survey

A Study of Security Isolation Techniques

Authors:
Rui Shu

North Carolina State University, Raleigh, NC

North Carolina State University, Raleigh, NC
View Profile

,
Peipei Wang

North Carolina State University, Raleigh, NC

North Carolina State University, Raleigh, NC
View Profile

,
Sigmund A Gorski III

North Carolina State University, Raleigh, NC

North Carolina State University, Raleigh, NC
View Profile

,
Benjamin Andow

North Carolina State University, Raleigh, NC

North Carolina State University, Raleigh, NC
View Profile

,
Adwait Nadkarni

North Carolina State University, Raleigh, NC

North Carolina State University, Raleigh, NC
View Profile

,
Luke Deshotels

North Carolina State University, Raleigh, NC

North Carolina State University, Raleigh, NC
View Profile

,
Jason Gionta

North Carolina State University, Raleigh, NC

North Carolina State University, Raleigh, NC
View Profile

,
William Enck

North Carolina State University, Raleigh, NC

North Carolina State University, Raleigh, NC
View Profile

,
Xiaohui Gu

North Carolina State University, Raleigh, NC

North Carolina State University, Raleigh, NC
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 49 Issue 3Article No.: 50pp 1–37https://doi.org/10.1145/2988545

Published:12 October 2016Publication History

ACM Computing Surveys

Abstract

Security isolation is a foundation of computing systems that enables resilience to different forms of attacks. This article seeks to understand existing security isolation techniques by systematically classifying different approaches and analyzing their properties. We provide a hierarchical classification structure for grouping different security isolation techniques. At the top level, we consider two principal aspects: mechanism and policy. Each aspect is broken down into salient dimensions that describe key properties. We break the mechanism into two dimensions, enforcement location and isolation granularity, and break the policy aspect down into three dimensions: policy generation, policy configurability, and policy lifetime. We apply our classification to a set of representative articles that cover a breadth of security isolation techniques and discuss tradeoffs among different design choices and limitations of existing approaches.

References

Anurag Acharya and Mandar Raje. 2000. MAPbox: Using parameterized behavior classes to confine untrusted applications. In Proceedings of the 9th Conference on USENIX Security Symposium-Volume 9. USENIX Association, 1--1. Google ScholarDigital Library
AMD64. 2005. Secure virtual machine architecture reference manual. AMD Publication 33047 (2005).Google Scholar
Glenn Ammons, Jonathan Appavoo, Maria Butrico, Dilma Da Silva, David Grove, Kiyokuni Kawachiya, Orran Krieger, Bryan Rosenburg, Eric Van Hensbergen, and Robert W. Wisniewski. 2007. Libra: A library operating system for a jvm in a virtualized execution environment. In Proceedings of the 3rd International Conference on Virtual Execution Environments. ACM, 44--54. Google ScholarDigital Library
J. P. Anderson. 1972. Computer Security Technology Planning Study. ESDTR-73-51. Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA. (Also available as Vol. I, DITCAD-758206. Vol. II DITCAD-772806).Google Scholar
Apple Inc. 2015. System Integrity Protection Guide. Retrieved from https://developer.apple.com/library/mac/documentation/Security/Conceptual/System_Integrity_Protection_Guide/Introduction/Introduction.html#//apple_ref/doc/uid/TP40016462-CH1-DontLinkElementID_15.Google Scholar
Ahmed M. Azab, Peng Ning, and Xiaolan Zhang. 2011. Sice: A hardware-level strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, 375--388. Google ScholarDigital Library
Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, and Philipp von Styp-Rekowsky. 2015. Boxify: Full-fledged app sandboxing for stock android. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 15). 691--706. Google ScholarDigital Library
Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the art of virtualization. ACM SIGOPS Operat. Syst. Rev. 37, 5 (2003), 164--177. Google ScholarDigital Library
Andrew Baumann, Dongyoon Lee, Pedro Fonseca, Lisa Glendenning, Jacob R. Lorch, Barry Bond, Reuben Olinsky, and Galen C. Hunt. 2013. Composing OS extensions safely and efficiently with Bascule. In Proceedings of the 8th ACM European Conference on Computer Systems. ACM, 239--252. Google ScholarDigital Library
Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with haven. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI). Google ScholarDigital Library
Fabrice Bellard. 2005. QEMU, a fast and portable dynamic translator. In Proceedings of the USENIX Annual Technical Conference, FREENIX Track. 41--46. Google ScholarDigital Library
Muli Ben-Yehuda, Michael D. Day, Zvi Dubitzky, Michael Factor, Nadav Har’El, Abel Gordon, Anthony Liguori, Orit Wasserman, and Ben-Ami Yassour. 2010. The turtles project: Design and implementation of nested virtualization. In OSDI, Vol. 10. 423--436. Google ScholarDigital Library
Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gün Sirer, Marc E. Fiuczynski, David Becker, Craig Chambers, and Susan Eggers. 1995. Extensibility Safety and Performance in the SPIN Operating System. Vol. 29. ACM. Google ScholarDigital Library
Luca Cardelli, Jim Donahue, Mick Jordan, Bill Kalsow, and Greg Nelson. 1989. The modula--3 type system. In Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 202--212. Google ScholarDigital Library
Benjie Chen and Robert Morris. 2003. Certifying program execution with secure processors. In HotOS. 133--138. Google ScholarDigital Library
Haibo Chen, Fengzhe Zhang, Cheng Chen, Ziye Yang, Rong Chen, Binyu Zang, and Wenbo Mao. 2007. Tamper-resistant execution in an untrusted operating system using a virtual machine monitor.Google Scholar
Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R. K. Ports. 2008. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In ACM SIGOPS Operating Systems Review, Vol. 42. ACM, 2--13. Google ScholarDigital Library
Yueqiang Cheng, Xuhua Ding, and R. Deng. 2013. Appshield: Protecting applications against untrusted operating system. Singaport Management University Technical Report, SMU-SIS-13 101 (2013).Google Scholar
Chris Clayton. 2013. Understanding Application Domains. Retrieved from https://blogs.msdn.microsoft.com/cclayton/2013/05/21/understanding-application-domains/. (2013).Google Scholar
Patrick Colp, Mihir Nanavati, Jun Zhu, William Aiello, George Coker, Tim Deegan, Peter Loscocco, and Andrew Warfield. 2011. Breaking up is hard to do: Security and functionality in a commodity hypervisor. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. ACM, 189--202. Google ScholarDigital Library
Fernando J. Corbató and Victor A. Vyssotsky. 1965. Introduction and overview of the Multics system. In Proceedings of the November 30--December 1, 1965, Fall Joint Computer Conference, Part I. ACM, 185--196. Google ScholarDigital Library
Jonathan Corbet. 2009. Seccomp and sandboxing. LWN.net, May (2009).Google Scholar
Cristina Cornes, Judicaël Courant, Jean-Christophe Filliâtre, Gérard Huet, Pascal Manoury, Christine Paulin-Mohring, César Munoz, Chetan Murthy, Catherine Parent, Amokrane Saibi, and others. 1995. The Coq Proof Assistant Reference Manual, Version 5.10. Technical Report. INRIA, France. Research Report, RT-0177, inria-00069994.Google Scholar
K. Crary, Neal Glew, Dan Grossman, Richard Samuels, F. Smith, D. Walker, S. Weirich, and S. Zdancewic. 1999. TALx86: A realistic typed assembly language. In Proeedings of the 1999 ACM SIGPLAN Workshop on Compiler Support for System Software. 25--35.Google Scholar
Dorothey E. Denning. 1976. A lattice model of secure information flow. Commun. ACM 19, 5 (May 1976). Google ScholarDigital Library
Jeff Dike and others. 2001. User mode linux. (2001).Google Scholar
Alan M. Dunn, Michael Z. Lee, Suman Jana, Sangman Kim, Mark Silberstein, Yuanzhong Xu, Vitaly Shmatikov, and Emmett Witchel. 2012. Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. In Presented as Part of the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12). 61--75. Google ScholarDigital Library
William Enck, Machigar Ongtang, and Patrick McDaniel. 2009. Understanding android security. IEEE Sec. Priv. 1 (2009), 50--57. Google ScholarDigital Library
Dawson R. Engler, M. Frans Kaashoek, and others. 1995. Exokernel: An Operating System Architecture for Application-level Resource Management. Vol. 29. ACM. Google ScholarDigital Library
Ulfar Erlingsson. 2003. The Inlined Reference Monitor Approach to Security Policy Enforcement. Technical Report. Cornell University.Google Scholar
Bryan Ford and Russ Cox. 2008. Vx32: Lightweight user-level sandboxing on the x86. In USENIX Annual Technical Conference. Boston, MA, 293--306. Google ScholarDigital Library
Bryan Ford, Mike Hibler, Jay Lepreau, Patrick Tullmann, Godmar Back, and Stephen Clawson. 1996. Microkernels meet recursive virtual machines. In OSDI, Vol. 96. 137--151. Google ScholarDigital Library
Bill Frantz. 1988. KeyKOS-asecure, high-performanceenvironmentforS/370. In Proc. of SHARE 70 (1988), 465--471.Google Scholar
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. 2003. Terra: A virtual machine-based platform for trusted computing. In ACM SIGOPS Operating Systems Review, Vol. 37. ACM, 193--206. Google ScholarDigital Library
Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazieres, John C. Mitchell, and Alejandro Russo. 2012. Hails: Protecting data privacy in untrusted web applications. In OSDI. 47--60. Google ScholarDigital Library
William R. Harris, Somesh Jha, and Thomas Reps. 2010. DIFC programs by automatic instrumentation. In Proceedings of the 17th ACM Conference on Computer and Communications Security. ACM, 284--296. Google ScholarDigital Library
William R. Harris, Nicholas A. Kidd, Sagar Chaki, Somesh Jha, and Thomas Reps. 2009. Verifying information flow control over unbounded processes. In FM 2009: Formal Methods. Springer, 773--789. Google ScholarDigital Library
Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, and Brian Zill. 2014. Ironclad apps: End-to-end security via automated full-system verification. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). 165--181. Google ScholarDigital Library
Matt Helsley. 2009. LXC: Linux container tools. IBM devloperWorks Technical Library (2009).Google Scholar
Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick Drew McDaniel. 2007. From trusted to secure: Building and executing applications that enforce system security. In Proceedings of the USENIX Annual Technical Conference, Vol. 7. 34. Google ScholarDigital Library
Tsung-Hsuan Ho, Daniel Dean, Xiaohui Gu, and William Enck. 2014. PREC: Practical root exploit containment for android devices. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. ACM, 187--198. Google ScholarDigital Library
Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. 2013. Inktag: Secure applications on an untrusted operating system. ACM SIGPLAN Not. 48, 4 (2013), 265--278. Google ScholarDigital Library
Gerard J. Holzmann. 1997. The model checker SPIN. IEEE Trans. Softw. Eng. 23, 5 (1997), 279--295. Google ScholarDigital Library
Jon Howell, Bryan Parno, and John R. Douceur. 2013. Embassies: Radically refactoring the web. In NSDI. 529--545. Google ScholarDigital Library
Galen Hunt, Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James Larus, Steven Levi, Bjarne Steensgaard, David Tarditi, and Ted Wobber. 2007. Sealing OS processes to improve dependability and safety. In ACM SIGOPS Operating Systems Review, Vol. 41. ACM, 341--354. Google ScholarDigital Library
Galen C. Hunt and James R. Larus. 2007. Singularity: Rethinking the software stack. ACM SIGOPS Operating Systems Review 41, 2 (2007), 37--49. Google ScholarDigital Library
Intel. 2007. Intel Trusted Execution Technology. Retrieved from http://www.intel.com/content/www/us/en/architecture-and-technology/trusted-execution-technology/trusted-execution-technology-security-paper.html. (2007).Google Scholar
Bhushan Jain, Chia-Che Tsai, Jitin John, and Donald E. Porter. 2014. Practical techniques to obviate setuid-to-root binaries. In Proceedings of the 9th European Conference on Computer Systems (EuroSys’14). ACM, New York, NY,, Article 8, 14 pages. DOI:http://dx.doi.org/10.1145/2592798.2592811 Google ScholarDigital Library
Suman Jana, Donald E. Porter, and Vitaly Shmatikov. 2011. TxBox: Building secure, officient sandboxes with system transactions. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP). IEEE, 329--344. Google ScholarDigital Library
Håvard D. Johansen, Eleanor Birrell, Robbert van Renesse, Fred B. Schneider, Magnus Stenhaug, and Dag Johansen. 2015. Enforcing privacy policies with meta-code. In Proceedings of the 6th Asia-Pacific Workshop on Systems (APSys’15). Article 16. DOI:http://dx.doi.org/10.1145/2797022.2797040 Google ScholarDigital Library
Poul-Henning Kamp and Robert N. M. Watson. 2000. Jails: Confining the omnipotent root. In Proceedings of the 2nd International SANE Conference, Vol. 43. 116.Google Scholar
Taesoo Kim and Nickolai Zeldovich. 2013. Practical and effective sandboxing for non-root users. In Presented as Part of the 2013 USENIX Annual Technical Conference. USENIX, 139--144. Google ScholarDigital Library
Vladimir Kiriansky, Derek Bruening, and Saman P. Amarasinghe. 2002. Secure execution via program shepherding. In Proceedings of the USENIX Security Symposium, Vol. 92. Google ScholarDigital Library
Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, and others. 2009. seL4: Formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles. ACM, 207--220. Google ScholarDigital Library
Kirill Kolyshkin. 2006. Virtualization in linux. White Paper, OpenVZ (2006).Google Scholar
Maxwell Krohn and Eran Tromer. 2009. Noninterference for a practical DIFC-based operating system. In Proceedings of the IEEE Symposium on Security and Privacy. 61--76. Google ScholarDigital Library
Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, and Robert Morris. 2007. Information flow control for standard OS abstractions. In Proceedings of ACM Symposium on Operating Systems Principles (SOSP). 321--334. Google ScholarDigital Library
Yanlin Li, J. M. McCune, James Newsome, Adrian Perrig, Brandon Baker, and Will Drewry. 2014. MiniBox: A two-way sandbox for x86 native code. In Proceedings of the 2014 USENIX Annual Technical Conference. Google ScholarDigital Library
Jed Liu, Michael D. George, Krishnaprasad Vikram, Xin Qi, Lucas Waye, and Andrew C. Myers. 2009. Fabric: A platform for secure distributed computation and storage. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles. ACM, 321--334. Google ScholarDigital Library
Lanyue Lu, Yupu Zhang, Thanh Do, Samer Al-Kiswany, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2014. Physical disentanglement in a container-based file system. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation. USENIX Association, 81--96. Google ScholarDigital Library
Anil Madhavapeddy, Richard Mortier, Charalampos Rotsos, David Scott, Balraj Singh, Thomas Gazagnaire, Steven Smith, Steven Hand, and Jon Crowcroft. 2013. Unikernels: Library operating systems for the cloud. In ACM SIGPLAN Notices, Vol. 48. ACM, 461--472. Google ScholarDigital Library
Stephen McCamant and Greg Morrisett. 2006. Evaluating SFI for a CISC architecture. In Usenix Security. 15. Google ScholarDigital Library
Steven McCanne and Van Jacobson. 1993. The BSD packet filter: A new architecture for user-level packet capture. In Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings. USENIX Association, 2--2. Google ScholarDigital Library
Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. 2010. TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP). IEEE, 143--158. Google ScholarDigital Library
Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. 2007. Minimal TCB code execution. In Proceedings of the IEEE Symposium on Security and Privacy, 2007. SP’07. IEEE, 267--272. Google ScholarDigital Library
Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In ACM SIGOPS Operating Systems Review, Vol. 42. ACM, 315--328. Google ScholarDigital Library
Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 1--1. Google ScholarDigital Library
Paul Menage. 2004. Control Groups. Retrieved from https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt. (2004).Google Scholar
Dirk Merkel. 2014. Docker: Lightweight Linux containers for consistent development and deployment. Linux J. 2014, 239 (2014), 2. Google ScholarDigital Library
James Mickens. 2014. Pivot: Fast, synchronous mashup isolation using generator chains. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP). IEEE, 261--275. Google ScholarDigital Library
Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser, Vincenzo Iozzo, and Ralf-Philip Weinmann. 2012. iOS Hacker’s Handbook. John Wiley 8 Sons.Google Scholar
Mark S. Miller, Mike Samuel, Ben Laurie, Ihab Awad, and Mike Stay. 2008. Safe Active Content in Sanitized JavaScript. Technical Report. Google, Inc.Google Scholar
MSDN. 2012. Understanding Enhanced Protection Mode. Retrieved from http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx. (2012).Google Scholar
Adwait Nadkarni and William Enck. 2013. Preventing accidental data disclosure in modern operating systems. In Proceedings of the 2013 ACM SIGSAC Conference on Computer 8 Communications Security. 1029--1042. Google ScholarDigital Library
National Security Agency. 2009. Security-Enhanced Linux (SELinux). Retrieved from http://www.nsa.gov/research/selinux. (2009).Google Scholar
George C. Necula. 1998. Compiling with Proofs. Technical Report. DTIC Document.Google Scholar
George C. Necula and Peter Lee. 1998. The design and implementation of a certifying compiler. In Proceedings of the ACM SIGPLAN 1998 Conference on Programming Language Design and Implementation (PLDI’98). 333--344. Google ScholarDigital Library
David M. Nicol, William H. Sanders, William L. Scherlis, and Laurie A. Williams. 2012. Science of Security Hard Problems: A Lablet Perspective. Science of Security Virtual Organization Web. (Nov. 2012).Google Scholar
Kaan Onarlioglu, Collin Mulliner, William Robertson, and Engin Kirda. 2013. Privexec: Private execution as an operating system service. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP). IEEE, 206--220. Google ScholarDigital Library
Parveen Patel, Andrew Whitaker, David Wetherall, Jay Lepreau, and Tim Stack. 2003. Upgrading transport protocols using untrusted mobile code. In ACM SIGOPS Operating Systems Review, Vol. 37. ACM, 1--14. Google ScholarDigital Library
Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, and David Wagner. 2012. Addroid: Privilege separation for applications and advertisers in android. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM, 71--72. Google ScholarDigital Library
Phu H. Phung and Lieven Desmet. 2012. A two-tier sandbox architecture for untrusted JavaScript. In Proceedings of the Workshop on JavaScript Tools. ACM, 1--10. Google ScholarDigital Library
R. Pike, D. Presotto, K. Thompson, and H. Trickey. 1990. Plan 9 from bell labs. In Proceedings of the UKUUG Conference. London, UK, 1--9.Google Scholar
Joe Gibbs Politz, Spiridon Aristides Eliopoulos, Arjun Guha, and Shriram Krishnamurthi. 2011. ADsafety: Type-based verification of JavaScript sandboxing. In Proceedings of the 20th USENIX Conference on Security. Usenix Association, 12--12. Google ScholarDigital Library
Donald E. Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinsky, and Galen C. Hunt. 2011. Rethinking the library OS from the top down. ACM SIGPLAN Not. 46, 3 (2011), 291--304. Google ScholarDigital Library
Shaya Potter, Jason Nieh, and Matt Selsky. 2007. Secure isolation of untrusted legacy applications. In LISA, Vol. 7. 1--14. Google ScholarDigital Library
Niels Provos. 2003. Improving host security with system call policies. In USENIX Security, Vol. 3. Google ScholarDigital Library
Mohan Rajagopalan, Matti A. Hiltunen, Trevor Jim, and Richard D. Schlichting. 2006. System call monitoring using authenticated system calls. IEEE Trans. Depend. Sec. Comput. 3, 3 (2006), 216--229. Google ScholarDigital Library
Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, 199--212. Google ScholarDigital Library
Dan Rosenberg. 2014. Qsee trustzone kernel integer over flow vulnerability. In Black Hat Conference.Google Scholar
Joanna Rutkowska. 2012. Introducing Qubes 1.0. Retrieved from http://theinvisiblethings.blogspot.com/2012/09/introducing-qubes-10.html. (2012).Google Scholar
Reiner Sailer, Enriquillo Valdez, Trent Jaeger, Ronald Perez, Leendert Van Doorn, John Linwood Griffin, Stefan Berger, Reiner Sailer, Enriquillo Valdez, Trent Jaeger, and others. 2005. sHype: Secure hypervisor approach to trusted virtualized systems. Technical Report RC23511 (2005).Google Scholar
Jerry Saltzer and Mike Schroeder. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (Sep. 1975).Google ScholarCross Ref
Nuno Santos, Rodrigo Rodrigues, and Bryan Ford. 2012. Enhancing the OS against security threats in system administration. In Middleware 2012. Springer, 415--435. Google ScholarDigital Library
Fred B. Schneider. 2000. Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 1 (Feb. 2000), 30--50. DOI:http://dx.doi.org/10.1145/353323.353382 Google ScholarDigital Library
Fred B. Schneider, Greg Morrisett, and Robert Harper. 2001. A language-based approach to security. In Informatics. Springer, 86--101. Google ScholarDigital Library
Zhiyong Shan, Xin Wang, Tzi-cker Chiueh, and Xiaofeng Meng. 2012. Facilitating inter-application interactions for os-level virtualization. In ACM SIGPLAN Notices, Vol. 47. ACM, 75--86. Google ScholarDigital Library
Jonathan S. Shapiro, Jonathan M. Smith, and David J. Farber. 1999. EROS: A fast capability system. In Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP’99). ACM, New York, NY, 170--185. DOI:http://dx.doi.org/10.1145/319151.319163 Google ScholarDigital Library
Shashi Shekhar, Michael Dietz, and Dan S. Wallach. 2012. AdSplit: Separating smartphone advertising from applications. In USENIX Security Symposium. 553--567. Google ScholarDigital Library
Lenin Singaravelu, Calton Pu, Hermann Härtig, and Christian Helmuth. 2006. Reducing TCB complexity for security-sensitive applications: Three case studies. ACM SIGOPS Operat. Syst. Rev. 40, 4 (2006), 161--174. Google ScholarDigital Library
Christopher Small. 1997. A tool for constructing safe extensible C++ systems. In Proceedings of the 3rd USENIX Conference on Object-Oriented Technologies and Systems. 175--184. Google ScholarDigital Library
Stephen Soltesz, Herbert Pötzl, Marc E. Fiuczynski, Andy Bavier, and Larry Peterson. 2007. Container-based operating system virtualization: A scalable, high-performance alternative to hypervisors. In ACM SIGOPS Operating Systems Review, Vol. 41. ACM, 275--287. Google ScholarDigital Library
Deian Stefan, Alejandro Russo, Pablo Buiras, Amit Levy, John C. Mitchell, and David Mazieres. 2012. Addressing covert termination and timing channels in concurrent information flow systems. In ACM SIGPLAN Notices, Vol. 47. ACM, 201--214. Google ScholarDigital Library
Deian Stefan, Edward Z. Yang, Petr Marchenko, Alejandro Russo, Dave Herman, Brad Karp, and David Mazieres. 2014. Protecting users by confining JavaScript with COWL. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI’14). Google ScholarDigital Library
Marc Stiegler, Alan H. Karp, Ka-Ping Yee, Tyler Close, and Mark S. Miller. 2006. Polaris: Virus-safe computing for windows XP. Commun. ACM 49, 9 (2006), 83--88. Google ScholarDigital Library
Richard Ta-Min, Lionel Litty, and David Lie. 2006. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation. USENIX Association, 279--292. Google ScholarDigital Library
Mike Ter Louw, Karthik Thotta Ganesh, and V. N. Venkatakrishnan. 2010. AdJail: Practical enforcement of confidentiality and integrity policies on web advertisements. In Proceedings of the USENIX Security Symposium. 371--388. Google ScholarDigital Library
Trusted Computing Group. 2011. TPM Main Specification. Retrieved from http://www.trustedcomputinggroup.org/resources/tpm_main_specification. (2011).Google Scholar
Chia-Che Tsai, Kumar Saurabh Arora, Nehal Bandi, Bhushan Jain, William Jannen, Jitin John, Harry A. Kalodner, Vrushali Kulkarni, Daniela Oliveira, and Donald E. Porter. 2014. Cooperation and security isolation of library OSes for multi-process applications. In Proceedings of the 9th European Conference on Computer Systems. ACM, 9. Google ScholarDigital Library
Steve Vandebogart, Petros Efstathopoulos, Eddie Kohler, Maxwell Krohn, Cliff Frey, David Ziegler, Frans Kaashoek, Robert Morris, and David Mazières. 2007. Labels and event processes in the Asbestos operating system. ACM Trans. Comput. Syst. 25, 4 (December 2007). Google ScholarDigital Library
Thorsten Von Eicken, Chi-Chao Chang, Grzegorz Czajkowski, Chris Hawblitzel, Deyu Hu, and Dan Spoonhower. 1999. J-kernel: A capability-based operating system for java. In Secure Internet Programming. Springer, 369--393. Google ScholarDigital Library
David A. Wagner. 1999. Janus: An Approach for Confinement of Untrusted Applications. Ph.D. Dissertation. Department of Electrical Engineering and Computer Sciences, University of California at Berkeley.Google Scholar
Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1994. Efficient software-based fault isolation. In ACM SIGOPS Operating Systems Review, Vol. 27. ACM, 203--216. Google ScholarDigital Library
Helen J. Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter. 2009. The multi-principal OS construction of the Gazelle web browser. In Proceedings of the USENIX Security Symposium, Vol. 28. Google ScholarDigital Library
Xi Wang, David Lazar, Nickolai Zeldovich, Adam Chlipala, and Zachary Tatlock. 2014. Jitk: A trustworthy in-kernel interpreter infrastructure. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI’14). 33--47. Google ScholarDigital Library
Robert N. M. Watson, Jonathan Anderson, Ben Laurie, and Kris Kennaway. 2010. Capsicum: Practical capabilities for UNIX. In Proceedings of the USENIX Security Symposium. 29--46. Google ScholarDigital Library
Andrew Whitaker, Marianne Shaw, and Steven D. Gribble. 2002. Scale and performance in the Denali isolation kernel. ACM SIGOPS Operating Systems Review 36, SI (2002), 195--209. Google ScholarDigital Library
Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, and Xuxian Jiang. 2014. Airbag: Boosting smartphone resistance to malware infection. In Proceedings of the Network and Distributed System Security Symposium.Google ScholarCross Ref
Weiyi Wu and Bryan Ford. 2015. Deterministically deterring timing attacks in Deterland. Conference on Timely Results in Operating Systems (TRIOS).Google Scholar
Yongzheng Wu, Sai Sathyanarayan, Roland H. C. Yap, and Zhenkai Liang. 2012. Codejail: Application-transparent isolation of libraries with tight program interactions. In Computer Security--ESORICS 2012. Springer, 859--876.Google Scholar
Xi Xiong, Donghai Tian, and Peng Liu. 2011. Practical protection of kernel integrity for commodity OS from untrusted extensions. In NDSS.Google Scholar
Rubin Xu, Hassen Saïdi, and Ross Anderson. 2012. Aurasium: Practical policy enforcement for android applications. In USENIX Security Symposium. 539--552. Google ScholarDigital Library
Jisoo Yang and Kang G. Shin. 2008. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. ACM, 71--80. Google ScholarDigital Library
Zhi Yang, Lihua Yin, Miyi Duan, and Shuyuan Jin. 2011. Poster: Towards formal verification of DIFC policies. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 873--876. DOI:http://dx.doi.org/10.1145/2046707.2093515 Google ScholarDigital Library
Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy. IEEE, 79--93. Google ScholarDigital Library
Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. 2006. Making information flow explicit in HiStar. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI). 263--278. Google ScholarDigital Library
Yinqian Zhang, Ari Juels, Alina Oprea, and Michael K. Reiter. 2011. Homealone: Co-residency detection in the cloud via side-channel analysis. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP). IEEE, 313--328. Google ScholarDigital Library
Lu Zhao, Guodong Li, Bjorn De Sutter, and John Regehr. 2011. ARMor: Fully verified software fault isolation. In Proceedings of the 2011 International Conference on Embedded Software (EMSOFT). IEEE, 289--298. Google ScholarDigital Library
Xin Zhao, Kevin Borders, and Atul Prakash. 2005. Svgrid: A secure virtual environment for untrusted grid applications. In Proceedings of the 3rd International Workshop on Middleware for Grid Computing. ACM, 1--6. Google ScholarDigital Library
Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang. 2014a. ARMlock: Hardware-based fault isolation for ARM. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 558--569. Google ScholarDigital Library
Zongwei Zhou, Miao Yu, and Virgil D. Gligor. 2014b. Dancing with giants: Wimpy kernels for on-demand isolated I/O. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP). IEEE, 308--323. Google ScholarDigital Library

Index Terms

A Study of Security Isolation Techniques
1. General and reference
  1. Document types
    1. Surveys and overviews
2. Security and privacy
  1. Systems security

Recommendations

Flexible security configuration for virtual machines
CSAW '08: Proceedings of the 2nd ACM workshop on Computer security architectures

Virtual machines are widely accepted as a promising basis for building secure systems. However, while virtual machines offer effective mechanisms to create isolated environments, mechanisms that offer controlled interaction among VMs are immature. Some ...
Read More
TSAC: Enforcing Isolation ofVirtual Machines in Clouds
Virtualization plays a vital role in building the infrastructure of clouds, and isolation is considered as one of its important features. However, we demonstrate with practical measurements that there exist two kinds of isolation problems in current ...
Read More
Application-level isolation and recovery with solitude
Eurosys '08: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008

When computer systems are compromised by an attack, it is difficult to determine the precise extent of the damage caused by the attack because the state changes made by an attacker and those made by regular users can be closely intertwined. This problem ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 49, Issue 3
September 2017
658 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/2988524
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering/University of Florida/Gainesville, FL
Issue’s Table of Contents
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 12 October 2016
- Accepted: 1 August 2016
- Revised: 1 July 2016
- Received: 1 September 2015
Published in csur Volume 49, Issue 3

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Security isolation
access control
resilient architectures
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 15
  Total Citations
  View Citations
- 1,782
  Total Downloads
- Downloads (Last 12 months)167
- Downloads (Last 6 weeks)15
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A Study of Security Isolation Techniques

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Flexible security configuration for virtual machines

TSAC: Enforcing Isolation ofVirtual Machines in Clouds

Application-level isolation and recovery with solitude