SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services
Recent years have seen many virtualization-based Isolated Execution Environments (IEE) proposed in the literature to protect a Piece of Application Logic (PAL) against attacks from an untrusted guest kernel. A prerequisite of these IEE system is that the PAL is small and self-contained. Therefore, a...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2016
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3152 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-4152 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-41522016-04-11T07:12:06Z SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services CHENG, Yueqiang LI, Qing YU, Miao DING, Xuhua SHEN, Qingni Recent years have seen many virtualization-based Isolated Execution Environments (IEE) proposed in the literature to protect a Piece of Application Logic (PAL) against attacks from an untrusted guest kernel. A prerequisite of these IEE system is that the PAL is small and self-contained. Therefore, a PAL is deprived of channels to interact with the external execution environment including the kernel and application libraries. As a result, the PAL can only perform limited tasks such as memory-resident computation with inflexible utilization of system resources. To protect more sophisticated tasks, the application developer has to segment it into numerous PALs satisfying the IEE prerequisite, which inevitably lead to development inefficiency and more erroneous code. In this paper, we propose SuperCall, a new function call interface for a PAL to safely and efficiently call external untrusted code in both the kernel and user spaces. It not only allows flexible interactions between a PAL and untrusted environments, but also improved the utilization of resources, without compromising the security of the PAL. We have implemented SuperCall on top of a tiny hypervisor. To demonstrate and evaluate SuperCall, we use it to build a PAL as part of a password checking program. The experiment results show that SuperCall improves the development efficiency and incurs insignificant performance overhead. 2016-01-24T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/3152 info:doi/10.1007/978-3-319-28865-9_11 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Information Security |
| spellingShingle |
Information Security CHENG, Yueqiang LI, Qing YU, Miao DING, Xuhua SHEN, Qingni SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services |
| description |
Recent years have seen many virtualization-based Isolated Execution Environments (IEE) proposed in the literature to protect a Piece of Application Logic (PAL) against attacks from an untrusted guest kernel. A prerequisite of these IEE system is that the PAL is small and self-contained. Therefore, a PAL is deprived of channels to interact with the external execution environment including the kernel and application libraries. As a result, the PAL can only perform limited tasks such as memory-resident computation with inflexible utilization of system resources. To protect more sophisticated tasks, the application developer has to segment it into numerous PALs satisfying the IEE prerequisite, which inevitably lead to development inefficiency and more erroneous code. In this paper, we propose SuperCall, a new function call interface for a PAL to safely and efficiently call external untrusted code in both the kernel and user spaces. It not only allows flexible interactions between a PAL and untrusted environments, but also improved the utilization of resources, without compromising the security of the PAL. We have implemented SuperCall on top of a tiny hypervisor. To demonstrate and evaluate SuperCall, we use it to build a PAL as part of a password checking program. The experiment results show that SuperCall improves the development efficiency and incurs insignificant performance overhead. |
| format |
text |
| author |
CHENG, Yueqiang LI, Qing YU, Miao DING, Xuhua SHEN, Qingni |
| author_facet |
CHENG, Yueqiang LI, Qing YU, Miao DING, Xuhua SHEN, Qingni |
| author_sort |
CHENG, Yueqiang |
| title |
SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services |
| title_short |
SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services |
| title_full |
SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services |
| title_fullStr |
SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services |
| title_full_unstemmed |
SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services |
| title_sort |
supercall: a secure interface for isolated execution environment to dynamically use external services |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2016 |
| url |
https://ink.library.smu.edu.sg/sis_research/3152 |
| _version_ |
1770572868025843712 |