Yanlin Li

Learn More
We develop a special-purpose hypervisor called TrustVisor that facilitates the execution of security-sensitive code in isolation from commodity OSes and applications. TrustVisor provides code and execution integrity as well as data secrecy and integrity for protected code, even in the presence of a compromised OS. These strong properties can be attested to(More)
An important security challenge is to protect the execution of security-sensitive code on legacy systems from malware that may infect the OS, applications, or system devices. Prior work experienced a tradeoff between the level of security achieved and efficiency. In this work, we leverage the features of modern processors from AMD and Intel to overcome the(More)
This paper presents MiniBox, the first two-way sandbox for x86 native code. MiniBox not only isolates the memory space between OS protection modules and an application , but also provides a minimized and secure communication interface between OS protection modules and the application. MiniBox is cross-platform and can be applied in Platform-as-a-Service(More)
  • 1