Micah Sherr
ABSTRACT
This position paper introduces lightweight cryptographic jails (CryptoJails) that protect the privacy of application data by intercepting write accesses and redirecting them to encrypted application containers. CryptoJails ensure that application data (for example, cached emails or web pages) cannot be read or undetectably altered by other applications. Unlike existing approaches, CryptoJails do not require kernel modifications or even superuser (i.e., root) privileges, do not impose significant performance overhead, and may even be used with already installed applications.
- M. Blaze. A Cryptographic File System for UNIX. In 1st ACM Conference on Computer and Communications Security (CCS), pages 9--16, 1993. Google Scholar
Digital Library
- K. Borders, E. V. Weele, B. Lau, and A. Prakash. Protecting Confidential Data on Personal Computers with Storage Capsules. In 18th USENIX Security Symposium, August 2009. Google ScholarDigital Library
- I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A Secure Environment for Untrusted Helper Applications. In Sixth USENIX Security Symposium, July 1996. Google ScholarDigital Library
- T. Jaeger, R. Sailer, and X. Zhang. Analyzing integrity protection in the SELinux example policy. In SSYM'03: Proceedings of the 12th Conference on USENIX Security Symposium, 2003. Google ScholarDigital Library
- Z. Liang, V. N. Venkatakrishnan, and R. Sekar. Isolated program execution: An application transparent approach for executing untrusted programs. In ACSAC '03: Proceedings of the 19th Annual Computer Security Applications Conference, page 182, Washington, DC, USA, 2003. IEEE Computer Society. Google ScholarDigital Library
- National Security Agency (NSA). Security-Enhanced Linux (SELinux). http://www.nsa.gov/research/selinux.Google Scholar
- TrueCrypt Foundation. TrueCrypt: Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux. http://www.truecrypt.org/.Google Scholar
- C. Weinhold and H. Hartig. VPFS: building a virtual private file system with a small trusted computing base. In Eurosys '08: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pages 81--93, 2008. Google ScholarDigital Library
Index Terms
- Application containers without virtual machines
Recommendations
Containers and Virtual Machines at Scale: A Comparative Study
Middleware '16: Proceedings of the 17th International Middleware ConferenceVirtualization is used in data center and cloud environments to decouple applications from the hardware they run on. Hardware virtualization and operating system level virtualization are two prominent technologies that enable this. Containers, which use ...
Live gang migration of virtual machines
HPDC '11: Proceedings of the 20th international symposium on High performance distributed computingThis paper addresses the problem of simultaneously migrating a group of co-located and live virtual machines (VMs), i.e, VMs executing on the same physical machine. We refer to such a mass simultaneous migration of active VMs as "live gang migration". ...
Inter-rack live migration of multiple virtual machines
VTDC '12: Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing DateWithin datacenters, often multiple virtual machines (VMs) need to be live migrated simultaneously for various reasons such as maintenance, power savings, and load balancing. Such mass simultaneous live migration of multiple VMs can trigger large data ...
Comments