TY - GEN
T1 - Running OS Kernel in Separate Domains
T2 - 25th Asia-Pacific Software Engineering Conference, APSEC 2018
AU - Zhang, Weijuan
AU - Jia, Xiaoqi
AU - Zhang, Shengzhi
AU - Wang, Rui
AU - Liu, Peng
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - Container-based PaaS cloud is ease of use and cost-efficient, but vulnerable to attacks due to the weak isolation provided by the built-in containers. In this paper, we present a lightweight virtualization based kernel decomposition approach to securely isolate cloud tenants as well as the operating system (OS) services against various threats. Our design decouples existing OS kernels based on their functionality and isolates different kernel partitions in separate domains. The kernel partition that enables application execution is quarantined in an application domain, while other partitions that offer various services are isolated in separate service domains. The application owned by one tenant can run transparently in a dedicated application domain, with strong isolation to those owned by other tenants. Furthermore, the kernel partition approach effectively defeats the malware that requires support from different kernel services. We have implemented a prototype based on Linux kernel and Xen hypervisor. Our evaluation demonstrates that the proposed kernel decomposition approach can defeat various OS kernel-targeted attacks with minimal performance overhead.
AB - Container-based PaaS cloud is ease of use and cost-efficient, but vulnerable to attacks due to the weak isolation provided by the built-in containers. In this paper, we present a lightweight virtualization based kernel decomposition approach to securely isolate cloud tenants as well as the operating system (OS) services against various threats. Our design decouples existing OS kernels based on their functionality and isolates different kernel partitions in separate domains. The kernel partition that enables application execution is quarantined in an application domain, while other partitions that offer various services are isolated in separate service domains. The application owned by one tenant can run transparently in a dedicated application domain, with strong isolation to those owned by other tenants. Furthermore, the kernel partition approach effectively defeats the malware that requires support from different kernel services. We have implemented a prototype based on Linux kernel and Xen hypervisor. Our evaluation demonstrates that the proposed kernel decomposition approach can defeat various OS kernel-targeted attacks with minimal performance overhead.
UR - http://www.scopus.com/inward/record.url?scp=85066801706&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85066801706&partnerID=8YFLogxK
U2 - 10.1109/APSEC.2018.00036
DO - 10.1109/APSEC.2018.00036
M3 - Conference contribution
AN - SCOPUS:85066801706
T3 - Proceedings - Asia-Pacific Software Engineering Conference, APSEC
SP - 219
EP - 228
BT - Proceedings - 25th Asia-Pacific Software Engineering Conference, APSEC 2018
PB - IEEE Computer Society
Y2 - 4 December 2018 through 7 December 2018
ER -