On the effectiveness of virtualization based memory isolation on multicore platforms

On the effectiveness of virtualization based memory isolation on multicore platforms

Virtualization based memory isolation has beenwidely used as a security primitive in many security systems.This paper firstly provides an in-depth analysis of itseffectiveness in the multicore setting; a first in the literature.Our study reveals that memory isolation by itself is inadequatefor secur...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHAO, Siqi, DING, Xuhua
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2017
Subjects:
android
call graph
dependency
information retrieval
program analysis
program comprehension
Databases and Information Systems
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/3699
https://ink.library.smu.edu.sg/context/sis_research/article/4701/viewcontent/fimce_eurosp17__1_.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-4701
record_format dspace
spelling sg-smu-ink.sis_research-47012018-03-01T07:56:35Z On the effectiveness of virtualization based memory isolation on multicore platforms ZHAO, Siqi DING, Xuhua Virtualization based memory isolation has beenwidely used as a security primitive in many security systems.This paper firstly provides an in-depth analysis of itseffectiveness in the multicore setting; a first in the literature.Our study reveals that memory isolation by itself is inadequatefor security. Due to the fundamental design choices inhardware, it faces several challenging issues including pagetable maintenance, address mapping validation and threadidentification. As demonstrated by our attacks implementedon XMHF and BitVisor, these issues undermine the security ofmemory isolation. Next, we propose a new isolation approachthat is immune to the aforementioned problems. In our design,the hypervisor constructs a fully isolated micro computingenvironment (FIMCE) that exposes a minimal attack surfaceto an untrusted OS on a multicore platform. By virtue ofits architectural niche, FIMCE offers stronger assurance andgreater versatility than memory isolation. We have built aprototype of FIMCE and measured its performance. To showthe benefits of using FIMCE as a building block, we have alsoimplemented several practical applications which cannot besecurely realized by using memory isolation alone. 2017-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3699 info:doi/10.1109/EuroSP.2017.25 https://ink.library.smu.edu.sg/context/sis_research/article/4701/viewcontent/fimce_eurosp17__1_.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University android call graph dependency information retrieval program analysis program comprehension Databases and Information Systems Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic android
call graph
dependency
information retrieval
program analysis
program comprehension
Databases and Information Systems
Information Security
spellingShingle android
call graph
dependency
information retrieval
program analysis
program comprehension
Databases and Information Systems
Information Security
ZHAO, Siqi
DING, Xuhua
On the effectiveness of virtualization based memory isolation on multicore platforms
description Virtualization based memory isolation has beenwidely used as a security primitive in many security systems.This paper firstly provides an in-depth analysis of itseffectiveness in the multicore setting; a first in the literature.Our study reveals that memory isolation by itself is inadequatefor security. Due to the fundamental design choices inhardware, it faces several challenging issues including pagetable maintenance, address mapping validation and threadidentification. As demonstrated by our attacks implementedon XMHF and BitVisor, these issues undermine the security ofmemory isolation. Next, we propose a new isolation approachthat is immune to the aforementioned problems. In our design,the hypervisor constructs a fully isolated micro computingenvironment (FIMCE) that exposes a minimal attack surfaceto an untrusted OS on a multicore platform. By virtue ofits architectural niche, FIMCE offers stronger assurance andgreater versatility than memory isolation. We have built aprototype of FIMCE and measured its performance. To showthe benefits of using FIMCE as a building block, we have alsoimplemented several practical applications which cannot besecurely realized by using memory isolation alone.
format text
author ZHAO, Siqi
DING, Xuhua
author_facet ZHAO, Siqi
DING, Xuhua
author_sort ZHAO, Siqi
title On the effectiveness of virtualization based memory isolation on multicore platforms
title_short On the effectiveness of virtualization based memory isolation on multicore platforms
title_full On the effectiveness of virtualization based memory isolation on multicore platforms
title_fullStr On the effectiveness of virtualization based memory isolation on multicore platforms
title_full_unstemmed On the effectiveness of virtualization based memory isolation on multicore platforms
title_sort on the effectiveness of virtualization based memory isolation on multicore platforms
publisher Institutional Knowledge at Singapore Management University
publishDate 2017
url https://ink.library.smu.edu.sg/sis_research/3699
https://ink.library.smu.edu.sg/context/sis_research/article/4701/viewcontent/fimce_eurosp17__1_.pdf
_version_ 1770573675254251520

Similar Items