Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

The Confinement Problem: 40 Years Later

  • Crowell, Alex (Dept. of Computer Science and Engineering, University of Michigan) ;
  • Ng, Beng Heng (Dept. of Computer Science and Engineering, University of Michigan) ;
  • Fernandes, Earlence (Dept. of Computer Science and Engineering, University of Michigan) ;
  • Prakash, Atul (Dept. of Computer Science and Engineering, University of Michigan)
  • Received : 2013.05.21
  • Accepted : 2013.06.04
  • Published : 2013.06.29
Download PDF
⟨ Previous Next ⟩

Abstract

The confinement problem was first noted four decades ago. Since then, a huge amount of efforts have been spent on defining and mitigating the problem. The evolution of technologies from traditional operating systems to mobile and cloud computing brings about new security challenges. It is perhaps timely that we review the work that has been done. We discuss the foundational principles from classical works, as well as the efforts towards solving the confinement problem in three domains: operating systems, mobile computing, and cloud computing. While common issues exist across all three domains, unique challenges arise for each of them, which we discuss.

Keywords

References

  1. Butler W. Lampson. A note on the confinement problem. Commun. ACM, 16(10):613-615, October 1973. https://doi.org/10.1145/362375.362389
  2. Zhenghong Wang and Ruby B. Lee. Covert and Side Channels Due to Processor Architecture. In Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC '06, Washing-ton, DC, USA, 2006. IEEE Computer Society, pp.473-482.
  3. Colin Percival. Cache missing for fun and profit. In Proc. of BSDCan 2005, 2005.
  4. Onur Aciicmez. Yet another MicroArchitectural Attack: exploiting ICache. In Proceedings of the 2007 ACM workshop on Computer security architecture, CSAW '07, New York, NY, USA, 2007. ACM, pp.11-18.
  5. Onur Aciicmez, Cetin Kaya Koc, and Jean-Pierre Seifert. Predicting secret keys via branch prediction. In Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology, CT-RSA'07, Berlin, Heidelberg, 2006. Springer-Verlag, pp.225-242.
  6. Jerome H. Saltzer and Michael D. Schroeder. The Protection of Information in Computer Systems. 1975.
  7. Richard A. Kemmerer. An Approach to Identifying Storage and Timing Channels. In ACM Transac-tions on Computer Systems, 1983.
  8. J.C. Wray. An analysis of covert timing channels. In Research in Security and Privacy, 1991. Pro-ceedings., 1991 IEEE Computer Society Symposium on, 1991, pp.2-7.
  9. Steven B. Lipner. A comment on the confinement problem. In Proceedings of the fifth ACM sympo-sium on Operating systems principles, SOSP '75, New York, NY, USA, 1975. ACM, pp.192-196.
  10. Gaurav Shah, Andres Molina, and Matt Blaze. Keyboards and covert channels. In Proceedings of the 2006 USENIX Security Symposium (July-August), 2006, pp.59-75.
  11. Jonathan K. Millen. Security Kernel validation in practice. Commun. ACM, 19(5):243-250, May 1976. https://doi.org/10.1145/360051.360059
  12. Marvin Schaefer, Barry Gold, Richard Linde, and John Scheid. Program confinement in KVM/370. In Proceedings of the 1977 annual conference, ACM '77, New York, NY, USA, 1977. ACM, pp.404-410.
  13. Stanley R. Ames and Jonathan K. Millen. Interface verification for a security kernel. Technical report, Infotech International, Ltd., Maidenhead, Berkshire, UK, 1978.
  14. C. Kline. Data security: Security, protection, confinement, covert channels. PhD thesis, UCLA, 1980.
  15. Paul C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Sys-tems. In Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryp-tology, CRYPTO '96, London, UK, UK, 1996. Springer-Verlag, pp.104-113.
  16. Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis. In CRYPTO, 1999, pp.388-397.
  17. Paul C. Kocher, Joshua Jaffe, Benjamin Jun, and Pankaj Rohatgi. Introduction to differential power analysis. J. Cryptographic Engineering, 1(1):5-27, 2011. https://doi.org/10.1007/s13389-011-0006-y
  18. Hossein Bidgoli. Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection, and Management, Vol.3. John Wiley & Sons, 2006.
  19. John McLean. Security models and information flow. In Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on. IEEE, 1990, pp.180-187.
  20. Andrew S Tanenbaum and Maarten Van Steen. Distributed systems, Vol.2. Prentice Hall, 2002.
  21. Randy Chow and Theodore Johnson. Distributed Operating Systems and Algorithms. Addison Wes-ley, 1997.
  22. Butler W. Lampson. Protection. In Princeton University, 1971, pp.437-443.
  23. D. E. Bell and L. J. LaPadula. Secure Computer Systems: Mathematical Foundations. Technical Re-port MTR-2547, Vol.1, MITRE Corp., Bedford, MA, 1973.
  24. Andrew C. Myers and Barbara Liskov. A Decentralized Model for Information Flow Control. In Proc. 17th ACM Symp. on Operating System Principles (SOSP, 1997, pp.129-142.
  25. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazieres. Making information flow explicit in HiStar. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation- Vol.7, OSDI '06, Berkeley, CA, USA, 2006. USENIX Association, pp.19-19.
  26. National Security Agency. Security Enhanced Linux, May 2013.
  27. Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazieres, Frans Kaashoek, and Robert Morris. Labels and event processes in the Asbestos op-erating system. ACM SIGOPS Operating Systems Review, 39(5):17-30, 2005. https://doi.org/10.1145/1095809.1095813
  28. Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. Terra: A virtual machine-based platform for trusted computing. In ACM SIGOPS Operating Systems Review, Vol.37. ACM, 2003, pp.193-206. https://doi.org/10.1145/1165389.945464
  29. Andrew Martin et al. The ten page introduction to trusted computing, 2008.
  30. Joanna Rutkowska and Rafal Wojtczuk. Qubes OS architecture. Invisible Things Lab, Tech. Rep, 2010.
  31. Kevin Borders, Eric Vander Weele, Billy Lau, and Atul Prakash. Protect ing Confidential Data on Personal Computers with Storage Capsules. In USENIX Security Symposium, 2009, pp.367-382.
  32. Billy Lau, Atul Prakash, and Venkatanathan Annamalai. Accessing Trusted Web Sites from Low-Integrity Systems without End-Host Snooping. In SocialCom/PASSAT, 2011, pp.1012-1019.
  33. Petros Maniatis, Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, and Dawn Song. Do you know where your data are?: secure data capsules for deployable data protection. In Proceedings of the 13th USENIX conference on Hot topics in operating systems, HotOS'13, Berkeley, CA, USA, 2011. USENIX Association, pp.22-22.
  34. Liang Cai and Hao Chen. TouchLogger: inferring keystrokes on touch screen from smartphone mo-tion. In Proceedings of the 6th USENIX conference on Hot topics in security, HotSec'11, Berkeley, CA, USA, 2011. USENIX Association, pp.9-9.
  35. Schwartz, Edward J. and Avgerinos, Thanassis and Brumley, David. All you ever wanted to know about Dynamic Taint Analysis and Forward Symbolic Execution. In proceedings of the 2010 IEEE Symposium on Security and Privacy, S&P '10, Washington DC, USA, 2010, pp.317-331.
  36. William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and im-plementation, OSDI'10, Berkeley, CA, USA, 2010. USENIX Association, pp.1-6.
  37. Georgios Portokalidis, Philip Homburg, Kostas Anagnostakis, and Herbert Bos. Paranoid Android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applica-tions Conference, ACSAC '10, 2010, pp.347-356.
  38. U' lfar Erlingsson. The inlined reference monitor approach to security policy enforcement. PhD thesis, Ithaca, NY, USA, 2004. AAI3114521.
  39. Rubin Xu, Hassen Saidi, and Ross Anderson. Aurasium: practical policy enforcement for Android applications. In Proceedings of the 21st USENIX conference on Security symposium, Security'12, Berkeley, CA, USA, 2012. USENIX Association, pp.27-27.
  40. Giovanni Russello, Mauro Conti, Bruno Crispo, and Earlence Fernandes. MOSES: supporting opera-tion modes on smartphones. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies, SACMAT '12, New York, NY, USA, 2012. ACM, pp.3-12.
  41. Jeremy Andrus, Christoffer Dall, Alexander Van't Hof, Oren Laadan, and Jason Nieh. Cells: a virtual mobile smartphone architecture. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP '11, New York, NY, USA, 2011. ACM, pp.173-187.
  42. Mauro Conti, Vu Thien Nga Nguyen, and Bruno Crispo. CRePE: context-related policy enforcement for android. In Proceedings of the 13th international conference on Information security, ISC'10, Ber-lin, Heidelberg, 2011. Springer-Verlag, pp.331-345.
  43. LuisM. Vaquero, Luis Rodero-Merino, and Daniel Morn. Locking the sky: a survey on IaaS cloud security. Computing, 91(1):93-118, 2011. https://doi.org/10.1007/s00607-010-0140-x
  44. Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM con-ference on Computer and communications security, CCS '09, New York, NY, USA, 2009. ACM, pp.199-212.
  45. Amittai Aviram, Sen Hu, Bryan Ford, and Ramakrishna Gummadi. Determinating timing channels in compute clouds. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop, CCSW '10, New York, NY, USA, 2010. ACM, pp.103-108.
  46. Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar Weippl. Dark clouds on the horizon: using cloud storage as attack vector and online slack space. In Proceedings of the 20th USENIX conference on Security, SEC'11, Berkeley, CA, USA, 2011. USENIX Association, pp.5-5.
  47. Zhenyu Wu, Zhang Xu, and Haining Wang. Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In Proceedings of the 21st USENIX conference on Security symposium, Securi-ty'12, Berkeley, CA, USA, 2012. USENIX Association, pp.9-9.
  48. Ronald Perez, Reiner Sailer, and Leendert van Doorn. vTPM: virtualizing the trusted platform mod-ule. In Proc. 15th Conf. on USENIX Security Symposium, 2006, pp.305-320.
  49. Eric Keller, Jakub Szefer, Jennifer Rexford, and Ruby B. Lee. NoHype: virtualized cloud infrastruc-ture without the virtualization. In Proceedings of the 37th annual international symposium on Com-puter architecture, ISCA'10, New York, NY, USA, 2010. ACM, pp.350-361.
  50. Fengzhe Zhang, Jin Chen, Haibo Chen, and Binyu Zang. CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP '11, New York, NY, USA, 2011. ACM, pp.203-216.

Cited by

  1. SecureDom: secure mobile-sensitive information protection with domain separation vol.72, pp.7, 2016, https://doi.org/10.1007/s11227-015-1578-6
  2. A Secure Storage System for Sensitive Data Protection Based on Mobile Virtualization vol.11, pp.2, 2015, https://doi.org/10.1155/2015/929380
  3. Personal Information Leaks with Automatic Login in Mobile Social Network Services vol.17, pp.6, 2015, https://doi.org/10.3390/e17063947
  4. Privacy-Enhancing Security Protocol in LTE Initial Attack vol.6, pp.4, 2014, https://doi.org/10.3390/sym6041011