Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services
| Title | Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Kwon, Youngjin, Dunn, Alan M., Lee, Michael Z., Hofmann, Owen S., Xu, Yuanzhong, Witchel, Emmett |
| Conference Name | Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4091-5 |
| Keywords | application protection, Collaboration, compositionality, crash consistency, para-verification, privacy, protocol verification, pubcrawl, virtualization-based security |
| Abstract | Sego is a hypervisor-based system that gives strong privacy and integrity guarantees to trusted applications, even when the guest operating system is compromised or hostile. Sego verifies operating system services, like the file system, instead of replacing them. By associating trusted metadata with user data across all system devices, Sego verifies system services more efficiently than previous systems, especially services that depend on data contents. We extensively evaluate Sego's performance on real workloads and implement a kernel fault injector to validate Sego's file system-agnostic crash consistency and recovery protocol. |
| URL | http://doi.acm.org/10.1145/2872362.2872372 |
| DOI | 10.1145/2872362.2872372 |
| Citation Key | kwon_sego:_2016 |