A Pre-Kernel Agent Platform for security assurance

Lee, Yung-Chuan; Rahimi, Shahram; Harvey, Sarah

doi:10.1109/ia.2011.5953619

Cited by 3 publications

(2 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security Agent Injection. Closely related to HyperForce is work by Lee et al [11] and Chiueh et al [4] on deploying agents by means of code injection from a hypervisor. Both approaches are applicable to guest OSs that have not been previously prepared by loading a special driver or similar.…”

Section: Related Workmentioning

confidence: 99%

“…Both approaches are applicable to guest OSs that have not been previously prepared by loading a special driver or similar. In [11], Lee et al proposes to protect agent code that is executing in a compromised guest OS kernel by the use of cryptography and by injecting this code on demand from the hypervisor. As there is no implementation and no experimental evaluation given, a comparison with HyperForce is not feasible.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

HyperForce: Hypervisor-enForced Execution of Security-Critical Code

Gadaleta

Nikiforakis

Mühlberg

et al. 2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

The sustained popularity of the cloud and cloud-related services accelerate the evolution of virtualization-enabling technologies. Modern off-the-shelf computers are already equipped with specialized hardware that enables a hypervisor to manage the simultaneous execution of multiple operating systems. Researchers have proposed security mechanisms that operate within such a hypervisor to protect the virtualized operating systems from attacks. These mechanisms improve in security over previous techniques since the defense system is no longer part of an operating system's attack surface. However, due to constant transitions between the hypervisor and the operating systems, these countermeasures typically incur a significant performance overhead. In this paper we present HyperForce, a framework which allows the deployment of security-critical code in a way that significantly outperforms previous in-hypervisor systems while maintaining similar guarantees with respect to security and integrity. HyperForce is a hybrid system which combines the performance of an in-guest security mechanism with the security of in-hypervisor one. We evaluate our framework by using it to re-implement an invariance-based rootkit detection system and show the performance benefits of a HyperForceutilizing countermeasure.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%