Hoard: a scalable memory allocator for multithreaded applications
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
AEGIS: architecture for tamper-evident and tamper-resistant processing
ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Caches and Hash Trees for Efficient Memory Integrity Verification
HPCA '03 Proceedings of the 9th International Symposium on High-Performance Computer Architecture
Specifying and Verifying Hardware for Tamper-Resistant Software
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Memory resource management in VMware ESX server
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Implementing an untrusted operating system on trusted hardware
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Efficient Memory Integrity Verification and Encryption for Secure Processors
Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture
Fast Secure Processor for Inhibiting Software Piracy and Tampering
Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture
Proceedings of the 13th International Conference on Parallel Architectures and Compilation Techniques
SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors
HPCA '05 Proceedings of the 11th International Symposium on High-Performance Computer Architecture
High Efficiency Counter Mode Security Architecture via Prediction and Precomputation
Proceedings of the 32nd annual international symposium on Computer Architecture
Improving Cost, Performance, and Security of Memory Encryption and Authentication
Proceedings of the 33rd annual international symposium on Computer Architecture
Efficient data protection for distributed shared memory multiprocessors
Proceedings of the 15th international conference on Parallel architectures and compilation techniques
Comprehensively and efficiently protecting the heap
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Authentication Control Point and Its Implications For Secure Processor Design
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Proceedings of the 40th Annual IEEE/ACM International Symposium on Microarchitecture
Using hypervisor to provide data secrecy for user applications on a per-page basis
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
SHIELDSTRAP: making secure processors truly secure
ICCD'09 Proceedings of the 2009 IEEE international conference on Computer design
Improving virtualization security by splitting hypervisor into smaller components
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the ACM International Conference on Computing Frontiers
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Beyond full disk encryption: protection on security-enhanced commodity processors
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Memory encryption: A survey of existing techniques
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
With computing increasingly becoming more dispersed, relying on mobile devices, distributed computing, cloud computing, etc. there is an increasing threat from adversaries obtaining physical access to some of the computer systems through theft or security breaches. With such an untrusted computing node, a key challenge is how to provide secure computing environment where we provide privacy and integrity for data and code of the application. We propose SecureME, a hardware-software mechanism that provides such a secure computing environment. SecureME protects an application from hardware attacks by using a secure processor substrate, and also from the Operating System (OS) through memory cloaking, permission paging, and system call protection. Memory cloaking hides data from the OS but allows the OS to perform regular virtual memory management functions, such as page initialization, copying, and swapping. Permission paging extends the OS paging mechanism to provide a secure way for two applications to establish shared pages for inter-process communication. Finally, system call protection applies spatio-temporal protection for arguments that are passed between the application and the OS. Based on our performance evaluation using microbenchmarks, single-program workloads, and multiprogrammed workloads, we found that SecureME only adds a small execution time overhead compared to a fully unprotected system. Roughly half of the overheads are contributed by the secure processor substrate. SecureME also incurs a negligible additional storage overhead over the secure processor substrate.