Affiliation:
1. Johns Hopkins University, Baltimore, MD, USA
2. UC San Diego, La Jolla, CA, USA
Abstract
In recent years, researchers have proposed systems for running trusted code on an untrusted operating system. Protection mechanisms deployed by such systems keep a malicious kernel from directly manipulating a trusted application's state. Under such systems, the application and kernel are, conceptually, peers, and the system call API defines an RPC interface between them.
We introduce
Iago attacks
, attacks that a malicious kernel can mount in this model. We show how a carefully chosen sequence of integer return values to Linux system calls can lead a supposedly protected process to act against its interests, and even to undertake arbitrary computation at the malicious kernel's behest.
Iago attacks are evidence that protecting applications from malicious kernels is more difficult than previously realized.
Publisher
Association for Computing Machinery (ACM)
Reference29 articles.
1. Adam Barth Collin Jackson Charles Reis and The Google Chrome Team. The security architecture of the Chromium browser. Online: http://seclab.stanford.edu/websec/chromium/ 2008. Adam Barth Collin Jackson Charles Reis and The Google Chrome Team. The security architecture of the Chromium browser. Online: http://seclab.stanford.edu/websec/chromium/ 2008.
Cited by
27 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献