Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Lockdown: A Safe and Practical Environment for Security Applications

Amit Vasudevan, Bryan Parno, Ning Qu, Virgil Gligor, and Adrian Perrig

Abstract

We investigate a new point in the design space of red/green systems which provide the user with a highly-protected, yet also highly-constrained trusted ("green") environment for performing security-sensitive transactions, as well as a high-performance, general-purpose environment for all other (non-security-sensitive or "red") applications. Through the design and implementation of the Lockdown architecture, we evaluate whether partitioning, rather than virtualizing, resources and devices can lead to better security or performance for red/green systems. We also design a simple external interface to allow the user to securely learn which environment is active and easily switch between them. We find that partitioning offers a new tradeoff between security, performance, and usability. On the one hand, partitioning can improve the security of the "green" environment and the performance of the "red" environment (as compared with a virtualized solution). On the other hand, with current systems, partitioning makes switching between environments quite slow (13-31 seconds), which may prove intolerable to users.

Details

Publication typeInproceedings
Published inProceedings of the Conference on Trust & Trustworthy Computing (TRUST)
PublisherSpringer Verlag
> Publications > Lockdown: A Safe and Practical Environment for Security Applications