Return to search

Overlay Window Management: User interaction with multiple security domains

Graphical user interfaces for high-assurance systems must fulfill a range of security requirements such as protected and reliable presentation, prevention of unauthorized cross-domain talk, and prevention of user-input eavesdropping. Additionally, it is desirable to support legacy applications running in confined compartments. Standard isolation methods such as virtual-machine monitors provide one frame buffer per security domain, where each frame buffer is managed by one legacy window system. This raises the question of how to safely integrate multiple (legacy) window systems and protect the displayed data while preserving the usability of modern user interfaces.
Our paper describes the OverlayWindow System, a general mechanism for multiplexing windows of multiple distinct window systems into the host frame buffer. Thus, each legacy window appears to the user as one corresponding host window that can be moved and resized. To achieve this, only slight modifications of the legacy window system are required whereby, the source code does not have to be available. Our implementation of an Overlay Window System successfully multiplexes Linux, GEM and native L4 applications.

Identiferoai:union.ndltd.org:DRESDEN/oai:qucosa.de:bsz:14-qucosa-99595
Date14 November 2012
CreatorsFeske, Norman, Helmuth, Christian
ContributorsTechnische Universität Dresden, Fakultät Informatik
PublisherSaechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden
Source SetsHochschulschriftenserver (HSSS) der SLUB Dresden
LanguageEnglish
Detected LanguageEnglish
Typedoc-type:workingPaper
Formatapplication/pdf
Relationdcterms:isPartOf:Technische Berichte / Technische Universität Dresden, Fakultät Informatik ; 2004,02 (TUD-FI04-02 März 2004)

Page generated in 0.0023 seconds