|
Showing 1 - 2 of
2 matches in All Departments
This SpringerBrief discusses the uber eXtensible Micro-hypervisor
Framework (uberXMHF), a novel micro-hypervisor system security
architecture and framework that can isolate security-sensitive
applications from other untrustworthy applications on commodity
platforms, enabling their safe co-existence. uberXMHF, in addition,
facilitates runtime monitoring of the untrustworthy components,
which is illustrated in this SpringerBrief. uberXMHF focuses on
three goals which are keys to achieving practical security on
commodity platforms: (a) commodity compatibility (e.g., runs
unmodified Linux and Windows) and unfettered access to platform
hardware; (b) low trusted computing base and complexity; and (c)
efficient implementation. uberXMHF strives to be a comprehensible,
practical and flexible platform for performing micro-hypervisor
research and development. uberXMHF encapsulates common hypervisor
core functionality in a framework that allows developers and users
to build custom micro-hypervisor based (security-sensitive)
applications (called "uberapps"). The authors describe several
uberapps that employ uberXMHF and showcase the framework efficacy
and versatility. These uberapps span a wide spectrum of security
applications including application compartmentalization and
sandboxing, attestation, approved code execution, key management,
tracing, verifiable resource accounting, trusted-path and on-demand
I/O isolation. The authors are encouraged by the end result - a
clean, barebones, low trusted computing base micro-hypervisor
framework for commodity platforms with desirable performance
characteristics and an architecture amenable to manual audits
and/or formal reasoning. Active, open-source development of
uberXMHF continues. The primary audience for this SpringerBrief is
system (security) researchers and developers of commodity system
software. Practitioners working in system security deployment
mechanisms within industry and defense, as well as advanced-level
students studying computer science with an interest in security
will also want to read this SpringerBrief.
This brief considers the various stakeholders in today's mobile
device ecosystem, and analyzes why widely-deployed hardware
security primitives on mobile device platforms are inaccessible to
application developers and end-users. Existing proposals are also
evaluated for leveraging such primitives, and proves that they can
indeed strengthen the security properties available to applications
and users, without reducing the properties currently enjoyed by
OEMs and network carriers. Finally, this brief makes
recommendations for future research that may yield practical and
deployable results.
|
|
Email address subscribed successfully.
A activation email has been sent to you.
Please click the link in that email to activate your subscription.