A Study of Security Isolation Techniques
暂无分享,去创建一个
William Enck | Xiaohui Gu | Peipei Wang | Sigmund Albert Gorski | Luke Deshotels | Rui Shu | Jason Gionta | Benjamin Andow | Adwait Nadkarni | Xiaohui Gu | Adwait Nadkarni | Rui Shu | Benjamin Andow | Peipei Wang | Luke Deshotels | W. Enck | Jason Gionta
[1] Donald E. Porter,et al. Rethinking the library OS from the top down , 2011, ASPLOS XVI.
[2] Bjorn De Sutter,et al. ARMor: Fully verified software fault isolation , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).
[3] Adrian Perrig,et al. TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.
[4] Michael Norrish,et al. seL4: formal verification of an OS kernel , 2009, SOSP '09.
[5] William R. Harris,et al. DIFC programs by automatic instrumentation , 2010, CCS '10.
[6] Nickolai Zeldovich,et al. Practical and Effective Sandboxing for Non-root Users , 2013, USENIX Annual Technical Conference.
[7] Kang G. Shin,et al. Using hypervisor to provide data secrecy for user applications on a per-page basis , 2008, VEE '08.
[8] Stephen McCamant,et al. Evaluating SFI for a CISC Architecture , 2006, USENIX Security Symposium.
[9] Reuben Olinsky,et al. Composing OS extensions safely and efficiently with Bascule , 2013, EuroSys '13.
[10] Jonathan M. Smith,et al. EROS: a fast capability system , 1999, SOSP.
[11] Galen C. Hunt,et al. Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.
[12] Philip Sedgwick,et al. Control groups , 2010, BMJ : British Medical Journal.
[13] Marianne Shaw,et al. Scale and performance in the Denali isolation kernel , 2002, OSDI '02.
[14] William R. Harris,et al. Verifying Information Flow Control over Unbounded Processes , 2009, FM.
[15] Matti A. Hiltunen,et al. System Call Monitoring Using Authenticated System Calls , 2006, IEEE Transactions on Dependable and Secure Computing.
[16] Alan H. Karp,et al. Polaris: virus-safe computing for Windows XP , 2006, CACM.
[17] Eran Tromer,et al. Noninterference for a Practical DIFC-Based Operating System , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[18] Donald E. Porter,et al. Cooperation and security isolation of library OSes for multi-process applications , 2014, EuroSys '14.
[19] Rodrigo Rodrigues,et al. Enhancing the OS against Security Threats in System Administration , 2012, Middleware.
[20] Bryan Ford,et al. Vx32: Lightweight User-level Sandboxing on the x86 , 2008, USENIX Annual Technical Conference.
[21] Phu H. Phung,et al. A two-tier sandbox architecture for untrusted JavaScript , 2012 .
[22] Vitaly Shmatikov,et al. Eternal Sunshine of the Spotless Machine: Protecting Privacy with Ephemeral Channels , 2012, OSDI.
[23] Muli Ben-Yehuda,et al. The Turtles Project: Design and Implementation of Nested Virtualization , 2010, OSDI.
[24] Neha Narula,et al. Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.
[25] Steve Vandebogart,et al. Labels and event processes in the Asbestos operating system , 2005, TOCS.
[26] Dorothy E. Denning,et al. A lattice model of secure information flow , 1976, CACM.
[27] David A. Wagner,et al. AdDroid: privilege separation for applications and advertisers in Android , 2012, ASIACCS '12.
[28] David Wagner,et al. Janus: an Approach for Confinement of Untrusted Applications , 1999 .
[29] Fred B. Schneider,et al. A Language-Based Approach to Security , 2001, Informatics.
[30] Derek Bruening,et al. Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.
[31] Shashi Shekhar,et al. AdSplit: Separating Smartphone Advertising from Applications , 2012, USENIX Security Symposium.
[32] David Wetherall,et al. Upgrading transport protocols using untrusted mobile code , 2003, SOSP '03.
[33] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.
[34] Anurag Acharya,et al. MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Applications , 2000, USENIX Security Symposium.
[35] Zhenkai Liang,et al. Codejail: Application-Transparent Isolation of Libraries with Tight Program Interactions , 2012, ESORICS.
[36] Michael Backes,et al. Boxify: Full-fledged App Sandboxing for Stock Android , 2015, USENIX Security Symposium.
[37] Hovav Shacham,et al. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.
[38] Donald E. Porter,et al. Practical techniques to obviate setuid-to-root binaries , 2014, EuroSys '14.
[39] Kirill Kolyshkin,et al. VIRTUALIZATION IN LINUX , 2006 .
[40] Hugo Herbelin,et al. The Coq proof assistant : reference manual, version 6.1 , 1997 .
[41] Zhenkai Liang,et al. AirBag: Boosting Smartphone Resistance to Malware Infection , 2014, NDSS.
[42] Andrea C. Arpaci-Dusseau,et al. Physical Disentanglement in a Container-Based File System , 2014, OSDI.
[43] Cheng Chen,et al. Tamper-Resistant Execution in an Untrusted Operating System Using A Virtual Machine Monitor , 2007 .
[44] Robert N. M. Watson,et al. Jails: confining the omnipotent root , 2000 .
[45] Eddie Kohler,et al. Making information flow explicit in HiStar , 2006, OSDI '06.
[46] William L. Scherlis,et al. Science of Security Hard Problems: A Lablet Perspective , 2012 .
[47] Larry L. Peterson,et al. Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors , 2007, EuroSys '07.
[48] Jason Nieh,et al. Secure Isolation of Untrusted Legacy Applications , 2007, LISA.
[49] Robert H. Deng,et al. AppShield: Protecting Applications Against Untrusted Operating System , 2013 .
[50] Xin Qi,et al. Fabric: a platform for secure distributed computation and storage , 2009, SOSP '09.
[51] Peng Ning,et al. SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms , 2011, CCS '11.
[52] Dirk Merkel,et al. Docker: lightweight Linux containers for consistent development and deployment , 2014 .
[53] Kevin Borders,et al. SVGrid: a secure virtual environment for untrusted grid applications , 2005, MGC '05.
[54] Steven McCanne,et al. The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.
[55] Dawson R. Engler,et al. Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.
[56] George C. Necula,et al. The design and implementation of a certifying compiler , 1998, PLDI.
[57] Patrick D. McDaniel,et al. Understanding Android Security , 2009, IEEE Security & Privacy Magazine.
[58] James Mickens,et al. Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains , 2014, 2014 IEEE Symposium on Security and Privacy.
[59] Xi Wang,et al. Jitk: A Trustworthy In-Kernel Interpreter Infrastructure , 2014, OSDI.
[60] Fred B. Schneider,et al. Enforceable security policies , 2000, TSEC.
[61] Deian Stefan,et al. Hails: Protecting Data Privacy in Untrusted Web Applications , 2012, OSDI.
[62] Luca Cardelli,et al. The Modula–3 type system , 1989, POPL '89.
[63] Robert Wahbe,et al. Efficient software-based fault isolation , 1994, SOSP '93.
[64] 共立出版株式会社. コンピュータ・サイエンス : ACM computing surveys , 1978 .
[65] Bennet S. Yee,et al. Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[66] Danfeng Zhang,et al. Ironclad Apps: End-to-End Security via Automated Full-System Verification , 2014, OSDI.
[67] Jon Crowcroft,et al. Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.
[68] Ken Thompson,et al. Plan 9 from Bell Labs , 1995 .
[69] Xiaofeng Meng,et al. Shuttle: Facilitating Inter-Application Interactions for OS-Level Virtualization , 2014, IEEE Transactions on Computers.
[70] Deyu Hu,et al. J-Kernel: A Capability-Based Operating System for Java , 2001, Secure Internet Programming.
[71] James R. Larus,et al. Singularity: rethinking the software stack , 2007, OPSR.
[72] Helen J. Wang,et al. The Multi-Principal OS Construction of the Gazelle Web Browser , 2009, USENIX Security Symposium.
[73] Weiyi Wu,et al. Deterministically Deterring Timing Attacks in Deterland , 2015, 1504.07070.
[74] Fabrice Bellard,et al. QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX Annual Technical Conference, FREENIX Track.
[75] Jun Zhu,et al. Breaking up is hard to do: security and functionality in a commodity hypervisor , 2011, SOSP.
[76] Mike Hibler,et al. Microkernels meet recursive virtual machines , 1996, OSDI '96.
[77] Donghai Tian,et al. Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions , 2011, NDSS.
[78] James P Anderson,et al. Computer Security Technology Planning Study , 1972 .
[79] Deian Stefan,et al. Protecting Users by Confining JavaScript with COWL , 2014, OSDI.
[80] Vitaly Shmatikov,et al. TxBox: Building Secure, Efficient Sandboxes with System Transactions , 2011, 2011 IEEE Symposium on Security and Privacy.
[81] ChiuehTzi-cker,et al. Facilitating inter-application interactions for OS-level virtualization , 2012 .
[82] Brian N. Bershad,et al. Extensibility safety and performance in the SPIN operating system , 1995, SOSP.
[83] Úlfar Erlingsson,et al. The Inlined Reference Monitor Approach to Security Policy Enforcement , 2004 .
[84] William Enck,et al. Preventing accidental data disclosure in modern operating systems , 2013, CCS.
[85] Ross J. Anderson,et al. Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.
[86] David Lie,et al. Splitting interfaces: making trust between applications and operating systems configurable , 2006, OSDI '06.
[87] James R. Larus,et al. Sealing OS processes to improve dependability and safety , 2007, EuroSys '07.
[88] Jon Howell,et al. Embassies: Radically Refactoring the Web , 2013, NSDI.
[89] Gerard J. Holzmann,et al. The Model Checker SPIN , 1997, IEEE Trans. Software Eng..
[90] George C. Necula,et al. Compiling with proofs , 1998 .
[91] Dilma Da Silva,et al. Libra: a library operating system for a jvm in a virtualized execution environment , 2007, VEE '07.
[92] Tal Garfinkel,et al. Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.
[93] Yue Chen,et al. ARMlock: Hardware-based Fault Isolation for ARM , 2014, CCS.
[94] Dan Grossman,et al. TALx86: A Realistic Typed Assembly Language∗ , 1999 .
[95] Christopher Small. MiSFIT: A Tool for Constructing Safe Extensible C++ Systems , 1997, COOTS.
[96] Eddie Kohler,et al. Information flow control for standard OS abstractions , 2007, SOSP.
[97] Michael K. Reiter,et al. Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.
[98] Joe Gibbs Politz,et al. ADsafety: Type-Based Verification of JavaScript Sandboxing , 2011, USENIX Security Symposium.
[99] Deian Stefan,et al. Addressing covert termination and timing channels in concurrent information flow systems , 2012, ICFP '12.
[100] Jeff Dike,et al. User-mode Linux , 2006, Annual Linux Showcase & Conference.
[101] Xiaoxin Chen,et al. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.
[102] Trent Jaeger,et al. From Trusted to Secure: Building and Executing Applications That Enforce System Security , 2007, USENIX Annual Technical Conference.
[103] Robbert van Renesse,et al. Enforcing Privacy Policies with Meta-Code , 2015, APSys.
[104] Miao Yu,et al. Dancing with Giants: Wimpy Kernels for On-Demand Isolated I/O , 2014, 2014 IEEE Symposium on Security and Privacy.
[105] Niels Provos,et al. Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.
[106] Michael K. Reiter,et al. HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.
[107] V. N. Venkatakrishnan,et al. AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements , 2010, USENIX Security Symposium.
[108] Haibo Chen,et al. Live updating operating systems using virtualization , 2006, VEE '06.
[109] R. Sailer,et al. sHype : Secure Hypervisor Approach to Trusted Virtualized Systems , 2005 .
[110] Robert Tappan Morris,et al. USENIX Association Proceedings of HotOS IX : The 9 th Workshop on Hot Topics in Operating Systems , 2003 .
[111] Michael K. Reiter,et al. Minimal TCB Code Execution , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).
[112] Calton Pu,et al. Reducing TCB complexity for security-sensitive applications: three case studies , 2006, EuroSys.
[113] Robert N. M. Watson,et al. Capsicum: Practical Capabilities for UNIX , 2010, USENIX Security Symposium.
[114] William K. Robertson,et al. PrivExec: Private Execution as an Operating System Service , 2013, 2013 IEEE Symposium on Security and Privacy.
[115] Ralf-Philipp Weinmann,et al. iOS Hacker's Handbook , 2012 .
[116] F. J. Corbat. INTRODUCTION AND OVERVIEW OF THE MULTICS SYSTEM , 2010 .
[117] Emmett Witchel,et al. InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.
[118] Miyi Duan,et al. Poster: towards formal verification of DIFC policies , 2011, CCS '11.
[119] William Enck,et al. PREC: practical root exploit containment for android devices , 2014, CODASPY '14.
[120] Carlos V. Rozas,et al. Innovative instructions and software model for isolated execution , 2013, HASP '13.
[121] James Newsome,et al. MiniBox: A Two-Way Sandbox for x86 Native Code , 2014, USENIX ATC.