Results 1 - 5 of 5

SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes

by Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig - SOSP'07 , 2007
"... We propose SecVisor, a tiny hypervisor that ensures code integrity for commodity OS kernels. In particular, SecVisor ensures that only user-approved code can execute in kernel mode over the entire system lifetime. This protects the kernel against code injection attacks, such as kernel rootkits. SecV ..."
Abstract - Cited by 217 (10 self) - Add to MetaCart
We propose SecVisor, a tiny hypervisor that ensures code integrity for commodity OS kernels. In particular, SecVisor ensures that only user-approved code can execute in kernel mode over the entire system lifetime. This protects the kernel against code injection attacks, such as kernel rootkits. Sec

Attacking, Repairing, and Verifying SecVisor: A Retrospective on the Security of a Hypervisor

by Jason Franklin, Arvind Seshadri, Ning Qu, Anupam Datta, Sagar Chaki
"... SecVisor is a hypervisor designed to guarantee that only code approved by the user of a system executes at the privilege level of the OS kernel [17]. We employ a model checker to verify the design properties of SecVisor and identify two design-level attacks that violate SecVisor’s security requireme ..."
Abstract - Cited by 2 (1 self) - Add to MetaCart
Visor and successfully performing two attacks against a SecVisorprotected Linux kernel. To repair SecVisor, we design and implement an efficient and secure memory protection scheme. We formally verify the security of our scheme. We demonstrate that the performance impact of our proposed defense is negligible

KCoFI: Complete control-flow integrity for commodity operating system kernels

by John Criswell, Nathan Dautenhahn, Vikram Adve - IEEE S&P , 2014
"... We present a new system, KCoFI, that is the first we know of to provide complete Control-Flow Integrity protection for commodity operating systems without using heavyweight complete memory safety. Unlike previous systems, KCoFI protects commodity operating systems from classical control-flow hijack ..."
Abstract - Cited by 14 (1 self) - Add to MetaCart
We present a new system, KCoFI, that is the first we know of to provide complete Control-Flow Integrity protection for commodity operating systems without using heavyweight complete memory safety. Unlike previous systems, KCoFI protects commodity operating systems from classical control-flow hijack

Pasture node state specification

by Thomas L. Rodeheffer, Ramakrishna Kotla , 2012
"... Pasture [5] is a secure messaging and logging library that enables secure off-line data access on untrusted user devices by leveraging commodity trusted hardware. Pas-ture does not trust the application, OS, or hypervisor and even admits hardware snooping attacks, while providing two important safet ..."
Abstract - Cited by 1 (1 self) - Add to MetaCart
Pasture [5] is a secure messaging and logging library that enables secure off-line data access on untrusted user devices by leveraging commodity trusted hardware. Pas-ture does not trust the application, OS, or hypervisor and even admits hardware snooping attacks, while providing two important

A better reduction theorem for store buffers. arXiv:0909.4637v1

by Ernie Cohen, Norbert Schirmer , 2009
"... Abstract. When verifying a concurrent program, it is usual to assume that memory is sequentially consistent. However, most modern multiprocessors depend on store buffering for efficiency, and provide native sequential consistency only at a substantial performance penalty. To regain sequential consis ..."
Abstract - Cited by 3 (0 self) - Add to MetaCart
Abstract. When verifying a concurrent program, it is usual to assume that memory is sequentially consistent. However, most modern multiprocessors depend on store buffering for efficiency, and provide native sequential consistency only at a substantial performance penalty. To regain sequential
Results 1 - 5 of 5