This Springer Brief discusses the uber e Xtensible Micro-hypervisor Framework (uber XMHF), a novel micro-hypervisor system security architecture and framework that can isolate security-sensitive applications from other untrustworthy applications on commodity platforms, enabling their safe co-existence. uber XMHF, in addition, facilitates runtime monitoring of the untrustworthy components, which is illustrated in this Springer Brief. uber XMHF focuses on three goals which are keys to achieving practical security on commodity platforms: (a) commodity compatibility (e.g., runs unmodified Linux and Windows) and unfettered access to platform hardware; (b) low trusted computing base and complexity; and (c) efficient implementation.
uber XMHF strives to be a comprehensible, practical and flexible platform for performing micro-hypervisor research and development. uber XMHF encapsulates common hypervisor core functionality in a framework that allows developers and users to build custom micro-hypervisor based (security-sensitive) applications (called ‘uberapps’). The authors describe several uberapps that employ uber XMHF and showcase the framework efficacy and versatility. These uberapps span a wide spectrum of security applications including application compartmentalization and sandboxing, attestation, approved code execution, key management, tracing, verifiable resource accounting, trusted-path and on-demand I/O isolation.
The authors are encouraged by the end result – a clean, barebones, low trusted computing base micro-hypervisor framework for commodity platforms with desirable performance characteristics and an architecture amenable to manual audits and/or formal reasoning. Active, open-source development of uber XMHF continues.
The primary audience for this Springer Brief is system (security) researchers and developers of commodity system software. Practitioners working in system security deployment mechanisms within industry and defense, as well as advanced-level students studying computer science with an interest in security will also want to read this Springer Brief.
Про автора
Amit Vasudevan is a Computer Scientist at the Software Engineering Institute (SEI), Carnegie Mellon University (CMU). His research interests include secure (embedded) systems and Io T, virtualization, trusted computing, formal methods, malware analysis and operating systems. His present research focuses on building formally verifiable and trustworthy computing systems. He is the principal force behind the design and development of uber Spark – an innovative architecture and framework for compositional formal verification of security properties of commodity system software; and the uber e Xtensible Micro-Hypervisor Framework (uber XMHF) – an open-source, extensible and formally verifiable micro-hypervisor framework which forms the foundation for a new class of (security-oriented) micro-hypervisor based applications (‘uberapps’) on commodity computing platforms.
He received his Ph.D. and M.S degrees from the Computer Science Department at UT Arlington and spent three yearsas a Post-doctoral fellow at Cy Lab, Carnegie Mellon University. Before that, he obtained his B.E. from the Computer Science Department at the BMS College of Engineering, Bangalore, India.
Більше електронних книг того самого автора / Редактор
16 593 Електронні книги в цій категорі
