Filters








322 Hits in 11.6 sec

DriverGuard: A Fine-Grained Protection on I/O Flows [chapter]

Yueqiang Cheng, Xuhua Ding, Robert H. Deng
2011 Lecture Notes in Computer Science  
In this paper, we present the design and implementation of DriverGuard, a hypervisor based protection mechanism which dynamically shields I/O flows such that I/O data are not exposed to the malicious kernel  ...  The absence of security measures invites attacks on the I/O data and consequently threats those applications feeding on them, such as biometric authentication.  ...  We also thank the anonymous reviewers for their helpful comments.  ... 
doi:10.1007/978-3-642-23822-2_13 fatcat:kdbhaukyxzdrznxzyz3bs7j764

Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security

Mohit Tiwari, Jason K. Oberg, Xun Li, Jonathan Valamehr, Timothy Levin, Ben Hardekopf, Ryan Kastner, Frederic T. Chong, Timothy Sherwood
2011 Proceeding of the 38th annual international symposium on Computer architecture - ISCA '11  
, pipelined operation, and I/O with traditional devices.  ...  High assurance systems used in avionics, medical implants, and cryptographic devices often rely on a small trusted base of hardware and software to manage the rest of the system.  ...  Acknowledgments The authors would like to thank the anonymous reviewers for insightful comments on this paper. This work was funded in part by Grant No.  ... 
doi:10.1145/2000064.2000087 dblp:conf/isca/TiwariOLVLHKCS11 fatcat:n4fu5qhf2zdktmnly66wx4ihli

Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security

Mohit Tiwari, Jason K. Oberg, Xun Li, Jonathan Valamehr, Timothy Levin, Ben Hardekopf, Ryan Kastner, Frederic T. Chong, Timothy Sherwood
2011 SIGARCH Computer Architecture News  
, pipelined operation, and I/O with traditional devices.  ...  High assurance systems used in avionics, medical implants, and cryptographic devices often rely on a small trusted base of hardware and software to manage the rest of the system.  ...  Acknowledgments The authors would like to thank the anonymous reviewers for insightful comments on this paper. This work was funded in part by Grant No.  ... 
doi:10.1145/2024723.2000087 fatcat:touo4wpb3zbedmxuwa6hesdlpi

Exploiting Unprotected I/O Operations in AMD's Secure Encrypted Virtualization

Mengyuan Li, Yinqian Zhang, Zhiqiang Lin, Yan Solihin
2019 USENIX Security Symposium  
This paper studies the insecurity of SEV from the perspective of the unprotected I/O operations in the SEV-enabled VMs.  ...  We evaluate the proposed attacks and discuss potential solutions to the underlying problems.  ...  The work was supported in part by the NSF grants 1750809, 1718084, 1834213, and 1834216, and research gifts from Intel and DFINITY foundation to Yinqian Zhang. Yan Solihin is supported in part by UCF.  ... 
dblp:conf/uss/LiZLS19 fatcat:3u3rod7j3ngtdofawfiln57mje

Rio: A System Solution for Sharing I/O between Mobile Systems [article]

Ardalan Amiri Sani, Kevin Boos, Min Hong Yun, Lin Zhong
2013 arXiv   pre-print
Rio's design is common to many classes of I/O devices, thus significantly reducing the engineering effort to support new I/O devices.  ...  This paper presents Rio, an I/O sharing solution that supports unmodified applications and exposes all the functionality of an I/O device for sharing.  ...  If not handled properly, the disconnection can cause the following problems: render the driver unusable, block the client process indefinitely, or leak resources, e.g., memory, in the client and server  ... 
arXiv:1312.4931v1 fatcat:5eppiili7jc5nnuyvdk6xh3hqi

CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves

Meni Orenbach, Yan Michalevsky, Christof Fetzer, Mark Silberstein
2019 USENIX Annual Technical Conference  
This limitation impedes in-enclave use of secure memory-mapped files and prevents extensions of the application memory layer commonly used in untrusted systems, such as transparent memory compression or  ...  Hardware secure enclaves are increasingly used to run complex applications.  ...  integrity checks and encryption for file I/O operations.  ... 
dblp:conf/usenix/OrenbachMFS19 fatcat:ob4yxnubrjgc7olenvi422kt2a

PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems

R. Joseph Connor, Tyler McDaniel, Jared M. Smith, Max Schuchard
2020 USENIX Security Symposium  
We identify that despite providing strong intra-process memory isolation, existing, general purpose approaches neglect the ways in which the OS makes memory and other intra-process resources accessible  ...  We argue that the root cause stems from a fundamentally different security model between kernel abstractions and user-level, intra-process memory isolation.  ...  . • We analyze the root cause of the design vulnerabilities and suggest that they generally stem from the inconsistency between the threat models and abstractions used by systems researchers and those  ... 
dblp:conf/uss/ConnorMSS20 fatcat:5i5yqfnky5ewxoagdy45frd7vm

Hardware Enforcement of Application Security Policies Using Tagged Memory

Nickolai Zeldovich, Hari Kannan, Michael Dalton, Christos Kozyrakis
2008 USENIX Symposium on Operating Systems Design and Implementation  
We present the Loki tagged memory architecture, along with a novel operating system structure that takes advantage of tagged memory to enforce application security policies in hardware.  ...  Computers are notoriously insecure, in part because application security policies do not map well onto traditional protection mechanisms such as Unix user accounts or hardware page tables.  ...  ACKNOWLEDGMENTS We thank Silas Boyd-Wickizer for porting HiStar to the SPARC processor.  ... 
dblp:conf/osdi/ZeldovichKDK08 fatcat:u2sl7m3z3jadpp7ngq5rd6ukgu

Configurable memory security in embedded systems

Jérémie Crenne, Romain Vaslin, Guy Gogniat, Jean-Philippe Diguet, Russell Tessier, Deepak Unnikrishnan
2013 ACM Transactions on Embedded Computing Systems  
The lightweight circuitry included to support application loading from flash memory adds about 10% FPGA area overhead to the processor-based system and main memory security hardware.  ...  The benefits of our low overhead memory protection approaches are demonstrated using four applications implemented in a field-programmable gate array (FPGA) in an embedded system prototyping platform.  ...  These systems often contain little more than a microprocessor, field-programmable logic, external memory, I/O (input/output) ports, and interfaces to sensors.  ... 
doi:10.1145/2442116.2442121 fatcat:nonibdp57jh57lsb7uda7ntdte

Secure System Virtualization: End-to-End Verification of Memory Isolation [article]

Hamed Nemati
2020 arXiv   pre-print
In particular, we examine techniques related to the appropriate management of the memory subsystem.  ...  Over the last years, security kernels have played a promising role in reshaping the landscape of platform security on today's ubiquitous embedded devices.  ...  The Input/Output Memory Management Unit (IOMMU) is a hardware extension to control memory accesses of I/O devices.  ... 
arXiv:2005.02605v1 fatcat:h7sdyjoxyrexhaswjns5mcfdey

Static Detection of Unsafe DMA Accesses in Device Drivers

Jia-Ju Bai, Tuo Li, Kangjie Lu, Shi-Min Hu
2021 USENIX Security Symposium  
Direct Memory Access (DMA) is a popular mechanism for improving hardware I/O performance, and it has been widely used by many existing device drivers.  ...  Second, a malfunctioning or untrusted hardware device can write bad data into system memory, which can trigger security bugs (such as buffer overflow and invalid-pointer access), if the driver uses the  ...  Kangjie Lu was supported in part by the NSF awards CNS-1815621 and CNS-1931208.  ... 
dblp:conf/uss/BaiLL021 fatcat:3ey3pxhomjan3orauvabos2ktu

Improving Memory Encryption Performance in Secure Processors

Jun Yang, Lan Gao, Youtao Zhang
2005 IEEE transactions on computers  
In this design, the program and data are stored in an encrypted format outside the CPU boundary. The decryption is carried out after they are fetched from memory and before they are used by the CPU.  ...  Index Terms-Memory design, hardware/software protection, security and protection.  ...  Similarly, program inputs are also provided in plaintext since they are brought in from I/O devices. As a result, memory spaces taken by them do not need sequence numbers in SNC.  ... 
doi:10.1109/tc.2005.80 fatcat:n5npyyer3zdm3omvztwnk2gszy

Meltdown: Reading Kernel Memory from User Space

Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg
2018 USENIX Security Symposium  
On affected systems, Meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually  ...  In this paper, we present Meltdown. Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords.  ...  We want to thank everyone who helped us in making this collaboration possible, especially Intel who handled our responsible disclosure professionally, comunicated a clear timeline and connected all involved  ... 
dblp:conf/uss/Lipp0G0HFHMKGYH18 fatcat:u233tuxxcrd6hlu7vputbpbuwm

The Secure Machine: Efficient Secure Execution On Untrusted Platforms [article]

Ofir Shwartz, Yitzhak Birk
2018 arXiv   pre-print
The performance reduction caused by it is only few percent, most of which is due to the memory encryption layer that is commonly used in many secure architectures.  ...  SeM uses a small amount of in-chip additional hardware that monitors key communication channels inside the CPU chip, and only acts when required.  ...  I/O Access I/O access is crucial in many applications. Two main considerations must be addressed when discussing I/O in SeM: 1) Passing memory buffers from/to the I/O device; 2) Data secrecy.  ... 
arXiv:1803.03951v1 fatcat:judqg442wvekdbevambchu3o6i

Architecture support for guest-transparent VM protection from untrusted hypervisor and physical attacks

Yubin Xia, Yutao Liu, Haibo Chen
2013 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA)  
Unlike prior hardware-based approaches, HyperCoffer retains transparency with existing virtual machines (i.e., operating systems) and requires very few changes to the (untrusted) hypervisor.  ...  hardware for the VM-Shim mechanism).  ...  VM-Shim avoids the need of guest page table walking for decoding the I/O instruction by fetching the opcode in the VM context during the trap.  ... 
doi:10.1109/hpca.2013.6522323 dblp:conf/hpca/XiaLC13 fatcat:omfbgjuezreztonmj4ip7bwjim
« Previous Showing results 1 — 15 out of 322 results