The polyglot computer

Performing security verications on a compromised system can give a false sense of security. If compromised, a computer system can return false results, thus \deceiving" the verication process. Our motivation for this work is straightforward: Computers should not be trusted, at least not when they are attesting their own integrity. In our project Babel, this problem is addressed by, quite literally, thinking outside the box. Babel introduces an architecture where the user’s computer is unable to execute any program by itself and depends on an external entity to execute any application. Taking into consideration the advances in computer network and cloud computing, we move the verication process to outside the physical limits of the computer. Babel can be mistaken for yet another instance of extant approaches. In this paper, we revisit the Babel architecture with the twofold intention of clarifying what Babel is and showing how Babel diers from previous work.

[1]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[2]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[3]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[4]  Jon A. Rochlis,et al.  With microscope and tweezers: an analysis of the Internet virus of November 1988 , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[5]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[6]  Jason Nieh,et al.  THINC: a virtual display architecture for thin-client computing , 2005, SOSP '05.

[7]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[8]  David A. Patterson,et al.  Latency lags bandwith , 2004, CACM.

[9]  J. Krikke Thin clients get second chance in emerging markets , 2004, IEEE Pervasive Computing.

[10]  James E. Smith,et al.  The architecture of virtual machines , 2005, Computer.

[11]  John Aycock,et al.  Babel: a secure computer is a polyglot , 2012, CCSW '12.

[12]  Sergey Bratus,et al.  VM-based security overkill: a lament for applied systems security research , 2010, NSPW '10.

[13]  Farnam Jahanian,et al.  Rethinking Antivirus: Executable Analysis in the Network Cloud , 2007, HotSec.

[14]  Mendel Rosenblum,et al.  It's Time for Low Latency , 2011, HotOS.

[15]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[16]  Scott Devine,et al.  Bringing Virtualization to the x86 Architecture with the Original VMware Workstation , 2012, TOCS.

[17]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[18]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[19]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[20]  Alan Jay Smith,et al.  Branch Prediction Strategies and Branch Target Buffer Design , 1995, Computer.

[21]  Byung-Gon Chun,et al.  CloneCloud: elastic execution between mobile device and cloud , 2011, EuroSys '11.

[22]  Joe Weinman,et al.  Cloudonomics : the business value of cloud computing , 2012 .

[23]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[24]  Jason Nieh,et al.  On the performance of wide-area thin-client computing , 2006, TOCS.

[25]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[26]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[27]  Angelos D. Keromytis,et al.  On the General Applicability of Instruction-Set Randomization , 2010, IEEE Transactions on Dependable and Secure Computing.

[28]  Phil Winterbottom,et al.  The design of the Inferno virtual machine , 1997 .

[29]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[30]  Sharon Wegscheider-Cruse,et al.  Understanding Co-Dependency , 1990 .