This paper proposes a secure computing architecture based on the dual hard disk and dual system switching ((DS)-S-3), and provide the mechanism of sensitive data copy and transmission processing for the two operating ...
详细信息
ISBN:
(数字)9781665470810
ISBN:
(纸本)9781665470810
This paper proposes a secure computing architecture based on the dual hard disk and dual system switching ((DS)-S-3), and provide the mechanism of sensitive data copy and transmission processing for the two operating environments of the computer. It can not only provide a securecomputing environment for all processing links involving sensitive files, but also resist various possible malicious attacks. The experimental simulation results show that the D3S architecture has obvious performance advantages in both the data delivery ratio and the memory computing overhead. When the size of the copied sensitive file is 50MB, the copy time overhead of (DS)-S-3 is 1.12s. The secure transmission rate of sensitive data of (DS)-S-3 architecture is significantly better than that of other existing architectures, which has been maintained at about 8.5 Mbps.
Memory authentication is the ability to detect unauthorized modification of memory. Existing solutions for memory authentication are based on tree structures computed over either the Physical Address Space (PAS tree) ...
详细信息
ISBN:
(纸本)9783540858843
Memory authentication is the ability to detect unauthorized modification of memory. Existing solutions for memory authentication are based on tree structures computed over either the Physical Address Space (PAS tree) or the Virtual Address Space (VAS tree). We show that the PAS tree is vulnerable to branch splicing attacks when providing memory authentication to an application running on a potentially compromised operating system. We also explain why the VAS tree generates initialization and memory overheads so large as to make it impractical, especially on 64-bit address spaces. To enable secure and efficient application memory authentication, we present a novel Reduced Address Space (RAS) containing only those pages that are useful to a protected application at any point in time. We introduce the Tree Management Unit (TMU) to manage the RAS tree, a dynamically expanding memory integrity tree computed over the RAS. The TMU is scalable, enabling tree schemes to scale up to cover 64-bit address spaces. It dramatically reduces the overheads of application memory authentication without weakening the security properties or degrading runtime performance. For SPEC 2000 benchmarks, the TMU speeds up tree initialization and reduces memory overheads by three orders of magnitude on average.
暂无评论