Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
OSDI
2006
ACM
2006
ACM
Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable
In current commodity systems, applications have no way of limiting their trust in the underlying operating system (OS), leaving them at the complete mercy of an attacker who gains control over the OS. In this work, we describe the design and implementation of Proxos, a system that allows applications to configure their trust in the OS by partitioning the system call interface into trusted and untrusted components. System call routing rules that indicate which system calls are to be handled by the untrusted commodity OS, and which are to be handled by a trusted private OS, are specified by the application developer. We find that rather than defining a new system call interface, routing system calls of an existing interface allows applications currently targeted towards commodity operating systems to isolate their most sensitive components from the commodity OS with only minor source code modifications. We have built a prototype of our system on top of the Xen Virtual Machine Monitor wi...
Real-time TrafficCommodity Operating Systems | Commodity Os | Operating System | OSDI 2006 | Untrusted Commodity Os |
Related Content
| Added | 03 Dec 2009 |
| Updated | 03 Dec 2009 |
| Type | Conference |
| Year | 2006 |
| Where | OSDI |
| Authors | Richard Ta-Min, Lionel Litty, David Lie |
Comments (0)
Researcher Info
|
