Add to ORKGOver the last years, security-kernels have played a promising role in reshaping the landscape of platform security on embedded devices. Security-kernels, such as separation kernels, enable constructing high-assurance mixed-criticality execution platforms on a small TCB, which enforces isolation between components. The reduced TCB minimizes the system attack surface and facilitates the use of formal methods to ensure the kernel functional correctness and security. In this thesis, we explore various aspects of building a provably secure separation kernel using virtualization technology. We show how the memory management subsystem can be virtualized to enforce isolation of system components. Virtualization is done using direct-paging that ena...
Protecting commodity operating systems and applications against malware and targeted attacks has pro...
Commodity operating systems are entrusted with providing security to the applications we use everyd...
Our work aims to extend the concept of virtualization, which is known from the context of operating ...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
Virtualization software is increasingly a part of the infrastructure behind our online activities. C...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
Kernel-level attacks or rootkits can compromise the security of an operating system by executing wit...
System integrity monitors, such as rootkit detectors, rely critically on the ability to fetch and in...
Abstract—System integrity monitors, such as rootkit detectors, rely critically on the ability to fet...
Operating system kernels isolate applications from other malicious software via protected memory cr...
Abstract—The traditional virtual machine usage model advo-cates placing security mechanisms in a tru...
Kernel rootkits pose significant challenges on defensive techniques as they run at the highest privi...
Although many algorithms, hardware designs, and security protocols have been formally verified, form...
Protecting commodity operating systems and applications against malware and targeted attacks has pro...
Commodity operating systems are entrusted with providing security to the applications we use everyd...
Our work aims to extend the concept of virtualization, which is known from the context of operating ...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
Virtualization software is increasingly a part of the infrastructure behind our online activities. C...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
Kernel-level attacks or rootkits can compromise the security of an operating system by executing wit...
System integrity monitors, such as rootkit detectors, rely critically on the ability to fetch and in...
Abstract—System integrity monitors, such as rootkit detectors, rely critically on the ability to fet...
Operating system kernels isolate applications from other malicious software via protected memory cr...
Abstract—The traditional virtual machine usage model advo-cates placing security mechanisms in a tru...
Kernel rootkits pose significant challenges on defensive techniques as they run at the highest privi...
Although many algorithms, hardware designs, and security protocols have been formally verified, form...
Protecting commodity operating systems and applications against malware and targeted attacks has pro...
Commodity operating systems are entrusted with providing security to the applications we use everyd...
Our work aims to extend the concept of virtualization, which is known from the context of operating ...