research-article

AppSec: A Safe Execution Environment for Security Sensitive Applications

Authors:

Xiaoguang Wang,

Yi ShiAuthors Info & Claims

VEE '15: Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Pages 187 - 199

https://doi.org/10.1145/2731186.2731199

Published: 14 March 2015 Publication History

Abstract

Malicious OS kernel can easily access user's private data in main memory and pries human-machine interaction data, even one that employs privacy enforcement based on application level or OS level. This paper introduces AppSec, a hypervisor-based safe execution environment, to protect both the memory data and human-machine interaction data of security sensitive applications from the untrusted OS transparently.

AppSec provides several security mechanisms on an untrusted OS. AppSec introduces a safe loader to check the code integrity of application and dynamic shared objects. During runtime, AppSec protects application and dynamic shared objects from being modified and verifies kernel memory accesses according to application's intention. AppSec provides a devices isolation mechanism to prevent the human-machine interaction devices being accessed by compromised kernel. On top of that, AppSec further provides a privileged-based window system to protect application's X resources. The major advantages of AppSec are threefold. First, AppSec verifies and protects all dynamic shared objects during runtime. Second, AppSec mediates kernel memory access according to application's intention but not encrypts all application's data roughly. Third, AppSec provides a trusted I/O path from end-user to application. A prototype of AppSec is implemented and shows that AppSec is efficient and practical.

References

[1]

Xen Arbitrary Code Execution. URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3124.

[2]

Google V8 Benchmark Suite. URL http://v8.googlecode.com/svn/data/benchmarks/v7/run.html.

[3]

The connection methods to the X server. URL https://www.debian.org/doc/manuals/debian-reference/ch07.en.html#_the_connection_methods_to_the_x_server.

[4]

VMWare Arbitrary Code Execution. URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014--1209.

[5]

PCI Local Bus Specification. URL http://www.math.uni.wroc.pl/~p-wyk4/so/pci23.pdf.

[6]

Trusted Platform Module (TPM) Summary. URL http://www.trustedcomputinggroup.org/resources/trusted_platform_module_tpm_summary.

[7]

X Window System. URL http://en.wikipedia.org/wiki/X_Window_System.

[8]

INTEL R 64 AND IA-32 ARCHITECTURES SOFTWARE DEVELOPER'S MANUAL. Instruction Set Extensions ProgrammingReference. Intel Corporation, January 2013.

[9]

M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Controlflow integrity principles, implementations, and applications. ACM Transactions on Information and System Security (TISSEC), 13(1):4, 2009.

Digital Library

[10]

A. Arasu, S. Blanas, K. Eguro, R. Kaushik, D. Kossmann, R. Ramamurthy, and R. Venkatesan. Orthogonal security with cipherbase. In 6th Conference on Innovative Data Systems Research, Jan. 2013.

[11]

A. Azab, P. Ning, and X. Zhang. SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the 18th ACM conference on Computer and communications security, pages 375--388. ACM, 2011.

Digital Library

[12]

A. Baumann, D. Lee, P. Fonseca, L. Glendenning, J. R. Lorch, B. Bond, R. Olinsky, and G. C. Hunt. Composing os extensions safely and efficiently with bascule. In Proceedings of the 8th ACM European Conference on Computer Systems, pages 239--252. ACM, 2013.

Digital Library

[13]

A. Baumann, M. Peinado, and G. Hunt. Shielding applications from an untrusted cloud with haven. In Proceedings of the 11th USENIX conference on Operating Systems Design and Implementation, pages 267--283. USENIX Association, 2014.

Digital Library

[14]

A. D. Central. BIOS and Kernel Developer's Guide for AMD Family 15h Models 00h-0Fh Processors.

[15]

H. Chen, F. Zhang, C. Chen, Z. Yang, R. Chen, B. Zang, and W. Mao. Tamper-resistant execution in an untrusted operating system using a virtual machine monitor. 2007.

[16]

X. Chen, T. Garfinkel, E. Lewis, P. Subrahmanyam, C. Waldspurger, D. Boneh, J. Dwoskin, and D. Ports. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In ACM SIGPLAN Notices, volume 43, pages 2--13. ACM, 2008.

Digital Library

[17]

Y. Cheng, X. Ding, and R. H. Deng. Driverguard: A finegrained protection on i/o flows. In Proceedings of European Symposium on Research in Computer Security, pages 227--244. Springer, 2011.

Digital Library

[18]

I. Corporation. Lagrande technology preliminary architecture specification. Intel Publication, (D52212), 2006.

[19]

J. Criswell, N. Dautenhahn, and V. Adve. Virtual Ghost: Protecting Applications from Hostile Operating Systems. In Proceedings of the nineteenth international conference on Architectural Support for Programming Languages and Operating Systems. ACM, 2014.

Digital Library

[20]

Y. Dai, Y. Shi, Y. Qi, J. Ren, and P. Wang. Design and verification of a lightweight reliable virtual machine monitor for a many-core architecture. Frontiers of Computer Science, pages 1--10.

Digital Library

[21]

Y. Dai, Y. Qi, J. Ren, Y. Shi, X. Wang, and X. Yu. A lightweight VMM on many core for high performance computing. In Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual Execution Environments, pages 111--120. ACM, 2013.

Digital Library

[22]

G. Duc and R. Keryell. Cryptopage: an efficient secure architecture with memory encryption, integrity and information leakage protection. In Computer Security Applications Conference, 2006. ACSAC'06. 22nd Annual, pages 483--492. IEEE, 2006.

Digital Library

[23]

A. M. Dunn, M. Z. Lee, S. Jana, S. Kim, M. Silberstein, Y. Xu, V. Shmatikov, and E. Witchel. Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. In Proc. of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2012.

Digital Library

[24]

D. R. Engler, M. F. Kaashoek, et al. Exokernel: An operating system architecture for application-level resource management, volume 29. ACM, 1995.

Digital Library

[25]

A. Filyanov, J. M. McCuney, A.-R. Sadeghiz, and M. Winandy. Uni-directional trusted path: Transaction confirmation on just one device. In Dependable Systems & Networks (DSN), 2011 IEEE/IFIP 41st International Conference on, pages 1--12. IEEE, 2011.

Digital Library

[26]

K. Fraser, S. Hand, R. Neugebauer, I. Pratt, A. Warfield, and M. Williamson. Safe hardware access with the xen virtual machine monitor. In 1st Workshop on Operating System and Architectural Support for the on demand IT InfraStructure (OASIS), pages 1--1, 2004.

[27]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In ACM SIGOPS Operating Systems Review, volume 37, pages 193--206. ACM, 2003.

Digital Library

[28]

C. Gebtry, S. Halevi, and N. P. Smart. Homomorphic evaluation of the aes circuit. In 32nd International Cryptology Conference, 2012.

[29]

C. Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009.

Digital Library

[30]

V. George, T. Piazza, and H. Jiang. Technology Insight: Intel c Next Generation Microarchitecture Codename Ivy Bridge, 2011. URL www.intel.com/idf/library/pdf/sf_2011/SF11_SPCS005_101F.pdf.

[31]

O. S. Hofmann, S. Kim, A. M. Dunn, M. Z. Lee, and E. Witchel. InkTag: Secure Applications On An Untrusted Operating System. In Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems, (ASPLOS), pages 265--278. ACM, 2013.

Digital Library

[32]

V. P. Kemerlis, G. Portokalidis, and A. D. Keromytis. kguard: Lightweight kernel protection against return-to-user attacks. In Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, Berkeley, CA, USA, 2012. USENIX Association.

Digital Library

[33]

V. P. Kemerlis, M. Polychronakis, and A. D. Keromytis. Ret2dir: Rethinking kernel isolation. In Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14, 2014.

Digital Library

[34]

C. Lattner and V. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In Code Generation and Optimization, 2004. CGO 2004. International Symposium on, pages 75--86. IEEE, 2004.

Digital Library

[35]

D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices, 35 (11):168--177, 2000.

Digital Library

[36]

J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB Reduction and Attestation. In IEEE Symposium on Security and Privacy (SP), pages 143--158. IEEE, 2010.

Digital Library

[37]

F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, page 10. ACM, 2013.

Digital Library

[38]

R. Nikolaev and G. Back. Virtuos: an operating system with kernel virtualization. In Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles (SOSP 2013), pages 116--132. ACM, 2013.

Digital Library

[39]

K. Onarlioglu, C. Mulliner, W. Robertson, and E. Kirda. PRIVEXEC: Private Execution as an Operating System Service. In IEEE Symposium on Security and Privacy. IEEE, 2013.

Digital Library

[40]

R. A. Popa, C. M. Redfield, N. Xeldovich, and H. Balakrishnan. Cryptdb: Protecting confidentiality with encrypted query processing. In 23rd ACM Symposium on Operating Systems Principles, pages 85--100, 2011.

Digital Library

[41]

M. Seaborn. Plash: tools for practical least privilege, 2008. URL http://plash.beasts.org/index.html.

[42]

J. S. Shapiro, J. Vanderburgh, E. Northup, and D. Chizmadia. Design of the eros trusted window system. In Proceedings of the 13th conference on USENIX Security Symposium-Volume 13, pages 12--12. USENIX Association, 2004.

Digital Library

[43]

L. Soares and M. Stumm. Flexsc: flexible system call scheduling with exception-less system calls. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI. ACM, 2010.

Digital Library

[44]

R. Strackx and F. Piessens. Fides: Selectively hardening software application components against kernel-level or processlevel malware. In Proceedings of the 19th ACM conference on Computer and Communications Security (CCS 2012), 2012.

Digital Library

[45]

G. E. Suh, D. Clarke, B. Gassend, M. Van Dijk, and S. Devadas. AEGIS: architecture for tamper-evident and tamper resistant processing. In Proceedings of the 17th annual international conference on Supercomputing, pages 160--171, 2003.

Digital Library

[46]

S. D. Tetali, M. Lesani, R. Majumdar, and T. Millstein. Mrcrypt: static analysis for secure cloud computations. In Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications, pages 271--286. ACM, 2013.

Digital Library

[47]

A. Virtualization. Secure Virtual Machine Architecture Reference Manual. AMD Publication, (33047), 2005.

[48]

J. Yang and K. Shin. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, pages 71--80. ACM, 2008.

Digital Library

[49]

M. Zhang and R. Sekar. Control flow integrity for cots binaries. In Usenix Security, pages 337--352, 2013.

Digital Library

[50]

Z. Zhou, V. Gligor, J. Newsome, and J. McCune. Building verifiable trusted path on commodity x86 computers. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 616--630. IEEE, 2012.

Digital Library

Cited By

Liu WZhang ZQiao XLi YTan YMeng W(2024)A Software Integrity Authentication Protocol for Zero Trust ArchitectureProceedings of the SIGCOMM Workshop on Zero Trust Architecture for Next Generation Communications10.1145/3672200.3673874(1-6)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672200.3673874
Wang X(2021)CloudImmu: Transparent Protection of Binary Applications in the CloudMILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM52596.2021.9653063(309-315)Online publication date: 29-Nov-2021
https://doi.org/10.1109/MILCOM52596.2021.9653063
Jiang FCai QLin JLuo BGuan LMa ZBalenson D(2019)TF-BIVProceedings of the 35th Annual Computer Security Applications Conference10.1145/3359789.3359795(57-69)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3359789.3359795
Show More Cited By

Index Terms

AppSec: A Safe Execution Environment for Security Sensitive Applications
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

AppSec: A Safe Execution Environment for Security Sensitive Applications
VEE '15

Malicious OS kernel can easily access user's private data in main memory and pries human-machine interaction data, even one that employs privacy enforcement based on application level or OS level. This paper introduces AppSec, a hypervisor-based safe ...
Virtualization-based separation of privilege: working with sensitive data in untrusted environment
VDTS '09: Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems

Contemporary commodity operating systems are too big and do not inspire trust in their security and reliability. Still they are used for processing sensitive data due to the vast amount of legacy software and good support for virtually all hardware ...
k-anonymity: a model for protecting privacy

Consider a data holder, such as a hospital or a bank, that has a privately held collection of person-specific, field structured data. Suppose the data holder wants to share a version of the data with researchers. How can a data holder release a version ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

VEE '15: Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

March 2015

238 pages

ISBN:9781450334501

DOI:10.1145/2731186

General Chair:
Ada Gavrilovska
Georgia Tech
,
Program Chairs:
Angela Demke Brown
University of Toronto
,
Bjarne Steensgaard
Microsoft

ACM SIGPLAN Notices Volume 50, Issue 7
VEE '15
July 2015
221 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2817817
Editor:
Andy Gill
University of Kansas, Lawrence, KS
Issue’s Table of Contents

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 March 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National High Technology Research and Development Program of China(863 Program)
Ph.D. Programs Foundation of Ministry of Education of China
National Natural Science Foundation of China

Conference

VEE '15

Sponsor:

VEE '15: 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

March 14 - 15, 2015

Istanbul, Turkey

Acceptance Rates

VEE '15 Paper Acceptance Rate 16 of 50 submissions, 32%;

Overall Acceptance Rate 80 of 235 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
740
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)1

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Liu WZhang ZQiao XLi YTan YMeng W(2024)A Software Integrity Authentication Protocol for Zero Trust ArchitectureProceedings of the SIGCOMM Workshop on Zero Trust Architecture for Next Generation Communications10.1145/3672200.3673874(1-6)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672200.3673874
Wang X(2021)CloudImmu: Transparent Protection of Binary Applications in the CloudMILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM52596.2021.9653063(309-315)Online publication date: 29-Nov-2021
https://doi.org/10.1109/MILCOM52596.2021.9653063
Jiang FCai QLin JLuo BGuan LMa ZBalenson D(2019)TF-BIVProceedings of the 35th Annual Computer Security Applications Conference10.1145/3359789.3359795(57-69)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3359789.3359795
Patil RModi C(2019)An Exhaustive Survey on Security Concerns and Solutions at Different Components of VirtualizationACM Computing Surveys10.1145/328730652:1(1-38)Online publication date: 13-Feb-2019
https://dl.acm.org/doi/10.1145/3287306
Dong YYao JGuan HR AJiang Y(2017)MobiXenProceedings of the Conference on Design, Automation & Test in Europe10.5555/3130379.3130605(946-949)Online publication date: 27-Mar-2017
https://dl.acm.org/doi/10.5555/3130379.3130605
Dong YYao JGuan HKrishna RJiang Y(2017)MobiXen: Porting Xen on Android devices for mobile virtualizationDesign, Automation & Test in Europe Conference & Exhibition (DATE), 201710.23919/DATE.2017.7927127(946-949)Online publication date: Mar-2017
https://doi.org/10.23919/DATE.2017.7927127
M SKS KT VG SD S(2023)Dynamic Access Control Through Cryptography in CloudITM Web of Conferences10.1051/itmconf/2023560600156(06001)Online publication date: 9-Aug-2023
https://doi.org/10.1051/itmconf/20235606001
Zhu MTu BWei WMeng D(2017)HA-VMSIProceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments10.1145/3050748.3050767(242-256)Online publication date: 8-Apr-2017
https://dl.acm.org/doi/10.1145/3050748.3050767
Kwon YDunn ALee MHofmann OXu YWitchel E(2016)SegoACM SIGOPS Operating Systems Review10.1145/2954680.287237250:2(277-290)Online publication date: 25-Mar-2016
https://doi.org/10.1145/2954680.2872372

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten