Sensitive information management system for un-trusted system platforms

Xuezhi Xie; Yuping Wang; Jianfeng Tan; Qigeng Chen

doi:10.16511/j.cnki.qhdxxb.2015.21.003

Sensitive information management system for un-trusted system platforms

Xuezhi Xie, Yuping Wang^*, Jianfeng Tan, Qigeng Chen

^*Corresponding author for this work

Tsinghua University

Research output: Contribution to journal › Article › peer-review

Abstract

The threats of backdoors and vulnerabilities in general-purpose operating systems complicate protection of sensitive information. This paper describes a sensitive memory management system (SMM) which protects sensitive information memory and prevents attackers from obtaining sensitive information by compromising the operating system kernel. Virtualization is used to set up different shadow page tables for the user-mode and the kernel-mode of the protected process and then controls access to the sensitive information so that only the proper applications can access the information and not the operating systems kernel. Tests show that the memory is protected with finer granularity and lower overhead than previous methods.

Original language	English
Pages (from-to)	1221-1228
Number of pages	8
Journal	Qinghua Daxue Xuebao/Journal of Tsinghua University
Volume	55
Issue number	11
DOIs	https://doi.org/10.16511/j.cnki.qhdxxb.2015.21.003
Publication status	Published - 1 Nov 2015
Externally published	Yes

Keywords

Data confidentiality
Sensitive information protection
Shadow paging
Virtualization

Access to Document

10.16511/j.cnki.qhdxxb.2015.21.003

Cite this

@article{506ab8e0db9542c38c14b54c444d6d0e,

title = "Sensitive information management system for un-trusted system platforms",

abstract = "The threats of backdoors and vulnerabilities in general-purpose operating systems complicate protection of sensitive information. This paper describes a sensitive memory management system (SMM) which protects sensitive information memory and prevents attackers from obtaining sensitive information by compromising the operating system kernel. Virtualization is used to set up different shadow page tables for the user-mode and the kernel-mode of the protected process and then controls access to the sensitive information so that only the proper applications can access the information and not the operating systems kernel. Tests show that the memory is protected with finer granularity and lower overhead than previous methods.",

keywords = "Data confidentiality, Sensitive information protection, Shadow paging, Virtualization",

author = "Xuezhi Xie and Yuping Wang and Jianfeng Tan and Qigeng Chen",

year = "2015",

month = nov,

day = "1",

doi = "10.16511/j.cnki.qhdxxb.2015.21.003",

language = "English",

volume = "55",

pages = "1221--1228",

journal = "Qinghua Daxue Xuebao/Journal of Tsinghua University",

issn = "1000-0054",

publisher = "Tsinghua University Press",

number = "11",

}

TY - JOUR

T1 - Sensitive information management system for un-trusted system platforms

AU - Xie, Xuezhi

AU - Wang, Yuping

AU - Tan, Jianfeng

AU - Chen, Qigeng

PY - 2015/11/1

Y1 - 2015/11/1

N2 - The threats of backdoors and vulnerabilities in general-purpose operating systems complicate protection of sensitive information. This paper describes a sensitive memory management system (SMM) which protects sensitive information memory and prevents attackers from obtaining sensitive information by compromising the operating system kernel. Virtualization is used to set up different shadow page tables for the user-mode and the kernel-mode of the protected process and then controls access to the sensitive information so that only the proper applications can access the information and not the operating systems kernel. Tests show that the memory is protected with finer granularity and lower overhead than previous methods.

AB - The threats of backdoors and vulnerabilities in general-purpose operating systems complicate protection of sensitive information. This paper describes a sensitive memory management system (SMM) which protects sensitive information memory and prevents attackers from obtaining sensitive information by compromising the operating system kernel. Virtualization is used to set up different shadow page tables for the user-mode and the kernel-mode of the protected process and then controls access to the sensitive information so that only the proper applications can access the information and not the operating systems kernel. Tests show that the memory is protected with finer granularity and lower overhead than previous methods.

KW - Data confidentiality

KW - Sensitive information protection

KW - Shadow paging

KW - Virtualization

UR - http://www.scopus.com/inward/record.url?scp=84950309405&partnerID=8YFLogxK

U2 - 10.16511/j.cnki.qhdxxb.2015.21.003

DO - 10.16511/j.cnki.qhdxxb.2015.21.003

M3 - Article

AN - SCOPUS:84950309405

SN - 1000-0054

VL - 55

SP - 1221

EP - 1228

JO - Qinghua Daxue Xuebao/Journal of Tsinghua University

JF - Qinghua Daxue Xuebao/Journal of Tsinghua University

IS - 11

ER -

Sensitive information management system for un-trusted system platforms

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this