Filters








1,963 Hits in 4.5 sec

The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization [article]

Bumjin Im
2021 arXiv   pre-print
We present, the Endokernel, a new process model and security architecture that nests an extensible monitor into the standard process for building efficient least-authority abstractions.  ...  The Endokernel introduces a new virtual machine abstraction for representing subprocess authority, which is enforced by an efficient self-isolating monitor that maps the abstraction to system level objects  ...  The security monitor code may not enforce the intended checks when executed in compatibility mode.  ... 
arXiv:2108.03705v2 fatcat:tovxud33k5crnlpqmnsrd4mfmu

TxBox: Building Secure, Efficient Sandboxes with System Transactions

Suman Jana, Donald E. Porter, Vitaly Shmatikov
2011 2011 IEEE Symposium on Security and Privacy  
TXBOX consists of a relatively simple, policy-agnostic security monitor running in the OS kernel and a user-level policy manager.  ...  Existing system-call monitors must allow or deny every system call made by the untrusted program before it executes. Once the call is permitted to execute, there is no way to recover.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/sp.2011.33 dblp:conf/sp/JanaPS11 fatcat:thlvosrksjdbfnqn7k6aexkefi

Boxify: Full-fledged App Sandboxing for Stock Android

Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, Philipp von Styp-Rekowsky
2015 USENIX Security Symposium  
In contrast to all related work on stock Android, we eliminate the necessity to modify the code of monitored apps, and thereby overcome existing legal concerns and deployment problems that rewriting-based  ...  Our approach is based on application virtualization and process-based privilege separation to securely encapsulate untrusted apps in an isolated environment.  ...  By executing the untrusted code as a de-privileged process with a UID that differs from the sandbox app's UID, the kernel securely and automatically isolates at process-level the reference monitor implemented  ... 
dblp:conf/uss/0001B0SS15 fatcat:fmfok5azqnhsrkyoadmseu2rpy

1988 IEEE Symposium on Security and Privacy

1987 Computer  
TXBOX consists of a relatively simple, policy-agnostic security monitor running in the OS kernel and a user-level policy manager.  ...  Existing system-call monitors must allow or deny every system call made by the untrusted program before it executes. Once the call is permitted to execute, there is no way to recover.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/mc.1987.1663423 fatcat:p76ekk6airaxdariqes2bfucey

1987 IEEE Symposium on Security and Privacy

1986 Computer  
TXBOX consists of a relatively simple, policy-agnostic security monitor running in the OS kernel and a user-level policy manager.  ...  Existing system-call monitors must allow or deny every system call made by the untrusted program before it executes. Once the call is permitted to execute, there is no way to recover.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/mc.1986.1663073 fatcat:wvh5tdhog5clrhdrom2tjgv2my

1987 IEEE Symposium on Security and Privacy

1986 Computer  
TXBOX consists of a relatively simple, policy-agnostic security monitor running in the OS kernel and a user-level policy manager.  ...  Existing system-call monitors must allow or deny every system call made by the untrusted program before it executes. Once the call is permitted to execute, there is no way to recover.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/mc.1986.1663102 fatcat:cduvzxwakjfyxjqlvejzyhdyym

1987 IEEE Symposium on Security and Privacy

1986 Computer  
TXBOX consists of a relatively simple, policy-agnostic security monitor running in the OS kernel and a user-level policy manager.  ...  Existing system-call monitors must allow or deny every system call made by the untrusted program before it executes. Once the call is permitted to execute, there is no way to recover.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/mc.1986.1663329 fatcat:u33ipffhdvhzxnmwjwqx4p3xvq

2006 IEEE Symposium on Security and Privacy

2006 2006 IEEE Symposium on Security and Privacy (S&P'06)  
TXBOX consists of a relatively simple, policy-agnostic security monitor running in the OS kernel and a user-level policy manager.  ...  Existing system-call monitors must allow or deny every system call made by the untrusted program before it executes. Once the call is permitted to execute, there is no way to recover.  ...  We are grateful to our shepherd David Wagner for many helpful comments and to Emmett Witchel for his insightful advice and for guiding the development of TxOS.  ... 
doi:10.1109/sp.2006.20 fatcat:gutozsr4avfwpgpkvrwa4a77fu

Trustworthy Prevention of Code Injection in Linux on Embedded Devices [chapter]

Hind Chfouka, Hamed Nemati, Roberto Guanciale, Mads Dam, Patrik Ekdahl
2015 Lecture Notes in Computer Science  
The executable space protection allows the MProsper's monitor to intercept every change to the executable code performed by a user application or by the Linux kernel.  ...  MProsper is a formally verified run-time monitor, which forces an untrusted Linux to obey the executable space protection policy; a memory area can be either executable or writable, but cannot be both.  ...  Executions in privileged mode require monitor intermediation. If the monitor validates the request, then the standard behavior of the hypervisor is executed.  ... 
doi:10.1007/978-3-319-24174-6_5 fatcat:e6mxumccevevhnlaxrffbyevae

Garmr: Defending the gates of PKU-based sandboxing [article]

Alexios Voulimeneas, Jonas Vinck, Ruben Mechelinck, Stijn Volckaert
2021 arXiv   pre-print
We apply Garmr to several memory isolation schemes and show that it is practical, efficient and secure.  ...  We first develop two proof-of-concept attacks against a state-of-the-art PKU-based memory isolation scheme.  ...  Intel and AMD CPUs provide Supervisor-mode Access Prevention (SMAP) hardware feature to disable kernel accesses to user space memory.  ... 
arXiv:2110.04788v1 fatcat:fsd5belzmfey3jc7i5lcj7bsuq

A portable user-level approach for system-wide integrity protection

Wai-Kit Sze, R. Sekar
2013 Proceedings of the 29th Annual Computer Security Applications Conference on - ACSAC '13  
ACSAC '13, In contrast, our approach combines the strengths of sandboxing and isolation of untrusted code, while avoiding most of their weaknesses.  ...  Our implementation is performed entirely at the user-level, requiring no changes to the kernel. This enabled us to port the system easily from Linux to BSD.  ...  These accesses are monitored continuously, and a database of implicitly accessed files, together with the mode of access (i.e., read-only or read/write) is maintained for each executable.  ... 
doi:10.1145/2523649.2523655 dblp:conf/acsac/SzeS13 fatcat:vcv5jeqwhzbsndtcvrfl6wzf3q

Process out-grafting

Deepa Srinivasan, Zhi Wang, Xuxian Jiang, Dongyan Xu
2011 Proceedings of the 18th ACM conference on Computer and communications security - CCS '11  
Moreover, by forwarding the system calls back to the VM, we can smoothly continue the execution of the out-grafted process without weakening the isolation of the monitoring tool.  ...  In this paper, we present process out-grafting, an architectural approach to address both isolation and compatibility challenges in out-of-VM approaches for fine-grained process-level execution monitoring  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the AFOSR and the NSF.  ... 
doi:10.1145/2046707.2046751 dblp:conf/ccs/SrinivasanWJX11 fatcat:b65zctblrbfhvl3b62f4t43a2m

Satem: Trusted Service Code Execution across Transactions

Gang Xu, Cristian Borcea, Liviu Iftode
2006 Symposium on Reliable Distributed Systems. Proceedings  
The Satem architecture consists of an execution monitor residing in the operating system kernel on the service provider platform, a trust evaluator on the client platform, and a service commitment protocol  ...  This paper presents Satem, a Service-aware trusted execution monitor that guarantees the trustworthiness of the service code across a whole transaction.  ...  It is defined as p = SHA1(nonce|SHA1(C(S)) |SHA1(P K R )|SHA1(k)|m) where C(S) is the commitment and m is the current execution mode of the monitor (1 in monitoring mode, 0 in attestation mode). 3.  ... 
doi:10.1109/srds.2006.42 dblp:conf/srds/XuBI06 fatcat:njc52i37enh23itzs332jxogte

ARMlock

Yajin Zhou, Xiaoguang Wang, Yue Chen, Zhi Wang
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
Since its debut, researchers have proposed different SFI systems for many purposes such as safe execution of untrusted native browser plugins.  ...  Memory accesses by the untrusted module (including read, write, and execution) are strictly confined by the hardware, and instructions running inside the sandbox execute at the same speed as those outside  ...  The first author of this paper was partially supported by the National Science Foundation of China under Grant No.61340031.  ... 
doi:10.1145/2660267.2660344 dblp:conf/ccs/ZhouWCW14 fatcat:5wdpcjiif5b2fke647hrr3o54a

Resilient Authenticated Execution of Critical Applications in Untrusted Environments

Michael S. Kirkpatrick, Gabriel Ghinita, Elisa Bertino
2012 IEEE Transactions on Dependable and Secure Computing  
Our work shows that it is feasible to build a resilient execution environment, even in the presence of a corrupted OS kernel, with a reasonable amount of storage and performance overhead.  ...  In this paper, we describe our system design, which leverages efficient coding and authentication schemes, and we present the details of our prototype implementation to quantify the overhead of our approach  ...  Half of the work by M. Kirkpatrick and G. Ghinita was done while at Purdue University.  ... 
doi:10.1109/tdsc.2012.25 fatcat:7rsion5asvhetahhk73gu3bmaa
« Previous Showing results 1 — 15 out of 1,963 results