A multi-core security architecture based on EFI

Authors:
Xizhe Zhang;Yong Xie;Xuejia Lai;Shensheng Zhang;Zijian Deng
Affiliations:
Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China;Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China;Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China;Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China;Lab of Information Security and National Computing Grid, Southwest Jiaotong University, Chengdu, China
Venue:
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Year:
2007

Citing 16
Cited 1

How to Time-Stamp a Digital Document

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
AEGIS: architecture for tamper-evident and tamper-resistant processing

ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Safe Virtual Execution Using Software Dynamic Translation

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
The Saga Security System: A Security Architecture for Open Distributed Systems

FTDCS '97 Proceedings of the 6th IEEE Workshop on Future Trends of Distributed Computing Systems
A secure and reliable bootstrap architecture

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Xen and the art of virtualization

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Backtracking intrusions

ACM Transactions on Computer Systems (TOCS)
Pin: building customized program analysis tools with dynamic instrumentation

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Attack Trends: 2004 and 2005

Queue - Security
ASM: application security monitor

ACM SIGARCH Computer Architecture News - Special issue on the 2005 workshop on binary instrumentation and application
Accurate and Automated System Call Policy-Based Intrusion Prevention

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
VIRTUS: a new processor virtualization architecture for security-oriented next-generation mobile terminals

Proceedings of the 43rd annual Design Automation Conference
The Architecture of Host-based Intrusion Detection Model Generation System for the Frequency Per System Call

ICHIT '06 Proceedings of the 2006 International Conference on Hybrid Information Technology - Volume 02
Process Profiling Using Frequencies of System Calls

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Cryptographic support for secure logs on untrusted machines

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

A conceptual model of self-monitoring multi-core systems

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a unique multi-core security architecture based on EFI. This architecture combines secure EFI environment with insecure OS so that it supports secure and reliable bootstrap, hardware partition, encryption service, as well as real-time security monitoring and inspection. With this architecture, secure EFI environment provides users with a management console to authenticate, monitor and audit insecure OS. Here, an insecure OS is a general purpose OS such as Linux or Windows in which a user can perform ordinary jobs without obvious limitation and performance degradation. This architecture also has a unique capability to protect authentication rules and secure information such as encrypted data even if the security ability of an OS is compromised. A prototype was designed and implemented. Experiment and test results show great performance merits for this new architecture.