SuperCall: A secure interface for isolated execution environment to dynamically use external services | |
Cheng, Yueqiang ; Li, Qing ; Yu, Miao ; Ding, Xuhua ; Shen, Qingni | |
2015 | |
英文摘要 | Recent years have seen many virtualization-based Isolated Execution Environments (IEE) proposed in the literature to protect a Piece of Application Logic (PAL) against attacks from an untrusted guest kernel. A prerequisite of these IEE system is that the PAL is small and self-contained. Therefore, a PAL is deprived of channels to interact with the external execution environment including the kernel and application libraries. As a result, the PAL can only perform limited tasks such as memory-resident computation with inflexible utilization of system resources. To protect more sophisticated tasks, the application developer has to segment it into numerous PALs satisfying the IEE prerequisite, which inevitably lead to development inefficiency and more erroneous code. In this paper, we propose SuperCall, a new function call interface for a PAL to safely and efficiently call external untrusted code in both the kernel and user spaces. It not only allows flexible interactions between a PAL and untrusted environments, but also improved the utilization of resources, without compromising the security of the PAL. We have implemented SuperCall on top of a tiny hypervisor. To demonstrate and evaluate SuperCall, we use it to build a PAL as part of a password checking program. The experiment results show that SuperCall improves the development efficiency and incurs insignificant performance overhead. ? Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015.; EI; 193-211; 164 |
语种 | 中文 |
出处 | 11th International Conference Security and Privacy in Communication Networks, SecureComm 2015 |
DOI标识 | 10.1007/978-3-319-28865-9_11 |
内容类型 | 其他 |
源URL | [http://ir.pku.edu.cn/handle/20.500.11897/436851] ![]() |
专题 | 软件与微电子学院 |
推荐引用方式 GB/T 7714 | Cheng, Yueqiang,Li, Qing,Yu, Miao,et al. SuperCall: A secure interface for isolated execution environment to dynamically use external services. 2015-01-01. |
个性服务 |
查看访问统计 |
相关权益政策 |
暂无数据 |
收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论