Configurable and Secure System Architectures

In this paper we introduce a novel approach for host protection based on a security subsystem for continuous monitoring and control of user applications. To enable a secure monitoring capability, a strict hardware separation is proposed, in combination with a signaling layer for monitoring and control. The paper presents our preliminary work, introducing some of the core ideas and discussing a few scenarios and applications.

[1]  Samuel T. King,et al.  MAVMM: Lightweight and Purpose Built VMM for Malware Analysis , 2009, 2009 Annual Computer Security Applications Conference.

[2]  Jennifer Rexford,et al.  NoHype: virtualized cloud infrastructure without the virtualization , 2010, ISCA.

[3]  Carlos Perez,et al.  Organic Resilience for Tactical Environments , 2010, BIONETICS.

[4]  James E. Smith,et al.  Configurable isolation: building high availability systems with commodity multi-core processors , 2007, ISCA '07.

[5]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[6]  Harriet G Goldman Building Secure, Resilient Architectures for Cyber Mission Assurance , 2010 .

[7]  R. Sailer,et al.  sHype : Secure Hypervisor Approach to Trusted Virtualized Systems , 2005 .

[8]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[9]  Michael K. Reiter,et al.  How low can you go?: recommendations for hardware-supported minimal TCB code execution , 2008, ASPLOS.

[10]  Erkay Savas,et al.  Implementing a Protected Zone in a Reconfigurable Processor for Isolated Execution of Cryptographic Algorithms , 2009, 2009 International Conference on Reconfigurable Computing and FPGAs.

[11]  Marco Carvalho A distributed reinforcement learning approach to mission survivability in tactical MANETs , 2009, CSIIRW '09.

[12]  Dipankar Dasgupta,et al.  A conceptual model of self-monitoring multi-core systems , 2010, CSIIRW '10.

[13]  Adrian Schüpbach,et al.  The multikernel: a new OS architecture for scalable multicore systems , 2009, SOSP '09.