Identifying Error-Prone Software An Empirical Study
IEEE Transactions on Software Engineering
Derivation and validation of software metrics
Derivation and validation of software metrics
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
The performance of μ-kernel-based systems
Proceedings of the sixteenth ACM symposium on Operating systems principles
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Quantitative Analysis of Faults and Failures in a Complex Software System
IEEE Transactions on Software Engineering
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
ICSE '76 Proceedings of the 2nd international conference on Software engineering
When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Implementing an untrusted operating system on trusted hardware
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Defensive programming: using an annotation toolkit to build DoS-resistant software
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
A Nitpicker's guide to a minimal-complexity secure GUI
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Security architectures revisited
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design of the EROS trusted window system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
WWW electronic commerce and java trojan horses
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Secure coprocessors in electronic commerce applications
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
A layered approach to simplified access control in virtualized systems
ACM SIGOPS Operating Systems Review
A critique of the GNU hurd multi-server operating system
ACM SIGOPS Operating Systems Review
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Using hypervisor to provide data secrecy for user applications on a per-page basis
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Improving Xen security through disaggregation
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
VPFS: building a virtual private file system with a small trusted computing base
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Privilege separation made easy: trusting small libraries not big processes
Proceedings of the 1st European Workshop on System Security
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Trusted Computing Serving an Anonymity Service
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
The role of virtualization in embedded systems
Proceedings of the 1st workshop on Isolation and integration in embedded systems
Virtualization as an enabler for security in mobile devices
Proceedings of the 1st workshop on Isolation and integration in embedded systems
Towards application security on untrusted operating systems
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
BitVisor: a thin hypervisor for enforcing i/o device security
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Virtual machines jailed: virtualization in systems with small trusted computing bases
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Taming subsystems: capabilities as universal resource access control in L4
Proceedings of the Second Workshop on Isolation and Integration in Embedded Systems
A PrivacyCA for Anonymity and Trust
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
NOVA: a microhypervisor-based secure virtualization architecture
Proceedings of the 5th European conference on Computer systems
Retaining sandbox containment despite bugs in privileged memory-safe code
Proceedings of the 17th ACM conference on Computer and communications security
Using hypervisors to secure commodity operating systems
Proceedings of the fifth ACM workshop on Scalable trusted computing
Implementing an application-specific credential platform using late-launched mobile trusted module
Proceedings of the fifth ACM workshop on Scalable trusted computing
Separating hypervisor trusted computing base supported by hardware
Proceedings of the fifth ACM workshop on Scalable trusted computing
jVPFS: adding robustness to a secure stacked file system with untrusted local storage components
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
On design of a trusted software base with support of TPCM
INTRUST'09 Proceedings of the First international conference on Trusted Systems
acTvSM: a dynamic virtualization platform for enforcement of application integrity
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Trust extension for commodity computers
Communications of the ACM
Plug-n-trust: practical trusted sensing for mhealth
Proceedings of the 10th international conference on Mobile systems, applications, and services
Recent developments in low-level software security
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
Lockdown: towards a safe and practical architecture for security applications on commodity platforms
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Operating system support for redundant multithreading
Proceedings of the tenth ACM international conference on Embedded software
Proceedings of the 2012 ACM conference on Computer and communications security
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
Pasture: secure offline data access using commodity trusted hardware
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Enabling fairer digital rights management with trusted computing
ISC'07 Proceedings of the 10th international conference on Information Security
MyCloud: supporting user-configured privacy protection in cloud computing
Proceedings of the 29th Annual Computer Security Applications Conference
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
| Hi-index | 0.02 |
The large size and high complexity of security-sensitive applications and systems software is a primary cause for their poor testability and high vulnerability. One approach to alleviate this problem is to extract the security-sensitive parts of application and systems software, thereby reducing the size and complexity of software that needs to be trusted. At the system software level, we use the Nizza architecture which relies on a kernelized trusted computing base (TCB) and on the reuse of legacy code using trusted wrappers to minimize the size of the TCB. At the application level, we extract the security-sensitive portions of an already existing application into an AppCore. The AppCore is executed as a trusted process in the Nizza architecture while the rest of the application executes on a virtualized, untrusted legacy operating system. In three case studies of real-world applications (e-commerce transaction client, VPN gateway and digital signatures in an e-mail client), we achieved a considerable reduction in code size and complexity. In contrast to the few hundred thousand lines of current application software code running on millions of lines of systems software code, we have AppCores with tens of thousands of lines of code running on a hundred thousand lines of systems software code. We also show the performance penalty of AppCores to be modest (a few percent) compared to current software.