Securing Applications in Commodity Operating Systems

Description: Commodity Operating Systems are large, complicated and difficult to manage. Moreover, they contain a huge amount of legacy code that was not built with security in mind. However, clean-slate designs are impractical as they require a large amount of engineering effort to port or re-implement existing applications. Thus, we are wedded to these systems despite their inherent security flaws. This project takes the approach that if security cannot be implemented in the commodity operating system, it must be implemented below. Using virtual machine monitors, which are a layer of code that can be shimmed between the operating system and the hardware, we are building a new basis for security in future computing systems.

Funding: NSERC

Project Team: Kurniadi Asrigo, Lionel Litty, Richard Ta-Min, David Lie

Publications:

• Using VMM-Based Sensors to Monitor Honeypots (In Proceedings of the ACM 2nd International Conference on Virtual Execution Environments (VEE 2006) - 2006)
• Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable (In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2006) - 2006)
• Manitou: A Layer-Below Approach to Fighting Malware (In Proceedings of the ACM Workshop on Architectural and System Support for Improving Software Dependability (ASID 2006) - 2006)

URL:

Status: Active.