research-article

INVISIOS: A Lightweight, Minimally Intrusive Secure Execution Environment

Authors:

Anand Raghunathan,

Niraj K. JhaAuthors Info & Claims

ACM Transactions on Embedded Computing Systems (TECS), Volume 11, Issue 3

Article No.: 60, Pages 1 - 20

https://doi.org/10.1145/2345770.2345772

Published: 01 September 2012 Publication History

Abstract

Many information security attacks exploit vulnerabilities in “trusted” and privileged software executing on the system, such as the operating system (OS). On the other hand, most security mechanisms provide no immunity to security-critical user applications if vulnerabilities are present in the underlying OS. While technologies have been proposed that facilitate isolation of security-critical software, they require either significant computational resources and are hence not applicable to many resource-constrained embedded systems, or necessitate extensive redesign of the underlying processors and hardware.

In this work, we propose INVISIOS: a lightweight, minimally intrusive hardware-software architecture to make the execution of security-critical software invisible to the OS, and hence protected from its vulnerabilities. The INVISIOS software architecture encapsulates the security-critical software into a self-contained software module. While this module is part of the kernel and is run with kernel-level privileges, its code, data, and execution are transparent to and protected from the rest of the kernel. The INVISIOS hardware architecture consists of simple add-on hardware components that are responsible for bootstrapping the secure core, ensuring that it is exercised by applications in only permitted ways, and enforcing the isolation of its code and data. We implemented INVISIOS by enhancing a full-system emulator and Linux to model the proposed software and hardware enhancements, and applied it to protect a commercial cryptographic library. Our experiments demonstrate that INVISIOS is capable of facilitating secure execution at very small overheads, making it suitable for resource-constrained embedded systems and systems-on-chip.

References

[1]

Aaraj, N., Raghunathan, A., and Jha, N. K. 2008. Virtualization-based framework for malware defense. In Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment. 64--87.

Digital Library

[2]

ARM. 2004. ARM TrustZone technology overview. http://www.arm.com/products/processors/technologies/trustzone.php.

[3]

Arora, D., Ravi, S., Raghunathan, A., and Jha, N. K. 2005. Secure embedded processing through hardware-assisted run-time monitoring. In Proceedings of the Conference on Design, Automation and Test in Europe. 178--183.

Digital Library

[4]

Atallah, M. J. and Jiangtao, L. 2003. Enhanced smart-card based license management. In Proceedings of the IEEE International Conference on E-Commerce. 111--119.

[5]

Brumley, D. and Song, D. 2004. Privtrans: Automatically partitioning programs for privilege separation. In Proceedings of the USENIX Security Symposium. 57--72.

Digital Library

[6]

Budiu, M., Erlingsson, U., and Abadi, M. 2006. Architectural support for software-based protection. In Proceedings of the Workshop on Architectural and System Support for Improving Software Dependability. 42--51.

Digital Library

[7]

Chen, X., Garfinkel, T., Lewis, E. C., Subrahmanyam, P., Waldspurger, C. A., Boneh, D., Dwoskin, J., and Ports, D. R. K. 2008. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems. 2--13.

Digital Library

[8]

Coburn, J., Ravi, S., Raghunathan, A., and Chakradhar, S. 2005. Seca: Security-enhanced communication architecture. In Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems. 78--89.

Digital Library

[9]

Dyer, J. G., Lindemann, M., Perez, R., Sailer, R., van Doorn, L., and Smith, S. W. 2001. Building the IBM 4758 secure coprocessor. IEEE Computer 34, 57--66.

Digital Library

[10]

FIPS186. Federal information processing standards publication 186-2.

[11]

Hennessy, J. and Patterson, D. 2003. Computer Architecture: A Quantitative Approach. Morgan Kaufmann, 445--447.

Digital Library

[12]

Kirovski, D., Drinić, M., and Potkonjak, M. 2002. Enabling trusted software integrity. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems. 108--120.

Digital Library

[13]

Lee, R. B., Kwan, P. C. S., McGregor, J. P., Dwoskin, J., and Wang, Z. 2005. Architecture for protecting critical secrets in microprocessors. In Proceedings of the International Symposium on Computer Architecture. 2--13.

Digital Library

[14]

Lie, D., Thekkath, C. A., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J. C., and Horowitz, M. 2000. Architectural support for copy and tamper resistant software. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems. 168--177.

Digital Library

[15]

LT. 2006. Lagrande technology preliminary architecture specification. Intel Publication no. D52212, May 2006.

[16]

McCune, J., Parno, B., Perrig, A., Reiter, M., and Seshadri, A. 2007. Minimal TCB code execution. In Proceedings of the International Symposium on Security and Privacy. 267--272.

Digital Library

[17]

McCune, J., Parno, B., Perrig, A., Reiter, M. K., and Isozaki, H. 2008. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the ACM European Conference on Computer Systems. 315--328.

Digital Library

[18]

McGregor, J. P., Karig, D. K., Shi, Z., and Lee, R. B. 2003. A processor architecture defense against buffer overflow attacks. In Proceedings of the International Conference on Information Technology: Research and Education. 243--250.

[19]

Newsome, J. and Song, D. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed System Security Symposium. 181--195.

[20]

Potlapally, N. R., Raghunathan, A., Ravi, S., Jha, N. K., and Lee, R. B. 2006. Satisfiability-based framework for enabling side-channel attacks on cryptographic software. In Proceedings of the Conference on Design, Automation and Test in Europe. 18--23.

Digital Library

[21]

QEMU. QEMU open source processor emulator. http://wiki.qemu.org/MainPage.

[22]

Sailer, R., Zhang, X., Jaeger, T., and Doom, L. V. 2004. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the USENIX Security Symposium. 223--238.

Digital Library

[23]

Schneier, B. 1996. Applied Cryptography: Protocols, Algorithms and Source Code in C. John Wiley and Sons.

Digital Library

[24]

Smith, S. W. and Weingart, S. 1999. Building a high-performance, programmable secure coprocessor. Comput. Netw. 31, 9, 831--860.

Digital Library

[25]

Stallings, W. 1998. Cryptography and Network Security: Principles and Practice. Prentice Hall.

Digital Library

[26]

Suh, G. E., Clarke, D., Gassend, B., van Dijk, M., and Devadas, S. 2003. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of the International Conference on Supercomputing. 160--171.

Digital Library

[27]

Suh, G. E., Lee, J., and Devadas, S. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems. 85--96.

Digital Library

[28]

Ta-Min, R., Litty, L., and Lie, D. 2006. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation. 279--292.

Digital Library

[29]

Zhang, T., Zhuang, X., Pande, S., and Lee, W. 2005. Anomalous path detection with hardware support. In Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems. 43--54.

Digital Library

Cited By

Li QSandhu RZhang XXu M(2017)Mandatory Content Access Control for Privacy Protection in Information Centric NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2015.249404914:5(494-506)Online publication date: 1-Sep-2017
https://doi.org/10.1109/TDSC.2015.2494049

Index Terms

INVISIOS: A Lightweight, Minimally Intrusive Secure Execution Environment
1. Computer systems organization
  1. Embedded and cyber-physical systems
  2. Real-time systems

Recommendations

A secure virtual execution environment for untrusted code
ICISC'07: Proceedings of the 10th international conference on Information security and cryptology

This paper proposes a Secure Virtual Execution Environment called Pollux for untrusted code. Pollux achieves both the OS isolation and the functionality benefits provided by the isolated untrusted applications. It accomplishes the OS isolation by ...
SGXIO: Generic Trusted I/O Path for Intel SGX
CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy

Application security traditionally strongly relies upon security of the underlying operating system. However, operating systems often fall victim to software attacks, compromising security of applications as well. To overcome this dependency, Intel SGX ...
A Novel Approach for Untrusted Code Execution
Information and Communications Security
Abstract
In this paper, we present a new approach called Secure Virtual Execution Environment (SVEE) which enables users to “try out” untrusted software without the fear of damaging the system in any manner. A key feature of SVEE is that it implements the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems

ACM Transactions on Embedded Computing Systems Volume 11, Issue 3

September 2012

274 pages

ISSN:1539-9087

EISSN:1558-3465

DOI:10.1145/2345770

Issue’s Table of Contents

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 01 September 2012

Accepted: 01 December 2010

Revised: 01 May 2010

Received: 01 December 2009

Published in TECS Volume 11, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Division of Computer and Network Systems

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
359
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)1

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li QSandhu RZhang XXu M(2017)Mandatory Content Access Control for Privacy Protection in Information Centric NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2015.249404914:5(494-506)Online publication date: 1-Sep-2017
https://doi.org/10.1109/TDSC.2015.2494049

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents