ABSTRACT
MoRE, or Measurement of Running Executables, was a DARPA Cyber Fast Track effort to study the feasibility of utilizing x86 translation look-aside buffer (TLB) splitting techniques for realizing periodic measurements of running and dynamically changing applications. Currently, there are certain applications that interleave code and data that cannot be meaningfully measured during execution due to their polymorphic/dynamically changing nature. This lack of meaningful measurement is a weakness in trusted computing MoRE aimed to, and succeeded to address.
- S. Sparks and J. Butler, "Shadow Walker: Raising the Bar for Rootkit Detection," in Blackhat Japan, 2005.Google Scholar
- P. van Oorschot, A. Somayaji and G. Wurster, "Hardware-assisted circumvention of self-hashing software tamper resistance," in IEEE TDSC, 2005. Google ScholarDigital Library
- Intel Corporation. "Intel Software Developer Manuals". 2014Google Scholar
Index Terms
- MoRE: measurement of running executables
Recommendations
Fast and live hypervisor replacement
VEE 2019: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsHypervisors are increasingly complex and must be often updated for applying security patches, bug fixes, and feature upgrades. However, in a virtualized cloud infrastructure, updates to an operational hypervisor can be highly disruptive. Before being ...
Isolating commodity hosted hypervisors with HyperLock
EuroSys '12: Proceedings of the 7th ACM european conference on Computer SystemsHosted hypervisors (e.g., KVM) are being widely deployed. One key reason is that they can effectively take advantage of the mature features and broad user bases of commodity operating systems. However, they are not immune to exploitable software bugs. ...
A Comprehensive Implementation and Evaluation of Direct Interrupt Delivery
VEE '15As the performance overhead associated with CPU and memory virtualization becomes largely negligible, research efforts are directed toward reducing the I/O virtualization overhead, which mainly comes from two sources: DMA set-up and payload copy, and ...
Comments