Safe and Efficient Implementation of a Security System on ARM using Intra-level Privilege Separation
-
Published:2019-05-31
Issue:2
Volume:22
Page:1-30
-
ISSN:2471-2566
-
Container-title:ACM Transactions on Privacy and Security
-
language:en
-
Short-container-title:ACM Trans. Priv. Secur.
Author:
Kwon Donghyun1,
Yi Hayoon1,
Cho Yeongpil2ORCID,
Paek Yunheung1
Affiliation:
1. Seoul National University, Gwanak-gu, Seoul, The Republic of Korea
2. Soongsil University, Dongsak-gu, Seoul, The Republic of Korea
Abstract
Security monitoring has long been considered as a fundamental mechanism to mitigate the damage of a security attack. Recently, intra-level security systems have been proposed that can efficiently and securely monitor system software without any involvement of more privileged entity. Unfortunately, there exists no full intra-level security system that can universally operate at any privilege level on ARM. However, as malware and attacks increase against virtually every level of privileged software including an OS, a hypervisor, and even the highest privileged software armored by TrustZone, we have been motivated to develop an intra-level security system, named
Hilps
. Hilps realizes true intra-level scheme in all these levels of privileged software on ARM by elaborately exploiting a new hardware feature of ARM’s latest 64-bit architecture, called TxSZ, that enables elastic adjustment of the accessible virtual address range. Furthermore, Hilps newly supports the sandbox mechanism that provides security tools with individually isolated execution environments, thereby minimizing security threats from untrusted security tools. We have implemented a prototype of Hilps on a real machine. The experimental results demonstrate that Hilps is quite promising for practical use in real deployments.
Funder
National Research Foundation of Korea
IDEC
Automatic Deep Malware Analysis Technology for Cyber Threat Intelligence
Cloud-based Security Intelligence Technology Development for the Customized Security Service Provisioning
Institute for Information 8 communications Technology Promotion (IITP) grant funded by the Korea government
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference61 articles.
1. CVE Details. 2018. Linux kernel vulnerabilities. Retrieved from http://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33. CVE Details. 2018. Linux kernel vulnerabilities. Retrieved from http://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33.
2. LLVM Linux. {n.d.}. Retrieved from http://llvm.linuxfoundation.org. LLVM Linux. {n.d.}. Retrieved from http://llvm.linuxfoundation.org.
3. IntelŴVirtualization Technology for Directed I/O
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献