Title
SecureME: a hardware-software approach to full system security
Abstract
With computing increasingly becoming more dispersed, relying on mobile devices, distributed computing, cloud computing, etc. there is an increasing threat from adversaries obtaining physical access to some of the computer systems through theft or security breaches. With such an untrusted computing node, a key challenge is how to provide secure computing environment where we provide privacy and integrity for data and code of the application. We propose SecureME, a hardware-software mechanism that provides such a secure computing environment. SecureME protects an application from hardware attacks by using a secure processor substrate, and also from the Operating System (OS) through memory cloaking, permission paging, and system call protection. Memory cloaking hides data from the OS but allows the OS to perform regular virtual memory management functions, such as page initialization, copying, and swapping. Permission paging extends the OS paging mechanism to provide a secure way for two applications to establish shared pages for inter-process communication. Finally, system call protection applies spatio-temporal protection for arguments that are passed between the application and the OS. Based on our performance evaluation using microbenchmarks, single-program workloads, and multiprogrammed workloads, we found that SecureME only adds a small execution time overhead compared to a fully unprotected system. Roughly half of the overheads are contributed by the secure processor substrate. SecureME also incurs a negligible additional storage overhead over the secure processor substrate.
Year
DOI
Venue
2011
10.1145/1995896.1995914
I4CS
Keywords
Field
DocType
computer system,secure processor substrate,os paging mechanism,cloud computing,system call protection,hardware-software approach,permission paging,secure computing environment,regular virtual memory management,memory cloaking,full system security,untrusted computing node,secure computation,operating systems,distributed computing,system security,operating system,inter process communication,cloaking,security,virtual memory,mobile device
Permission,Cloaking,Computer science,Computer security,Real-time computing,System call,Overhead (business),Parallel computing,Mobile device,Paging,Initialization,Operating system,Cloud computing
Conference
Citations 
PageRank 
References 
44
1.29
25
Authors
4
Name
Order
Citations
PageRank
Siddhartha Chhabra11967.93
Brian Rogers21757.24
Yan Solihin32057111.56
Milos Prvulovic492654.94