{"title":"虚拟化平台上商品软件的增强权限分离","authors":"Mingyuan Xia, Miao Yu, Qian Lin, Zhengwei Qi, Haibing Guan","doi":"10.1109/ICPADS.2010.96","DOIUrl":null,"url":null,"abstract":"Conventional privilege separation can effectively reduce the TCB size by granting privilege to only the privileged compartments. However, since they this approach relies on process isolation to ensure security assurance, malware exploiting against kernel components can easily compromise. Meanwhile, the frequent inter-process communications between separated processes inevitably incur notable overhead. To ameliorate these problems, we propose to perform privilege separation without partitioning application into two processes. Instead, we leverage virtualization to enforce the isolation of sensitive portions from other untrusted code. The virtual machine monitor intercepts all the code context switches transparently without requiring the application to explicitly use IPC as privilege context transition. We have implemented a prototype of our system, named Coir, based on commodity hyper visor Xen. Evaluation of our prototype includes a real-world remote control application, which is partitioned and protected in \\oir-enabled hyper visor on unmodified Windows XP. We discuss the isolation strength as well as the performance penalty of our system based on the practical case.","PeriodicalId":365914,"journal":{"name":"2010 IEEE 16th International Conference on Parallel and Distributed Systems","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Enhanced Privilege Separation for Commodity Software on Virtualized Platform\",\"authors\":\"Mingyuan Xia, Miao Yu, Qian Lin, Zhengwei Qi, Haibing Guan\",\"doi\":\"10.1109/ICPADS.2010.96\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Conventional privilege separation can effectively reduce the TCB size by granting privilege to only the privileged compartments. However, since they this approach relies on process isolation to ensure security assurance, malware exploiting against kernel components can easily compromise. Meanwhile, the frequent inter-process communications between separated processes inevitably incur notable overhead. To ameliorate these problems, we propose to perform privilege separation without partitioning application into two processes. Instead, we leverage virtualization to enforce the isolation of sensitive portions from other untrusted code. The virtual machine monitor intercepts all the code context switches transparently without requiring the application to explicitly use IPC as privilege context transition. We have implemented a prototype of our system, named Coir, based on commodity hyper visor Xen. Evaluation of our prototype includes a real-world remote control application, which is partitioned and protected in \\\\oir-enabled hyper visor on unmodified Windows XP. We discuss the isolation strength as well as the performance penalty of our system based on the practical case.\",\"PeriodicalId\":365914,\"journal\":{\"name\":\"2010 IEEE 16th International Conference on Parallel and Distributed Systems\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-12-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE 16th International Conference on Parallel and Distributed Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICPADS.2010.96\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE 16th International Conference on Parallel and Distributed Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICPADS.2010.96","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Enhanced Privilege Separation for Commodity Software on Virtualized Platform
Conventional privilege separation can effectively reduce the TCB size by granting privilege to only the privileged compartments. However, since they this approach relies on process isolation to ensure security assurance, malware exploiting against kernel components can easily compromise. Meanwhile, the frequent inter-process communications between separated processes inevitably incur notable overhead. To ameliorate these problems, we propose to perform privilege separation without partitioning application into two processes. Instead, we leverage virtualization to enforce the isolation of sensitive portions from other untrusted code. The virtual machine monitor intercepts all the code context switches transparently without requiring the application to explicitly use IPC as privilege context transition. We have implemented a prototype of our system, named Coir, based on commodity hyper visor Xen. Evaluation of our prototype includes a real-world remote control application, which is partitioned and protected in \oir-enabled hyper visor on unmodified Windows XP. We discuss the isolation strength as well as the performance penalty of our system based on the practical case.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
