Efficient Provisioning of a Trustworthy Environment for Security-Sensitive Applications

Autor:	Adrian Colesa, Adrian Augustin Pop, Sandor Lukacs, Radu I. Ciocas, Vlad I. Topan
Rok vydání:	2015
Předmět:	Trusted path Hardware virtualization Virtual machine Computer science Operating system Provisioning Hypervisor Isolation (database systems) Virtualization computer.software_genre Advanced Configuration and Power Interface GeneralLiterature_REFERENCE(e.g. dictionaries encyclopedias glossaries) computer
Zdroj:	Trust and Trustworthy Computing ISBN: 9783319228457 TRUST
DOI:	10.1007/978-3-319-22846-4_18
Popis:	We propose a method to provide the users a trusted secure environment to run their security-sensitive applications within. Our solution runs user applications in different virtual machines (VMs): security-sensitive applications in a trusted green VM, while the others in an untrusted red VM. We isolate the two VMs using hardware virtualization mechanisms and run them alternatively. This contributes for a smaller hypervisor, a safer VM isolation and trusted I/O channels to the green VM. Switching between VMs is based on the ACPI S3 sleep events. The trustworthiness of the green VM is sustained by its reduced and restricted software stack and its launch-time integrity attestation. We focus on reducing the red-to-green VM switching time by applying a stateless strategy for the green VM: use a RAM-disk and start it in a pristine state any time a red-to-green VM switch is performed. We load the green VM’s image in memory and reserve memory space for the green VM at boot time. This leads to a lower switching time of about 18 s.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_________::1c3322a59e10a6be91e0d11705a1c409 https://doi.org/10.1007/978-3-319-22846-4_18 Zobrazit plný text záznamu