...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Computers & mathematics with applications >Cherub: Fine-grained application protection with on-demand visualization
【24h】

Cherub: Fine-grained application protection with on-demand visualization

机译:Cherub:具有按需可视化的细粒度应用程序保护

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Cherub is an on-demand virtualization mechanism aiming to provide fine-grained application protection in untrusted environments. By leveraging late launch technology, Cherub dynamically inserts a lightweight virtual machine monitor (VMM) under a commodity operating system (OS) when critical pieces of an application code or data are to be processed. The novel design of Cherub with a double-shadowed page table extends VMM level memory protection into application level, such that it can isolate selected memory pages of a target process from the rest and other processes in the same OS environment. With this, Cherub enables fine-grained memory access control and therefore flexible security objectives. Compared to existing approaches, Cherub has the benefits of small code size, low performance overhead, no change to existing applications and commodity OS, and selective protection capability within a single application space. We implement Cherub in Linux and our analysis and evaluation demonstrate its effectiveness and practicality.
机译:Cherub是一种按需虚拟化机制,旨在在不受信任的环境中提供细粒度的应用程序保护。通过利用后期启动技术,当要处理应用程序代码或数据的关键部分时,Cherub在商品操作系统(OS)下动态插入轻量级虚拟机监视器(VMM)。具有双阴影页表的Cherub的新颖设计将VMM级别的内存保护扩展到了应用程序级别,从而可以将目标进程的选定内存页与同一OS环境中的其余进程以及其他进程隔离开来。这样,Cherub可以实现细粒度的内存访问控制,从而实现灵活的安全目标。与现有方法相比,Cherub的优点是代码量小,性能开销低,无需更改现有应用程序和商用OS以及在单个应用程序空间内具有选择性保护功能。我们在Linux中实现了Cherub,我们的分析和评估证明了其有效性和实用性。

著录项

  • 来源
    《Computers & mathematics with applications》 |2013年第9期|1326-1338|共13页
  • 作者

    Hai Jin; Ge cheng; DeqingZou; XinwenZhang;

  • 作者单位

    Services Computing Technology and System Lab, China,Cluster and Grid Computing Lab, China,School of Computer Science and Technology, China,Huazhong University of Science and Technology, Wuhan, 430074, Hubei, China;

    Xiangtan University, Xiangtan, Hunan, China;

    Services Computing Technology and System Lab, China,Cluster and Grid Computing Lab, China,School of Computer Science and Technology, China,Huazhong University of Science and Technology, Wuhan, 430074, Hubei, China;

    Huawei Research Center, Santa Clara, CA, USA;

  • 收录信息
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

    Lightweight virtualization; VMM; On-demand protection;

    机译:轻量级虚拟化;VMM;按需保护;

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号