Affiliation:
1. The University of Texas at Auatin, Austin, TX, USA
2. C, Austin, TX, USA
Abstract
InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of its hypervisor and in the ability to run useful applications without trusting the operating system. We introduce
paraverification
, a technique that simplifies the InkTag hypervisor by forcing the untrusted operating system to participate in its own verification.
Attribute-based access control
allows trusted applications to create decentralized access control policies. InkTag is also the first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes.
Publisher
Association for Computing Machinery (ACM)
Reference49 articles.
1. Microsoft security bulletin search 2012. http://technet.microsoft.com/security/bulletin. Microsoft security bulletin search 2012. http://technet.microsoft.com/security/bulletin.
2. Control-flow integrity
3. Automatic Inference and Enforcement of Kernel Data Structure Invariants
4. Xen and the art of virtualization
Cited by
8 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Efficient Application Protection against Untrusted Operating Systems;VFAST Transactions on Software Engineering;2022-12-31
2. In-process Memory Isolation Using Hardware Watchpoint;Proceedings of the 56th Annual Design Automation Conference 2019;2019-06-02
3. Secure Local Configuration of Intellectual Property Without a Trusted Third Party;Lecture Notes in Computer Science;2019
4. SeCloak;Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services;2018-06-10
5. Lord of the x86 Rings;Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security;2018-01-15