Software-Privacy Preserving Platform

This project studies a new system of protection that can directly provide information secrecy to user-level applications. The result of having this protection system is the complete removal of the operating system from the trusted computing base. Specifically, the privacy of memory contents of user-level applications can be preserved even when the underlying operating system is totally compromised.

Our guiding design principle is practicality, which naturally leads us to recognize the virtue of simplicity, generality and orthogonality. The result is an abstract protection model, which we call SP3. Using encryption, SP3 provides data secrecy to user-level applications on a per-page basis. This SP3 protection model can be implemented either by hardware or by software. In the software implementation, we take advantage of techniques of hypervisors to enable efficient realization


The traditional way of protecting user applications is ‘process isolation’. An operating system defines the concept of ‘process’, and makes each user application run within this process abstraction, essentially isolating malice or faults from affecting each others. But the underlying assumption, or the implicit requirement, is that the operating system has to be trusted. In other words, the operating system is a part of the trusted computing base (TCB), and by the definition of the TCB, user applications are unprotected from the attacks made by the operating system.

Saying a system is trusted doesn’t necessarily mean that the system is trustworthy. In fact, there is a huge gap between trust and trustworthiness especially in the systems software: modern operating system is hard to secure due to its immensity and diversity. Also, once compromised, an operating system becomes a powerful tool for stealing user data. Therefore, trusting the operating system should be considered extremely risky.


Our solution is to invent a new protection system that can directly protect user data. With this protection system, user applications can prevent their sensitive information from divulging even if the operating system is compromised. Since we remove the operating system from the trust base, this protection system should remove the need to trust the operating system, and it should have smaller TCB, and it should balance operating system’s power.

For our design goal, we have practicality as the prime design objective. Naturally, the virtue of simplicity, generality, and orthogonality follows. Simplicity and generality are traditional ones when you want to achieve practicality. Orthogonality in this context means that we want to minimize the impact on the existing systems; if you want a solution to be practical, you don’t want a solution that is severely incompatible with the traditional way of handling jobs.

SP3 protection model

From the design objective, we derive following principles:

  • Choose memory page as the unit of protection.
  • Use information as the target of protection.
  • Avoid using operating system abstraction.

As with any protection system, SP3 defines the notion of a protection domain (SP3 domain) as the principal, which is uniquely identified by a number (SID number). Each SP3 domain is permitted to a set of cryptographic keys, which is then used to encipher the contents of selected pages.

SP3 extends the semantics of the paging system in such a way that each page can be viewed differently depending on the SP3 domain context. if the currently running SP3 domain has access to the cryptographic key referred to by a virtual address, the page content of the virtual address is rendered decrypted using the key. Otherwise, the page content is rendered verbatim.

SP3 also extends the semantics of the interrupt semantic in such a way that every interrupts and exceptions serve as the point of SP3 domain context switch. To protect the state of interrupted domain, the modified interrupt semantic secures the domain state by encrypting it before the interrupt handler gets control of the processor. This encryption can also prevent a hijacking of SP3 domain context.

SP3 finally defines a set of operations that controls the dynamics of SP3 domain. These operations are designed not to rely on the operating system for correctness and security. For example, creating an SP3 domain makes use of public key cryptography in order not to reveal any sensitive information such as cryptographic keys.


Realizing SP3 in hardware is trivial since SP3 is defined as an extension to a general processor. The real beauty of SP3 is that it can be efficiently emulated entirely by software, requiring no hardware modification. Using the techniques of hypervisors, the SP3 secure paging and secure interrupt semantics can be realized securely and efficiently.

For the prototype system, we modified Xen hypervisor to integrate SP3 protection into the hypervisor layer, which sits between hardware and operating systems. In this system, the guest OS (i.e., Linux) can become malicious but the worst it can do is to crash the system, and never can it steal the private data of user applications.

We achieved a high performance by means of two optimizations: page frame replication and lazy synchronization. Using these techniques, the hypervisor-based realization of SP3 incurs slowdown of less than 3 percent for CPU- and memory-intensive benchmarks.

For more details on the implementation, please refer to the paper below.

Project management

Currently, there is no scheduled meeting dedicated for the SP3 project. Instead, a progress is reported at the weekly systems group meeting. From time to time (quarterly), we report to the funding sources.



  • Jisoo Yang and Kang G. Shin. Using Hypervisor to Provide Data Secrecy for User Applications on a Per-Page BasisProceedings of the ACM Virtual Execution Environment (VEE’08). Mar, 2008.
  • Jisoo Yang and Kang G. Shin. Protection of Applications Privacy by Extending Paging Systemsubmitted to Transactions on Computer Systems.

Project sponsors

  • Air Force Office of Scientific Research (AFOSR)