Privilege separation of applications using protection rings on x86x86 보호 링을 이용한 어플리케이션 권한 분리 기법

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 626
  • Download : 0
Modern applications lack the ability to separate sensitive information (e.g. private keys) from unimportant data (e.g. welcome messages) in different memory spaces, making it easy for attackers to steal sensitive data via memory disclosure attacks. A recent study has devised an isolated execution environment to support a privileged layer between user and kernel using protection rings: a privuser mode. However, the mode is in 32-bit, which leads to a degradation in performance. This paper presents privuser64, an additional execution mode between user and kernel that is fast and portable, but in 64bit. Kernel Page Table Isolation (KPTI) is employed to prevent the layer from accessing the kernel. The framework was faster up to 57% than the previous work, 32-bit privuser. In addition, to show the feasibility of this work, it has been applied to the widely used web server Nginx with the cryptographic library LibreSSL to secure private keys, and it showed near 0% of overhead as the response header size of HTTP grew larger.
Advisors
Kang, Brent Byunghoonresearcher강병훈researcher
Description
한국과학기술원 :정보보호대학원,
Publisher
한국과학기술원
Issue Date
2019
Identifier
325007
Language
eng
Description

학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2019.2,[iv, 24 p. :]

Keywords

privilege separation▼amemory protection▼aisolated execution environment▼aprotection rings▼akernel page table isolation; 권한 분리▼a메모리 보호 기법▼a독립 실행 환경▼a보호 링▼a커널 페이지 테이블 분리 기법

URI
http://hdl.handle.net/10203/267165
Link
http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=843590&flag=dissertation
Appears in Collection
IS-Theses_Master(석사논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0