A Study of Security Isolation Techniques
Title | A Study of Security Isolation Techniques |
Publication Type | Journal Article |
Year of Publication | 2016 |
Authors | Rui Shu, Peipei Wang, Sigmund A. Gorski III, Benjamin Andow, Adwait Nadkarni, Luke Deshotels, Jason Gionta, William Enck, Xiaohui Gu |
Journal | ACM Computing Surveys (CSUR) |
Date Published | 12/2016 |
Keywords | isolation, Resilient Architectures, Smart Isolation in Large-Scale Production Computing Infrastructures |
Abstract | Security isolation is a foundation of computing systems that enables resilience to different forms of attacks. This article seeks to understand existing security isolation techniques by systematically classifying different approaches and analyzing their properties. We provide a hierarchical classification structure for grouping different security isolation techniques. At the top level, we consider two principal aspects: mechanism and policy. Each aspect is broken down into salient dimensions that describe key properties. We break the mechanism into two dimensions: enforcement location and isolation granularity, and break the policy aspect down into three dimensions: policy generation, policy configurability, and policy lifetime. We apply our classification to a set of representative papers that cover a breadth of security isolation techniques and discuss trade-offs among different design choices and limitations of existing approaches.
|
URL | http://dl.acm.org/citation.cfm?id=2988545 |
DOI | 10.1145/2988545 |
Citation Key | swg+16 |
Refereed Designation | Refereed |