Information-Flow Aware Virtual Machines: Foundations for Trustworthy Computing

CC
CATCH
2009
Cybersecurity Applications & Technology Conference for Homeland Security
Abstract - Information-Flow Aware Virtual Machines: Foundations for Trustworthy Computing

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael Franz

Cybersecurity Applications & Technology Conference for Homeland Security

March 03-March 04

ISBN: 978-0-7695-3568-5

	ASCII Text	x
	Michael Franz, "Information-Flow Aware Virtual Machines: Foundations for Trustworthy Computing," Conference For Homeland Security, Cybersecurity Applications & Technology, pp. 91-96, Cybersecurity Applications & Technology Conference for Homeland Security, 2009.

	BibTex	x
	@article{ 10.1109/CATCH.2009.45, author = {Michael Franz}, title = {Information-Flow Aware Virtual Machines: Foundations for Trustworthy Computing}, journal ={Conference For Homeland Security, Cybersecurity Applications & Technology}, volume = {0}, year = {2009}, isbn = {978-0-7695-3568-5}, pages = {91-96}, doi = {http://doi.ieeecomputersociety.org/10.1109/CATCH.2009.45}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Conference For Homeland Security, Cybersecurity Applications & Technology TI - Information-Flow Aware Virtual Machines: Foundations for Trustworthy Computing SN - 978-0-7695-3568-5 SP91 EP96 A1 - Michael Franz, PY - 2009 KW - system security engineering KW - vulnerability prevention KW - virtual machines VL - 0 JA - Conference For Homeland Security, Cybersecurity Applications & Technology ER -

Michael Franz

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CATCH.2009.45

Many software systems in use today have enormous trusted computing bases (TCBs). We propose an architecture that makes it possible to shrink the TCB of many such systems. Our solution is based on a virtual-machine (VM) with added information-flow capabilities. In our architecture, all application programs run outside of the TCB under the control of the VM and cannot cause information leaks even if they try. We have implemented a prototype of this architecture and found that the resulting run-time overhead is much lower than expected. In many deployment contexts, it will be perfectly reasonable to make such a moderate performance sacrifice for the benefit of security.

Index Terms:

system security engineering, vulnerability prevention, virtual machines

Citation:

Michael Franz, "Information-Flow Aware Virtual Machines: Foundations for Trustworthy Computing," catch, pp.91-96, Cybersecurity Applications & Technology Conference for Homeland Security, 2009

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.