Abstract
Commodity operating systems have become extremely large to provide a lot of services, and then their vulnerability has been targeted by malicious attack. In order to increase security in operating system, there have been many attempts to reduce the size of Trust Computing Base (TCB). However, most of the approaches have applicability limitations due to hypervisor vulnerability and additional hardware requirements. To address these limitations, instead of reducing TCB size, we propose a novel approach to enhance the security of the system. We hide secure TCB for sensitive applications, and thus build an isolated secure environment using a well-equipped infrastructure. For evaluation, we implement a prototype, called Remote-Launch, which runs a security-sensitive process on the borrowed secure TCB.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. ASPLOS (2008)
McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Lasozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: EuroSys 2008 (2008)
Xia, Y., Liu, Y., Chen, H.: Architecture support for guest-transparent VM protection from untrusted hypervisor and physical attacks. In: HPCA (2013)
Intel Corporation. Intel Trusted eXecution Technology - preliminary architecture specification and enabling constructions. Technical Report Document number: 31516803 (2006)
Advanced Micro Devices. AMD64 architecture programmer’s manual: Volume 2: System programming. AMD Publication no. 24594 rev. 3.11 (2005)
Michael, M., Bellarmine, K.R., Deepak, G., Mike, D., William, Y.: Building a Hypervisor on a Formally Verifiable Protection Layer. In: Hawaii International Conference on System Sciences (2013)
Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: SOSP 2011 (2011)
Cheng, Y., Ding, X., Deng, R.H.: DriverGuard: Vrtualization-Based Fine-Grained Protection on I/O Flows. ACM Transaction on Information and System Security, 6:1–6:30 (2013)
Criswell, J., Dautenhahn, N., Vikram, A.: VirtualGhost: Protecting Applications from Hostile Operating Systems. In: ASPLOS (2014)
Zhang, K., Zhou, X., Chen, Y., Wang, X., Ruan, Y.: Sedic: Privacyaware data intensive computing on hybrid clouds. In: CCS 2011 (2011)
Dean, J., Ghemawat, S.: MapReduce: simplified data processing on large clusters. In: OSDI 2004 (2004)
Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: SOSP 2005 (2005)
Hines, M.R., Gopalan, K.: Post-copy based live virtual machine migration using adaptive pre-paging and dynamic self-ballooning. In: VEE 2009 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, J., Kim, T., Kim, I., Min, C., Eom, Y.I. (2015). Remote-Launch: Borrowing Secure TCB for Constructing Trustworthy Computing Platform. In: Park, J., Stojmenovic, I., Jeong, H., Yi, G. (eds) Computer Science and its Applications. Lecture Notes in Electrical Engineering, vol 330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45402-2_117
Download citation
DOI: https://doi.org/10.1007/978-3-662-45402-2_117
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45401-5
Online ISBN: 978-3-662-45402-2
eBook Packages: EngineeringEngineering (R0)