer Architecture (2010)

    Google Scholar 

  18. Lampson, B.: A note on the confinement problem. Comm. of the ACM 16(10) (1973)

    Google Scholar 

  19. Lampson, B.: Usable security: How to get it. Comm. of the ACM 52(11) (2009)

    Google Scholar 

  20. Leinenbach, D., Santen, T.: Verifying the Microsoft Hyper-V Hypervisor with VCC. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 806–809. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  21. Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor support for identifying covertly executing binaries. In: Proceedings of the USENIX Security Symposium (2008)

    Google Scholar 

  22. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: IEEE S&P (May 2010)

    Google Scholar 

  23. McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: EuroSys (April 2008)

    Google Scholar 

  24. McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Seshadri, A.: Minimal TCB code execution (extended abstract). In: IEEE Symposium on Security and Privacy (May 2007)

    Google Scholar 

  25. McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Seshadri, A.: How low can you go? Recommendations for hardware-supported minimal TCB code execution. In: ACM ASPLOS (March 2008)

    Google Scholar 

  26. McCune, J.M., Perrig, A., Seshadri, A., van Doorn, L.: Turtles all the way down: Research challenges in user-based attestation. In: USENIX Workshop on Hot Topics in Security (2007)

    Google Scholar 

  27. Meushaw, R., Simard, D.: Nettop: Commercial technology in high assurance applications. VMware Tech Trend Notes 9(4), 1–8 (2000)

    Google Scholar 

  28. National Security Agency. High assurance platform program (January 2009), http://www.nsa.gov/ia/programs/h_a_p/index.shtml

  29. PCI SIG. Single Root I/O Virtualization and Sharing Specification. V. 1.1 (2010)

    Google Scholar 

  30. Peinado, M., Chen, Y., England, P., Manferdelli, J.L.: NGSCB: A Trusted Open System. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 86–97. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  31. Percival, C.: Cache missing for fun & profit. In: BSDCan (2005)

    Google Scholar 

  32. Phoenix Technologies. TrustedCore: Foundation for secure CRTM and BIOS implementation (2006), https://forms.phoenix.com/whitepaperdownload/docs/trustedcore_wp.pdf

  33. Phoenix Technologies. Transitioning the Plug-In Industry from Legacy to Unified Extensible Firmware Interface (UEFI). Intel Developer Forum (September 2009)

    Google Scholar 

  34. Piotrowski, M., Joseph, A.D.: Virtics: A system for privilege separation of legacy desktop applications. Technical Report UCB/EECS-2010-70, EECS Department, University of California, Berkeley (May 2010)

    Google Scholar 

  35. Potter, S., Nieh, J.: Apiary: Easy-to-use desktop application fault containment on commodity operating systems. In: USENIX Annual Technical Conference (2010)

    Google Scholar 

  36. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In: ACM CCS (2009)

    Google Scholar 

  37. Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: SOSP (2007)

    Google Scholar 

  38. Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: ACM CCS (2007)

    Google Scholar 

  39. Singaravelu, L., Pu, C., Haertig, H., Helmuth, C.: Reducing TCB complexity for security-sensitive applications: Three case studies. In: EuroSys (2006)

    Google Scholar 

  40. Steinberg, U., Kauer, B.: Nova: A microhypervisor-based secure virtualization architecture. In: EuroSys (2010)

    Google Scholar 

  41. Sun, K., Wang, J., Zhang, F., Stavrou, A.: Secureswitch: Bios-assisted isolation and switch between trusted and untrusted commodity oses. In: NDSS (2012)

    Google Scholar 

  42. Ta-Min, R., Litty, L., Lie, D.: Splitting interfaces: Making trust between applications and operating systems configurable. In: OSDI (2006)

    Google Scholar 

  43. The Qubes OS, http://qubes-os.org/Home.html

  44. Trusted Computing Group. Trusted Platform Module Main Specification. V. 1.2 (2007)

    Google Scholar 

  45. Vasudevan, A., Parno, B., Qu, N., Gligor, V.D., Perrig, A.: Lockdown: A safe and practical environment for security applications. Technical Report CMU-CyLab-09-011, CyLab, Carnegie Mellon University (July 2009)

    Google Scholar 

  46. Wang, H.J., Grier, C., Moshchuk, A., King, S.T., Choudhury, P., Venter, H.: The multi-principal OS construction of the gazelle web browser. In: USENIX Security Symposium (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CyLab, Carnegie Mellon University, USA

    Amit Vasudevan, Virgil D. Gligor & Adrian Perrig

  2. Microsoft Research, USA

    Bryan Parno

  3. Google Inc., USA

    Ning Qu

Authors
  1. Amit Vasudevan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bryan Parno
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ning Qu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Virgil D. Gligor
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Adrian Perrig
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Technical University Darmstadt, Hochschulstrasse 10, 64289, Darmstadt, Germany

    Stefan Katzenbeisser  & Melanie Volkamer  & 

  2. Institute of Software Technology and Interactive Systems, Vienna University of Technology and SBA Research, Favoritenstrsse 9-11, 1040, Vienna, Austria

    Edgar Weippl

  3. School of Informatics, Indiana University, 901 East Tenth Street, 47405, Bloomington, IN, USA

    L. Jean Camp

  4. Department of Computer Science, University of North Carolina at Chapel Hill, 201 S. Columbia Street UNH-CH, 27599-3175, Chapel Hill, NC, USA

    Mike Reiter

  5. Huawei America R&D, 2330 Central Expressway, 95050, Santa Clara, CA, USA

    Xinwen Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Vasudevan, A., Parno, B., Qu, N., Gligor, V.D., Perrig, A. (2012). Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds) Trust and Trustworthy Computing. Trust 2012. Lecture Notes in Computer Science, vol 7344. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30921-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30921-2_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30920-5

  • Online ISBN: 978-3-642-30921-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation