SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services

Author

Yueqiang CHENG
Qing LI
Miao YU
Xuhua DING, Singapore Management UniversityFollow
Qingni SHEN

Publication Type

Conference Proceeding Article

Publication Date

1-2016

Abstract

Recent years have seen many virtualization-based Isolated Execution Environments (IEE) proposed in the literature to protect a Piece of Application Logic (PAL) against attacks from an untrusted guest kernel. A prerequisite of these IEE system is that the PAL is small and self-contained. Therefore, a PAL is deprived of channels to interact with the external execution environment including the kernel and application libraries. As a result, the PAL can only perform limited tasks such as memory-resident computation with inflexible utilization of system resources. To protect more sophisticated tasks, the application developer has to segment it into numerous PALs satisfying the IEE prerequisite, which inevitably lead to development inefficiency and more erroneous code. In this paper, we propose SuperCall, a new function call interface for a PAL to safely and efficiently call external untrusted code in both the kernel and user spaces. It not only allows flexible interactions between a PAL and untrusted environments, but also improved the utilization of resources, without compromising the security of the PAL. We have implemented SuperCall on top of a tiny hypervisor. To demonstrate and evaluate SuperCall, we use it to build a PAL as part of a password checking program. The experiment results show that SuperCall improves the development efficiency and incurs insignificant performance overhead.

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Proceedings of the 11th EAI International Conference on Security and Privacy in Communication Networks.

Volume

164

First Page

193

Last Page

211

ISBN

9783319288642

Identifier

10.1007/978-3-319-28865-9_11

Publisher

Springer International Publishing

City or Country

Dallas, United States

Citation

CHENG, Yueqiang; LI, Qing; YU, Miao; DING, Xuhua; and SHEN, Qingni. SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services. (2016). Proceedings of the 11th EAI International Conference on Security and Privacy in Communication Networks.. 164, 193-211.
Available at: https://ink.library.smu.edu.sg/sis_research/3152

Additional URL

http://link.springer.com/chapter/10.1007%2F978-3-319-28865-9_11