The authors of AppSec present a proposed implementation to achieve a secure environment without modifying the operating system (OS) kernel or applications. The main concept is that only the OS is untrusted, while the hardware and the firmware are presumed to be trusted.
“A hypervisor-based safe execution environment,” protects security-sensitive applications from an untrusted OS. The authors focus on a combination of mechanisms to secure “dynamic shared objects during runtime,” “kernel memory access according to [the] application’s intention,” and input/output (I/O) communication from the end user to the application. The AppSec architecture overview is illustrated, and its elements are described meticulously. The safe loader component ensures the integrity of loaded applications and dynamic shared objects. The page tracker assures un-bypassed and transparent memory access by collecting information on sensitive applications’ memory pages, and by raising a nested page table fault when the kernel tries to access them. Access is then granted according to the application’s intentions. The I/O connections are secured with a privilege-based window-management system, with security-sensitive applications having the highest privilege.
The authors detail the evaluation of their system, with respect to the performance overhead, by using native Linux execution rates as a baseline. The tests were performed on a server with AMD processors, running Debian “wheezy” with Linux 3.1. SPEC CPU2006, Apache, and Google V8 benchmarks, and a few microbenchmarks, were used to compare against the baseline and the modified version with AppSec off and on. The tests concluded that a performance overhead of 6-to-10 percent incurred when all protection mechanisms were activated. The authors then present the limitations of the system and compare their work to similar techniques for protecting the user’s privacy. The most important differences were that AppSec does not modify the OS in any way and secures both memory and human-machine interaction data.