The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

A Secure Architecture Design Based on Code Minimization and Application Isolation

Download

Download PDF Document
PDF

Author

Aditi Gupta, Michael S. Kirkpatrick, Elisa Bertino

Tech report number

CERIAS TR 2013-4

Entry type

techreport

Abstract

With fast evolving attacks, using software patches for fixing software bugs is not enough as there are often considerable delays in their application to vulnerable systems and the attackers may find other vulnerabilities to exploit. A secure architecture design that provides robust protection against malware must be guided by strong security design principles. In this work, we propose a system design based on the security principles that aim at achieving isolation and reducing attack surface. Our design leverages multi-core architecture to enforce physical isolation between application processes so that a malicious or infected application is unable to affect other parts of the system. Further, we significantly reduce the software attack surface by executing each application on its own customized operating system image that is minimized to only contain code required by the given application.

Download

PDF

Date

2013 – 7 – 15

Key alpha

Gupta

Publication Date

2013-07-15

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.