Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms
Venue
TRUST 2012, Lecture Notes in Computer Science, pp. 21
Publication Year
2012
Authors
Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, Adrian Perrig
BibTeX
Abstract
We investigate a new point in the design space of red/green systems [19,30], which
provide the user with a highly-protected, yet also highly-constrained trusted
(“green”) environment for performing security-sensitive transactions, as well as a
high-performance, general-purpose environment for all other (non-security-sensitive
or “red”) applications. Through the design and implementation of the Lockdown
architecture, we evaluate whether partitioning, rather than virtualizing, resources
and devices can lead to better security or performance for red/green systems. We
also design a simple external interface to allow the user to securely learn which
environment is active and easily switch between them. We find that partitioning
offers a new tradeoff between security, performance, and usability. On the one
hand, partitioning can improve the security of the “green” environment and the
performance of the “red” environment (as compared with a virtualized solution). On
the other hand, with current systems, partitioning makes switching between
environments quite slow (13-31 seconds), which may prove intolerable to users.
