2021
DOI: 10.1007/s11432-019-2707-6
|View full text |Cite
|
Sign up to set email alerts
|

TZ-Container: protecting container from untrusted OS with ARM TrustZone

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
3
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
4
2
2

Relationship

0
8

Authors

Journals

citations
Cited by 13 publications
(3 citation statements)
references
References 23 publications
0
3
0
Order By: Relevance
“…Hardware-based isolation. Recent work [29], [44], [45], [46], [47], [48], [49] explores new hardware to implement additional isolation for containers. SCONE [44] and ARMlock [47] place the container inside trusted execution domain based on the Intel SGX and ARM TrustZone.…”
Section: Related Workmentioning
confidence: 99%
“…Hardware-based isolation. Recent work [29], [44], [45], [46], [47], [48], [49] explores new hardware to implement additional isolation for containers. SCONE [44] and ARMlock [47] place the container inside trusted execution domain based on the Intel SGX and ARM TrustZone.…”
Section: Related Workmentioning
confidence: 99%
“…Arm confidential computing. Studies [32], [44], [48], [53], [75] have leveraged Arm TrustZone to simulate confidential computing environments in normal world and secure world. However, these security features are vulnerable to the secure world attacker [35] and new yet-unrealized adversaries in Arm CCA.…”
Section: Related Workmentioning
confidence: 99%
“…Instead of adapting the entire driver into LDR, we imagine that such driver be divided into cooperative modules and only the security-critical modules such as resource manager be adapted into LDR while leaving modules responsible for user interaction and task scheduling inside the NW Linux kernel. In fact, such design choices have been investigated among GPUs [61], NICs [62] and even middlewares like VMM [63], container managers [64], etc. Considering the security-critical modules are more selfcontained, LDR can provide excellent runtime environment for these security-critical modules.…”
Section: B Ldr With More Complex Devicesmentioning
confidence: 99%