{"title":"信息流感知虚拟机:可信计算的基础","authors":"M. Franz","doi":"10.1109/CATCH.2009.45","DOIUrl":null,"url":null,"abstract":"Many software systems in use today have enormous trusted computing bases (TCBs). We propose an architecture that makes it possible to shrink the TCB of many such systems. Our solution is based on a virtual-machine (VM) with added information-flow capabilities. In our architecture, all application programs run outside of the TCB under the control of the VM and cannot cause information leaks even if they try. We have implemented a prototype of this architecture and found that the resulting run-time overhead is much lower than expected. In many deployment contexts, it will be perfectly reasonable to make such a moderate performance sacrifice for the benefit of security.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Information-Flow Aware Virtual Machines: Foundations for Trustworthy Computing\",\"authors\":\"M. Franz\",\"doi\":\"10.1109/CATCH.2009.45\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many software systems in use today have enormous trusted computing bases (TCBs). We propose an architecture that makes it possible to shrink the TCB of many such systems. Our solution is based on a virtual-machine (VM) with added information-flow capabilities. In our architecture, all application programs run outside of the TCB under the control of the VM and cannot cause information leaks even if they try. We have implemented a prototype of this architecture and found that the resulting run-time overhead is much lower than expected. In many deployment contexts, it will be perfectly reasonable to make such a moderate performance sacrifice for the benefit of security.\",\"PeriodicalId\":130933,\"journal\":{\"name\":\"2009 Cybersecurity Applications & Technology Conference for Homeland Security\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-03-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Cybersecurity Applications & Technology Conference for Homeland Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CATCH.2009.45\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CATCH.2009.45","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Information-Flow Aware Virtual Machines: Foundations for Trustworthy Computing
Many software systems in use today have enormous trusted computing bases (TCBs). We propose an architecture that makes it possible to shrink the TCB of many such systems. Our solution is based on a virtual-machine (VM) with added information-flow capabilities. In our architecture, all application programs run outside of the TCB under the control of the VM and cannot cause information leaks even if they try. We have implemented a prototype of this architecture and found that the resulting run-time overhead is much lower than expected. In many deployment contexts, it will be perfectly reasonable to make such a moderate performance sacrifice for the benefit of security.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
