Abstract
Sego is a hypervisor-based system that gives strong privacy and integrity guarantees to trusted applications, even when the guest operating system is compromised or hostile. Sego verifies operating system services, like the file system, instead of replacing them. By associating trusted metadata with user data across all system devices, Sego verifies system services more efficiently than previous systems, especially services that depend on data contents. We extensively evaluate Sego's performance on real workloads and implement a kernel fault injector to validate Sego's file system-agnostic crash consistency and recovery protocol.
- DokuWiki. https://www.dokuwiki.org/.Google Scholar
- HPC Graph Analysis. http://www.graphanalysis.org/benchmark/.Google Scholar
- Intel Trusted Execution Technology. http://www.intel.com/technology/security/.Google Scholar
- OpenLDAP. http://www.openldap.org/.Google Scholar
- Intel SHA Extensions, 2013. https://software.intel.com/en-us/articles/intel-sha-extensions.Google Scholar
- AES-GCM Encryption Performance on Intel Xeon E5 v3 Processors, 2015. https://software.intel.com/en-us/articles/aes-gcm-encryption-performance-on-intel-xeon-e5-v3-processors.Google Scholar
- AES-NI SSL performance, 2015. https://calomel.org/aesni_ssl_performance.html.Google Scholar
- FlashArray//m Technical Specs, 2015. http://www.purestorage.com/products/technical-specifications/.Google Scholar
- Samsung V-NAND SSD, 2015. http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/ssd850pro/specifications.html.Google Scholar
- Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee, and Daniel Starin. Persona: an online social network with user-defined privacy. In SIGCOMM, 2009.Google Scholar
Digital Library
- Andrew Baumann, Marcus Peinado, and Galen Hunt. Shielding applications from an untrusted cloud with haven. In OSDI, 2014.Google Scholar
Digital Library
- Stephen Checkoway and Hovav Shacham. Iago attacks: Why the system call API is a bad untrusted RPC interface. In ASPLOS, March 2013.Google Scholar
Digital Library
- Peter M. Chen, Wee Teck Ng, Subhachandra Chandra, Christopher Aycock, and David Rajamani, Gurushankarand Lowell. The rio file cache: Surviving operating system crashes. In ASPLOS, pages 74--83, 1996.Google Scholar
Digital Library
- Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffery Dwoskin, and Dan R. K. Ports. Overshadow: A virtualization- based approach to retrofitting protection in commodity operating systems. In ASPLOS, May 2008.Google Scholar
Digital Library
- Andy Chou, Junfeng Yang, Benjamin Chelf, Seth Hallem, and Dawson Engler. An empirical study of operating systems errors. In SOSP, pages 73--88, 2001.Google Scholar
Digital Library
- John Criswell. Secure virtual architecture: security for commodity software systems. PhD thesis, University of Illinois at Urbana-Champaign, 2014.Google Scholar
- John Criswell, Nathan Dautenhahn, and Vikram Adve. Virtual Ghost: Protecting Applications from Hostile Operating Systems. In ASPLOS, 2014.Google Scholar
Digital Library
- Tim Dierks and Eric Rescorla. RFC 5246: The Transport Layer Security (TLS) Protocol: Version 1.2. http://tools.ietf.org/html/rfc5246, 2008.Google Scholar
- Jaeyoung Do, Yang-Suk Kee, Jignesh M. Patel, Chanik Park, Kwanghyun Park, and David J. DeWitt. Query processing on smart ssds: Opportunities and challenges. In ACM International Conference on Management of Data (SIGMOD), 2013.Google Scholar
- Morris Dworkin. NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf, 2007.Google Scholar
- Frank Ch. Eigler. Problem solving with systemtap. In The Ottawa Linux Symposium, pages 261--268, 2006.Google Scholar
- Ariel J Feldman, Aaron Blankstein, Michael J Freedman, and Edward W Felten. Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider. In USENIX Security, 2012.Google Scholar
- Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. InkTag: Secure Applications on an Untrusted Operating System. In ASPLOS, 2013.Google Scholar
Digital Library
- Intel Corporation. Software Guard Extensions Programming Reference, 2015. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf.Google Scholar
- Yanlin Li, Adrian Perrig, Jonathan McCune, James Newsome, Brandon Baker, and Will Drewry. MiniBox: A two-way sandbox for x86 native code. Technical Report CMU-CyLab-14-001, CyLab, Carnegia Mellon University, 2014.Google Scholar
- Lanyue Lu, Andrea C Arpaci-Dusseau, Remzi H Arpaci-Dusseau, and Shan Lu. A study of linux file system evolution. In FAST, pages 31--44, 2013.Google Scholar
- Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE S&P, May 2010.Google Scholar
- Gil Neiger, Amy Santoni, Felix Leung, Dion Rodgers, and Rich Uhlig. Intel virtualization technology: Hardware support for efficient processor virtualization. In Intel Technology Journal, volume 10, 2006.Google Scholar
Cross Ref
- Nicolas Palix, Gael Thomas, Suman Saha, Christophe Calves, Julia Lawall, and Gilles Muller. Faults in linux: Ten years later. In ASPLOS, pages 305--318, 2011.Google Scholar
Digital Library
- Jianbao Ren, Yong Qi, Yuehua Dai, Xiaoguang Wang, and Yi Shi. Appsec: A safe execution environment for security sensitive applications. In VEE, 2015.Google Scholar
- Mendel Rosenblum and John K. Ousterhout. The design and implementation of a log-structured file system. ACM Trans. Comput. Syst., 10(1), February 1992.Google Scholar
Digital Library
- Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. Using ARM trustzone to build a trusted language run- time for mobile applications. In ASPLOS, 2014.Google Scholar
Digital Library
- Adam Sweeney, Doug Doucette, Wei Hu, Curtis Anderson, Mike Nishimoto, and Geoff Peck. Scalability in the xfs file system. In USENIX ATC, 1996.Google Scholar
Digital Library
- Michael M. Swift, Brian N. Bershad, and Henry M. Levy. Improving the reliability of commodity operating systems. In SOSP, pages 207--222, 2003.Google Scholar
Digital Library
- Xiaoguang Wang, Yue Chen, Zhi Wang, Yong Qi, and Yajin Zhou. Secpod: a framework for virtualization-based security systems. In USENIX ATC, 2015.Google Scholar
- Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In IEEE S&P, 2015.Google Scholar
- Jisoo Yang and Kang G. Shin. Using hypervisor to provide data secrecy for user applications on a per-page basis. In VEE, pages 71--80, 2008.Google Scholar
Digital Library
- Takeshi Yoshimura, Hiroshi Yamada, and Kenji Kono. Is linux kernel oops useful or not. In HotDep, 2012.Google Scholar
Digital Library
- Kim Zetter. Hacking team leak shows how secretive zero-day exploit sales work. Wired, 2015.Google Scholar
Index Terms
Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services
Recommendations
Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services
ASPLOS'16Sego is a hypervisor-based system that gives strong privacy and integrity guarantees to trusted applications, even when the guest operating system is compromised or hostile. Sego verifies operating system services, like the file system, instead of ...
Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services
ASPLOS '16: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating SystemsSego is a hypervisor-based system that gives strong privacy and integrity guarantees to trusted applications, even when the guest operating system is compromised or hostile. Sego verifies operating system services, like the file system, instead of ...
InkTag: secure applications on an untrusted operating system
ASPLOS '13InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of ...







Comments