Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
A hardware architecture for implementing protection rings
Communications of the ACM
Capability-Based Computer Systems
Capability-Based Computer Systems
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
The KeyKOS Nanokernel Architecture
Proceedings of the Workshop on Micro-kernels and Other Kernel Architectures
Proceedings of the 11th USENIX Security Symposium
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Improving the reliability of commodity operating systems
ACM Transactions on Computer Systems (TOCS)
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Mondrix: memory isolation for linux using mondriaan memory protection
Proceedings of the twentieth ACM symposium on Operating systems principles
Building secure high-performance web services with OKWS
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Raksha: a flexible information flow architecture for software security
Proceedings of the 34th annual international symposium on Computer architecture
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
How low can you go?: recommendations for hardware-supported minimal TCB code execution
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Laminar: practical fine-grained decentralized information flow control
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
The cake is a lie: privilege rings as a policy resource
Proceedings of the 1st ACM workshop on Virtual machine security
Ordering decoupled metadata accesses in multiprocessors
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
Neon: system support for derived data management
Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Secure information flow analysis for hardware design: using the right abstraction for the job
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Proceedings of the 37th annual international symposium on Computer architecture
Sentry: light-weight auxiliary memory access control
Proceedings of the 37th annual international symposium on Computer architecture
Tolerating malicious device drivers in Linux
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Caisson: a hardware description language for secure information flow
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Making information flow explicit in HiStar
Communications of the ACM
Software fault isolation with API integrity and multi-principal modules
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Linux kernel vulnerabilities: state-of-the-art defenses and open problems
Proceedings of the Second Asia-Pacific Workshop on Systems
Architectural support for secure virtualization under a vulnerable hypervisor
Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture
TagTM - accelerating STMs with hardware tags for fast meta-data access
DATE '12 Proceedings of the Conference on Design, Automation and Test in Europe
A taint marking approach to confidentiality violation detection
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
WHISK: an uncore architecture for dynamic information flow tracking in heterogeneous embedded SoCs
Proceedings of the Ninth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis
Hi-index | 0.02 |
Computers are notoriously insecure, in part because application security policies do not map well onto traditional protection mechanisms such as Unix user accounts or hardware page tables. Recent work has shown that application policies can be expressed in terms of information flow restrictions and enforced in an OS kernel, providing a strong assurance of security. This paper shows that enforcement of these policies can be pushed largely into the processor itself, by using tagged memory support, which can provide stronger security guarantees by enforcing application security even if the OS kernel is compromised. We present the Loki tagged memory architecture, along with a novel operating system structure that takes advantage of tagged memory to enforce application security policies in hardware. We built a full-system prototype of Loki by modifying a synthesizable SPARC core, mapping it to an FPGA board, and porting HiStar, a Unix-like operating system, to run on it. One result is that Loki allows HiStar, an OS already designed to have a small trusted kernel, to further reduce the amount of trusted code by a factor of two, and to enforce security despite kernel compromises. Using various workloads, we also demonstrate that HiStar running on Loki incurs a low performance overhead.