Skip to main content

INVISIOS: A lightweight, minimally intrusive secure execution environment

Author(s): Arora, D; Aaraj, N; Raghunathan, A; Jha, NK

To refer to this page use:
Full metadata record
DC FieldValueLanguage
dc.contributor.authorArora, D-
dc.contributor.authorAaraj, N-
dc.contributor.authorRaghunathan, A-
dc.contributor.authorJha, NK-
dc.identifier.citationArora, D, Aaraj, N, Raghunathan, A, Jha, NK. (2012). INVISIOS: A lightweight, minimally intrusive secure execution environment. Transactions on Embedded Computing Systems, 11 (10.1145/2345770.2345772en_US
dc.description.abstractMany information security attacks exploit vulnerabilities in “trusted” and privileged software executing on the system, such as the operating system (OS). On the other hand, most security mechanisms provide no immunity to security-critical user applications if vulnerabilities are present in the underlying OS. While technologies have been proposed that facilitate isolation of security-critical software, they require either significant computational resources and are hence not applicable to many resource-constrained embedded systems, or necessitate extensive redesign of the underlying processors and hardware. In this work, we propose INVISIOS: a lightweight, minimally intrusive hardware-software architecture to make the execution of security-critical software invisible to the OS, and hence protected from its vulnerabilities. The INVISIOS software architecture encapsulates the security-critical software into a self-contained software module. While this module is part of the kernel and is run with kernel-level privileges, its code, data, and execution are transparent to and protected from the rest of the kernel. The INVISIOS hardware architecture consists of simple add-on hardware components that are responsible for bootstrapping the secure core, ensuring that it is exercised by applications in only permitted ways, and enforcing the isolation of its code and data. We implemented INVISIOS by enhancing a full-system emulator and Linux to model the proposed software and hardware enhancements, and applied it to protect a commercial cryptographic library. Our experiments demonstrate that INVISIOS is capable of facilitating secure execution at very small overheads, making it suitable for resource-constrained embedded systems and systems-on-chip.en_US
dc.relation.ispartofTransactions on Embedded Computing Systemsen_US
dc.rightsAuthor's manuscripten_US
dc.titleINVISIOS: A lightweight, minimally intrusive secure execution environmenten_US
dc.typeJournal Articleen_US

Files in This Item:
File Description SizeFormat 
CE-J09-001.pdf169.6 kBAdobe PDFView/Download

Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.