Lightweight kernel isolation with virtualization and VM functions

Narayanan, Vikram; Huang, Yongzhe; Tan, Gang; Jaeger, Trent; Burtsev, Anton

doi:10.1145/3381052.3381328

Cited by 23 publications

(1 citation statement)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Isolation based on an operating system kernel is one of the most reliable and depends on the OS kernel's security. The OS kernel provides the primary isolation between the applications running on top [62]. Hardware-based isolation is provided by the processors or special devices that work with the processor.…”

Section: Isolation Techniques In 5g Areasmentioning

confidence: 99%

State-of-the-Art and New Challenges in 5G Networks with Blockchain Technology

Onopa,

Kotulski

2024

Electronics

View full text Add to dashboard Cite

As mobile communications transform, 5G technology can potentially change many industries and businesses. The change will have a great influence across many fields, such as the automotive, healthcare, and manufacturing sectors. This paper aims to review the existing applications of blockchain technology in providing 5G network security and identify new possibilities for such security solutions. We consider different aspects of blockchain in 5G, particularly data transmission, access control, and applications including vertical industry-oriented applications and specific solutions supporting such sectors of economic activity. The paper briefly describes modern technologies in 5G networks and introduces blockchain’s properties and different aspects of using such technology in practical applications. It also presents access control management with blockchain applied in 5G and related problems, reviews other blockchain-enforced network technologies, and shows how blockchain can help in services dedicated to vertical industries. Finally, it presents our vision of new blockchain applications in modern 5G networks and beyond. The new-generation networks use two fundamental technologies, slicing and virtualization, and attackers attempt to execute new types of attacks on them. In the paper, we discuss one of the possible scenarios exhibiting the shortcomings of the slicing technology architecture. We propose using blockchain technology to create new slices and to connect new or existing subscribers to slices in the 5G core network. Blockchain technology should solve these architectural shortcomings.

show abstract

Section: Isolation Techniques In 5g Areasmentioning

confidence: 99%

State-of-the-Art and New Challenges in 5G Networks with Blockchain Technology

Onopa,

Kotulski

2024

Electronics

View full text Add to dashboard Cite

show abstract

ABSLearn: a GNN-based framework for aliasing and buffer-size information retrieval

Liang

Tan

Zeng

et al. 2023

Pattern Anal Applic

View full text Add to dashboard Cite

Mitigation of privilege escalation attack using kernel data relocation mechanism

Kuzuno,

Yamauchi

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Kernel memory corruption, which leads to a privilege escalation attack, has been reported as a security threat to operating systems. To mitigate privilege escalation attacks, several security mechanisms are proposed. Kernel address space layout randomization randomizes kernel code and data virtual address layout on the kernel memory. Privileged information protection methods monitor and restore illegal privilege modifications. Therefore, if an adversary identifies the kernel data containing privileged information, an adversary can achieve the privilege escalation in a running kernel. This paper proposes a kernel data relocation mechanism (KDRM) that dynamically relocates privileged information in the running kernel to mitigate privilege escalation attacks. The KDRM introduces the relocation-only page into the kernel. The relocation-only page allows the virtual address of the privileged information to change by dynamically relocating for the user process. One of the relocation-only pages is randomly selected to store the privileged information at the system call invocations. The evaluation results indicate the possibility of mitigating privilege escalation attacks through direct memory overwriting by user processes on Linux with KDRM. The KDRM showed an acceptable performance cost. The overhead of a system call was up to 11.52%, and the kernel performance score was 0.11%.

show abstract

Lightweight kernel isolation with virtualization and VM functions

Cited by 23 publications

References 41 publications

State-of-the-Art and New Challenges in 5G Networks with Blockchain Technology

State-of-the-Art and New Challenges in 5G Networks with Blockchain Technology

ABSLearn: a GNN-based framework for aliasing and buffer-size information retrieval

Mitigation of privilege escalation attack using kernel data relocation mechanism

Contact Info

Product

Resources

About