Lockdown: A Safe and Practical Environment for Security Applications (CMU-CyLab-09-011)
نویسندگان
چکیده
We describe, build, and evaluate Lockdown, a system that significantly increases the level of security for online transactions, even on a platform infested with malicious code. Lockdown provides the user with a highly-protected, yet also highly-constrained trusted environment for performing online transactions, as well as a high-performance, general-purpose environment for all other (non-security-sensitive) applications. A simple, user-friendly external interface allows the user to securely learn which environment is active and easily switch between them. We focus on making Lockdown deployable and usable today. Lockdown works with both Windows and Linux, and provides immediate improvements to security-sensitive tasks while imposing, on average, only 3% memory overhead and 2–7% storage overhead on non-security-related tasks.
منابع مشابه
Lockdown: A Safe and Practical Environment for Security Applications
We describe, build, and evaluate Lockdown, a system that significantly increases the level of security for online transactions, even on a platform infested with malicious code. Lockdown provides the user with a highly-protected, yet also highly-constrained trusted environment for performing online transactions, as well as a high-performance, general-purpose environment for all other (non-securi...
متن کاملLockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms
We investigate a new point in the design space of red/green systems [19, 30], which provide the user with a highly-protected, yet also highly-constrained trusted (“green”) environment for performing security-sensitive transactions, as well as a high-performance, general-purpose environment for all other (non-security-sensitive or “red”) applications. Through the design and implementation of the...
متن کاملAccess Control for Home Data Sharing: Attitudes, Needs and Practices (CMU-CyLab-09-013, CMU-PDL-09-110)
As digital content becomes more prevalent in the home, nontechnical users are increasingly interested in sharing that content with others and accessing it from multiple devices. Not much is known about how these users think about controlling access to this data. To better understand this, we conducted semi-structured, in-situ interviews with 33 users in 15 households. We found that users create...
متن کاملEfficient TCB Reduction and Attestation (CMU-CyLab-09-003)
We develop a special-purpose hypervisor called TrustVisor that facilitates the execution of security-sensitive code in isolation from commodity OSes and applications. TrustVisor provides code and execution integrity as well as data secrecy and integrity for protected code, even in the presence of a compromised OS. These strong properties can be attested to a remote verifier. TrustVisor only add...
متن کاملWhen Information Improves Information Security (CMU-CyLab-09-004)
We investigate a mixed economy of an individual rational expert and several naı̈ve near-sightedagents in the context of security decision making. Agents select between three canonical security ac-tions to navigate the complex security risks of weakest-link, best shot and total effort interdependencies.We further study the impact of two information conditions on agents’ choices. W...
متن کامل