Publication Type

Conference Proceeding Article

Publication Date

6-2017

Abstract

Virtualization based memory isolation has beenwidely used as a security primitive in many security systems.This paper firstly provides an in-depth analysis of itseffectiveness in the multicore setting; a first in the literature.Our study reveals that memory isolation by itself is inadequatefor security. Due to the fundamental design choices inhardware, it faces several challenging issues including pagetable maintenance, address mapping validation and threadidentification. As demonstrated by our attacks implementedon XMHF and BitVisor, these issues undermine the security ofmemory isolation. Next, we propose a new isolation approachthat is immune to the aforementioned problems. In our design,the hypervisor constructs a fully isolated micro computingenvironment (FIMCE) that exposes a minimal attack surfaceto an untrusted OS on a multicore platform. By virtue ofits architectural niche, FIMCE offers stronger assurance andgreater versatility than memory isolation. We have built aprototype of FIMCE and measured its performance. To showthe benefits of using FIMCE as a building block, we have alsoimplemented several practical applications which cannot besecurely realized by using memory isolation alone.

Keywords

android, call graph, dependency, information retrieval, program analysis, program comprehension

Discipline

Computer Engineering | Databases and Information Systems

Research Areas

Cybersecurity

Publication

Proceeding on the 2nd IEEE European Symposium on Security and Privacy (EuroS&P), UPMC Campus JussieuParis, France, 2017 April 26-28

Identifier

10.1109/EuroSP.2017.25

Publisher

IEEE

City or Country

France

Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Additional URL

http://doi.org./10.1016/j.econlet.2017.05.002

Share

COinS