Safe and Efficient Implementation of a Security System on ARM using Intra-level Privilege Separation
Security monitoring has long been considered as a fundamental mechanism to mitigate the damage of a security attack. Recently, intra-level security systems have been proposed that can efficiently and securely monitor system software without any involvement of more privileged entity. Unfortunately, t...
Gespeichert in:
| Veröffentlicht in: | ACM transactions on privacy and security 2019-05, Vol.22 (2), p.1-30 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 30 |
|---|---|
| container_issue | 2 |
| container_start_page | 1 |
| container_title | ACM transactions on privacy and security |
| container_volume | 22 |
| creator | Kwon, Donghyun Yi, Hayoon Cho, Yeongpil Paek, Yunheung |
| description | Security monitoring has long been considered as a fundamental mechanism to mitigate the damage of a security attack. Recently, intra-level security systems have been proposed that can efficiently and securely monitor system software without any involvement of more privileged entity. Unfortunately, there exists no full intra-level security system that can universally operate at any privilege level on ARM. However, as malware and attacks increase against virtually every level of privileged software including an OS, a hypervisor, and even the highest privileged software armored by TrustZone, we have been motivated to develop an intra-level security system, named
Hilps
. Hilps realizes true intra-level scheme in all these levels of privileged software on ARM by elaborately exploiting a new hardware feature of ARM’s latest 64-bit architecture, called TxSZ, that enables elastic adjustment of the accessible virtual address range. Furthermore, Hilps newly supports the sandbox mechanism that provides security tools with individually isolated execution environments, thereby minimizing security threats from untrusted security tools. We have implemented a prototype of Hilps on a real machine. The experimental results demonstrate that Hilps is quite promising for practical use in real deployments. |
| doi_str_mv | 10.1145/3309698 |
| format | Article |
| fullrecord | <record><control><sourceid>crossref</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3309698</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10_1145_3309698</sourcerecordid><originalsourceid>FETCH-LOGICAL-c225t-b36f1f46ca3fcdf6e23cb11a0c8fd0cfe1570970122b1a1b41abd4813f05e1713</originalsourceid><addsrcrecordid>eNo9kFFLwzAUhYMoOObwL-TNp2pukqbt4xhTBxPF6XNJ03tHpO1Gkg367506fDofB873cBi7BXEPoPMHpURlqvKCTaQuIJN5oS__2ZhrNovxSwgBpqq0hglrN5aQ26HlSyLvPA6Jr_p9h_2JbPK7ge-IW75Bdwg-jXwzxoQ9P_Xz9xd-iH7Y8tWQgs06PGLH34I_-g63eJrsbfhV3LArsl3E2Tmn7PNx-bF4ztavT6vFfJ05KfOUNcoQkDbOKnItGZTKNQBWuJJa4QghL0RVCJCyAQuNBtu0ugRFIkcoQE3Z3Z_XhV2MAaneB9_bMNYg6p9_6vM_6hvJIFfD</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Safe and Efficient Implementation of a Security System on ARM using Intra-level Privilege Separation</title><source>ACM Digital Library Complete</source><creator>Kwon, Donghyun ; Yi, Hayoon ; Cho, Yeongpil ; Paek, Yunheung</creator><creatorcontrib>Kwon, Donghyun ; Yi, Hayoon ; Cho, Yeongpil ; Paek, Yunheung</creatorcontrib><description>Security monitoring has long been considered as a fundamental mechanism to mitigate the damage of a security attack. Recently, intra-level security systems have been proposed that can efficiently and securely monitor system software without any involvement of more privileged entity. Unfortunately, there exists no full intra-level security system that can universally operate at any privilege level on ARM. However, as malware and attacks increase against virtually every level of privileged software including an OS, a hypervisor, and even the highest privileged software armored by TrustZone, we have been motivated to develop an intra-level security system, named
Hilps
. Hilps realizes true intra-level scheme in all these levels of privileged software on ARM by elaborately exploiting a new hardware feature of ARM’s latest 64-bit architecture, called TxSZ, that enables elastic adjustment of the accessible virtual address range. Furthermore, Hilps newly supports the sandbox mechanism that provides security tools with individually isolated execution environments, thereby minimizing security threats from untrusted security tools. We have implemented a prototype of Hilps on a real machine. The experimental results demonstrate that Hilps is quite promising for practical use in real deployments.</description><identifier>ISSN: 2471-2566</identifier><identifier>EISSN: 2471-2574</identifier><identifier>DOI: 10.1145/3309698</identifier><language>eng</language><ispartof>ACM transactions on privacy and security, 2019-05, Vol.22 (2), p.1-30</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c225t-b36f1f46ca3fcdf6e23cb11a0c8fd0cfe1570970122b1a1b41abd4813f05e1713</citedby><cites>FETCH-LOGICAL-c225t-b36f1f46ca3fcdf6e23cb11a0c8fd0cfe1570970122b1a1b41abd4813f05e1713</cites><orcidid>0000-0001-7842-1719</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Kwon, Donghyun</creatorcontrib><creatorcontrib>Yi, Hayoon</creatorcontrib><creatorcontrib>Cho, Yeongpil</creatorcontrib><creatorcontrib>Paek, Yunheung</creatorcontrib><title>Safe and Efficient Implementation of a Security System on ARM using Intra-level Privilege Separation</title><title>ACM transactions on privacy and security</title><description>Security monitoring has long been considered as a fundamental mechanism to mitigate the damage of a security attack. Recently, intra-level security systems have been proposed that can efficiently and securely monitor system software without any involvement of more privileged entity. Unfortunately, there exists no full intra-level security system that can universally operate at any privilege level on ARM. However, as malware and attacks increase against virtually every level of privileged software including an OS, a hypervisor, and even the highest privileged software armored by TrustZone, we have been motivated to develop an intra-level security system, named
Hilps
. Hilps realizes true intra-level scheme in all these levels of privileged software on ARM by elaborately exploiting a new hardware feature of ARM’s latest 64-bit architecture, called TxSZ, that enables elastic adjustment of the accessible virtual address range. Furthermore, Hilps newly supports the sandbox mechanism that provides security tools with individually isolated execution environments, thereby minimizing security threats from untrusted security tools. We have implemented a prototype of Hilps on a real machine. The experimental results demonstrate that Hilps is quite promising for practical use in real deployments.</description><issn>2471-2566</issn><issn>2471-2574</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><recordid>eNo9kFFLwzAUhYMoOObwL-TNp2pukqbt4xhTBxPF6XNJ03tHpO1Gkg367506fDofB873cBi7BXEPoPMHpURlqvKCTaQuIJN5oS__2ZhrNovxSwgBpqq0hglrN5aQ26HlSyLvPA6Jr_p9h_2JbPK7ge-IW75Bdwg-jXwzxoQ9P_Xz9xd-iH7Y8tWQgs06PGLH34I_-g63eJrsbfhV3LArsl3E2Tmn7PNx-bF4ztavT6vFfJ05KfOUNcoQkDbOKnItGZTKNQBWuJJa4QghL0RVCJCyAQuNBtu0ugRFIkcoQE3Z3Z_XhV2MAaneB9_bMNYg6p9_6vM_6hvJIFfD</recordid><startdate>20190531</startdate><enddate>20190531</enddate><creator>Kwon, Donghyun</creator><creator>Yi, Hayoon</creator><creator>Cho, Yeongpil</creator><creator>Paek, Yunheung</creator><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0001-7842-1719</orcidid></search><sort><creationdate>20190531</creationdate><title>Safe and Efficient Implementation of a Security System on ARM using Intra-level Privilege Separation</title><author>Kwon, Donghyun ; Yi, Hayoon ; Cho, Yeongpil ; Paek, Yunheung</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c225t-b36f1f46ca3fcdf6e23cb11a0c8fd0cfe1570970122b1a1b41abd4813f05e1713</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Kwon, Donghyun</creatorcontrib><creatorcontrib>Yi, Hayoon</creatorcontrib><creatorcontrib>Cho, Yeongpil</creatorcontrib><creatorcontrib>Paek, Yunheung</creatorcontrib><collection>CrossRef</collection><jtitle>ACM transactions on privacy and security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Kwon, Donghyun</au><au>Yi, Hayoon</au><au>Cho, Yeongpil</au><au>Paek, Yunheung</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Safe and Efficient Implementation of a Security System on ARM using Intra-level Privilege Separation</atitle><jtitle>ACM transactions on privacy and security</jtitle><date>2019-05-31</date><risdate>2019</risdate><volume>22</volume><issue>2</issue><spage>1</spage><epage>30</epage><pages>1-30</pages><issn>2471-2566</issn><eissn>2471-2574</eissn><abstract>Security monitoring has long been considered as a fundamental mechanism to mitigate the damage of a security attack. Recently, intra-level security systems have been proposed that can efficiently and securely monitor system software without any involvement of more privileged entity. Unfortunately, there exists no full intra-level security system that can universally operate at any privilege level on ARM. However, as malware and attacks increase against virtually every level of privileged software including an OS, a hypervisor, and even the highest privileged software armored by TrustZone, we have been motivated to develop an intra-level security system, named
Hilps
. Hilps realizes true intra-level scheme in all these levels of privileged software on ARM by elaborately exploiting a new hardware feature of ARM’s latest 64-bit architecture, called TxSZ, that enables elastic adjustment of the accessible virtual address range. Furthermore, Hilps newly supports the sandbox mechanism that provides security tools with individually isolated execution environments, thereby minimizing security threats from untrusted security tools. We have implemented a prototype of Hilps on a real machine. The experimental results demonstrate that Hilps is quite promising for practical use in real deployments.</abstract><doi>10.1145/3309698</doi><tpages>30</tpages><orcidid>https://orcid.org/0000-0001-7842-1719</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2471-2566 |
| ispartof | ACM transactions on privacy and security, 2019-05, Vol.22 (2), p.1-30 |
| issn | 2471-2566 2471-2574 |
| language | eng |
| recordid | cdi_crossref_primary_10_1145_3309698 |
| source | ACM Digital Library Complete |
| title | Safe and Efficient Implementation of a Security System on ARM using Intra-level Privilege Separation |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-07T01%3A01%3A35IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Safe%20and%20Efficient%20Implementation%20of%20a%20Security%20System%20on%20ARM%20using%20Intra-level%20Privilege%20Separation&rft.jtitle=ACM%20transactions%20on%20privacy%20and%20security&rft.au=Kwon,%20Donghyun&rft.date=2019-05-31&rft.volume=22&rft.issue=2&rft.spage=1&rft.epage=30&rft.pages=1-30&rft.issn=2471-2566&rft.eissn=2471-2574&rft_id=info:doi/10.1145/3309698&rft_dat=%3Ccrossref%3E10_1145_3309698%3C/crossref%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |