Practical Security Properties on Commodity Computing Platforms: The Uber Extensible Micro-Hypervisor Framework
暫譯: 商品計算平台上的實用安全性特性：Uber 可擴展微型虛擬機監控框架

Name: Practical Security Properties on Commodity Computing Platforms: The Uber Extensible Micro-Hypervisor Framework
Price: 2280 TWD
Availability: OnlineOnly
Author: Vasudevan, Amit
ISBN: 3030250482

Vasudevan, Amit

出版商: Springer
出版日期: 2019-09-25
售價: $2,400
貴賓價: 9.5 折 $2,280
語言: 英文
頁數: 85
裝訂: Quality Paper - also called trade paper
ISBN: 3030250482
ISBN-13: 9783030250485
相關分類: 資訊安全

海外代購書籍(需單獨結帳)

商品描述

This SpringerBrief discusses the uber eXtensible Micro-hypervisor Framework (uberXMHF), a novel micro-hypervisor system security architecture and framework that can isolate security-sensitive applications from other untrustworthy applications on commodity platforms, enabling their safe co-existence. uberXMHF, in addition, facilitates runtime monitoring of the untrustworthy components, which is illustrated in this SpringerBrief. uberXMHF focuses on three goals which are keys to achieving practical security on commodity platforms: (a) commodity compatibility (e.g., runs unmodified Linux and Windows) and unfettered access to platform hardware; (b) low trusted computing base and complexity; and (c) efficient implementation.
uberXMHF strives to be a comprehensible, practical and flexible platform for performing micro-hypervisor research and development. uberXMHF encapsulates common hypervisor core functionality in a framework that allows developers and users to build custom micro-hypervisor based (security-sensitive) applications (called "uberapps"). The authors describe several uberapps that employ uberXMHF and showcase the framework efficacy and versatility. These uberapps span a wide spectrum of security applications including application compartmentalization and sandboxing, attestation, approved code execution, key management, tracing, verifiable resource accounting, trusted-path and on-demand I/O isolation.
The authors are encouraged by the end result - a clean, barebones, low trusted computing base micro-hypervisor framework for commodity platforms with desirable performance characteristics and an architecture amenable to manual audits and/or formal reasoning. Active, open-source development of uberXMHF continues.
The primary audience for this SpringerBrief is system (security) researchers and developers of commodity system software. Practitioners working in system security deployment mechanisms within industry and defense, as well as advanced-level students studying computer science with an interest in security will also want to read this SpringerBrief.

商品描述(中文翻譯)

這本SpringerBrief討論了超可擴展微型虛擬機監控框架（uberXMHF），這是一種新穎的微型虛擬機系統安全架構和框架，能夠將安全敏感的應用程式與其他不可信的應用程式隔離，從而實現它們在商用平台上的安全共存。此外，uberXMHF還促進了對不可信組件的運行時監控，這在本SpringerBrief中有詳細說明。uberXMHF專注於三個目標，這些目標是實現商用平台實用安全的關鍵：（a）商用兼容性（例如，運行未修改的Linux和Windows）以及對平台硬體的無限制訪問；（b）低可信計算基礎和複雜性；以及（c）高效的實現。

uberXMHF力求成為一個易於理解、實用且靈活的平台，以進行微型虛擬機的研究和開發。uberXMHF將常見的虛擬機核心功能封裝在一個框架中，允許開發者和用戶構建基於微型虛擬機的自定義（安全敏感）應用程式（稱為“uberapps”）。作者描述了幾個使用uberXMHF的uberapps，展示了該框架的有效性和多樣性。這些uberapps涵蓋了廣泛的安全應用，包括應用程式隔離和沙盒化、證明、授權代碼執行、密鑰管理、追蹤、可驗證的資源計算、可信路徑和按需I/O隔離。

作者對最終結果感到鼓舞——一個乾淨、簡約、低可信計算基礎的微型虛擬機框架，適用於商用平台，具備理想的性能特徵，並且架構便於手動審計和/或形式推理。uberXMHF的主動開源開發仍在持續進行。

這本SpringerBrief的主要讀者是系統（安全）研究人員和商用系統軟體的開發者。從事行業和國防系統安全部署機制的實務工作者，以及對安全感興趣的計算機科學高級學生，也會希望閱讀這本SpringerBrief。

作者簡介

Amit Vasudevan is a Computer Scientist at the Software Engineering Institute (SEI), Carnegie Mellon University (CMU). His research interests include secure (embedded) systems and IoT, virtualization, trusted computing, formal methods, malware analysis and operating systems. His present research focuses on building formally verifiable and trustworthy computing systems. He is the principal force behind the design and development of uberSpark - an innovative architecture and framework for compositional formal verification of security properties of commodity system software; and the uber eXtensible Micro-Hypervisor Framework (uberXMHF) - an open-source, extensible and formally verifiable micro-hypervisor framework which forms the foundation for a new class of (security-oriented) micro-hypervisor based applications ("uberapps") on commodity computing platforms.
He received his Ph.D. and M.S degrees from the Computer Science Department at UT Arlington and spent three years as a Post-doctoral fellow at CyLab, Carnegie Mellon University. Before that, he obtained his B.E. from the Computer Science Department at the BMS College of Engineering, Bangalore, India.

作者簡介(中文翻譯)

阿米特·瓦蘇德萬（Amit Vasudevan）是卡內基梅隆大學（Carnegie Mellon University, CMU）軟體工程研究所（Software Engineering Institute, SEI）的計算機科學家。他的研究興趣包括安全（嵌入式）系統和物聯網（IoT）、虛擬化、可信計算、形式化方法、惡意軟體分析和作業系統。他目前的研究專注於構建形式可驗證和可信的計算系統。他是 uberSpark 的主要設計和開發力量，這是一種創新的架構和框架，用於對商品系統軟體的安全性質進行組合形式驗證；以及 uber eXtensible Micro-Hypervisor Framework（uberXMHF）——一個開源、可擴展且形式可驗證的微型虛擬機監控器框架，為基於商品計算平台的新類別（以安全為導向）的微型虛擬機監控器應用程式（'uberapps'）奠定了基礎。

他在德克薩斯大學阿靈頓分校（UT Arlington）的計算機科學系獲得了博士和碩士學位，並在卡內基梅隆大學的 CyLab 擔任了三年的博士後研究員。在此之前，他在印度班加羅爾的 BMS 工程學院的計算機科學系獲得了學士學位。