Filters








323 Hits in 3.7 sec

Practical and lightweight domain isolation on Android

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, Bhargava Shastry
2011 Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11  
In this paper, we introduce a security framework for practical and lightweight domain isolation on Android to mitigate unauthorized data access and communication among applications of different trust levels  ...  For instance, (3) allows network data to be only read by a particular domain, or enables basic context-based policies such as preventing Internet access by untrusted applications while an employee is connected  ...  A third domain for system apps is accessible by both the trusted and untrusted domains.  ... 
doi:10.1145/2046614.2046624 dblp:conf/ccs/BugielDDHSS11 fatcat:3i3wyblxn5c4nmbd6xtlyb7bee

Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86

David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, Daniel Gruss
2020 USENIX Security Symposium  
The two components of our design are a secure software framework and a non-intrusive hardware extension.  ...  We propose Donky, an efficient hardware-software codesign for strong in-process isolation based on dynamic memory protection domains.  ...  Acknowledgments We thank the anonymous reviewers, the artifact evaluators, and especially our shepherd, Nathan Dautenhahn, for their valuable suggestions and comments, which helped in improving the paper  ... 
dblp:conf/uss/SchrammelWSS0MG20 fatcat:f3rywxsejbdgbpomcyhhzre42q

Clean-Slate Development of Certified OS Kernels

Zhong Shao
2015 Proceedings of the 2015 Conference on Certified Programs and Proofs - CPP '15  
, software-fault isolation, or address space protection) in a single framework.  ...  By replacing the traditional "red line" (between the kernel and user code) with customized safety policies, we show how to support different isolation and kernel extension mechanisms (e.g., type-safe languages  ...  More recently, Ford's Vx32 sandbox [39] and VXA archival storage system [36] developed new techniques for lightweight sandboxing of untrusted, native x86 code within a user-level process, enabling  ... 
doi:10.1145/2676724.2693180 dblp:conf/cpp/Shao15 fatcat:ffiwrhqsdnbcflselj27eevbre

A Tale of Two Kernels

Anil Kurmus, Robby Zippel
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
Here, we propose building each kernel function with and without hardening, within a single split kernel.  ...  In particular, this allows trusted processes to be run under unmodified kernel code, while system calls of untrusted processes are directed to the hardened kernel code.  ...  In contrast, SPLIT KERNEL is in a single protection domain: it does not aim for isolation between split-hardened and split-base code.  ... 
doi:10.1145/2660267.2660331 dblp:conf/ccs/KurmusZ14 fatcat:sxaof3vsgvhkhanwn3tne2u3yi

Scale and performance in the Denali isolation kernel

Andrew Whitaker, Marianne Shaw, Steven D. Gribble
2002 ACM SIGOPS Operating Systems Review  
This paper describes the Denali isolation kernel, an operating system architecture that safely multiplexes a large number of untrusted Interact services on shared hardware.  ...  Our isolation kernel exposes a virtual machine abstraction, but unlike conventional virtual machine monitors, Denali does not attempt to emulate the underlying physical architecture precisely, and instead  ...  This work was supported in part by NSF Career award ANI-0132817, funding from Intel Corporation, and a gift from Nortel Networks.  ... 
doi:10.1145/844128.844147 fatcat:imbdifxkefdwjpirzphb2dno4e

Scale and performance in the Denali isolation kernel

Andrew Whitaker, Marianne Shaw, Steven D. Gribble
2002 Proceedings of the 5th symposium on Operating systems design and implementation - OSDI '02  
This paper describes the Denali isolation kernel, an operating system architecture that safely multiplexes a large number of untrusted Interact services on shared hardware.  ...  Our isolation kernel exposes a virtual machine abstraction, but unlike conventional virtual machine monitors, Denali does not attempt to emulate the underlying physical architecture precisely, and instead  ...  This work was supported in part by NSF Career award ANI-0132817, funding from Intel Corporation, and a gift from Nortel Networks.  ... 
doi:10.1145/1060289.1060308 fatcat:uawydxyknvcdvdyk3elri65mba

Leveraging Kernel Security Mechanisms to Improve Container Security

Maxime Bélair, Sylvie Laniepce, Jean-Marc Menaud
2019 Proceedings of the 14th International Conference on Availability, Reliability and Security - ARES '19  
However, due to kernel sharing, containers provide less isolation than full VM. Thus, a compromised container may break out of its isolated context and gain root access to the host server.  ...  Containerization is a lightweight virtualization technique reducing virtualization overhead and deployment latency compared to full VM; its popularity is quickly increasing.  ...  INTRODUCTION Containerization is a lightweight virtualization technique in which containers are virtual domains offering usermode execution context, while sharing the host kernel at the host level.  ... 
doi:10.1145/3339252.3340502 dblp:conf/IEEEares/BelairLM19 fatcat:cf7warlknnaaho6ssijei3cxfq

PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems

R. Joseph Connor, Tyler McDaniel, Jared M. Smith, Max Schuchard
2020 USENIX Security Symposium  
Finally, we discuss potential mitigations and show that the performance cost of extending a ptrace-based sandbox to prevent the new attacks is high, highlighting the need for more efficient system call  ...  Using two recently-proposed memory isolation systems, we show that such designs are vulnerable to generic attacks that bypass memory isolation These attacks use the kernel as a confused deputy, taking  ...  analyze the root cause of the design vulnerabilities and suggest that they generally stem from the inconsistency between the threat models and abstractions used by systems researchers and those used by kernel  ... 
dblp:conf/uss/ConnorMSS20 fatcat:5i5yqfnky5ewxoagdy45frd7vm

DRIP: A framework for purifying trojaned kernel drivers

Zhongshu Gu, William N. Sumner, Zhui Deng, Xiangyu Zhang, Dongyan Xu
2013 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)  
In this paper we propose DRIP, a framework for detecting and eliminating malicious logic embedded in a kernel driver through iteratively eliminating unnecessary kernel API invocations from the driver.  ...  Kernel drivers are usually provided in the form of loadable kernel extensions, which can be loaded/unloaded dynamically at runtime and execute with the same privilege as the core operating system kernel  ...  ACKNOWLEDGMENT We would like to thank the anonymous reviewers for their insightful comments. This research has been supported by DARPA under Contract 12011593.  ... 
doi:10.1109/dsn.2013.6575342 dblp:conf/dsn/GuSDZX13 fatcat:zwtbvdajnbgjbo74ja4clymyu4

The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization [article]

Bumjin Im
2021 arXiv   pre-print
We argue that the challenge of future runtime isolation is best met by embracing the multi-principle nature of applications, rethinking process architecture for fast and extensible intra-process isolation  ...  Overall, we believe sub-process isolation is a must and that the Endokernel exposes an essential set of abstractions for realizing this in a simple and feasible way.  ...  Thus, we explore a recently released kernel dispatch mechanism, a lightweight filter that restricts syscalls to the particular subspace.  ... 
arXiv:2108.03705v2 fatcat:tovxud33k5crnlpqmnsrd4mfmu

Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and Communication

Jinyu Gu, Xinyue Wu, Wentai Li, Nian Liu, Zeyu Mi, Yubin Xia, Haibo Chen
2020 USENIX Annual Technical Conference  
It retrofits Intel Memory Protection Key for Userspace (PKU) in kernel space to achieve such isolation efficiently and design a fast IPC mechanism across those OS components.  ...  UnderBridge moves the OS components of a microkernel between user space and kernel space at runtime while enforcing consistent isolation.  ...  Building Isolated Domains There are many approaches to build lightweight and isolated domains.  ... 
dblp:conf/usenix/GuWLLMXC20 fatcat:l7typ3vwy5ez7fdf63jqfvpyae

Secure Namespaced Kernel Audit for Containers [article]

Soo Yee Lim, Bogdan Stelea, Xueyuan Han, Thomas Pasquier
2021 arXiv   pre-print
We demonstrate the practicality of saBPF in Kubernetes by designing an audit framework, an intrusion detection system, and a lightweight access control mechanism.  ...  Moreover, these techniques typically require extensive kernel modifications, making them difficult to deploy in practical settings.  ...  The kernel uses a verifier to statically analyze the bytecode, minimizing security and stability risks of running untrusted kernel extensions [28] .  ... 
arXiv:2111.02481v1 fatcat:zcmmuhmqwbgojp4way7z3caxgi

Iso-UniK: lightweight multi-process unikernel through memory protection keys

Guanyu Li, Dong Du, Yubin Xia
2020 Cybersecurity  
Iso-UniK leverages a recent hardware feature, named Intel Memory Protection Key (Intel MPK), to provide lightweight and efficient isolation for multi-process in unikernel.  ...  Many applications rely on the process abstraction to isolate different components. For example, Apache with the multi-processing module isolates a request handler in a process to guarantee security.  ...  Restrict kernel behavior with MPK The Intel MPK (Memory Protection Keys) is a hardware feature to provide a lightweight memory isolation mechanism for user space.  ... 
doi:10.1186/s42400-020-00051-9 fatcat:4o73faozxbb5fh4cjfceetm3yq

SNAPPY: programmable kernel-level policies for containers

Maxime Bélair, Sylvie Laniepce, Jean-Marc Menaud
2021 ACM Symposium on Applied Computing  
However, because containers share a full kernel with the host, they are more vulnerable to attacks that may compromise the host and the other containers on the system.  ...  In this paper, we present SNAPPY (Safe Namespaceable And Programmable PolicY), a new framework that allows even unprivileged processes such as containers to safely and dynamically enforce in the kernel  ...  INTRODUCTION Containerization [29] is a lightweight virtualization technique in which containers are virtual domains offering usermode execution context, while sharing the host kernel at the host level  ... 
doi:10.1145/3412841.3442037 dblp:conf/sac/BelairLM21 fatcat:fmcfphgmxbazjh66mjm2g63uei

Arrakis: A Case for the End of the Empire

Simon Peter, Thomas E. Anderson
2013 USENIX Workshop on Hot Topics in Operating Systems  
on top of virtualized I/O devices, where the kernel provides only control plane services.  ...  This new division of labor is transparent to the user, except that applications are able to offer more robust extensibility, security and performance than was previously possible.  ...  An example is a web browser wanting to protect itself against untrusted scripts and extensions (e.g., NaCl [29] ).  ... 
dblp:conf/hotos/PeterA13 fatcat:enosdlpc25cjvg4ywcsobhv64m
« Previous Showing results 1 — 15 out of 323 results