FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W3009605901> ?p ?o ?g. }

• W3009605901 abstract "Commodity operating systems execute core kernel subsystems in a single address space along with hundreds of dynamically loaded extensions and device drivers. Lack of isolation within the kernel implies that a vulnerability in any of the kernel subsystems or device drivers opens a way to mount a successful attack on the entire kernel. Historically, isolation within the kernel remained prohibitive due to the high cost of hardware isolation primitives. Recent CPUs, however, bring a new set of mechanisms. Extended page-table (EPT) switching with VM functions and memory protection keys (MPKs) provide memory isolation and invocations across boundaries of protection domains with overheads comparable to system calls. Unfortunately, neither MPKs nor EPT switching provide architectural support for isolation of privileged ring 0 kernel code, i.e., control of privileged instructions and well-defined entry points to securely restore state of the system on transition between isolated domains. Our work develops a collection of techniques for lightweight isolation of privileged kernel code. To control execution of privileged instructions, we rely on a minimal hypervisor that transparently deprivileges the system into a non-root VT-x guest. We develop a new isolation boundary that leverages extended page table (EPT) switching with the VMFUNC instruction. We define a set of invariants that allows us to isolate kernel components in the face of an intricate execution model of the kernel, e.g., provide isolation of preemptable, concurrent interrupt handlers. To minimize overheads of virtualization, we develop support for exitless interrupt delivery across isolated domains. We evaluate our approach by developing isolated versions of several device drivers in the Linux kernel." @default.
• W3009605901 created "2020-03-13" @default.
• W3009605901 creator A5010830558 @default.
• W3009605901 creator A5024108515 @default.
• W3009605901 creator A5027415482 @default.
• W3009605901 creator A5027859131 @default.
• W3009605901 creator A5055045569 @default.
• W3009605901 date "2020-03-03" @default.
• W3009605901 modified "2023-10-12" @default.
• W3009605901 title "Lightweight kernel isolation with virtualization and VM functions" @default.
• W3009605901 cites W1772960743 @default.
• W3009605901 cites W1968351779 @default.
• W3009605901 cites W1972484642 @default.
• W3009605901 cites W1976721395 @default.
• W3009605901 cites W2006816934 @default.
• W3009605901 cites W2031844067 @default.
• W3009605901 cites W2034101145 @default.
• W3009605901 cites W2040088668 @default.
• W3009605901 cites W2052705820 @default.
• W3009605901 cites W2058200237 @default.
• W3009605901 cites W2079029390 @default.
• W3009605901 cites W2081907608 @default.
• W3009605901 cites W2083355374 @default.
• W3009605901 cites W2086795351 @default.
• W3009605901 cites W2087053834 @default.
• W3009605901 cites W2098010707 @default.
• W3009605901 cites W2100754100 @default.
• W3009605901 cites W2105349588 @default.
• W3009605901 cites W2112735498 @default.
• W3009605901 cites W2117590013 @default.
• W3009605901 cites W2118810451 @default.
• W3009605901 cites W2147743629 @default.
• W3009605901 cites W2160275438 @default.
• W3009605901 cites W2168075869 @default.
• W3009605901 cites W2605597658 @default.
• W3009605901 cites W2664885055 @default.
• W3009605901 cites W4240053329 @default.
• W3009605901 cites W4302784197 @default.
• W3009605901 cites W2095881341 @default.
• W3009605901 doi "https://doi.org/10.1145/3381052.3381328" @default.
• W3009605901 hasPublicationYear "2020" @default.
• W3009605901 type Work @default.
• W3009605901 sameAs 3009605901 @default.
• W3009605901 citedByCount "17" @default.
• W3009605901 countsByYear W30096059012019 @default.
• W3009605901 countsByYear W30096059012020 @default.
• W3009605901 countsByYear W30096059012021 @default.
• W3009605901 countsByYear W30096059012022 @default.
• W3009605901 countsByYear W30096059012023 @default.
• W3009605901 crossrefType "proceedings-article" @default.
• W3009605901 hasAuthorship W3009605901A5010830558 @default.
• W3009605901 hasAuthorship W3009605901A5024108515 @default.
• W3009605901 hasAuthorship W3009605901A5027415482 @default.
• W3009605901 hasAuthorship W3009605901A5027859131 @default.
• W3009605901 hasAuthorship W3009605901A5055045569 @default.
• W3009605901 hasBestOaLocation W30096059011 @default.
• W3009605901 hasConcept C111919701 @default.
• W3009605901 hasConcept C112904061 @default.
• W3009605901 hasConcept C114614502 @default.
• W3009605901 hasConcept C120314980 @default.
• W3009605901 hasConcept C136085584 @default.
• W3009605901 hasConcept C144240696 @default.
• W3009605901 hasConcept C149635348 @default.
• W3009605901 hasConcept C173018170 @default.
• W3009605901 hasConcept C176649486 @default.
• W3009605901 hasConcept C18131444 @default.
• W3009605901 hasConcept C2775877400 @default.
• W3009605901 hasConcept C2775941552 @default.
• W3009605901 hasConcept C33923547 @default.
• W3009605901 hasConcept C41008148 @default.
• W3009605901 hasConcept C41661131 @default.
• W3009605901 hasConcept C513985346 @default.
• W3009605901 hasConcept C68793194 @default.
• W3009605901 hasConcept C74193536 @default.
• W3009605901 hasConcept C76399640 @default.
• W3009605901 hasConcept C79974875 @default.
• W3009605901 hasConcept C86803240 @default.
• W3009605901 hasConcept C89423630 @default.
• W3009605901 hasConceptScore W3009605901C111919701 @default.
• W3009605901 hasConceptScore W3009605901C112904061 @default.
• W3009605901 hasConceptScore W3009605901C114614502 @default.
• W3009605901 hasConceptScore W3009605901C120314980 @default.
• W3009605901 hasConceptScore W3009605901C136085584 @default.
• W3009605901 hasConceptScore W3009605901C144240696 @default.
• W3009605901 hasConceptScore W3009605901C149635348 @default.
• W3009605901 hasConceptScore W3009605901C173018170 @default.
• W3009605901 hasConceptScore W3009605901C176649486 @default.
• W3009605901 hasConceptScore W3009605901C18131444 @default.
• W3009605901 hasConceptScore W3009605901C2775877400 @default.
• W3009605901 hasConceptScore W3009605901C2775941552 @default.
• W3009605901 hasConceptScore W3009605901C33923547 @default.
• W3009605901 hasConceptScore W3009605901C41008148 @default.
• W3009605901 hasConceptScore W3009605901C41661131 @default.
• W3009605901 hasConceptScore W3009605901C513985346 @default.
• W3009605901 hasConceptScore W3009605901C68793194 @default.
• W3009605901 hasConceptScore W3009605901C74193536 @default.
• W3009605901 hasConceptScore W3009605901C76399640 @default.
• W3009605901 hasConceptScore W3009605901C79974875 @default.
• W3009605901 hasConceptScore W3009605901C86803240 @default.
• W3009605901 hasConceptScore W3009605901C89423630 @default.

• next