• Software protection against privileged code. A long-standing research purpose constitutes the security in appli-cations and their data from malicious users by the privi-leged system software. Initial projects (such as NGSCB and Proxos) implement applications which produce security in the trusted operating system (OS), with trusted and un-trusted operating systems with virtualization. Following projects, comprising Overshadow, SP3, InkTag and Virtual Ghost, has focused on minimizing the size of the TCB by protecting application memory from a malicious operating system (OS) enter.
The SEGO extends these methods by ensuring data managing and to all the devices where using trusted metadata. Minibox is a hypervisor sandbox which produces two-way security among native applications and the guest operating system. In contrast with SCONE, those systems use a trusted virtualization layer and struggle to defend applications from malicious users with physical access to the machine or who controls the virtualization layer.• Trusted hardware can defend security-sensitive applications, and implementations which face performance issue, and security functionality. Tamper-proof physical and can host arbitrary functionality is provided by the secure co-processors. Nevertheless, they usually are expensive and their power is limited.
In this application is guaranteed the security (e.g. as cryptographic keys), Bajaj and Sion confirm that protected co-processors can be used to separate a database engine into trusted and untrusted parts. SCONE from the other side is providing security in containers by using SGX to achieve better performance.
