1. Summary
➀ TrustVisor is tiny hypervisor for isolation of code PAL.
➁ It supports unmodified legacy OSes and their applications.
➂ This system enforces code and excution integrity, and data secrecy and integrity for PALs.
➃ It can protect sensitive code at a very fine granularity.
➄ But, It is a Prototype-level and It is AMD-only.
2. Related work Summary
➀ TrustVisor adopted Seshadri’s work(SecVisor).
It is a small hypervisor that protects kernel code integrity.
➁ But, SecVisor cannot protect against many classes of existing vulnerabilities in the protected kernel.
3. The Good
➀ Performance is better than Flicker which is author’s previous work.
➁ In Micro-TPM design, Reduces latency by orders of magnitude.
4. The Bad
➀ Does not currently provide trusted path to user
➁ Requires application awareness
➂ Executable code for PAL must be proactively paged into memory before registration.
➃ Prototype is AMD-only
'정보보안 > 커널 보안' 카테고리의 다른 글
| Inktag Summary (0) | 2015.10.15 |
|---|---|
| Iago Attack Summary (0) | 2015.10.15 |
| CHERI Summary (0) | 2015.10.15 |
| ATRA Summary (0) | 2015.10.15 |
| KI-Mon Summary (0) | 2015.10.15 |