【 摘 要 】

Commodity operating systems are entrusted with providing security tothe applications we use everyday, and yet they suffer from the samesecurity vulnerabilities as user-space applications: they aresusceptible to memory safety attacks such as buffer overflows, andthey can be tricked into dynamically loading malicious code.Worseyet, commodity operating system kernels are highly privileged; exploitationof the kernel results in compromise of all applications on the system.This work describes the Secure Virtual Architecture (SVA): a compiler-basedvirtual machine placed between the software stack and the hardware thatcan enforce strong security policies on commodity application andoperating system kernel code.This work describes how SVA abstractshardware/software interactions and program state manipulation so that compilerinstrumentation can be used to control these operations, and it showshow SVA can be used to protect both the operating system kernel andapplications from attack.Specifically, this work shows how SVA canprotect operating system kernels from memory safetyattacks; it also shows how SVA prevents a compromised operatingsystem kernel from adversely affecting the execution of trustedapplications by providing application memory that the operating system kernelcannot read and write and secure application control flow that theoperating system cannot corrupt.

【 预 览 】

附件列表

Files	Size	Format	View
Secure virtual architecture: security for commodity software systems	2774KB	PDF	download