Scalable architectural support for trusted software

Champagne, David; Lee, Ruby B.

doi:10.1109/hpca.2010.5416657

Cited by 144 publications

(117 citation statements)

References 24 publications

(39 reference statements)

Supporting

Mentioning

115

Contrasting

Order By: Relevance

“…This is consistent with the assumptions made by recent works such as HyperWall [53] and H-SVM [48]. We also note that if the physical memory is assumed to be untrusted, our proposal can be adjusted to that threat model by adding well-known techniques for memory integrity verification and encryption [51,8,10] to our design.…”

Section: Threat Model and Assumptionssupporting

confidence: 66%

See 1 more Smart Citation

A Non-Inclusive Memory Permissions architecture for protection against cross-layer attacks

Elwell

Riley

Abu-Ghazaleh

et al. 2014

2014 IEEE 20th International Symposium on High Performance Computer Architecture (HPCA)

View full text Add to dashboard Cite

Protecting modern computer systems and complex software stacks against the growing range of possible attacks is becoming increasingly difficult. The architecture of modern commodity systems allows attackers to subvert privileged system software often using a single exploit. Once the system is compromised, inclusive permissions used by current architectures and operating systems easily allow a compromised high-privileged software layer to perform arbitrary malicious activities, even on behalf of other software layers.This paper presents a hardware-supported page permission scheme for the physical pages that is based on the concept of non-inclusive sets of memory permissions for different layers of system software such as hypervisors, operating systems, and user-level applications. Instead of viewing privilege levels as an ordered hierarchy with each successive level being more privileged, we view them as distinct levels each with its own set of permissions. Such a permission mechanism, implemented as part of a processor architecture, provides a common framework for defending against a range of recent attacks. We demonstrate that such a protection can be achieved with negligible performance overhead, low hardware complexity and minimal changes to the commodity OS and hypervisor code.

show abstract

Section: Threat Model and Assumptionssupporting

confidence: 66%

“…NIMP, in contrast, does not rely on any software layers to be secure. Bastion [8] provides hardware-supported compartments to support secure execution environment for software modules. However, Bastion still relies on the security of the modified hypervisor to accomplish these goals.…”

Section: Hardware-supported Approachesmentioning

confidence: 99%

A Non-Inclusive Memory Permissions architecture for protection against cross-layer attacks

Elwell

Riley

Abu-Ghazaleh

et al. 2014

2014 IEEE 20th International Symposium on High Performance Computer Architecture (HPCA)

View full text Add to dashboard Cite

show abstract

“…Another approach is to employ some existing hardware-assisted isolated execution solutions such as Iso-X [27] or Bastion [33]. This approach has two advantages.…”

Section: Smc Allocationmentioning

confidence: 99%

“…Relying on a permanent private key inside the processor simply restricts the portability of trust from one device to another. Secret-Protected (SP) architecture [26] and Bastion [33] focus on the management of keys. They…”

Section: Secure Processormentioning

confidence: 99%

See 1 more Smart Citation

A novel architecture for secure database processing in cloud computing

Chen¹

View full text Add to dashboard Cite

Security, particularly data privacy, is one of the biggest barriers to the adoption of Database-as-a-Service (DBaaS) in Cloud Computing. Recent security breaches demonstrate that a more powerful protection mechanism is needed to protect data confidentiality from any honest-but-curious administrator. Typical prior e ort on addressing this security problem is either prohibitively slow or highly restrictive in operation.In this thesis, a novel cloud system architecture CypherDB, which makes use of a secure processor, is proposed to protect the confidentiality of outsourced database processing. To achieve this, a framework is developed to use these secure processors in the cloud for secure database processing. This framework allows distributed and parallel processing of the encrypted data and exhibits virtualization features in Cloud Computing. The CypherDB architecture also relies on two major components to protect the privacy of an outsourced database against any honest-but-curious administrator of high performance.Firstly, a novel database encryption scheme is developed to protect the outsourced database which can be executed under a CypherDB secure processor with high performance. Our proposed scheme makes use of custom instructions to hide the encryption latency from the program execution. This scheme is extensively validated through an integration with SQLite, a practical database application program.Secondly, a novel secure processor architecture is also developed to provide architectural support to our proposed database encryption scheme and e cient protection mechanism to secure all intermediate data generated onthe-fly during query execution. The e ciency, robustness and the cost of our novel processor architecture are validated and evaluated through extensive simulations and implementation on a FPGA platform.

show abstract

Hardware-Enhanced Security for Cloud Computing

Szefer

Lee

2013

Secure Cloud Computing

View full text Add to dashboard Cite

Scalable architectural support for trusted software

Cited by 144 publications

References 24 publications

A Non-Inclusive Memory Permissions architecture for protection against cross-layer attacks

A Non-Inclusive Memory Permissions architecture for protection against cross-layer attacks

A novel architecture for secure database processing in cloud computing

Hardware-Enhanced Security for Cloud Computing

Contact Info

Product

Resources

About