Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SIGOPSE
2004
ACM
2004
ACM
Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors
Secure systems are best built on top of a small trusted operating system: The smaller the operating system, the easier it can be assured or verified for correctness. In this paper, we oppose the view that virtual-machine monitors (VMMs) are the smallest systems that provide secure isolation because they have been specifically designed to provide little more than this property. The problem with this assertion is that VMMs typically do not support interprocess communication, complicating the use of untrusted components inside a secure systems. We propose extending traditional VMMs with features for secure message passing and memory sharing to enable the use of untrusted components in secure systems. We argue that moving system components out of the TCB into the untrusted part of the system and communicating with them using IPC reduces the overall size of the TCB. We argue that many secure applications can make use of untrusted components through trusted wrappers without risking securi...
Real-time Traffic| Added | 30 Jun 2010 |
| Updated | 30 Jun 2010 |
| Type | Conference |
| Year | 2004 |
| Where | SIGOPSE |
| Authors | Michael Hohmuth, Michael Peter, Hermann Härtig, Jonathan S. Shapiro |
Comments (0)
Researcher Info
|
