Journal of Shanghai Jiaotong University ›› 2018, Vol. 52 ›› Issue (10): 1339-1347.doi: 10.16183/j.cnki.jsjtu.2018.10.024
Previous Articles Next Articles
XIA Yubin,CHEN Haibo,GUAN Haibing
CLC Number:
XIA Yubin,CHEN Haibo,GUAN Haibing. Research on Computer System Isolation[J]. Journal of Shanghai Jiaotong University, 2018, 52(10): 1339-1347.
Add to citation manager EndNote|Ris|BibTeX
URL: https://xuebao.sjtu.edu.cn/EN/10.16183/j.cnki.jsjtu.2018.10.024
[1]Linux counter[EB/OL].[2018-03-23]. https://www.linuxcounter.net. [2]ALVES T, FELTON D. Trustzone: Integrated hardware and software security[J]. ARM White Paper, 2004, 3(4): 18-24. [3]ANATI I, GUERON S, JOHNSON S, et al. Innovative technology for CPU based attestation and sealing[EB/OL]. [2018-03-23]. https://software.intel.com/sites/default/files/articles/413939/hasp-2013-innovative-technology-for-attestation-and-sealing.pdf. [4]LIPP M, SCHWARZ M, GRUSS D, et al. Meltdown[EB/OL]. [2018-03-23]. https://arxiv.org/abs/1801.01207. [5]KOCHER P, GENKIN D, GRUSS D, et al. Spectre attacks: Exploiting speculative execution[EB/OL]. [2018-03-24]. https://arxiv.org/abs/1801.01203. [6]KPTI[EB/OL]. [2018-03-24]. https://en.wikipedia.org/wiki/Kernel_page-table_isolation. [7]HUA Z C, DU D, XIA Y B, et al. EPTI: Efficient defence against meltdown attack for unpatched VMs[C]//USENIX ATC. Boston: USENIX, 2018. [8]GARFINKEL T, ROSENBLUM M. A virtual machine introspection based architecture for intrusion detection[J]. Proceedings of Network and Distributed Systems Security Symp, 2003, 3: 191-206. [9]LIU Y T, XIA Y B, GUAN H B, et al. Concurrent and consistent virtual machine introspection with hardware transactional memory [C]//Proceedings of 2014 International Symposium on High Performance Computer Architecture (HPCA’14). Orlando: HPCA, 2014. DOI: 10.1109/HPCA.2014.6835951. [10]CHEN Q S, LIANG L, XIA Y B, et al. Mitigating sync amplification for copy-on-write virtual disk[C]//The 14th USENIX Conference on File and Storage Technologies (FAST’16). Santa Clara: FAST, 2016: 241-247. [11]CHEN H, ZHANG F, CHEN C, et al. Tamper-resistant execution in an untrusted operating system using a virtual machine monitor[J]. Chaos, 2007. DOI: 10.1.1.113.6329. [12]CHEN X, GARFINKEL T, LEWIS E C, et al. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems [J]. ACM SIGOPS Operating Systems Review, 2008, 42(2): 2-13. [13]LI Y L, MCCUNE J, NEWSOME J, et al. MiniBox: A two-way sandbox for x86 native code[C]//Proceedings of the 2014 USENIX conference on USENIX Annual Technical Conference. Philadelphia: ACM, 2014: 409-420. [14]CHECKOWAY S, SHACHAM H. Iago attacks: Why the system call API is a bad untrusted rpc interface[J]. ACM SIGARCH Computer Architecture News, 2013, 41(1): 253-264. [15]HOFMANN O S, KIM S, DUNN A M, et al. Inktag: Secure applications on an untrusted operating system[J]. ACM SIGARCH Computer Architecture News, 2013, 41(1): 265-278. [16]LIE D, THEKKATH C, MITCHELL M, et al. Architectural support for copy and tamper resistant software[J]. ACM SIGPLAN Notices, 2000, 35(11): 168-177. [17]SUH G E, CLARKE D, GASSEND B, et al. AEGIS: Architecture for tamper-evident and tamper-resistant processing[C]//ICS’03 Proceedings of the 17th annual international conference on Supercomputing. San Francisco: ACM, 2003: 160-171. [18]SANTOS N, RAJ H, SAROIU S, et al. Trusted language runtime (TLR): Enabling trusted applications on smartphones[C]//Proceedings of the 12th Workshop on Mobile Computing Systems and Applications. Phoenix: ACM, 2011: 21-26. [19]AZAB A M, NING P, SHAH J, et al. Hypervision across worlds: Real-time kernel protection from the ARM Trustzone secure world[C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. Scottsdale: ACM, 2014: 90-102. [20]SUN H, SUN K, WANG Y W, et al. TrustICE: Hardware-assisted isolated computing environments on mobile devices[C]//45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Rio de Janeiro, Brazil: IEEE, 2015. DOI: 10.1109/DSN.2015.11. [21]SUN H, SUN K, WANG Y W, et al. TrustOTP: Transforming smartphones into secure one-time password tokens[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Denver: ACM, 2015: 976-988. [22]ARNAUTOV S, TRACH B, GREGOR F, et al. Scone: Secure linux containers with intel SGX[C]//Proceedings of the 12th USENIX conference on Operating Systems Design and Implementation. Savannah: OSDI, 2016: 689-703. [23]BAUMANN A, PEINADO M, HUNT G. Shielding applications from an untrusted cloud with haven[J]. ACM Transactions on Computer Systems, 2015, 33(3): 8. [24]GU J Y, HUA Z C, XIA Y B, et al. Secure live migration of SGX enclaves on untrusted cloud[C]//Proceedings of the 47th IEEE/IFIP International Conference on Dependable Systems and Networks. Denver: IEEE, 2017. DOI: 10.1109/DSN.2017.37. [25]ZHANG F Z, CHEN J, CHEN H B, et al. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization[C]//Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. Cascais, Portugal: ACM, 2011: 203-216. [26]JIN S, AHN J, CHA S, et al. Architectural support for secure virtualization under a vulnerable hypervisor[C]//Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture. Porto Alegre, Brazil: ACM, 2011: 272-283. [27]SZEFER J, LEE R.Architectural support for hypervisor-secure virtualization[J]. ACM SIGARCH Computer Architecture News, 2012, 40(1): 437-450. [28]XIA Y B, LIU Y T, CHEN H B. Architecture support for guest-transparent VM protection from untrusted hypervisor and physical attacks[C]//Proceedings of 2013 International Symposium on High Performance Computer Architecture. Shenzhen: IEEE, 2013. DOI: 10.1109/HPCA.2013.6522323. [29]HUA Z C, GU J Y, XIA Y B, et al. vTZ: Virtualizing ARM trustZone[C]//Usenix Security Symposium 2017. Vancouver, Canada: USENIX, 2017. [30]YEE B, SEHR D, DARDYK G, et al. Native client: A sandbox for portable, untrusted x86 native code[C]//30th IEEE Symposium on Security and Privacy. Berkeley: IEEE, 2009. DOI: 10.1109/SP.2009.25. [31]LIU Y T, ZHOU T Y, CHEN K X, et al. Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation[C]//Proceedings of the 22th ACM Conference on Computer and Communications Security. Denver: ACM, 2015: 1607-1619. [32]FORD B, LEPREAU J. Evolving mach 3.0 to a migrating thread model[C]//Proceedings of the USENIX Winter 1994 Technical Conference. San Francisco: USENIX, 1994: 9. [33]ELPHINSTONE K, HEISER G. From L3 to seL4: What have we learnt in 20 years of L4 microkernels?[C]//Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles. Farminton: ACM, 2013: 133-150. [34]ENGLER D R, KAASHOEK M F, O’TOOLE J. Exokernel: An operating system architecture for application-level resource management[J]. ACM SIGOPS Operating Systems Review, 1995, 29(5): 251-266. [35]VILANOVA L, BEN-YEHUDA M, NAVARRO N, et al. CODOMs: Protecting software with code-centric memory domains[J]. ACM SIGARCH Computer Architecture News, 2014, 42(3): 469-480. [36]LEVASSEUR J, UHLIG V, STOESS J, et al, Unmodified device driver reuse and improved system dependability via virtual machines[C]//Proceedings of the 6th Symposium on Opearting Systems Design and Implementation. San Francisco: USENIX Association, 2004: 17-30. [37]SWIFT M M, MARTIN S, LEVY H M, et al. Nooks: An architecture for reliable device drivers[C]//Proceedings of the 10th Workshop on ACM SIGOPS European Workshop. Saint-Emillion, France: ACM, 2002: 102-107. [38]ERLINGSSON U, ABADI M, VRABLE M, et al. XFI: Software guards for system address spaces[C]//Proceedings of the 7th Symposium on Operating Systems Design And Implementation. Seattle: USENIX Association, 2006: 75-88. [39]MAO Y D, CHEN H G, ZHOU D, et al. Software fault isolation with API integrity and multi-principal modules[C]//Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. Cascais, Portugal: ACM, 2011: 115-128. [40]CASTRO M, COSTA M, MARTIN J P, et al. Fast byte-granularity software fault isolation[C]//Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. Big Sky: ACM, 2009: 45-58. [41]LI W H, MA M Y, HAN J C, et al. Building trusted path on untrusted device drivers for mobile devices[C]//Proceedings of the 5th Asia-Pacific Workshop on System. Beijing: ACM, 2014: 8. [42]LI W H, LI H B, CHEN H B, et al. AdAttester: Secure online advertisement attestation on mobile devices using TrustZone[C]//Proceedings of the 13th International Conference on Mobile Systems, Applications, and Services. Florence, Italy: ACM, 2015: 75-88. [43]LI W H, LUO S Y, SUN Z C, et al. VButton: Practical attestation of user-driven operations in mobile apps[C]//The 16th ACM International Conference on Mobile Systems, Applications, and Services. Munich, Germany: ACM, 2018: https://www.sigmobile.org/mobisys/2018/ [44]MURRAY D G, MILOS G, HAND S. Improving Xen security through disaggregation[C]//Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments. Seattle: ACM, 2008: 151-160. [45]COLP P, NANAVATI M, ZHU J, et al. Breaking up is hard to do: Security and functionality in a commodity hypervisor[C]//Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. Cascais, Portugal: ACM, 2011: 189-202. [46]WU C, WANG Z, JIANG X X. Taming hosted hypervisors with (mostly) deprivileged execution[EB/OL]. [2018-03-24]. https://www.csc2.ncsu.edu/faculty/xjiang4/pubs/NDSS13_DEHYPE.pdf. [47]WANG Z, JIANG X X. Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity[C]//2010 IEEE Symposium on Security and Privacy. Berkeley/Oakland: IEEE, 2010. DOI: 10.1109/SP.2010.30. [48]STEINBERG U, KAUER B. NOVA: A microhypervisor-based secure virtualization architecture[C]//EuroSys’10 Proceedings of the 5th European Conference on Computer Systems. Pairs, France: ACM, 2010: 209-220. [49]SHI L, WU Y M, XIA Y B, et al. Deconstructing Xen[C]//The Network and Distributed System Security Symposium 2017. San Diego: NDSS, 2017. DOI: 10.14722/ndss.2017.23455. [50]KOLDINGER E J, CHASE J S, EGGERS S J. Architecture support for single address space operating systems[J]. ACM SIGPLAN Notices, 1992, 27(9): 175-186. [51]VILANOVA L, JORDA M, NAVARRO N, et al. Direct Inter-Process Communication (dIPC): Repurposing the CODOMs architecture to accelerate IPC[C]//Proceedings of the Twelfth European Conference on Computer Systems. Belgrade, Serbia: ACM, 2017: 16-31. [52]HUNT G C, LARUS J R. Singularity: Rethinking the software stack[J]. ACM SIGOPS Operating Systems Review, 2007, 41(2): 37-49. [53]GAMSA B. Tornado: Maximizing locality and concurrency in a shared memory multiprocessor operating system[D]. Toronto: University of Toronto, 1999. [54]LI W H, XIA Y B, CHEN H B, et al. Reducing world switches in virtualized environment with flexible cross-world calls[J]. ACM SIGARCH Computer Architecture News, 2015, 43(3): 375-387. |
[1] | CHEN Ziyun (陈子云), XIE Le (谢叻), DAI Peidong (戴培东), ZHANG Tianyu (张天宇). Development of a Robotic Cochlear Implantation System [J]. J Shanghai Jiaotong Univ Sci, 2022, 27(1): 7-14. |
[2] | DENG Zhaoxue, YANG Qinghua, CAI Qiang, LIU Tianqin. Design and Test of a Magneto-Rheological Mount Applied to Start/Stop Mode of Vehicle Powertrains [J]. Journal of Shanghai Jiao Tong University, 2021, 55(1): 56-66. |
[3] | ZHAO Zihong,LIU Mingxing,YAN Hao,WANG Song,DING Jie. Design of Temperature Conditioning Module of Thermal Resistance Based on PWM Isolation [J]. Journal of Shanghai Jiaotong University, 2019, 53(Sup.1): 88-92. |
[4] | WANG Song,LIU Mingxing,ZHAO Zihong,WANG Shun. A New Type of Analog Signal Isolation Technology Applied to Nuclear Reactor Safety Level DCS [J]. Journal of Shanghai Jiaotong University, 2019, 53(Sup.1): 93-97. |
[5] | WANG Yu-chen, ZHANG-Lei, LIU Li-xin, WANG Dao-ming, YANG Cheng-peng. Engineering and Analysis for Hydraulic Isolation System of Catenaruy Anecor Leg Mooring Device [J]. Ocean Engineering Equipment and Technology, 2019, 6(2): 524-529. |
[6] | SONG Jie,ZHOU Jian,BAO Wei,HUANG Wentao,GAO Xiang. Expansible Modeling and Applied Strategies Based on Semantic Web for Expert System of AC-DC Intelligent Substation [J]. Journal of Shanghai Jiaotong University, 2018, 52(9): 1072-1080. |
[7] | YAN Wei-feng, YUAN Ze-ming, HE Peng-fei, SHI Wen-zhuan. Recovery Technology of 339.7 mm Casing of A10 Well in the East China Sea [J]. Ocean Engineering Equipment and Technology, 2018, 5(1): 30-35. |
[8] | Fei ZHANG, Yaqin HE. Design of Mine-used DTU System Based on UCOS-II [J]. Research and Exploration in Laboratory, 2017, 36(5): 131-134. |
[9] | Xu WU, Renan CHEN, Dezhi WEI. Design and Application of Speech Lab under Cloud Computing [J]. Research and Exploration in Laboratory, 2017, 36(5): 239-242. |
[10] | ZHANG Yang* (张洋), L ¨U Qiang (吕强), LIN Huican (林辉灿), MA Jianye (马建业). Research on Visual Autonomous Navigation Indoor for Unmanned Aerial Vehicle [J]. Journal of shanghai Jiaotong University (Science), 2017, 22(2): 252-256. |
[11] | QIN Liguoa,HE Xiaoa,b,ZHOU Donghuaa,b. A Fault Estimation Method Based on Robust Residual Generators [J]. Journal of Shanghai Jiaotong University, 2015, 49(06): 768-774. |
[12] | LU Ping-Jing, LI Bao, CHE Yong-Gang, PANG Zheng-Bin. Code Isolation Based Iterative Compilation Optimization for Large Programs [J]. Journal of Shanghai Jiaotong University, 2013, 47(01): 133-137. |
[13] | Lv Lin-Hua , YANG De-Qing. Study on Vibration Reduction Design of Steel-Composite Materials Hybrid Mounting for Ships [J]. Journal of Shanghai Jiaotong University, 2012, 46(08): 1196-1202. |
[14] | LIU Dong1,FENG Yong1,ZHANG Caihuan2,ZHAO Xianghui1. An Improved Algorithm for Real Root Isolation of Univariate Polynomials [J]. Journal of Shanghai Jiaotong University, 2010, 44(11): 1477-1480. |
[15] | XU Zheng,WANG Dezhong,ZHANG Jige,ZHOU Wenxia(. Analysis for Vibration and Noise Problem of Main Steam Isolation Valve with Pipelines [J]. Journal of Shanghai Jiaotong University, 2010, 44(01): 95-0100. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||