Publication Type

Journal Article

Version

acceptedVersion

Publication Date

6-2018

Abstract

Virtualization-based memory isolation has been widely used as a security primitive in various security systems to counter kernel-level attacks. In this article, our in-depth analysis on this primitive shows that its security is significantly undermined in the multicore setting when other hardware resources for computing are not enclosed within the isolation boundary. We thus propose to construct a fully isolated micro-computing environment (FIMCE) as a new primitive. By virtue of its architectural niche, FIMCE not only offers stronger security assurance than its predecessor, but also features a flexible and composable environment with support for peripheral device isolation, thus greatly expanding the scope of applications. In addition, FIMCE can be integrated with recent technologies such as Intel Software Guard Extensions (SGX) to attain even stronger security guarantees. We have built a prototype of FIMCE with a bare-metal hypervisor. To show the benefits of using FIMCE as a building block, we have also implemented four applications which are difficult to construct using the existing memory isolation method. Experiments with these applications demonstrate that FIMCE imposes less than 1% overhead on single-threaded applications, while the maximum performance loss on multithreaded applications is bounded by the degree of parallelism at the processor level.

Keywords

Virtualization, isolation, multicore platform, hypervisor

Discipline

Information Security

Research Areas

Cybersecurity

Publication

ACM Transactions on Information and System Security

Volume

21

Issue

3

First Page

15:1

Last Page

30

ISSN

1094-9224

Identifier

10.1145/3195181

Publisher

Association for Computing Machinery (ACM)

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1145/3195181

Share

COinS