Research on Computer System Isolation

doi:10.16183/j.cnki.jsjtu.2018.10.024

Abstract

Abstract: System isolation is a key enabling technology for reliability and scalability of computer system. Traditional system isolation is based on privilege layering, which is known as “layered isolation model”. Software is divided into different layers, the lower layer has the higher privilege, which is responsible for the isolation of up-layer software. Recently, as new hardware extensions keep evolving, including hardware assisted virtualization, ARM TrustZone, Intel SGX (Software Guard Extension), a new model, named “disaggregated isolation model”, is becoming a hot research topic, which brings new opportunities and challenges to traditional system software.

Key words: isolation, operating system, virtualization, hardware security extension

CLC Number:

TP 316

XIA Yubin,CHEN Haibo,GUAN Haibing. Research on Computer System Isolation[J]. Journal of Shanghai Jiaotong University, 2018, 52(10): 1339-1347.

References

［1］Linux counter［EB/OL］.［2018-03-23］. https://www.linuxcounter.net. ［2］ALVES T, FELTON D. Trustzone: Integrated hardware and software security［J］. ARM White Paper, 2004, 3(4): 18-24. ［3］ANATI I, GUERON S, JOHNSON S, et al. Innovative technology for CPU based attestation and sealing［EB/OL］. ［2018-03-23］. https://software.intel.com/sites/default/files/articles/413939/hasp-2013-innovative-technology-for-attestation-and-sealing.pdf. ［4］LIPP M, SCHWARZ M, GRUSS D, et al. Meltdown［EB/OL］. ［2018-03-23］. https://arxiv.org/abs/1801.01207. ［5］KOCHER P, GENKIN D, GRUSS D, et al. Spectre attacks: Exploiting speculative execution［EB/OL］. ［2018-03-24］. https://arxiv.org/abs/1801.01203. ［6］KPTI［EB/OL］. ［2018-03-24］. https://en.wikipedia.org/wiki/Kernel_page-table_isolation. ［7］HUA Z C, DU D, XIA Y B, et al. EPTI: Efficient defence against meltdown attack for unpatched VMs［C］//USENIX ATC. Boston: USENIX, 2018. ［8］GARFINKEL T, ROSENBLUM M. A virtual machine introspection based architecture for intrusion detection［J］. Proceedings of Network and Distributed Systems Security Symp, 2003, 3: 191-206. ［9］LIU Y T, XIA Y B, GUAN H B, et al. Concurrent and consistent virtual machine introspection with hardware transactional memory ［C］//Proceedings of 2014 International Symposium on High Performance Computer Architecture (HPCA’14). Orlando: HPCA, 2014. DOI: 10.1109/HPCA.2014.6835951. ［10］CHEN Q S, LIANG L, XIA Y B, et al. Mitigating sync amplification for copy-on-write virtual disk［C］//The 14th USENIX Conference on File and Storage Technologies (FAST’16). Santa Clara: FAST, 2016: 241-247. ［11］CHEN H, ZHANG F, CHEN C, et al. Tamper-resistant execution in an untrusted operating system using a virtual machine monitor［J］. Chaos, 2007. DOI: 10.1.1.113.6329. ［12］CHEN X, GARFINKEL T, LEWIS E C, et al. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems ［J］. ACM SIGOPS Operating Systems Review, 2008, 42(2): 2-13. ［13］LI Y L, MCCUNE J, NEWSOME J, et al. MiniBox: A two-way sandbox for x86 native code［C］//Proceedings of the 2014 USENIX conference on USENIX Annual Technical Conference. Philadelphia: ACM, 2014: 409-420. ［14］CHECKOWAY S, SHACHAM H. Iago attacks: Why the system call API is a bad untrusted rpc interface［J］. ACM SIGARCH Computer Architecture News, 2013, 41(1): 253-264. ［15］HOFMANN O S, KIM S, DUNN A M, et al. Inktag: Secure applications on an untrusted operating system［J］. ACM SIGARCH Computer Architecture News, 2013, 41(1): 265-278. ［16］LIE D, THEKKATH C, MITCHELL M, et al. Architectural support for copy and tamper resistant software［J］. ACM SIGPLAN Notices, 2000, 35(11): 168-177. ［17］SUH G E, CLARKE D, GASSEND B, et al. AEGIS: Architecture for tamper-evident and tamper-resistant processing［C］//ICS’03 Proceedings of the 17th annual international conference on Supercomputing. San Francisco: ACM, 2003: 160-171. ［18］SANTOS N, RAJ H, SAROIU S, et al. Trusted language runtime (TLR): Enabling trusted applications on smartphones［C］//Proceedings of the 12th Workshop on Mobile Computing Systems and Applications. Phoenix: ACM, 2011: 21-26. ［19］AZAB A M, NING P, SHAH J, et al. Hypervision across worlds: Real-time kernel protection from the ARM Trustzone secure world［C］//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. Scottsdale: ACM, 2014: 90-102. ［20］SUN H, SUN K, WANG Y W, et al. TrustICE: Hardware-assisted isolated computing environments on mobile devices［C］//45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Rio de Janeiro, Brazil: IEEE, 2015. DOI: 10.1109/DSN.2015.11. ［21］SUN H, SUN K, WANG Y W, et al. TrustOTP: Transforming smartphones into secure one-time password tokens［C］//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Denver: ACM, 2015: 976-988. ［22］ARNAUTOV S, TRACH B, GREGOR F, et al. Scone: Secure linux containers with intel SGX［C］//Proceedings of the 12th USENIX conference on Operating Systems Design and Implementation. Savannah: OSDI, 2016: 689-703. ［23］BAUMANN A, PEINADO M, HUNT G. Shielding applications from an untrusted cloud with haven［J］. ACM Transactions on Computer Systems, 2015, 33(3): 8. ［24］GU J Y, HUA Z C, XIA Y B, et al. Secure live migration of SGX enclaves on untrusted cloud［C］//Proceedings of the 47th IEEE/IFIP International Conference on Dependable Systems and Networks. Denver: IEEE, 2017. DOI: 10.1109/DSN.2017.37. ［25］ZHANG F Z, CHEN J, CHEN H B, et al. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization［C］//Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. Cascais, Portugal: ACM, 2011: 203-216. ［26］JIN S, AHN J, CHA S, et al. Architectural support for secure virtualization under a vulnerable hypervisor［C］//Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture. Porto Alegre, Brazil: ACM, 2011: 272-283. ［27］SZEFER J, LEE R.Architectural support for hypervisor-secure virtualization［J］. ACM SIGARCH Computer Architecture News, 2012, 40(1): 437-450. ［28］XIA Y B, LIU Y T, CHEN H B. Architecture support for guest-transparent VM protection from untrusted hypervisor and physical attacks［C］//Proceedings of 2013 International Symposium on High Performance Computer Architecture. Shenzhen: IEEE, 2013. DOI: 10.1109/HPCA.2013.6522323. ［29］HUA Z C, GU J Y, XIA Y B, et al. vTZ: Virtualizing ARM trustZone［C］//Usenix Security Symposium 2017. Vancouver, Canada: USENIX, 2017. ［30］YEE B, SEHR D, DARDYK G, et al. Native client: A sandbox for portable, untrusted x86 native code［C］//30th IEEE Symposium on Security and Privacy. Berkeley: IEEE, 2009. DOI: 10.1109/SP.2009.25. ［31］LIU Y T, ZHOU T Y, CHEN K X, et al. Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation［C］//Proceedings of the 22th ACM Conference on Computer and Communications Security. Denver: ACM, 2015: 1607-1619. ［32］FORD B, LEPREAU J. Evolving mach 3.0 to a migrating thread model［C］//Proceedings of the USENIX Winter 1994 Technical Conference. San Francisco: USENIX, 1994: 9. ［33］ELPHINSTONE K, HEISER G. From L3 to seL4: What have we learnt in 20 years of L4 microkernels?［C］//Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles. Farminton: ACM, 2013: 133-150. ［34］ENGLER D R, KAASHOEK M F, O’TOOLE J. Exokernel: An operating system architecture for application-level resource management［J］. ACM SIGOPS Operating Systems Review, 1995, 29(5): 251-266. ［35］VILANOVA L, BEN-YEHUDA M, NAVARRO N, et al. CODOMs: Protecting software with code-centric memory domains［J］. ACM SIGARCH Computer Architecture News, 2014, 42(3): 469-480. ［36］LEVASSEUR J, UHLIG V, STOESS J, et al, Unmodified device driver reuse and improved system dependability via virtual machines［C］//Proceedings of the 6th Symposium on Opearting Systems Design and Implementation. San Francisco: USENIX Association, 2004: 17-30. ［37］SWIFT M M, MARTIN S, LEVY H M, et al. Nooks: An architecture for reliable device drivers［C］//Proceedings of the 10th Workshop on ACM SIGOPS European Workshop. Saint-Emillion, France: ACM, 2002: 102-107. ［38］ERLINGSSON U, ABADI M, VRABLE M, et al. XFI: Software guards for system address spaces［C］//Proceedings of the 7th Symposium on Operating Systems Design And Implementation. Seattle: USENIX Association, 2006: 75-88. ［39］MAO Y D, CHEN H G, ZHOU D, et al. Software fault isolation with API integrity and multi-principal modules［C］//Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. Cascais, Portugal: ACM, 2011: 115-128. ［40］CASTRO M, COSTA M, MARTIN J P, et al. Fast byte-granularity software fault isolation［C］//Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. Big Sky: ACM, 2009: 45-58. ［41］LI W H, MA M Y, HAN J C, et al. Building trusted path on untrusted device drivers for mobile devices［C］//Proceedings of the 5th Asia-Pacific Workshop on System. Beijing: ACM, 2014: 8. ［42］LI W H, LI H B, CHEN H B, et al. AdAttester: Secure online advertisement attestation on mobile devices using TrustZone［C］//Proceedings of the 13th International Conference on Mobile Systems, Applications, and Services. Florence, Italy: ACM, 2015: 75-88. ［43］LI W H, LUO S Y, SUN Z C, et al. VButton: Practical attestation of user-driven operations in mobile apps［C］//The 16th ACM International Conference on Mobile Systems, Applications, and Services. Munich, Germany: ACM, 2018: https://www.sigmobile.org/mobisys/2018/ ［44］MURRAY D G, MILOS G, HAND S. Improving Xen security through disaggregation［C］//Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments. Seattle: ACM, 2008: 151-160. ［45］COLP P, NANAVATI M, ZHU J, et al. Breaking up is hard to do: Security and functionality in a commodity hypervisor［C］//Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. Cascais, Portugal: ACM, 2011: 189-202. ［46］WU C, WANG Z, JIANG X X. Taming hosted hypervisors with (mostly) deprivileged execution［EB/OL］. ［2018-03-24］. https://www.csc2.ncsu.edu/faculty/xjiang4/pubs/NDSS13_DEHYPE.pdf. ［47］WANG Z, JIANG X X. Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity［C］//2010 IEEE Symposium on Security and Privacy. Berkeley/Oakland: IEEE, 2010. DOI: 10.1109/SP.2010.30. ［48］STEINBERG U, KAUER B. NOVA: A microhypervisor-based secure virtualization architecture［C］//EuroSys’10 Proceedings of the 5th European Conference on Computer Systems. Pairs, France: ACM, 2010: 209-220. ［49］SHI L, WU Y M, XIA Y B, et al. Deconstructing Xen［C］//The Network and Distributed System Security Symposium 2017. San Diego: NDSS, 2017. DOI: 10.14722/ndss.2017.23455. ［50］KOLDINGER E J, CHASE J S, EGGERS S J. Architecture support for single address space operating systems［J］. ACM SIGPLAN Notices, 1992, 27(9): 175-186. ［51］VILANOVA L, JORDA M, NAVARRO N, et al. Direct Inter-Process Communication (dIPC): Repurposing the CODOMs architecture to accelerate IPC［C］//Proceedings of the Twelfth European Conference on Computer Systems. Belgrade, Serbia: ACM, 2017: 16-31. ［52］HUNT G C, LARUS J R. Singularity: Rethinking the software stack［J］. ACM SIGOPS Operating Systems Review, 2007, 41(2): 37-49. ［53］GAMSA B. Tornado: Maximizing locality and concurrency in a shared memory multiprocessor operating system［D］. Toronto: University of Toronto, 1999. ［54］LI W H, XIA Y B, CHEN H B, et al. Reducing world switches in virtualized environment with flexible cross-world calls［J］. ACM SIGARCH Computer Architecture News, 2015, 43(3): 375-387.

[1]	CHEN Ziyun (陈子云), XIE Le (谢叻), DAI Peidong (戴培东), ZHANG Tianyu (张天宇). Development of a Robotic Cochlear Implantation System [J]. J Shanghai Jiaotong Univ Sci, 2022, 27(1): 7-14.
[2]	DENG Zhaoxue, YANG Qinghua, CAI Qiang, LIU Tianqin. Design and Test of a Magneto-Rheological Mount Applied to Start/Stop Mode of Vehicle Powertrains [J]. Journal of Shanghai Jiao Tong University, 2021, 55(1): 56-66.
[3]	ZHAO Zihong,LIU Mingxing,YAN Hao,WANG Song,DING Jie. Design of Temperature Conditioning Module of Thermal Resistance Based on PWM Isolation [J]. Journal of Shanghai Jiaotong University, 2019, 53(Sup.1): 88-92.
[4]	WANG Song,LIU Mingxing,ZHAO Zihong,WANG Shun. A New Type of Analog Signal Isolation Technology Applied to Nuclear Reactor Safety Level DCS [J]. Journal of Shanghai Jiaotong University, 2019, 53(Sup.1): 93-97.
[5]	WANG Yu-chen, ZHANG-Lei, LIU Li-xin, WANG Dao-ming, YANG Cheng-peng. Engineering and Analysis for Hydraulic Isolation System of Catenaruy Anecor Leg Mooring Device [J]. Ocean Engineering Equipment and Technology, 2019, 6(2): 524-529.
[6]	SONG Jie,ZHOU Jian,BAO Wei,HUANG Wentao,GAO Xiang. Expansible Modeling and Applied Strategies Based on Semantic Web for Expert System of AC-DC Intelligent Substation [J]. Journal of Shanghai Jiaotong University, 2018, 52(9): 1072-1080.
[7]	YAN Wei-feng, YUAN Ze-ming, HE Peng-fei, SHI Wen-zhuan. Recovery Technology of 339.7 mm Casing of A10 Well in the East China Sea [J]. Ocean Engineering Equipment and Technology, 2018, 5(1): 30-35.
[8]	Fei ZHANG, Yaqin HE. Design of Mine-used DTU System Based on UCOS-II [J]. Research and Exploration in Laboratory, 2017, 36(5): 131-134.
[9]	Xu WU, Renan CHEN, Dezhi WEI. Design and Application of Speech Lab under Cloud Computing [J]. Research and Exploration in Laboratory, 2017, 36(5): 239-242.
[10]	ZHANG Yang* (张洋), L ¨U Qiang (吕强), LIN Huican (林辉灿), MA Jianye (马建业). Research on Visual Autonomous Navigation Indoor for Unmanned Aerial Vehicle [J]. Journal of shanghai Jiaotong University (Science), 2017, 22(2): 252-256.
[11]	QIN Liguoa,HE Xiaoa,b,ZHOU Donghuaa,b. A Fault Estimation Method Based on Robust Residual Generators [J]. Journal of Shanghai Jiaotong University, 2015, 49(06): 768-774.
[12]	LU Ping-Jing, LI Bao, CHE Yong-Gang, PANG Zheng-Bin. Code Isolation Based Iterative Compilation Optimization for Large Programs [J]. Journal of Shanghai Jiaotong University, 2013, 47(01): 133-137.
[13]	Lv Lin-Hua , YANG De-Qing. Study on Vibration Reduction Design of Steel-Composite Materials Hybrid Mounting for Ships [J]. Journal of Shanghai Jiaotong University, 2012, 46(08): 1196-1202.
[14]	LIU Dong1，FENG Yong1，ZHANG Caihuan2，ZHAO Xianghui1. An Improved Algorithm for Real Root Isolation of Univariate Polynomials [J]. Journal of Shanghai Jiaotong University, 2010, 44(11): 1477-1480.
[15]	XU Zheng，WANG Dezhong，ZHANG Jige，ZHOU Wenxia(. Analysis for Vibration and Noise Problem of Main Steam 　Isolation Valve with Pipelines [J]. Journal of Shanghai Jiaotong University, 2010, 44(01): 95-0100.