Inktag Summary

1. Summary
➀ InkTag is a virtualization-based architecture.
➁ That gives strong safety guarantees to high-assurance process even in the presence of a malicious operating system.
➂ InkTag is the first such system to enable access control for secure data, as well as address essential system issues such as crash consistency between OS-managed data and secure metadata.
➃ To isolate an application’s address space from an untrusted operating system, It proposed Paraverification.
➄ Paraverification enables a simple, by removing the burden of attempting to verify a completely unmodified operating system.

2. Related work Summary
➀ This paper, XOMOS, SP and Overshadow share the goal of minimizing the ability of an untrustworthy system componenet to tamper with a sensitive application.
➁ Other previous work focused on isolating high-assurance applications from the system.
➂ But, InkTag focuses on allowing the application to use untrusted system services, providing access control and crash recovery for persistent storage.

3. The Good
➀ It is first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes.

4. The Bad
➀ Performance overhead of InkTag is too high.

5. Your Comment
I think,
To defeat Iago attacks by interposing on system calls and checking their results,
This approach is unlikely to be tractable for arbitrary applications given the complexity of modern OS interfaces.
Because, Linux includes more than 300 system calls, and Windows has less than 1000, as well as exceptions and event mechanisms...