A Novel Intrusion-Tolerant Approach for Internet Access

Isolation execution is an effective mechanism that has been applied to protect the computers against the unknown attacks from the Internet. However, previous isolation solutions cannot achieve both the OS isolation and the reusage of existing software environment. In this paper, we present a new isolated execution approach called Aquarius for accessing the Internet safely. Besides fulfilling the OS isolation based on a hosted virtual machine (VM), Aquarius provides other two key features. One is that it can reuse the preinstalled software of the host OS. Another is that Aquarius faithfully reproduces the behavior of the Internet-accessing applications via providing transparent Internet accesses, as if they were directly connected to the Internet. Functional evaluation results illustrate the effectiveness of our approach, and performance evaluation results show that compute-intensive benchmarks run essentially at native speed on Aquarius VM, reaching 95.82-99.59% while network transmitting achieves 87.94% of the native network speed.