Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

4-2017

Abstract

Virtualization based memory isolation has beenwidely used as a security primitive in many security systems.This paper firstly provides an in-depth analysis of itseffectiveness in the multicore setting; a first in the literature.Our study reveals that memory isolation by itself is inadequatefor security. Due to the fundamental design choices inhardware, it faces several challenging issues including pagetable maintenance, address mapping validation and threadidentification. As demonstrated by our attacks implementedon XMHF and BitVisor, these issues undermine the security ofmemory isolation. Next, we propose a new isolation approachthat is immune to the aforementioned problems. In our design,the hypervisor constructs a fully isolated micro computingenvironment (FIMCE) that exposes a minimal attack surfaceto an untrusted OS on a multicore platform. By virtue ofits architectural niche, FIMCE offers stronger assurance andgreater versatility than memory isolation. We have built aprototype of FIMCE and measured its performance. To showthe benefits of using FIMCE as a building block, we have alsoimplemented several practical applications which cannot besecurely realized by using memory isolation alone.

Keywords

android, call graph, dependency, information retrieval, program analysis, program comprehension

Discipline

Databases and Information Systems | Information Security

Research Areas

Cybersecurity

Publication

2nd IEEE European Symposium on Security and Privacy EuroS&P 2017: Proceedings: Paris, 26-28 April

First Page

546

Last Page

560

ISBN

9781509057627

Identifier

10.1109/EuroSP.2017.25

Publisher

IEEE

City or Country

Piscataway, NJ

Additional URL

https://doi.org/10.1109/EuroSP.2017.25

Download

Share

COinS