| dc.contributor.author | Boyd-Wickizer, Silas | |
| dc.contributor.author | Zeldovich, Nickolai | |
| dc.date.accessioned | 2011-04-19T19:10:35Z | |
| dc.date.available | 2011-04-19T19:10:35Z | |
| dc.date.issued | 2010-06 | |
| dc.identifier.uri | http://hdl.handle.net/1721.1/62238 | |
| dc.description | URL to paper from conference site | en_US |
| dc.description.abstract | This paper presents SUD, a system for running existing
Linux device drivers as untrusted user-space processes.
Even if the device driver is controlled by a malicious
adversary, it cannot compromise the rest of the system.
One significant challenge of fully isolating a driver is to
confine the actions of its hardware device. SUD relies on
IOMMU hardware, PCI express bridges, and message-signaled
interrupts to confine hardware devices. SUD
runs unmodified Linux device drivers, by emulating a
Linux kernel environment in user-space. A prototype of
SUD runs drivers for Gigabit Ethernet, 802.11 wireless,
sound cards, USB host controllers, and USB devices, and
it is easy to add a new device class. SUD achieves the
same performance as an in-kernel driver on networking
benchmarks, and can saturate a Gigabit Ethernet link.
SUD incurs a CPU overhead comparable to existing runtime
driver isolation techniques, while providing much
stronger isolation guarantees for untrusted drivers. Finally,
SUD requires minimal changes to the kernel—just two
kernel modules comprising 4,000 lines of code—which
may at last allow the adoption of these ideas in practice. | en_US |
| dc.language.iso | en_US | |
| dc.publisher | USENIX Association | en_US |
| dc.relation.isversionof | http://www.usenix.org/events/atc10/tech/full_papers/Boyd-Wickizer.pdf | en_US |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike 3.0 | en_US |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/3.0/ | en_US |
| dc.source | MIT web domain | en_US |
| dc.title | Tolerating Malicious Device Drivers in Linux | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Boyd-Wickizer, Silas and Nickolai Zeldovich. "Tolerating Malicious Device Drivers in Linux" USENIX Annual Technical Conference, June 23–25, 2010, Boston, MA, USA. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.contributor.approver | Zeldovich, Nickolai | |
| dc.contributor.mitauthor | Zeldovich, Nickolai | |
| dc.contributor.mitauthor | Boyd-Wickizer, Silas | |
| dc.relation.journal | 2010 USENIX Annual Technical Conference | en_US |
| dc.eprint.version | Author's final manuscript | en_US |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | en_US |
| dspace.orderedauthors | Boyd-Wickizer, Silas; Zeldovich, Nickolai | |
| dc.identifier.orcid | https://orcid.org/0000-0003-0238-2703 | |
| mit.license | OPEN_ACCESS_POLICY | en_US |
| mit.metadata.status | Complete | |
