Exokernel: an operating system architecture for application-level resource management
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Architecture of the Symbolics 3600
ISCA '85 Proceedings of the 12th annual international symposium on Computer architecture
A lattice model of secure information flow
Communications of the ACM
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
A unified model and implementation for interprocess communication in a multiprocessor environment
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
Improving the reliability of commodity operating systems
ACM Transactions on Computer Systems (TOCS)
The design and implementation of Zap: a system for migrating computing environments
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Mondrix: memory isolation for linux using mondriaan memory protection
Proceedings of the twentieth ACM symposium on Operating systems principles
ACM Transactions on Computer Systems (TOCS)
Are virtual machine monitors microkernels done right?
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Labels and event processes in the Asbestos operating system
ACM Transactions on Computer Systems (TOCS)
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Vx32: lightweight user-level sandboxing on the x86
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Hardware enforcement of application security policies using tagged memory
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Separating hypervisor trusted computing base supported by hardware
Proceedings of the fifth ACM workshop on Scalable trusted computing
VM-based security overkill: a lament for applied systems security research
Proceedings of the 2010 workshop on New security paradigms
Virtualization: Issues, security threats, and solutions
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Components of commodity OS kernels typically execute at the same privilege level. Consequently, the compromise of even a single component undermines the trustworthiness of the entire kernel and its ability to enforce separation between user-level processes. Reliably containing the extent of a compromised kernel component is a problem to which few practical solutions exist. While many approaches have been proposed to reduce the need to trust large portions of the kernel, most of these approaches represent exotic reorganizations of the hardware or OS kernel that are either not applicable to commodity systems or are relatively complex and difficult to debug in their own right (e.g., microkernels). We propose simple, natural modifications to commodity---x86---hardware that enable vertical isolation down through the kernel without the use of virtualization or major OS rewrites; specifically, extending and reinterpreting the x86 segmentation mechanism, extending the existing Current Privilege Level and Descriptor Privilege Level fields. We believe our proposal is a compelling alternative to traditional virtualization because the hardware virtualizes permissions, not I/O.