Efficient Virtualization-based Application Protection against Untrusted Operating System

Efficient Virtualization-based Application Protection against Untrusted Operating System

Commodity monolithic operating systems are abundant with vulnerabilities that lead to rootkit attacks. Once an operating system is subverted, the data and execution of user applications are fully exposed to the adversary, regardless whether they are designed and implemented with security considerati...

Full description

Saved in:
Bibliographic Details
Main Authors: CHENG, Yueqiang, DING, Xuhua, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2015
Subjects:
application protection
isolated execution environment
address space isolation
untrusted OS
Computer Sciences
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/2880
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-3880
record_format dspace
spelling sg-smu-ink.sis_research-38802016-01-08T07:42:07Z Efficient Virtualization-based Application Protection against Untrusted Operating System CHENG, Yueqiang DING, Xuhua DENG, Robert H., Commodity monolithic operating systems are abundant with vulnerabilities that lead to rootkit attacks. Once an operating system is subverted, the data and execution of user applications are fully exposed to the adversary, regardless whether they are designed and implemented with security considerations. Existing application protection schemes have various drawbacks, such as high performance overhead, large Trusted Computing Base (TCB), or hardware modification. In this paper, we present the design and implementation of AppShield, a hypervisor-based approach that reliably safeguards code, data and execution integrity of a critical application, in a more efficient way than existing systems. The protection overhead is localized to the protected application only, so that unprotected applications and the operating system run without any performance loss. In addition to the performance advantage, AppShield tackles several newly identified threats in this paper which are not systematically addressed previously. We build a prototype of AppShield with a tiny hypervisor, and experiment with AppShield by running several off-the-shelf applications on a Linux platform. The results testify to AppShield's low performance costs in terms of CPU computation, disk I/O and network I/O. 2015-04-17T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/2880 info:doi/10.1145/2714576.2714618 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University application protection isolated execution environment address space isolation untrusted OS Computer Sciences Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic application protection
isolated execution environment
address space isolation
untrusted OS
Computer Sciences
Information Security
spellingShingle application protection
isolated execution environment
address space isolation
untrusted OS
Computer Sciences
Information Security
CHENG, Yueqiang
DING, Xuhua
DENG, Robert H.,
Efficient Virtualization-based Application Protection against Untrusted Operating System
description Commodity monolithic operating systems are abundant with vulnerabilities that lead to rootkit attacks. Once an operating system is subverted, the data and execution of user applications are fully exposed to the adversary, regardless whether they are designed and implemented with security considerations. Existing application protection schemes have various drawbacks, such as high performance overhead, large Trusted Computing Base (TCB), or hardware modification. In this paper, we present the design and implementation of AppShield, a hypervisor-based approach that reliably safeguards code, data and execution integrity of a critical application, in a more efficient way than existing systems. The protection overhead is localized to the protected application only, so that unprotected applications and the operating system run without any performance loss. In addition to the performance advantage, AppShield tackles several newly identified threats in this paper which are not systematically addressed previously. We build a prototype of AppShield with a tiny hypervisor, and experiment with AppShield by running several off-the-shelf applications on a Linux platform. The results testify to AppShield's low performance costs in terms of CPU computation, disk I/O and network I/O.
format text
author CHENG, Yueqiang
DING, Xuhua
DENG, Robert H.,
author_facet CHENG, Yueqiang
DING, Xuhua
DENG, Robert H.,
author_sort CHENG, Yueqiang
title Efficient Virtualization-based Application Protection against Untrusted Operating System
title_short Efficient Virtualization-based Application Protection against Untrusted Operating System
title_full Efficient Virtualization-based Application Protection against Untrusted Operating System
title_fullStr Efficient Virtualization-based Application Protection against Untrusted Operating System
title_full_unstemmed Efficient Virtualization-based Application Protection against Untrusted Operating System
title_sort efficient virtualization-based application protection against untrusted operating system
publisher Institutional Knowledge at Singapore Management University
publishDate 2015
url https://ink.library.smu.edu.sg/sis_research/2880
_version_ 1770572662865657856

Similar Items