Lockdown: A Safe and Practical Environment for Security Applications
نویسندگان
چکیده
We describe, build, and evaluate Lockdown, a system that significantly increases the level of security for online transactions, even on a platform infested with malicious code. Lockdown provides the user with a highly-protected, yet also highly-constrained trusted environment for performing online transactions, as well as a high-performance, general-purpose environment for all other (non-security-sensitive) applications. A simple, user-friendly external interface allows the user to securely learn which environment is active and easily switch between them. We focus on making Lockdown deployable and usable today. Lockdown works with both Windows and Linux, and provides immediate improvements to security-sensitive tasks while imposing, on average, only 3% memory overhead and 2–7% storage overhead on non-security-related tasks.
منابع مشابه
Lockdown: A Safe and Practical Environment for Security Applications (CMU-CyLab-09-011)
We describe, build, and evaluate Lockdown, a system that significantly increases the level of security for online transactions, even on a platform infested with malicious code. Lockdown provides the user with a highly-protected, yet also highly-constrained trusted environment for performing online transactions, as well as a high-performance, general-purpose environment for all other (non-securi...
متن کاملLockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms
We investigate a new point in the design space of red/green systems [19, 30], which provide the user with a highly-protected, yet also highly-constrained trusted (“green”) environment for performing security-sensitive transactions, as well as a high-performance, general-purpose environment for all other (non-security-sensitive or “red”) applications. Through the design and implementation of the...
متن کاملFine-Grained Control-Flow Integrity Through Binary Hardening
Applications written in low-level languages without type or memory safety are prone to memory corruption. Attackers gain code execution capabilities through memory corruption despite all currently deployed defenses. Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations. We present Lockdown, a modular,...
متن کاملThe effect of COVID-19 lockdown on the air environment in India
COVID-19 is a huge tragedy for the world community. Everything in the world is affected due to this pandemic right from economy to resources where the economy of major countries of the world are facing recession and resources are surplus with no takers at all. The measures to contain COVID-19 pandemic include lockdown, social distancing, isolation, and home quarantine. Lockdown adopted by the d...
متن کاملSimplifying Network Management with Lockdown
The administrator of an enterprise network has a responsibility to enforce the policies on the network. Yet, most security mechanisms do not map well to the intended policies. This has been due to the prevalence of simplistic tools that have poor enforcement but, yet are easy to manage. While advanced commercial solutions do exist that have stronger enforcement, they are significantly harder to...
متن کامل