DocumentCode :
3135963
Title :
Safe virtual execution using software dynamic translation
Author :
Scott, Kevin ; Davidson, Jack
Author_Institution :
Dept. of Comput. Sci., Virginia Univ., Charlottesville, VA, USA
fYear :
2002
fDate :
2002
Firstpage :
209
Lastpage :
218
Abstract :
Safe virtual execution (SVE) allows a host computer system to reduce the risks associated with running untrusted programs. SVE prevents untrusted programs from directly accessing system resources, thereby giving the host the ability to control how individual resources may be used. SVE is used in a variety, of safety-conscious software systems, including the Java Virtual Machine (JVM), software fault isolation (SFI), system call interposition layers, and execution monitors. While SVE is the conceptual foundation for these systems, each uses a different implementation technology. The lack of a unifying framework for building SVE systems results in a variety of problems: many useful SVE systems are not portable and therefore are usable only on a limited number of platforms; code reuse among different SVE systems is often difficult or impossible; and building SVE systems from scratch can be both time consuming and error prone. To address these concerns, we have developed a portable, extensible framework for constructing SVE systems. Our framework, called Strata, is based on software dynamic translation (SDT), a technique for modifying binary programs as they execute. Strata is designed to be ported easily to new platforms and to date has been targeted to SPARC/Solaris, x86/Linux, and MIPS/IRIX. This portability ensures that SVE applications implemented in Strata are available to a wide variety of host systems. Strata also affords the opportunity for code reuse among different SVE applications by establishing a common implementation framework. Strata implements a basic safe virtual execution engine using SDT The base functionality supplied by this engine is easily extended to implement specific SVE systems. In this paper we describe the organization of Strata and demonstrate its extension by building two SVE systems: system call interposition and stack-smashing prevention. To illustrate the use of the system call interposition extensions, the paper presents implementations of several useful security policies.
Keywords :
security of data; software engineering; software reusability; virtual machines; Strata; execution monitors; extensible framework; host computer svstem; safe virtual execution; software dynamic translation; software fault isolation; system call interposition layers; untrusted programs; Application software; Buildings; Control systems; Engines; Isolation technology; Java; Linux; Software safety; Software systems; Virtual machining;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Applications Conference, 2002. Proceedings. 18th Annual
ISSN :
1063-9527
Print_ISBN :
0-7695-1828-1
Type :
conf
DOI :
10.1109/CSAC.2002.1176292
Filename :
1176292
Link To Document :
بازگشت