Disco: running commodity operating systems on scalable multiprocessors
Proceedings of the sixteenth ACM symposium on Operating systems principles
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
A hardware architecture for implementing protection rings
Communications of the ACM
Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Computer
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Implementing an untrusted operating system on trusted hardware
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Memory resource management in VMware ESX server
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Architecture for Protecting Critical Secrets in Microprocessors
Proceedings of the 32nd annual international symposium on Computer Architecture
A comparison of software and hardware techniques for x86 virtualization
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Fast transparent migration for virtual machines
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Live migration of virtual machines
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
How to build a trusted database system on untrusted storage
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Fast and secure distributed read-only file system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Secure untrusted data repository (SUNDR)
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Antfarm: tracking processes in a virtual machine environment
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Hardware-rooted trust for secure key management and transient trust
Proceedings of the 14th ACM conference on Computer and communications security
Privilege separation made easy: trusting small libraries not big processes
Proceedings of the 1st European Workshop on System Security
TOCTOU, Traps, and Trusted Computing
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Proceedings of the 1st ACM workshop on Virtual machine security
Towards application security on untrusted operating systems
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Mixed-mode multicore reliability
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
BitVisor: a thin hypervisor for enforcing i/o device security
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Virtualization-based separation of privilege: working with sensitive data in untrusted environment
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Hardware-Assisted Application-Level Access Control
ISC '09 Proceedings of the 12th International Conference on Information Security
TimeCapsule: secure recording of accesses to a protected datastore
Proceedings of the 1st ACM workshop on Virtual machine security
A trusted decentralized access control framework for the client/server architecture
Journal of Network and Computer Applications
Optimizing crash dump in virtualized environments
Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
NOVA: a microhypervisor-based secure virtualization architecture
Proceedings of the 5th European conference on Computer systems
Hypervisor-based prevention of persistent rootkits
Proceedings of the 2010 ACM Symposium on Applied Computing
Hardware enforcement of application security policies using tagged memory
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Return-oriented rootkits: bypassing kernel code integrity protection mechanisms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Using hypervisors to secure commodity operating systems
Proceedings of the fifth ACM workshop on Scalable trusted computing
Implementing an application-specific credential platform using late-launched mobile trusted module
Proceedings of the fifth ACM workshop on Scalable trusted computing
Live and trustworthy forensic analysis of commodity production systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Homogeneity as an advantage: it takes a community to protect an application
CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
The optimization of situational awareness for insider threat detection
Proceedings of the first ACM conference on Data and application security and privacy
Ensuring operating system kernel integrity with OSck
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
SymCall: symbiotic virtualization through VMM-to-guest upcalls
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
A case for scaling applications to many-core with OS clustering
Proceedings of the sixth conference on Computer systems
Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Memory deduplication as a threat to the guest OS
Proceedings of the Fourth European Workshop on System Security
Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs
Proceedings of the Fourth European Workshop on System Security
VASP: virtualization assisted security monitor for cross-platform protection
Proceedings of the 2011 ACM Symposium on Applied Computing
Do you know where your data are?: secure data capsules for deployable data protection
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
SecureME: a hardware-software approach to full system security
Proceedings of the international conference on Supercomputing
CPU support for secure executables
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
TPM-performance sensible key management protocols for service provisioning in cloud computing
Security'08 Proceedings of the 16th International conference on Security protocols
DriverGuard: a fine-grained protection on I/O flows
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Software fault isolation with API integrity and multi-principal modules
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Breaking up is hard to do: security and functionality in a commodity hypervisor
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
SPARC: a security and privacy aware virtual machinecheckpointing mechanism
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Linux kernel vulnerabilities: state-of-the-art defenses and open problems
Proceedings of the Second Asia-Pacific Workshop on Systems
Aikido: accelerating shared data dynamic analyses
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Path-exploration lifting: hi-fi tests for lo-fi emulators
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Architectural support for hypervisor-secure virtualization
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Replacement attacks against VM-protected applications
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Architectural support for secure virtualization under a vulnerable hypervisor
Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture
Using virtualization to protect application address space inside untrusted environment
Programming and Computing Software
PIGA-Virt: an advanced distributed MAC protection of virtual systems
Euro-Par'11 Proceedings of the 2011 international conference on Parallel Processing - Volume 2
Surreptitious Deployment and Execution of Kernel Agents in Windows Guests
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
INVISIOS: A Lightweight, Minimally Intrusive Secure Execution Environment
ACM Transactions on Embedded Computing Systems (TECS)
Improving virtualization security by splitting hypervisor into smaller components
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Lockdown: towards a safe and practical architecture for security applications on commodity platforms
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Virtualization based password protection against malware in untrusted operating systems
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Shifting GEARS to enable guest-context virtual services
Proceedings of the 9th international conference on Autonomic computing
Proceedings of the 2012 ACM conference on Computer and communications security
The use of hardware virtualization in the context of information security
Programming and Computing Software
OS-Sommelier: memory-only operating system fingerprinting in the cloud
Proceedings of the Third ACM Symposium on Cloud Computing
Secure and robust monitoring of virtual machines through guest-assisted introspection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Software protection for dynamically-generated code
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
Iago attacks: why the system call API is a bad untrusted RPC interface
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
InkTag: secure applications on an untrusted operating system
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
An architecture for concurrent execution of secure environments in clouds
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Client-controlled cryptography-as-a-service in the cloud
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Using ARM trustzone to build a trusted language runtime for mobile applications
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Virtual ghost: protecting applications from hostile operating systems
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Security-Preserving Live Migration of Virtual Machines in the Cloud
Journal of Network and Systems Management
Hi-index | 0.00 |
Commodity operating systems entrusted with securing sensitive data are remarkably large and complex, and consequently, frequently prone to compromise. To address this limitation, we introduce a virtual-machine-based system called Overshadow that protects the privacy and integrity of application data, even in the event of a total OScompromise. Overshadow presents an application with a normal view of its resources, but the OS with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Thus, Overshadow offers a last line of defense for application data. Overshadow builds on multi-shadowing, a novel mechanism that presents different views of "physical" memory, depending on the context performing the access. This primitive offers an additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processor architectures. We present the design and implementation of Overshadow and show how its new protection semantics can be integrated with existing systems. Our design has been fully implemented and used to protect a wide range of unmodified legacy applications running on an unmodified Linux operating system. We evaluate the performance of our implementation, demonstrating that this approach is practical.