The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - September/October (2010 vol.8)
pp: 34-41
Steve McLaughlin , Pennsylvania State University, State College
Thomas Moyer , Penn State University, University Park
Kevin Butler , Pennsylvania State University, State College
ABSTRACT
Securing operating systems has become increasingly difficult as their size and complexity continue to grow. New advances in hard disk technologies, however, provide a means for helping to manage this complexity; the new functionality made available at the disk level allows them to be used as security policy enforcement sites that are autonomous from the rest of the system. The proposed SwitchBlade architecture provides isolation for multiple OSs running on a single machine by confining them into segments that users can only access using a physical token. The authors show that the isolation guarantees SwitchBlade provides are equivalent to physically separate systems without the traditional usability burdens.
INDEX TERMS
operating system, security, storage, disks, isolation, SwitchBlade
CITATION
Steve McLaughlin, Thomas Moyer, Kevin Butler, "New Security Architectures Based on Emerging Disk Functionality", IEEE Security & Privacy, vol.8, no. 5, pp. 34-41, September/October 2010, doi:10.1109/MSP.2010.90
REFERENCES
1. V. Marala, The Build Master: Microsoft's Software Configuration Management Best Practices, Addison-Wesley, 2005.
2. J.D. Strunk et al., "Self-Securing Storage: Protecting Data in Compromised Systems," Proc. 4th Symp. Operating Systems Design and Implementation (OSDI 00), vol. 4, Usenix Assoc., 2000, pp. 165–180.
3. A.G. Pennington et al., "Storage-Based Intrusion Detection: Watching Storage Activity for Suspicious Behavior," Proc. 12th Usenix Security Symp., Usenix Assoc., 2003, pp. 137–152.
4. K. Butler, S. McLaughlin, and P. McDaniel, "Non-Volatile Memory and Disks: Avenues for Policy Architectures," Proc. 1st ACM Computer Security Architectures Workshop (CSAW 07), ACM Press, 2007, pp. 77–84.
5. D. Bell and L. LaPadula, Secure Computer Systems: Mathematical Foundations and Model, tech. report M74-244, Mitre, 1973.
6. K. Butler, S. McLaughlin, and P.D. McDaniel, "Rootkit-Resistant Disks," Proc. 15th ACM Conf. Computer and Communications Security (CCS 08), ACM Press, 2008, pp. 403–416.
7. L. StClair et al., "Establishing and Sustaining System Integrity via Root of Trust Installation," Proc. 23rd Ann. Computer Security Applications Conf. (ACSAC 07), 2007, pp. 19–29.
8. P. Barham et al., "Xen and the Art of Virtualization," Proc. 19th ACM Symp. Operating Systems Principles (SOSP 03), ACM Press, 2003.
9. "Fast Dual SHA-1 and SHA-256 Hash Core for ASIC," Helion Technology, 2005; www.heliontech.commultihash.htm.
10. A Guide to Understanding Audit in Trusted Systems, tech. report NCSC-TG-001, Tan Book, ed., Nat'l Computer Security Center, 1987.
11. K. Butler et al., SwitchBlade: Policy-Driven Disk Segmentation, tech. report NAS-TR-0098-2008, Network and Security Research Center, Dept. of Computer Science and Eng., Pennsylvania State Univ., 2008.
12. K. Butler et al., Firma: Disk-Based Foundations for Trusted Operating Systems, tech. report NAS-TR-0114-2009, Network and Security Research Center, Dept. of Computer Science and Eng., Pennsylvania State Univ., 2009.
13. T. Garfinkel et al., "Terra: A Virtual Machine-Based Platform for Trusted Computing," Proc. 19th ACM Symp. Operating Systems Principles (SOSP 03), ACM Press, 2003, pp. 193–206.
40 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool