{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T07:14:12Z","timestamp":1767165252450,"version":"build-2238731810"},"reference-count":54,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2013,9,1]],"date-time":"2013-09-01T00:00:00Z","timestamp":1377993600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100014790","name":"Singapore Management University","doi-asserted-by":"crossref","award":["MSS11C004"],"award-info":[{"award-number":["MSS11C004"]}],"id":[{"id":"10.13039\/501100014790","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2013,9]]},"abstract":"Most commodity peripheral devices and their drivers are geared to achieve high performance with security functions being opted out. The absence of strong security measures invites attacks on the I\/O data and consequently posts threats to those services feeding on them, such as fingerprint-based biometric authentication. In this article, we present a generic solution called DriverGuard, which dynamically protects the secrecy of I\/O flows such that the I\/O data are not exposed to the malicious kernel. Our design leverages a composite of cryptographic and virtualization techniques to achieve fine-grained protection without using any extra devices and modifications on user applications. We implement the DriverGuard prototype on Xen by adding around 1.7K SLOC. DriverGuard is lightweight as it only needs to protect around 2% of the driver code\u2019s execution. We measure the performance and evaluate the security of DriverGuard with three input devices (keyboard, fingerprint reader and camera) and three output devices (printer, graphic card, and sound card). The experiment results show that DriverGuard induces negligible overhead to the applications.<\/jats:p>","DOI":"10.1145\/2505123","type":"journal-article","created":{"date-parts":[[2020,4,4]],"date-time":"2020-04-04T03:42:17Z","timestamp":1585971737000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["DriverGuard"],"prefix":"10.1145","volume":"16","author":[{"given":"Yueqiang","family":"Cheng","sequence":"first","affiliation":[{"name":"Singapore Management University"}]},{"given":"Xuhua","family":"Ding","sequence":"additional","affiliation":[{"name":"Singapore Management University"}]},{"given":"Robert H.","family":"Deng","sequence":"additional","affiliation":[{"name":"Singapore Management University"}]}],"member":"320","published-online":{"date-parts":[[2013,9]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866313"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the 2nd USENIX Workshop on Hot Topics in Security (HOTSEC\u201907)","author":"Borders K.","unstructured":"Borders , K. and Prakash , A . 2007. Securing network input via a trusted input proxy . In Proceedings of the 2nd USENIX Workshop on Hot Topics in Security (HOTSEC\u201907) . USENIX Association, Berkeley, CA, 7:1--7:5. Borders, K. and Prakash, A. 2007. Securing network input via a trusted input proxy. In Proceedings of the 2nd USENIX Workshop on Hot Topics in Security (HOTSEC\u201907). USENIX Association, Berkeley, CA, 7:1--7:5."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455776"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346281.1346284"},{"key":"e_1_2_1_7_1","volume-title":"Proceedings of the 16th European Conference on Research in Computer Security (ESORICS\u201911)","author":"Cheng Y.","unstructured":"Cheng , Y. , Ding , X. , and Deng , R. H . 2011. Driverguard: A fine-grained protection on I\/O flows . In Proceedings of the 16th European Conference on Research in Computer Security (ESORICS\u201911) . Springer-Verlag, Berlin, 227--244. Cheng, Y., Ding, X., and Deng, R. H. 2011. Driverguard: A fine-grained protection on I\/O flows. In Proceedings of the 16th European Conference on Research in Computer Security (ESORICS\u201911). Springer-Verlag, Berlin, 227--244."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1995896.1995914"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/502034.502042"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043575"},{"key":"e_1_2_1_11_1","unstructured":"CVE-2008-0923. 2008. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi-?name=cve-2008-0923. CVE-2008-0923. 2008. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi-?name=cve-2008-0923."},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201912)","author":"Dunn A. M.","unstructured":"Dunn , A. M. , Lee , M. Z. , Jana , S. , Kim , S. , Silberstein , M. , Xu , Y. , Shmatikov , V. , and Witchel , E . 2012. Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels . In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201912) . USENIX Association, Berkeley, CA, 61--75. Dunn, A. M., Lee, M. Z., Jana, S., Kim, S., Silberstein, M., Xu, Y., Shmatikov, V., and Witchel, E. 2012. Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201912). USENIX Association, Berkeley, CA, 61--75."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2011.5958202"},{"key":"e_1_2_1_14_1","volume-title":"Accessing PCI express configuration registers using intel chipsets. Tech. rep","author":"Fleming S.","unstructured":"Fleming , S. 2008. Accessing PCI express configuration registers using intel chipsets. Tech. rep ., Intel Corporation , http:\/\/www.intel.com\/content\/www\/us\/en\/intelligent-systems\/chipsets-pcie-config-reg-paper.html. Fleming, S. 2008. Accessing PCI express configuration registers using intel chipsets. Tech. rep., Intel Corporation, http:\/\/www.intel.com\/content\/www\/us\/en\/intelligent-systems\/chipsets-pcie-config-reg-paper.html."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346281.1346303"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945464"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/378795.378855"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180448"},{"key":"e_1_2_1_19_1","unstructured":"IBM Zurich Research Lab. 2008. Security on a stick. IBM Zurich Research Lab. 2008. Security on a stick."},{"key":"e_1_2_1_20_1","unstructured":"Intel. 2008. Intel I\/O controller hub 9 (ICH9) family datasheet. Intel. 2008. Intel I\/O controller hub 9 (ICH9) family datasheet."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2151024.2151042"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.38"},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the Symposium on Network and Distributed Systems Security (NDSS).","author":"Kun S.","unstructured":"Kun , S. , Jiang , W. , Fengwei , Z. , and Angelos , S . 2012. SecureSwitch: BIOS-assisted isolation and switch between trusted and untrusted commodity OSes . In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS). Kun, S., Jiang, W., Fengwei, Z., and Angelos, S. 2012. SecureSwitch: BIOS-assisted isolation and switch between trusted and untrusted commodity OSes. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS)."},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of NATO RTO IST Panel Symposium on Adaptive Defence in Unclassified Networks.","author":"Langweg H.","year":"2004","unstructured":"Langweg , H. 2004 . Building a trusted path for applications using cots components . In Proceedings of NATO RTO IST Panel Symposium on Adaptive Defence in Unclassified Networks. Langweg, H. 2004. Building a trusted path for applications using cots components. In Proceedings of NATO RTO IST Panel Symposium on Adaptive Defence in Unclassified Networks."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046711"},{"key":"e_1_2_1_26_1","unstructured":"Lineberry A. 2009. Malicious code injection via \/dev\/mem. In Black Hat. Lineberry A. 2009. Malicious code injection via \/dev\/mem. In Black Hat ."},{"key":"e_1_2_1_27_1","volume-title":"Proceedings of the Annual Conference on USENIX\u201906 Annual Technical Conference. USENIX Association","author":"McCune J. M.","unstructured":"McCune , J. M. , Perrig , A. , and Reiter , M. K . 2006. Bump in the ether: A framework for securing sensitive user input . In Proceedings of the Annual Conference on USENIX\u201906 Annual Technical Conference. USENIX Association , Berkeley, CA, 17--17. McCune, J. M., Perrig, A., and Reiter, M. K. 2006. Bump in the ether: A framework for securing sensitive user input. In Proceedings of the Annual Conference on USENIX\u201906 Annual Technical Conference. USENIX Association, Berkeley, CA, 17--17."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1352592.1352625"},{"key":"e_1_2_1_29_1","volume-title":"Proceedings of the Symposium on Network and Distributed Systems Security (NDSS).","author":"McCune J. M.","unstructured":"McCune , J. M. , Perrig , A. , and Reiter , M. K . 2009. Safe passage for passwords and other sensitive data . In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS). McCune, J. M., Perrig, A., and Reiter, M. K. 2009. Safe passage for passwords and other sensitive data. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS)."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.17"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/605466.605477"},{"key":"e_1_2_1_32_1","volume-title":"Proceedings of the Network and Distributed Systems Security Symposium.","author":"Newsome J.","unstructured":"Newsome , J. and Song , D . 2005. Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software . In Proceedings of the Network and Distributed Systems Security Symposium. Newsome, J. and Song, D. 2005. Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software. In Proceedings of the Network and Distributed Systems Security Symposium."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_2_1_34_1","unstructured":"Phoenix Technologies. 2006. TrustedCore: Foundation for secure CRTM and BIOS implementation. https:\/\/forms.phoenix.com\/whitepaperdownload-\/docs\/trustedcore_wp.pdf. Phoenix Technologies. 2006. TrustedCore: Foundation for secure CRTM and BIOS implementation. https:\/\/forms.phoenix.com\/whitepaperdownload-\/docs\/trustedcore_wp.pdf."},{"key":"e_1_2_1_35_1","unstructured":"Rafal W. Joanna R. and Alexander T. 2008. Xen owning trilogy. website. http:\/\/invisible-thingslab.com\/itl\/Resources.html. Rafal W. Joanna R. and Alexander T. 2008. Xen owning trilogy. website. http:\/\/invisible-thingslab.com\/itl\/Resources.html."},{"key":"e_1_2_1_36_1","doi-asserted-by":"crossref","unstructured":"Santelices R. Zhang Y. Jiang S. Cai H. and jie Zhang Y. 2012. Quantitative program slicing: Separating statements by relevance. Tech. rep. Santelices R. Zhang Y. Jiang S. Cai H. and jie Zhang Y. 2012. Quantitative program slicing: Separating statements by relevance. Tech. rep.","DOI":"10.1109\/ICSE.2013.6606695"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1734583.1734593"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.4"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1508293.1508311"},{"key":"e_1_2_1_42_1","volume-title":"Proceedings of the 10th Conference on USENIX Security Symposium -","volume":"10","author":"Song D. X.","unstructured":"Song , D. X. , Wagner , D. , and Tian , X . 2001. Timing analysis of keystrokes and timing attacks on ssh . In Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10 (SSYM\u201901). USENIX Association, Berkeley, CA, 25--25. Song, D. X., Wagner, D., and Tian, X. 2001. Timing analysis of keystrokes and timing attacks on ssh. In Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10 (SSYM\u201901). USENIX Association, Berkeley, CA, 25--25."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250748"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945466"},{"key":"e_1_2_1_45_1","unstructured":"The Blue Pill. http:\/\/blackhat.com\/presentations\/bh-usa-06\/BH-US-06-Rutkowska.pdf. The Blue Pill. http:\/\/blackhat.com\/presentations\/bh-usa-06\/BH-US-06-Rutkowska.pdf."},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30921-2_3"},{"key":"e_1_2_1_47_1","volume-title":"Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID\u201910)","author":"Wang J.","unstructured":"Wang , J. , Stavrou , A. , and Ghosh , A . 2010. Hypercheck: A hardware-assisted integrity monitor . In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID\u201910) . Springer-Verlag, Berlin, 158--177. Wang, J., Stavrou, A., and Ghosh, A. 2010. Hypercheck: A hardware-assisted integrity monitor. In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID\u201910). Springer-Verlag, Berlin, 158--177."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.30"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.34"},{"key":"e_1_2_1_51_1","volume-title":"Proceedings of the USENIX Annual Technical Conference.","author":"Willmann P.","unstructured":"Willmann , P. , Rixner , S. , and Cox , A. L . 2008. Protection strategies for direct access to virtualized I\/O devices . In Proceedings of the USENIX Annual Technical Conference. Willmann, P., Rixner, S., and Cox, A. L. 2008. Protection strategies for direct access to virtualized I\/O devices. In Proceedings of the USENIX Annual Technical Conference."},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346267"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065545.1065546"},{"key":"e_1_2_1_54_1","volume-title":"Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI\u201906)","author":"Zhou F.","unstructured":"Zhou , F. , Condit , J. , Anderson , Z. , Bagrak , I. , Ennals , R. , Harren , M. , Necula , G. , and Brewer , E . 2006. Safedrive: Safe and recoverable extensions using language-based techniques . In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI\u201906) . USENIX Association, Berkeley, CA, 45--60. Zhou, F., Condit, J., Anderson, Z., Bagrak, I., Ennals, R., Harren, M., Necula, G., and Brewer, E. 2006. Safedrive: Safe and recoverable extensions using language-based techniques. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI\u201906). USENIX Association, Berkeley, CA, 45--60."},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.42"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2505123","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2505123","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:28:57Z","timestamp":1750217337000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2505123"}},"subtitle":["Virtualization-Based Fine-Grained Protection on I\/O Flows"],"short-title":[],"issued":{"date-parts":[[2013,9]]},"references-count":54,"aliases":["10.1145\/2516951.2505123"],"journal-issue":{"issue":"2","published-print":{"date-parts":[[2013,9]]}},"alternative-id":["10.1145\/2505123"],"URL":"https:\/\/doi.org\/10.1145\/2505123","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,9]]},"assertion":[{"value":"2012-06-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-06-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-09-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}