Entry Liang:2009:AIE from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Liang:2009:AIE,
  author =       "Zhenkai Liang and Weiqing Sun and V. N.
                 Venkatakrishnan and R. Sekar",
  title =        "{Alcatraz}: An Isolated Environment for Experimenting
                 with Untrusted Software",
  journal =      j-TISSEC,
  volume =       "12",
  number =       "3",
  pages =        "14:1--14:37",
  month =        jan,
  year =         "2009",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/1455526.1455527",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Mon Feb 2 18:03:37 MST 2009",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "In this article, we present an approach for realizing
                 a {\em safe execution environment (SEE)\/} that enables
                 users to ``try out'' new software (or configuration
                 changes to existing software) without the fear of
                 damaging the system in any manner. A key property of
                 our SEE is that it faithfully reproduces the behavior
                 of applications, as if they were running natively on
                 the underlying (host) operating system. This is
                 accomplished via {\em one-way isolation\/}: processes
                 running within the SEE are given read-access to the
                 environment provided by the host OS, but their write
                 operations are prevented from escaping outside the SEE.
                 As a result, SEE processes cannot impact the behavior
                 of host OS processes, or the integrity of data on the
                 host OS. SEEs support a wide range of tasks, including:
                 study of malicious code, controlled execution of
                 untrusted software, experimentation with software
                 configuration changes, testing of software patches, and
                 so on. It provides a convenient way for users to
                 inspect system changes made within the SEE. If these
                 changes are not accepted, they can be rolled back at
                 the click of a button. Otherwise, the changes can be
                 committed so as to become visible outside the SEE. We
                 provide consistency criteria that ensure semantic
                 consistency of the committed results. We develop two
                 different implementation approaches, one in {\em
                 user-land\/} and the other in the {\em OS kernel}, for
                 realizing a safe-execution environment. Our
                 implementation results show that most software,
                 including fairly complex server and client
                 applications, can run successfully within our SEEs. It
                 introduces low performance overheads, typically below
                 10 percent.",
  acknowledgement = ack-nhfb,
  articleno =    "14",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
  keywords =     "Isolation; one-way isolation",
}

Related entries