Litcius/Paper detail

CubicleOS: a library OS with software componentisation for practical isolation

Vasily A. Sartakov, Lluís Vilanova, Peter Pietzuch

202135 citationsDOI

Abstract

Library OSs have been proposed to deploy applications isolated inside containers, VMs, or trusted execution environments. They often follow a highly modular design in which third-party components are combined to offer the OS functionality needed by an application, and they are customised at compilation and deployment time to fit application requirements. Yet their monolithic design lacks isolation across components: when applications and OS components contain security-sensitive data (e.g., cryptographic keys or user data), the lack of isolation renders library OSs open to security breaches via malicious or vulnerable third-party components.

Topics & Concepts

Isolation (microbiology)Software deploymentModular designComputer scienceSoftwareTrusted ComputingComponent (thermodynamics)Operating systemCryptographyComputer securityEmbedded systemSoftware engineeringPhysicsBiologyMicrobiologyThermodynamicsSecurity and Verification in ComputingAdvanced Malware Detection TechniquesNetwork Security and Intrusion Detection