| Publication Type |
Manuscript |
| School or College |
College of Engineering |
| Department |
Computing, School of |
| Creator |
Regehr, John |
| Other Author |
Zhao, Lu; Li, Guodong; Sutter, Bjorn De |
| Title |
ARMor: fully verified software fault isolation |
| Date |
2011-01-01 |
| Description |
We have designed and implemented ARMor, a system that uses software fault isolation (SFI) to sandbox application code running on small embedded processors. Sandboxing can be used to protect components such as the RTOS and critical control loops from other, less-trusted components. ARMor guarantees memory safety and control flow integrity; it works by rewriting a binary to put a check in front of every potentially dangerous operation. We formally and automatically verify that an ARMored application respects the SFI safety properties using the HOL theorem prover. Thus, ARMor provides strong isolation guarantees and has an exceptionally small trusted computing base-there is no trusted compiler, binary rewriter, verifier, or operating system. |
| Type |
Text |
| Publisher |
Association for Computing Machinery |
| DOI |
http://doi.acm.org/10.1145/nnnnnn.nnnnnn ; ACM 978-1-4503-0714-7/11/10. |
| Language |
eng |
| Rights Management |
© ACM, 2011. This is the authors version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceedings of the 11th International Conference on Embedded Software (EMSOFT 2011). October 9-14, 2011,Taipei, Taiwan. |
| Format Medium |
application/pdf |
| Format Extent |
735,018 bytes |
| Identifier |
uspace,17470 |
| ARK |
ark:/87278/s6tf0g41 |
| Setname |
ir_uspace |
| ID |
707962 |
| Reference URL |
https://collections.lib.utah.edu/ark:/87278/s6tf0g41 |
