A secure virtual execution environment for untrusted code

Authors:
Yan Wen;Huaimin Wang
Affiliations:
School of Computer, National University of Defense Technology, Changsha, China;School of Computer, National University of Defense Technology, Changsha, China
Venue:
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Year:
2007

Citing 11
Cited 2

Secure Execution of Java Applets Using a Remote Playground

IEEE Transactions on Software Engineering
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor

Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Spout: A Transparent Distributed Execution Engine for Java Applets

ICDCS '00 Proceedings of the The 20th International Conference on Distributed Computing Systems ( ICDCS 2000)
When Virtual Is Better Than Real

HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Xen and the art of virtualization

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Intel Virtualization Technology

Computer
Denali: a scalable isolation kernel

EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
A comparison of software and hardware techniques for x86 virtualization

Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
QEMU, a fast and portable dynamic translator

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
A user-mode port of the linux kernel

ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4

Implicit Detection of Hidden Processes with a Feather-Weight Hardware-Assisted Virtual Machine Monitor

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Internet-based Virtual Computing Environment: Beyond the data center as a computer

Future Generation Computer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a Secure Virtual Execution Environment called Pollux for untrusted code. Pollux achieves both the OS isolation and the functionality benefits provided by the isolated untrusted applications. It accomplishes the OS isolation by introducing a hosted virtual machine as the untrusted code container. The key feature of Pollux is its capability of reproducing the host execution environment, thus the behavior of isolated applications recurs as if they were running natively within the host OS. This characteristic is accomplished by the novel local-booted technology, which means the virtual machine boots not from a newly installed OS image but just from the preinstalled host OS. Thus, Pollux provides security against potential malicious code without negating the functionality benefits of benign programs. This paper focuses on the architecture of Pollux and outlines the implementation framework.