April 2, 2008

Very interesting.

Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems

Part of the abstract:

we introduce a virtual-machine-based system called Overshadow that protects the privacy and integrity of application data, even in the event of a total OS compromise. Overshadow presents an application with a normal view of its resources, but the OS with an encrypted view. This allows the operating system to carry out the complex task of managing an application’s resources, without allowing it to read or modify them