Труды Института системного программирования РАН (Oct 2018)
Transparent mechanism for remote system call execution
Abstract
One of the approaches to provide application security in the context of untrusted operating system is to use dedicated virtual machine to service certain hardware devices that may be used to compromise data (e.g. network adapter may be used to leak sensitive data). In such architecture it is necessary to somehow provide access to the hardware in the other virtual machine for the trusted applications bypassing the original operating system mechanisms. This article describes a solution for such problem based on the remote system call execution. The presented approach uses hardware virtualization and allows executing system calls remotely without modifying neither application nor operating system code.
