Overshadow Extension Towards Application Security on Untrusted Operating Systems Dan R. K. Ports and Tal Garfinkel Use shim to protect: ● file system ● inter-process communications ● process management ● time and randomness ● I/O and trusted paths ● identity management ● error handling
CHAOS Tamper-Resistant Execution in an Untrusted Operating System Using a Virtual Machine Monitor Haibo Chen, Fengzhe Zhang, Cheng Chen, Ziye Yang, Rong Chen, Binyu Zang
LOKI Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich, Hari Kannan, Michael Dalton, and Christos Kozyrakis
INVISIOS INVISIOS: A Lightweight, Minimally Intrusive Secure Execution Environment Divya Arora, Najwa Aaraj, Anand Raghunathan, Niraj K. Jha
Discussion ● What are the pros and cons of each option? ● How will each affect application development? ● Which option deserves further investigation?