A note on the confinement problem
Communications of the ACM
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
WindowBox: a simple security model for the connected desktop
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
How low can you go?: recommendations for hardware-supported minimal TCB code execution
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Accelerating two-dimensional page walks for virtualized systems
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Turtles all the way down: research challenges in user-based attestation
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
I/O for Virtual Machine Monitors: Security and Performance Issues
IEEE Security and Privacy
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
Privacy and security: Usable security: how to get it
Communications of the ACM - Scratch Programming for All
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Verifying the Microsoft Hyper-V Hypervisor with VCC
FM '09 Proceedings of the 2nd World Congress on Formal Methods
NOVA: a microhypervisor-based secure virtualization architecture
Proceedings of the 5th European conference on Computer systems
NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
The multi-principal OS construction of the gazelle web browser
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Apiary: easy-to-use desktop application fault containment on commodity operating systems
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Securing mobile agents for crisis management support
Proceedings of the seventh ACM workshop on Scalable trusted computing
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
An architecture for concurrent execution of secure environments in clouds
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Hi-index | 0.00 |
We investigate a new point in the design space of red/green systems [19,30], which provide the user with a highly-protected, yet also highly-constrained trusted ("green") environment for performing security-sensitive transactions, as well as a high-performance, general-purpose environment for all other (non-security-sensitive or "red") applications. Through the design and implementation of the Lockdown architecture, we evaluate whether partitioning, rather than virtualizing, resources and devices can lead to better security or performance for red/green systems. We also design a simple external interface to allow the user to securely learn which environment is active and easily switch between them. We find that partitioning offers a new tradeoff between security, performance, and usability. On the one hand, partitioning can improve the security of the "green" environment and the performance of the "red" environment (as compared with a virtualized solution). On the other hand, with current systems, partitioning makes switching between environments quite slow (13-31 seconds), which may prove intolerable to users.