Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Publication
- Publication Type
Articles 1 - 6 of 6
Full-Text Articles in Physical Sciences and Mathematics
Secure Enforcement Of Isolation Policy On Multicore Platforms With Virtualization Techniques, Siqi Zhao
Secure Enforcement Of Isolation Policy On Multicore Platforms With Virtualization Techniques, Siqi Zhao
Dissertations and Theses Collection (Open Access)
A number of virtualization based systems have been proposed in the literature as an effective measure against the adversaries with the kernel privilege. However, under a systematic analysis, such systems exhibit vulnerabilities that can still be exploited by such an attacker with the kernel privilege. The fundamental reason is that there is an inherent incompatibility between the tamper-proof requirement and the complete mediation requirement of the reference monitor model. The incompatibility manifests in the virtualization based systems in the form of a discrepancy between the enforcement capability demanded by the high-level policy and the one achievable through the system design …
Fimce: A Fully Isolated Micro-Computing Environment For Multicore Systems, Siqi Zhao, Xuhua Ding
Fimce: A Fully Isolated Micro-Computing Environment For Multicore Systems, Siqi Zhao, Xuhua Ding
Research Collection School Of Computing and Information Systems
Virtualization-based memory isolation has been widely used as a security primitive in various security systems to counter kernel-level attacks. In this article, our in-depth analysis on this primitive shows that its security is significantly undermined in the multicore setting when other hardware resources for computing are not enclosed within the isolation boundary. We thus propose to construct a fully isolated micro-computing environment (FIMCE) as a new primitive. By virtue of its architectural niche, FIMCE not only offers stronger security assurance than its predecessor, but also features a flexible and composable environment with support for peripheral device isolation, thus greatly expanding …
Fimce: A Fully Isolated Micro-Computing Environment For Multicore Systems, Siqi Zhao, Xuhua Ding
Fimce: A Fully Isolated Micro-Computing Environment For Multicore Systems, Siqi Zhao, Xuhua Ding
Research Collection School Of Computing and Information Systems
Virtualization-based memory isolation has been widely used as a security primitive in various security systems to counter kernel-level attacks. In this article, our in-depth analysis on this primitive shows that its security is significantly undermined in the multicore setting when other hardware resources for computing are not enclosed within the isolation boundary. We thus propose to construct a fully isolated micro-computing environment (FIMCE) as a new primitive. By virtue of its architectural niche, FIMCE not only offers stronger security assurance than its predecessor, but also features a flexible and composable environment with support for peripheral device isolation, thus greatly expanding …
Virtualization In Wireless Sensor Networks: Fault Tolerant Embedding For Internet Of Things, Omprakash Kaiwartya, Abdul Hanan Abdullah, Yue Cao, Jaime Lloret, Sushil Kumar, Rajiv Ratn Shah, Mukesh Prasad, Shiv Prakash
Virtualization In Wireless Sensor Networks: Fault Tolerant Embedding For Internet Of Things, Omprakash Kaiwartya, Abdul Hanan Abdullah, Yue Cao, Jaime Lloret, Sushil Kumar, Rajiv Ratn Shah, Mukesh Prasad, Shiv Prakash
Research Collection School Of Computing and Information Systems
Recently, virtualization in wireless sensor networks (WSNs) has witnessed significant attention due to the growing service domain for IoT. Related literature on virtualization in WSNs explored resource optimization without considering communication failure in WSNs environments. The failure of a communication link in WSNs impacts many virtual networks running IoT services. In this context, this paper proposes a framework for optimizing fault tolerance in virtualization in WSNs, focusing on heterogeneous networks for service-oriented IoT applications. An optimization problem is formulated considering fault tolerance and communication delay as two conflicting objectives. An adapted non-dominated sorting based genetic algorithm (A-NSGA) is developed to …
Tinyvisor: An Extensible Secure Framework On Android Platforms, Dong Shen, Zhoujun Li, Xiaojing Su, Jinxin Ma, Deng, Robert H.
Tinyvisor: An Extensible Secure Framework On Android Platforms, Dong Shen, Zhoujun Li, Xiaojing Su, Jinxin Ma, Deng, Robert H.
Research Collection School Of Computing and Information Systems
As the utilization of mobile platform keeps growing, the security issue of mobile platform becomes a serious threat to user privacy. The current security measures mainly focus on the application level and the framework level, with little protection on the kernel. Virtualization technologies have been used in x86 platforms to protect the security of the kernel. With a higher privilege than the guest operating system, the hypervisor can effectively detect and defend against the malicious activity inside the guest kernel. In this paper, we build a hypervisor framework called TinyVisor leveraging the ARM virtualization extensions to protect the guest system …
Securing Display Path For Security-Sensitive Applications On Mobile Devices, Jinhua Cui, Yuanyuan Zhang, Zhiping Cai, Anfeng Liu, Yangyang Li
Securing Display Path For Security-Sensitive Applications On Mobile Devices, Jinhua Cui, Yuanyuan Zhang, Zhiping Cai, Anfeng Liu, Yangyang Li
Research Collection School Of Computing and Information Systems
While smart devices based on ARM processor bring us a lot of convenience, they also become an attractive target of cyber-attacks. The threat is exaggerated as commodity OSes usually have a large code base and suffer from various software vulnerabilities. Nowadays, adversaries prefer to steal sensitive data by leaking the content of display output by a security-sensitive application. A promising solution is to exploit the hardware visualization extensions provided by modern ARM processors to construct a secure display path between the applications and the display device. In this work, we present a scheme named SecDisplay for trusted display service, it …