New security architectures based on emerging disk functionality

Kevin Butler; Steve McLaughlin; Thomas Moyer; Patrick McDaniel

doi:10.1109/MSP.2010.90

New security architectures based on emerging disk functionality

Kevin Butler, Steve McLaughlin, Thomas Moyer, Patrick McDaniel

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

Securing operating systems has become increasingly difficult as their size and complexity continue to grow. New advances in hard disk technologies, however, provide a means for helping to manage this complexity; the new functionality made available at the disk level allows them to be used as security policy enforcement sites that are autonomous from the rest of the system. The proposed SwitchBlade architecture provides isolation for multiple OSs running on a single machine by confining them into segments that users can only access using a physical token. The authors show that the isolation guarantees SwitchBlade provides are equivalent to physically separate systems without the traditional usability burdens.

Original language	English (US)
Article number	5456358
Pages (from-to)	34-41
Number of pages	8
Journal	IEEE Security and Privacy
Volume	8
Issue number	5
DOIs	https://doi.org/10.1109/MSP.2010.90
State	Published - Sep 2010

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Electrical and Electronic Engineering
Law

Access to Document

10.1109/MSP.2010.90

Cite this

@article{a00cc25e9a1d4f5aa56e216f824bae90,

title = "New security architectures based on emerging disk functionality",

abstract = "Securing operating systems has become increasingly difficult as their size and complexity continue to grow. New advances in hard disk technologies, however, provide a means for helping to manage this complexity; the new functionality made available at the disk level allows them to be used as security policy enforcement sites that are autonomous from the rest of the system. The proposed SwitchBlade architecture provides isolation for multiple OSs running on a single machine by confining them into segments that users can only access using a physical token. The authors show that the isolation guarantees SwitchBlade provides are equivalent to physically separate systems without the traditional usability burdens.",

author = "Kevin Butler and Steve McLaughlin and Thomas Moyer and Patrick McDaniel",

note = "Funding Information: This work was supported by US National Science Foundation grants CCF-0937944 and CFF-0621429.",

year = "2010",

month = sep,

doi = "10.1109/MSP.2010.90",

language = "English (US)",

volume = "8",

pages = "34--41",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "5",

}

TY - JOUR

T1 - New security architectures based on emerging disk functionality

AU - Butler, Kevin

AU - McLaughlin, Steve

AU - Moyer, Thomas

AU - McDaniel, Patrick

N1 - Funding Information: This work was supported by US National Science Foundation grants CCF-0937944 and CFF-0621429.

PY - 2010/9

Y1 - 2010/9

N2 - Securing operating systems has become increasingly difficult as their size and complexity continue to grow. New advances in hard disk technologies, however, provide a means for helping to manage this complexity; the new functionality made available at the disk level allows them to be used as security policy enforcement sites that are autonomous from the rest of the system. The proposed SwitchBlade architecture provides isolation for multiple OSs running on a single machine by confining them into segments that users can only access using a physical token. The authors show that the isolation guarantees SwitchBlade provides are equivalent to physically separate systems without the traditional usability burdens.

AB - Securing operating systems has become increasingly difficult as their size and complexity continue to grow. New advances in hard disk technologies, however, provide a means for helping to manage this complexity; the new functionality made available at the disk level allows them to be used as security policy enforcement sites that are autonomous from the rest of the system. The proposed SwitchBlade architecture provides isolation for multiple OSs running on a single machine by confining them into segments that users can only access using a physical token. The authors show that the isolation guarantees SwitchBlade provides are equivalent to physically separate systems without the traditional usability burdens.

UR - http://www.scopus.com/inward/record.url?scp=77958129275&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77958129275&partnerID=8YFLogxK

U2 - 10.1109/MSP.2010.90

DO - 10.1109/MSP.2010.90

M3 - Article

AN - SCOPUS:77958129275

SN - 1540-7993

VL - 8

SP - 34

EP - 41

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 5

M1 - 5456358

ER -

New security architectures based on emerging disk functionality

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this