Name
Abstract | ||
|---|---|---|
Ensuring the correctness of security sensitive application running on a potentially malicious operating system is an open problem. Existing approaches for protecting a sensitive process are either losing deployment transparency or lack of the inter-process communication ability for the protected process. In this paper, we present a novel approach called shadow process execution (SPE), which can provide security sensitive applications with executing integrity. With the help of virtualization layer, SPE shadows the sensitive application in a separate virtual machine (VM), which significantly removes the complex and potentially malicious software stack from trusted computing base (TCB). At the same time, SPE maintains dynamic runtime protection without application source code. Finally we demonstrate the feasibility of SPE by designing and implementing a prototype system based on KVM hypervisor. And we show the transparent and dynamic feature of SPE by running and protecting a real world encryption utility program. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1109/COMPSACW.2013.38 | COMPSAC Workshops |
Keywords | Field | DocType |
transparent and dynamic protection,shadow process execution,real world encryption utility program,transparent security-sensitive process protection,application security,protected process,cryptography,application source code,spe shadow,virtual machine,trusted computing base,dynamic feature,virtualization layer,virtual machines,security sensitive application,operating systems (computers),transparent security sensitive process protection,sensitive process,interprocess communication ability,sensitive application,virtualisation,malicious operating system,virtualization,kvm hypervisor,dynamic runtime protection,vmm-based process,spe shadows,vmm based process shadowing,malicious software stack,kernel,process control,security,linux | Virtualization,Virtual machine,Application security,Computer science,Hypervisor,Real-time computing,Encryption,Full virtualization,Malware,Trusted computing base,Operating system,Embedded system | Conference |
Citations | PageRank | References |
0 | 0.34 | 12 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Xiaoguang Wang | 1 | 44 | 5.58 |
| Yong Qi | 2 | 610 | 59.72 |
| Yuehua Dai | 3 | 200 | 14.61 |
| Jianbao Ren | 4 | 23 | 4.17 |