1. Summary
① This paper introduce the notion of shielded execution.
② Which protects the confidentiality and integrity of a program and its data from the platform on which it runs.
③ prototype, Haven, is the first system to achieve shielded execution of unmodified legacy applications.
④ It leverages the hardware protection of Intel SGX to defend against privileged code and physical attacks.
⑤ But, It have some overheads on execute a application.
2. Related work Summary
➀ MiniBox combines the isolation of TrustVisor with the sandbox of Native Client.
➁ Like Haven, MiniBox achieves mutual distrust between application code and the host OS
➂ But, Haven don’t relies on a trusted hypervisor, and its isolated execution environment supports complete unmodified applications. rather than only small pieces of application logic.
3. The Good
➀ It is first system to achieve shielded execution of unmodified legacy applications.
➁ By enabling data integrity and confidentiality to be guaranteed regardless of the platform on which the data is processed
4. The Bad
➀ Haven neither guarantees integrity for distributed computing, nor does it provide self-integrity properties.
'정보보안 > 커널 보안' 카테고리의 다른 글
| MMU와 MPU의 차이 (0) | 2015.10.23 |
|---|---|
| Controlled-Channel Attacks Summary (0) | 2015.10.15 |
| Rethinking the Lib OS from ... Summary (0) | 2015.10.15 |
| Inktag Summary (0) | 2015.10.15 |
| Iago Attack Summary (0) | 2015.10.15 |