Proceedings of ISP RAS


Transparent mechanism for remote system call execution.

Pavel Iakovenko.

Abstract

One of the approaches to provide application security in the context of untrusted operating system is to use dedicated virtual machine to service certain hardware devices that may be used to compromise data (e.g. network adapter may be used to leak sensitive data). In such architecture it is necessary to somehow provide access to the hardware in the other virtual machine for the trusted applications bypassing the original operating system mechanisms. This article describes a solution for such problem based on the remote system call execution. The presented approach uses hardware virtualization and allows executing system calls remotely without modifying neither application nor operating system code.

Keywords

resource isolation, application security, virtual machine, hypervisor.

Edition

Proceedings of the Institute for System Programming, vol. 18, 2010, pp. 221-242.

ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).

Full text of the paper in pdf (in Russian) Back to the contents of the volume