DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Kang, Brent Byunghoon | - |
dc.contributor.advisor | 강병훈 | - |
dc.contributor.author | Song, Chihyun | - |
dc.date.accessioned | 2019-09-04T02:49:03Z | - |
dc.date.available | 2019-09-04T02:49:03Z | - |
dc.date.issued | 2019 | - |
dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=843590&flag=dissertation | en_US |
dc.identifier.uri | http://hdl.handle.net/10203/267165 | - |
dc.description | 학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2019.2,[iv, 24 p. :] | - |
dc.description.abstract | Modern applications lack the ability to separate sensitive information (e.g. private keys) from unimportant data (e.g. welcome messages) in different memory spaces, making it easy for attackers to steal sensitive data via memory disclosure attacks. A recent study has devised an isolated execution environment to support a privileged layer between user and kernel using protection rings: a privuser mode. However, the mode is in 32-bit, which leads to a degradation in performance. This paper presents privuser64, an additional execution mode between user and kernel that is fast and portable, but in 64bit. Kernel Page Table Isolation (KPTI) is employed to prevent the layer from accessing the kernel. The framework was faster up to 57% than the previous work, 32-bit privuser. In addition, to show the feasibility of this work, it has been applied to the widely used web server Nginx with the cryptographic library LibreSSL to secure private keys, and it showed near 0% of overhead as the response header size of HTTP grew larger. | - |
dc.language | eng | - |
dc.publisher | 한국과학기술원 | - |
dc.subject | privilege separation▼amemory protection▼aisolated execution environment▼aprotection rings▼akernel page table isolation | - |
dc.subject | 권한 분리▼a메모리 보호 기법▼a독립 실행 환경▼a보호 링▼a커널 페이지 테이블 분리 기법 | - |
dc.title | Privilege separation of applications using protection rings on x86 | - |
dc.title.alternative | x86 보호 링을 이용한 어플리케이션 권한 분리 기법 | - |
dc.type | Thesis(Master) | - |
dc.identifier.CNRN | 325007 | - |
dc.description.department | 한국과학기술원 :정보보호대학원, | - |
dc.contributor.alternativeauthor | 송치현 | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.