More Web Proxy on the site http://driver.im/

survey

A Study of Security Isolation Techniques

Authors:

Sigmund A Gorski III,

Benjamin Andow,

Adwait Nadkarni,

Luke Deshotels,

Xiaohui GuAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 49, Issue 3

Article No.: 50, Pages 1 - 37

https://doi.org/10.1145/2988545

Published: 12 October 2016 Publication History

Abstract

Security isolation is a foundation of computing systems that enables resilience to different forms of attacks. This article seeks to understand existing security isolation techniques by systematically classifying different approaches and analyzing their properties. We provide a hierarchical classification structure for grouping different security isolation techniques. At the top level, we consider two principal aspects: mechanism and policy. Each aspect is broken down into salient dimensions that describe key properties. We break the mechanism into two dimensions, enforcement location and isolation granularity, and break the policy aspect down into three dimensions: policy generation, policy configurability, and policy lifetime. We apply our classification to a set of representative articles that cover a breadth of security isolation techniques and discuss tradeoffs among different design choices and limitations of existing approaches.

References

[1]

Anurag Acharya and Mandar Raje. 2000. MAPbox: Using parameterized behavior classes to confine untrusted applications. In Proceedings of the 9th Conference on USENIX Security Symposium-Volume 9. USENIX Association, 1--1.

Digital Library

[2]

AMD64. 2005. Secure virtual machine architecture reference manual. AMD Publication 33047 (2005).

[3]

Glenn Ammons, Jonathan Appavoo, Maria Butrico, Dilma Da Silva, David Grove, Kiyokuni Kawachiya, Orran Krieger, Bryan Rosenburg, Eric Van Hensbergen, and Robert W. Wisniewski. 2007. Libra: A library operating system for a jvm in a virtualized execution environment. In Proceedings of the 3rd International Conference on Virtual Execution Environments. ACM, 44--54.

Digital Library

[4]

J. P. Anderson. 1972. Computer Security Technology Planning Study. ESDTR-73-51. Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA. (Also available as Vol. I, DITCAD-758206. Vol. II DITCAD-772806).

[5]

Apple Inc. 2015. System Integrity Protection Guide. Retrieved from https://developer.apple.com/library/mac/documentation/Security/Conceptual/System_Integrity_Protection_Guide/Introduction/Introduction.html#//apple_ref/doc/uid/TP40016462-CH1-DontLinkElementID_15.

[6]

Ahmed M. Azab, Peng Ning, and Xiaolan Zhang. 2011. Sice: A hardware-level strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, 375--388.

Digital Library

[7]

Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, and Philipp von Styp-Rekowsky. 2015. Boxify: Full-fledged app sandboxing for stock android. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 15). 691--706.

Digital Library

[8]

Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the art of virtualization. ACM SIGOPS Operat. Syst. Rev. 37, 5 (2003), 164--177.

Digital Library

[9]

Andrew Baumann, Dongyoon Lee, Pedro Fonseca, Lisa Glendenning, Jacob R. Lorch, Barry Bond, Reuben Olinsky, and Galen C. Hunt. 2013. Composing OS extensions safely and efficiently with Bascule. In Proceedings of the 8th ACM European Conference on Computer Systems. ACM, 239--252.

Digital Library

[10]

Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with haven. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI).

Digital Library

[11]

Fabrice Bellard. 2005. QEMU, a fast and portable dynamic translator. In Proceedings of the USENIX Annual Technical Conference, FREENIX Track. 41--46.

Digital Library

[12]

Muli Ben-Yehuda, Michael D. Day, Zvi Dubitzky, Michael Factor, Nadav Har’El, Abel Gordon, Anthony Liguori, Orit Wasserman, and Ben-Ami Yassour. 2010. The turtles project: Design and implementation of nested virtualization. In OSDI, Vol. 10. 423--436.

Digital Library

[13]

Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gün Sirer, Marc E. Fiuczynski, David Becker, Craig Chambers, and Susan Eggers. 1995. Extensibility Safety and Performance in the SPIN Operating System. Vol. 29. ACM.

Digital Library

[14]

Luca Cardelli, Jim Donahue, Mick Jordan, Bill Kalsow, and Greg Nelson. 1989. The modula--3 type system. In Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 202--212.

Digital Library

[15]

Benjie Chen and Robert Morris. 2003. Certifying program execution with secure processors. In HotOS. 133--138.

Digital Library

[16]

Haibo Chen, Fengzhe Zhang, Cheng Chen, Ziye Yang, Rong Chen, Binyu Zang, and Wenbo Mao. 2007. Tamper-resistant execution in an untrusted operating system using a virtual machine monitor.

[17]

Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R. K. Ports. 2008. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In ACM SIGOPS Operating Systems Review, Vol. 42. ACM, 2--13.

Digital Library

[18]

Yueqiang Cheng, Xuhua Ding, and R. Deng. 2013. Appshield: Protecting applications against untrusted operating system. Singaport Management University Technical Report, SMU-SIS-13 101 (2013).

[19]

Chris Clayton. 2013. Understanding Application Domains. Retrieved from https://blogs.msdn.microsoft.com/cclayton/2013/05/21/understanding-application-domains/. (2013).

[20]

Patrick Colp, Mihir Nanavati, Jun Zhu, William Aiello, George Coker, Tim Deegan, Peter Loscocco, and Andrew Warfield. 2011. Breaking up is hard to do: Security and functionality in a commodity hypervisor. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. ACM, 189--202.

Digital Library

[21]

Fernando J. Corbató and Victor A. Vyssotsky. 1965. Introduction and overview of the Multics system. In Proceedings of the November 30--December 1, 1965, Fall Joint Computer Conference, Part I. ACM, 185--196.

Digital Library

[22]

Jonathan Corbet. 2009. Seccomp and sandboxing. LWN.net, May (2009).

[23]

Cristina Cornes, Judicaël Courant, Jean-Christophe Filliâtre, Gérard Huet, Pascal Manoury, Christine Paulin-Mohring, César Munoz, Chetan Murthy, Catherine Parent, Amokrane Saibi, and others. 1995. The Coq Proof Assistant Reference Manual, Version 5.10. Technical Report. INRIA, France. Research Report, RT-0177, inria-00069994.

[24]

K. Crary, Neal Glew, Dan Grossman, Richard Samuels, F. Smith, D. Walker, S. Weirich, and S. Zdancewic. 1999. TALx86: A realistic typed assembly language. In Proeedings of the 1999 ACM SIGPLAN Workshop on Compiler Support for System Software. 25--35.

[25]

Dorothey E. Denning. 1976. A lattice model of secure information flow. Commun. ACM 19, 5 (May 1976).

Digital Library

[26]

Jeff Dike and others. 2001. User mode linux. (2001).

[27]

Alan M. Dunn, Michael Z. Lee, Suman Jana, Sangman Kim, Mark Silberstein, Yuanzhong Xu, Vitaly Shmatikov, and Emmett Witchel. 2012. Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. In Presented as Part of the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12). 61--75.

Digital Library

[28]

William Enck, Machigar Ongtang, and Patrick McDaniel. 2009. Understanding android security. IEEE Sec. Priv. 1 (2009), 50--57.

Digital Library

[29]

Dawson R. Engler, M. Frans Kaashoek, and others. 1995. Exokernel: An Operating System Architecture for Application-level Resource Management. Vol. 29. ACM.

Digital Library

[30]

Ulfar Erlingsson. 2003. The Inlined Reference Monitor Approach to Security Policy Enforcement. Technical Report. Cornell University.

[31]

Bryan Ford and Russ Cox. 2008. Vx32: Lightweight user-level sandboxing on the x86. In USENIX Annual Technical Conference. Boston, MA, 293--306.

Digital Library

[32]

Bryan Ford, Mike Hibler, Jay Lepreau, Patrick Tullmann, Godmar Back, and Stephen Clawson. 1996. Microkernels meet recursive virtual machines. In OSDI, Vol. 96. 137--151.

Digital Library

[33]

Bill Frantz. 1988. KeyKOS-asecure, high-performanceenvironmentforS/370. In Proc. of SHARE 70 (1988), 465--471.

[34]

Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. 2003. Terra: A virtual machine-based platform for trusted computing. In ACM SIGOPS Operating Systems Review, Vol. 37. ACM, 193--206.

Digital Library

[35]

Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazieres, John C. Mitchell, and Alejandro Russo. 2012. Hails: Protecting data privacy in untrusted web applications. In OSDI. 47--60.

Digital Library

[36]

William R. Harris, Somesh Jha, and Thomas Reps. 2010. DIFC programs by automatic instrumentation. In Proceedings of the 17th ACM Conference on Computer and Communications Security. ACM, 284--296.

Digital Library

[37]

William R. Harris, Nicholas A. Kidd, Sagar Chaki, Somesh Jha, and Thomas Reps. 2009. Verifying information flow control over unbounded processes. In FM 2009: Formal Methods. Springer, 773--789.

Digital Library

[38]

Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, and Brian Zill. 2014. Ironclad apps: End-to-end security via automated full-system verification. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). 165--181.

Digital Library

[39]

Matt Helsley. 2009. LXC: Linux container tools. IBM devloperWorks Technical Library (2009).

[40]

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick Drew McDaniel. 2007. From trusted to secure: Building and executing applications that enforce system security. In Proceedings of the USENIX Annual Technical Conference, Vol. 7. 34.

Digital Library

[41]

Tsung-Hsuan Ho, Daniel Dean, Xiaohui Gu, and William Enck. 2014. PREC: Practical root exploit containment for android devices. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. ACM, 187--198.

Digital Library

[42]

Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. 2013. Inktag: Secure applications on an untrusted operating system. ACM SIGPLAN Not. 48, 4 (2013), 265--278.

Digital Library

[43]

Gerard J. Holzmann. 1997. The model checker SPIN. IEEE Trans. Softw. Eng. 23, 5 (1997), 279--295.

Digital Library

[44]

Jon Howell, Bryan Parno, and John R. Douceur. 2013. Embassies: Radically refactoring the web. In NSDI. 529--545.

Digital Library

[45]

Galen Hunt, Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James Larus, Steven Levi, Bjarne Steensgaard, David Tarditi, and Ted Wobber. 2007. Sealing OS processes to improve dependability and safety. In ACM SIGOPS Operating Systems Review, Vol. 41. ACM, 341--354.

Digital Library

[46]

Galen C. Hunt and James R. Larus. 2007. Singularity: Rethinking the software stack. ACM SIGOPS Operating Systems Review 41, 2 (2007), 37--49.

Digital Library

[47]

Intel. 2007. Intel Trusted Execution Technology. Retrieved from http://www.intel.com/content/www/us/en/architecture-and-technology/trusted-execution-technology/trusted-execution-technology-security-paper.html. (2007).

[48]

Bhushan Jain, Chia-Che Tsai, Jitin John, and Donald E. Porter. 2014. Practical techniques to obviate setuid-to-root binaries. In Proceedings of the 9th European Conference on Computer Systems (EuroSys’14). ACM, New York, NY, Article 8, 14 pages.

Digital Library

[49]

Suman Jana, Donald E. Porter, and Vitaly Shmatikov. 2011. TxBox: Building secure, officient sandboxes with system transactions. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP). IEEE, 329--344.

Digital Library

[50]

Håvard D. Johansen, Eleanor Birrell, Robbert van Renesse, Fred B. Schneider, Magnus Stenhaug, and Dag Johansen. 2015. Enforcing privacy policies with meta-code. In Proceedings of the 6th Asia-Pacific Workshop on Systems (APSys’15). Article 16.

Digital Library

[51]

Poul-Henning Kamp and Robert N. M. Watson. 2000. Jails: Confining the omnipotent root. In Proceedings of the 2nd International SANE Conference, Vol. 43. 116.

[52]

Taesoo Kim and Nickolai Zeldovich. 2013. Practical and effective sandboxing for non-root users. In Presented as Part of the 2013 USENIX Annual Technical Conference. USENIX, 139--144.

Digital Library

[53]

Vladimir Kiriansky, Derek Bruening, and Saman P. Amarasinghe. 2002. Secure execution via program shepherding. In Proceedings of the USENIX Security Symposium, Vol. 92.

Digital Library

[54]

Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, and others. 2009. seL4: Formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles. ACM, 207--220.

Digital Library

[55]

Kirill Kolyshkin. 2006. Virtualization in linux. White Paper, OpenVZ (2006).

[56]

Maxwell Krohn and Eran Tromer. 2009. Noninterference for a practical DIFC-based operating system. In Proceedings of the IEEE Symposium on Security and Privacy. 61--76.

Digital Library

[57]

Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, and Robert Morris. 2007. Information flow control for standard OS abstractions. In Proceedings of ACM Symposium on Operating Systems Principles (SOSP). 321--334.

Digital Library

[58]

Yanlin Li, J. M. McCune, James Newsome, Adrian Perrig, Brandon Baker, and Will Drewry. 2014. MiniBox: A two-way sandbox for x86 native code. In Proceedings of the 2014 USENIX Annual Technical Conference.

Digital Library

[59]

Jed Liu, Michael D. George, Krishnaprasad Vikram, Xin Qi, Lucas Waye, and Andrew C. Myers. 2009. Fabric: A platform for secure distributed computation and storage. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles. ACM, 321--334.

Digital Library

[60]

Lanyue Lu, Yupu Zhang, Thanh Do, Samer Al-Kiswany, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2014. Physical disentanglement in a container-based file system. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation. USENIX Association, 81--96.

Digital Library

[61]

Anil Madhavapeddy, Richard Mortier, Charalampos Rotsos, David Scott, Balraj Singh, Thomas Gazagnaire, Steven Smith, Steven Hand, and Jon Crowcroft. 2013. Unikernels: Library operating systems for the cloud. In ACM SIGPLAN Notices, Vol. 48. ACM, 461--472.

Digital Library

[62]

Stephen McCamant and Greg Morrisett. 2006. Evaluating SFI for a CISC architecture. In Usenix Security. 15.

Digital Library

[63]

Steven McCanne and Van Jacobson. 1993. The BSD packet filter: A new architecture for user-level packet capture. In Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings. USENIX Association, 2--2.

Digital Library

[64]

Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. 2010. TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP). IEEE, 143--158.

Digital Library

[65]

Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. 2007. Minimal TCB code execution. In Proceedings of the IEEE Symposium on Security and Privacy, 2007. SP’07. IEEE, 267--272.

Digital Library

[66]

Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In ACM SIGOPS Operating Systems Review, Vol. 42. ACM, 315--328.

Digital Library

[67]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 1--1.

Digital Library

[68]

Paul Menage. 2004. Control Groups. Retrieved from https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt. (2004).

[69]

Dirk Merkel. 2014. Docker: Lightweight Linux containers for consistent development and deployment. Linux J. 2014, 239 (2014), 2.

Digital Library

[70]

James Mickens. 2014. Pivot: Fast, synchronous mashup isolation using generator chains. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP). IEEE, 261--275.

Digital Library

[71]

Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser, Vincenzo Iozzo, and Ralf-Philip Weinmann. 2012. iOS Hacker’s Handbook. John Wiley 8 Sons.

[72]

Mark S. Miller, Mike Samuel, Ben Laurie, Ihab Awad, and Mike Stay. 2008. Safe Active Content in Sanitized JavaScript. Technical Report. Google, Inc.

[73]

MSDN. 2012. Understanding Enhanced Protection Mode. Retrieved from http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx. (2012).

[74]

Adwait Nadkarni and William Enck. 2013. Preventing accidental data disclosure in modern operating systems. In Proceedings of the 2013 ACM SIGSAC Conference on Computer 8 Communications Security. 1029--1042.

Digital Library

[75]

National Security Agency. 2009. Security-Enhanced Linux (SELinux). Retrieved from http://www.nsa.gov/research/selinux. (2009).

[76]

George C. Necula. 1998. Compiling with Proofs. Technical Report. DTIC Document.

[77]

George C. Necula and Peter Lee. 1998. The design and implementation of a certifying compiler. In Proceedings of the ACM SIGPLAN 1998 Conference on Programming Language Design and Implementation (PLDI’98). 333--344.

Digital Library

[78]

David M. Nicol, William H. Sanders, William L. Scherlis, and Laurie A. Williams. 2012. Science of Security Hard Problems: A Lablet Perspective. Science of Security Virtual Organization Web. (Nov. 2012).

[79]

Kaan Onarlioglu, Collin Mulliner, William Robertson, and Engin Kirda. 2013. Privexec: Private execution as an operating system service. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP). IEEE, 206--220.

Digital Library

[80]

Parveen Patel, Andrew Whitaker, David Wetherall, Jay Lepreau, and Tim Stack. 2003. Upgrading transport protocols using untrusted mobile code. In ACM SIGOPS Operating Systems Review, Vol. 37. ACM, 1--14.

Digital Library

[81]

Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, and David Wagner. 2012. Addroid: Privilege separation for applications and advertisers in android. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM, 71--72.

Digital Library

[82]

Phu H. Phung and Lieven Desmet. 2012. A two-tier sandbox architecture for untrusted JavaScript. In Proceedings of the Workshop on JavaScript Tools. ACM, 1--10.

Digital Library

[83]

R. Pike, D. Presotto, K. Thompson, and H. Trickey. 1990. Plan 9 from bell labs. In Proceedings of the UKUUG Conference. London, UK, 1--9.

[84]

Joe Gibbs Politz, Spiridon Aristides Eliopoulos, Arjun Guha, and Shriram Krishnamurthi. 2011. ADsafety: Type-based verification of JavaScript sandboxing. In Proceedings of the 20th USENIX Conference on Security. Usenix Association, 12--12.

Digital Library

[85]

Donald E. Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinsky, and Galen C. Hunt. 2011. Rethinking the library OS from the top down. ACM SIGPLAN Not. 46, 3 (2011), 291--304.

Digital Library

[86]

Shaya Potter, Jason Nieh, and Matt Selsky. 2007. Secure isolation of untrusted legacy applications. In LISA, Vol. 7. 1--14.

Digital Library

[87]

Niels Provos. 2003. Improving host security with system call policies. In USENIX Security, Vol. 3.

Digital Library

[88]

Mohan Rajagopalan, Matti A. Hiltunen, Trevor Jim, and Richard D. Schlichting. 2006. System call monitoring using authenticated system calls. IEEE Trans. Depend. Sec. Comput. 3, 3 (2006), 216--229.

Digital Library

[89]

Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, 199--212.

Digital Library

[90]

Dan Rosenberg. 2014. Qsee trustzone kernel integer over flow vulnerability. In Black Hat Conference.

[91]

Joanna Rutkowska. 2012. Introducing Qubes 1.0. Retrieved from http://theinvisiblethings.blogspot.com/2012/09/introducing-qubes-10.html. (2012).

[92]

Reiner Sailer, Enriquillo Valdez, Trent Jaeger, Ronald Perez, Leendert Van Doorn, John Linwood Griffin, Stefan Berger, Reiner Sailer, Enriquillo Valdez, Trent Jaeger, and others. 2005. sHype: Secure hypervisor approach to trusted virtualized systems. Technical Report RC23511 (2005).

[93]

Jerry Saltzer and Mike Schroeder. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (Sep. 1975).

[94]

Nuno Santos, Rodrigo Rodrigues, and Bryan Ford. 2012. Enhancing the OS against security threats in system administration. In Middleware 2012. Springer, 415--435.

Digital Library

[95]

Fred B. Schneider. 2000. Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 1 (Feb. 2000), 30--50.

Digital Library

[96]

Fred B. Schneider, Greg Morrisett, and Robert Harper. 2001. A language-based approach to security. In Informatics. Springer, 86--101.

Digital Library

[97]

Zhiyong Shan, Xin Wang, Tzi-cker Chiueh, and Xiaofeng Meng. 2012. Facilitating inter-application interactions for os-level virtualization. In ACM SIGPLAN Notices, Vol. 47. ACM, 75--86.

Digital Library

[98]

Jonathan S. Shapiro, Jonathan M. Smith, and David J. Farber. 1999. EROS: A fast capability system. In Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP’99). ACM, New York, NY, 170--185.

Digital Library

[99]

Shashi Shekhar, Michael Dietz, and Dan S. Wallach. 2012. AdSplit: Separating smartphone advertising from applications. In USENIX Security Symposium. 553--567.

Digital Library

[100]

Lenin Singaravelu, Calton Pu, Hermann Härtig, and Christian Helmuth. 2006. Reducing TCB complexity for security-sensitive applications: Three case studies. ACM SIGOPS Operat. Syst. Rev. 40, 4 (2006), 161--174.

Digital Library

[101]

Christopher Small. 1997. A tool for constructing safe extensible C++ systems. In Proceedings of the 3rd USENIX Conference on Object-Oriented Technologies and Systems. 175--184.

Digital Library

[102]

Stephen Soltesz, Herbert Pötzl, Marc E. Fiuczynski, Andy Bavier, and Larry Peterson. 2007. Container-based operating system virtualization: A scalable, high-performance alternative to hypervisors. In ACM SIGOPS Operating Systems Review, Vol. 41. ACM, 275--287.

Digital Library

[103]

Deian Stefan, Alejandro Russo, Pablo Buiras, Amit Levy, John C. Mitchell, and David Mazieres. 2012. Addressing covert termination and timing channels in concurrent information flow systems. In ACM SIGPLAN Notices, Vol. 47. ACM, 201--214.

Digital Library

[104]

Deian Stefan, Edward Z. Yang, Petr Marchenko, Alejandro Russo, Dave Herman, Brad Karp, and David Mazieres. 2014. Protecting users by confining JavaScript with COWL. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI’14).

Digital Library

[105]

Marc Stiegler, Alan H. Karp, Ka-Ping Yee, Tyler Close, and Mark S. Miller. 2006. Polaris: Virus-safe computing for windows XP. Commun. ACM 49, 9 (2006), 83--88.

Digital Library

[106]

Richard Ta-Min, Lionel Litty, and David Lie. 2006. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation. USENIX Association, 279--292.

Digital Library

[107]

Mike Ter Louw, Karthik Thotta Ganesh, and V. N. Venkatakrishnan. 2010. AdJail: Practical enforcement of confidentiality and integrity policies on web advertisements. In Proceedings of the USENIX Security Symposium. 371--388.

Digital Library

[108]

Trusted Computing Group. 2011. TPM Main Specification. Retrieved from http://www.trustedcomputinggroup.org/resources/tpm_main_specification. (2011).

[109]

Chia-Che Tsai, Kumar Saurabh Arora, Nehal Bandi, Bhushan Jain, William Jannen, Jitin John, Harry A. Kalodner, Vrushali Kulkarni, Daniela Oliveira, and Donald E. Porter. 2014. Cooperation and security isolation of library OSes for multi-process applications. In Proceedings of the 9th European Conference on Computer Systems. ACM, 9.

Digital Library

[110]

Steve Vandebogart, Petros Efstathopoulos, Eddie Kohler, Maxwell Krohn, Cliff Frey, David Ziegler, Frans Kaashoek, Robert Morris, and David Mazières. 2007. Labels and event processes in the Asbestos operating system. ACM Trans. Comput. Syst. 25, 4 (December 2007).

Digital Library

[111]

Thorsten Von Eicken, Chi-Chao Chang, Grzegorz Czajkowski, Chris Hawblitzel, Deyu Hu, and Dan Spoonhower. 1999. J-kernel: A capability-based operating system for java. In Secure Internet Programming. Springer, 369--393.

Digital Library

[112]

David A. Wagner. 1999. Janus: An Approach for Confinement of Untrusted Applications. Ph.D. Dissertation. Department of Electrical Engineering and Computer Sciences, University of California at Berkeley.

[113]

Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1994. Efficient software-based fault isolation. In ACM SIGOPS Operating Systems Review, Vol. 27. ACM, 203--216.

Digital Library

[114]

Helen J. Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter. 2009. The multi-principal OS construction of the Gazelle web browser. In Proceedings of the USENIX Security Symposium, Vol. 28.

Digital Library

[115]

Xi Wang, David Lazar, Nickolai Zeldovich, Adam Chlipala, and Zachary Tatlock. 2014. Jitk: A trustworthy in-kernel interpreter infrastructure. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI’14). 33--47.

Digital Library

[116]

Robert N. M. Watson, Jonathan Anderson, Ben Laurie, and Kris Kennaway. 2010. Capsicum: Practical capabilities for UNIX. In Proceedings of the USENIX Security Symposium. 29--46.

Digital Library

[117]

Andrew Whitaker, Marianne Shaw, and Steven D. Gribble. 2002. Scale and performance in the Denali isolation kernel. ACM SIGOPS Operating Systems Review 36, SI (2002), 195--209.

Digital Library

[118]

Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, and Xuxian Jiang. 2014. Airbag: Boosting smartphone resistance to malware infection. In Proceedings of the Network and Distributed System Security Symposium.

[119]

Weiyi Wu and Bryan Ford. 2015. Deterministically deterring timing attacks in Deterland. Conference on Timely Results in Operating Systems (TRIOS).

[120]

Yongzheng Wu, Sai Sathyanarayan, Roland H. C. Yap, and Zhenkai Liang. 2012. Codejail: Application-transparent isolation of libraries with tight program interactions. In Computer Security--ESORICS 2012. Springer, 859--876.

[121]

Xi Xiong, Donghai Tian, and Peng Liu. 2011. Practical protection of kernel integrity for commodity OS from untrusted extensions. In NDSS.

[122]

Rubin Xu, Hassen Saïdi, and Ross Anderson. 2012. Aurasium: Practical policy enforcement for android applications. In USENIX Security Symposium. 539--552.

Digital Library

[123]

Jisoo Yang and Kang G. Shin. 2008. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. ACM, 71--80.

Digital Library

[124]

Zhi Yang, Lihua Yin, Miyi Duan, and Shuyuan Jin. 2011. Poster: Towards formal verification of DIFC policies. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 873--876.

Digital Library

[125]

Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy. IEEE, 79--93.

Digital Library

[126]

Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. 2006. Making information flow explicit in HiStar. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI). 263--278.

Digital Library

[127]

Yinqian Zhang, Ari Juels, Alina Oprea, and Michael K. Reiter. 2011. Homealone: Co-residency detection in the cloud via side-channel analysis. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP). IEEE, 313--328.

Digital Library

[128]

Lu Zhao, Guodong Li, Bjorn De Sutter, and John Regehr. 2011. ARMor: Fully verified software fault isolation. In Proceedings of the 2011 International Conference on Embedded Software (EMSOFT). IEEE, 289--298.

Digital Library

[129]

Xin Zhao, Kevin Borders, and Atul Prakash. 2005. Svgrid: A secure virtual environment for untrusted grid applications. In Proceedings of the 3rd International Workshop on Middleware for Grid Computing. ACM, 1--6.

Digital Library

[130]

Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang. 2014a. ARMlock: Hardware-based fault isolation for ARM. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 558--569.

Digital Library

[131]

Zongwei Zhou, Miao Yu, and Virgil D. Gligor. 2014b. Dancing with giants: Wimpy kernels for on-demand isolated I/O. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP). IEEE, 308--323.

Digital Library

Cited By

Zhong YChen PZhang H(2025)ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPFIEEE Access10.1109/ACCESS.2024.345049613(6487-6506)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2024.3450496
Niemi A(2024)Survey of Real-World Process Sandboxing2024 35th Conference of Open Innovations Association (FRUCT)10.23919/FRUCT61870.2024.10516417(520-531)Online publication date: 24-Apr-2024
https://doi.org/10.23919/FRUCT61870.2024.10516417
Saleh FKarmoshi SFapojuwo AZhong H(2024)TARA: Tenant-Aware Resource Allocation in Multi-Tenant Data CentersIEEE Transactions on Network and Service Management10.1109/TNSM.2024.344268821:6(6349-6363)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3442688
Show More Cited By

Recommendations

Isolation and Beyond: Challenges for System Security
HotOS '19: Proceedings of the Workshop on Hot Topics in Operating Systems

System security has historically relied on hardware-provided isolation primitives. However, Meltdown [36] and Spectre [30] demonstrate that basic user/kernel isolation could be bypassed in every widely deployed ISA for decades; they are a caution to ...
Demystifying Arm TrustZone: A Comprehensive Survey

The world is undergoing an unprecedented technological transformation, evolving into a state where ubiquitous Internet-enabled “things” will be able to generate and share large amounts of security- and privacy-sensitive data. To cope with the security ...
Efficient software-based fault isolation
SOSP '93: Proceedings of the fourteenth ACM symposium on Operating systems principles

One way to provide fault isolation among cooperating software modules is to place each in its own address space. However, for tightly-coupled modules, this solution incurs prohibitive context switch overhead. In this paper, we present a software ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 49, Issue 3

September 2017

658 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/2988524

Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering/University of Florida/Gainesville, FL

Issue’s Table of Contents

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2016

Accepted: 01 August 2016

Revised: 01 July 2016

Received: 01 September 2015

Published in CSUR Volume 49, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Funding Sources

National Security Agency under the Science of Security Lablet at North Carolina State University

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
1,897
Total Downloads

Downloads (Last 12 months)137
Downloads (Last 6 weeks)15

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhong YChen PZhang H(2025)ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPFIEEE Access10.1109/ACCESS.2024.345049613(6487-6506)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2024.3450496
Niemi A(2024)Survey of Real-World Process Sandboxing2024 35th Conference of Open Innovations Association (FRUCT)10.23919/FRUCT61870.2024.10516417(520-531)Online publication date: 24-Apr-2024
https://doi.org/10.23919/FRUCT61870.2024.10516417
Saleh FKarmoshi SFapojuwo AZhong H(2024)TARA: Tenant-Aware Resource Allocation in Multi-Tenant Data CentersIEEE Transactions on Network and Service Management10.1109/TNSM.2024.344268821:6(6349-6363)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3442688
Wang ZMa Y(2024)Enhancing Task Matching in Online Labor Markets Using Multi-field Features Interaction and Meta-learningLISS 202310.1007/978-981-97-4045-1_43(556-571)Online publication date: 21-Jul-2024
https://doi.org/10.1007/978-981-97-4045-1_43
Mazzocca CGarbugli AArmillotta MMontanari RBellavista P(2024)Flexible and Secure Process Confinement with eBPFSecurity and Trust Management10.1007/978-3-031-76371-7_7(97-109)Online publication date: 19-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-76371-7_7
Miketic IDhananjay KSalman E(2023)Covert Channel Communication as an Emerging Security Threat in 2.5D/3D Integrated SystemsSensors10.3390/s2304208123:4(2081)Online publication date: 13-Feb-2023
https://doi.org/10.3390/s23042081
Schlegel M(2023)Trusted Implementation and Enforcement of Application Security PoliciesE-Business and Telecommunications10.1007/978-3-031-36840-0_16(362-388)Online publication date: 22-Jul-2023
https://doi.org/10.1007/978-3-031-36840-0_16
Shukla MTupsamudre HLodha S(2022)Enterprise SecurityResearch Anthology on Business Aspects of Cybersecurity10.4018/978-1-6684-3698-1.ch021(441-470)Online publication date: 2022
https://doi.org/10.4018/978-1-6684-3698-1.ch021
Seo JLee SKim KKim K(2022)A Fine-Grained Secure Service Provisioning Platform for Hypervisor SystemsElectronics10.3390/electronics1110160611:10(1606)Online publication date: 18-May-2022
https://doi.org/10.3390/electronics11101606
Anzai SMisono MNakamura RKuga YShinagawa TSerafini MXu H(2022)Towards isolated execution at the machine levelProceedings of the 13th ACM SIGOPS Asia-Pacific Workshop on Systems10.1145/3546591.3547530(68-77)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3546591.3547530
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents