Team for Research in
Ubiquitous Secure Technology

• Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems

Citation
"• Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems". M. Chen, P. Subrahmanyam, C. Waldspurger, E. C. Lewis, Tal Garfinkel, D. Boneh, D. Ports, and J. Dwoskin (eds.), ASPLOS, 2008.

Abstract
Commodity operating systems entrusted with securing sensitive data are remarkably large and complex, and consequently, frequently prone to compromise. To address this limitation, we introduce a virtual-machine-based system called Overshadow that protects the privacy and integrity of application data, even in the event of a total OS compromise. Overshadow presents an application with a normal view of its resources, but the OS with an encrypted view. This allows the operating system to carry out the complex task of managing an application’s resources, without allowing it to read or modify them. Thus, Overshadow offers a last line of defense for application data. Overshadow builds on multi-shadowing, a novel mechanism that presents different views of “physical” memory, depending on the context performing the access. This primitive offers an additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processor architectures. We present the design and implementation of Overshadow and show how its new protection semantics can be integrated with existing systems. Our design has been fully implemented and used to protect a wide range of unmodified legacy applications running on an unmodified Linux operating system. We evaluate the performance of our implementation, demonstrating that this approach is practical.

Electronic downloads

Citation formats  
  • HTML
     <a
    href="http://www.truststc.org/pubs/587.html"
    ><i>â¢	Overshadow: A
    Virtualization-Based Approach to Retrofitting Protection in
    Commodity Operating Systems</i></a>, M. Chen, P.
    Subrahmanyam, C. Waldspurger, E. C. Lewis, Tal Garfinkel, D.
    Boneh, D. Ports, and J. Dwoskin (eds.), ASPLOS, 2008.
  • Plain text
     "â¢	Overshadow: A Virtualization-Based
    Approach to Retrofitting Protection in Commodity Operating
    Systems". M. Chen, P. Subrahmanyam, C. Waldspurger, E.
    C. Lewis, Tal Garfinkel, D. Boneh, D. Ports, and J. Dwoskin
    (eds.), ASPLOS, 2008.
  • BibTeX
    @proceedings{ChenSubrahmanyamWaldspurgerLewisGarfinkelBonehPorts08_OvershadowVirtualizationBasedApproachToRetrofitting,
        title = {â¢	Overshadow: A Virtualization-Based Approach to
                  Retrofitting Protection in Commodity Operating
                  Systems},
        editor = {M. Chen, P. Subrahmanyam, C. Waldspurger, E. C.
                  Lewis, Tal Garfinkel, D. Boneh, D. Ports, and J.
                  Dwoskin},
        organization = {ASPLOS},
        year = {2008},
        abstract = {Commodity operating systems entrusted with
                  securing sensitive data are remarkably large and
                  complex, and consequently, frequently prone to
                  compromise. To address this limitation, we
                  introduce a virtual-machine-based system called
                  Overshadow that protects the privacy and integrity
                  of application data, even in the event of a total
                  OS compromise. Overshadow presents an application
                  with a normal view of its resources, but the OS
                  with an encrypted view. This allows the operating
                  system to carry out the complex task of managing
                  an applicationâs resources, without allowing it
                  to read or modify them. Thus, Overshadow offers a
                  last line of defense for application data.
                  Overshadow builds on multi-shadowing, a novel
                  mechanism that presents different views of
                  âphysicalâ memory, depending on the context
                  performing the access. This primitive offers an
                  additional dimension of protection beyond the
                  hierarchical protection domains implemented by
                  traditional operating systems and processor
                  architectures. We present the design and
                  implementation of Overshadow and show how its new
                  protection semantics can be integrated with
                  existing systems. Our design has been fully
                  implemented and used to protect a wide range of
                  unmodified legacy applications running on an
                  unmodified Linux operating system. We evaluate the
                  performance of our implementation, demonstrating
                  that this approach is practical.},
        URL = {http://www.truststc.org/pubs/587.html}
    }
    

Posted by Jessica Gamble on 13 Mar 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.