Guardian: Hypervisor as Security Foothold for Personal Computers

Cheng, Yueqiang; Ding, Xuhua

doi:10.1007/978-3-642-38908-5_2

Cited by 11 publications

(7 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Without AppShield protection, the performance overhead is due to the virtualization itself. The full evaluation has been reported in [7]. Generally, it only introduces 0.2% to 10.3% performance overhead.…”

Section: Appshield Impacts On Performancementioning

confidence: 99%

See 1 more Smart Citation

Efficient Virtualization-Based Application Protection Against Untrusted Operating System

Cheng

Ding

Deng

2015

Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

Commodity monolithic operating systems are abundant with vulnerabilities that lead to rootkit attacks. Once an operating system is subverted, the data and execution of user applications are fully exposed to the adversary, regardless whether they are designed and implemented with security considerations. Existing application protection schemes have various drawbacks, such as high performance overhead, large Trusted Computing Base (TCB), or hardware modification. In this paper, we present the design and implementation of AppShield, a hypervisor-based approach that reliably safeguards code, data and execution integrity of a critical application, in a more efficient way than existing systems. The protection overhead is localized to the protected application only, so that unprotected applications and the operating system run without any performance loss. In addition to the performance advantage, AppShield tackles several newly identified threats in this paper which are not systematically addressed previously. We build a prototype of AppShield with a tiny hypervisor, and experiment with AppShield by running several off-the-shelf applications on a Linux platform. The results testify to AppShield's low performance costs in terms of CPU computation, disk I/O and network I/O.

show abstract

Section: Appshield Impacts On Performancementioning

confidence: 99%

“…The prototype consists of a dedicated hypervisor [7] running on the bare-metal hardware, and a Linux loadable module as the transit module. The code base of the hypervisor is around 29K SLOC with 218KB binary size.…”

Section: Implementation and Evaluationmentioning

confidence: 99%

Efficient Virtualization-Based Application Protection Against Untrusted Operating System

Cheng

Ding

Deng

2015

Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…The hypervisor is trusted and secure as the root of trust. Although there are vulnerabilities for some existing hypervisors, we can leverage additional security services to enhance their integrity [34,6,4] and reduce their attack surfaces [32,7]. As our system relies on a training-based approach, we also assume the system is clean and trusted in the training stage, but it could be compromised at any time after that.…”

Section: Threat Modelmentioning

confidence: 99%

KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels

Zhang

Cheng

Nepal

et al. 2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Commodity OS kernels have broad attack surfaces due to the large code base and the numerous features such as device drivers. For a real-world use case (e.g., an Apache Server), many kernel services are unused and only a small amount of kernel code is used. Within the used code, a certain part is invoked only at runtime while the rest are executed at startup and/or shutdown phases in the kernel's lifetime run. In this paper, we propose a reliable and practical system, named KASR, which transparently reduces attack surfaces of commodity OS kernels at runtime without requiring their source code. The KASR system, residing in a trusted hypervisor, achieves the attack surface reduction through a two-step approach: (1) reliably depriving unused code of executable permissions, and (2) transparently segmenting used code and selectively activating them. We implement a prototype of KASR on Xen-4.8.2 hypervisor and evaluate its security effectiveness on Linux kernel-4.4.0-87-generic. Our evaluation shows that KASR reduces the kernel attack surface by 64% and trims off 40% of CVE vulnerabilities. Besides, KASR successfully detects and blocks all 6 real-world kernel rootkits. We measure its performance overhead with three benchmark tools (i.e., SPECINT, httperf and bonnie++). The experimental results indicate that KASR imposes less than 1% performance overhead (compared to an unmodified Xen hypervisor) on all the benchmarks.

show abstract

“…Here author discussed HSEM component for monitoring each VM behavior whereas HAREM checks reliability for a host. In [17], the authors have discussed hypervisor-based security wherein they explored the mechanism for secure booting with several approaches for secure I/O calls occurred across the hypervisor and guest OS.…”

Section: Related Workmentioning

confidence: 99%

NDynamic Framework for Secure VM Migration over Cloud Computing

Rathod¹,

Reddy²

2017

J Inf Process Syst

View full text Add to dashboard Cite

In the centralized cloud controlled environment, the decision-making and monitoring play crucial role where in the host controller (HC) manages the resources across hosts in data center (DC). HC does virtual machine (VM) and physical hosts management. The VM management includes VM creation, monitoring, and migration. If HC down,the services hosted by various hosts in DC can't be accessed outside the DC. Decentralized VM management avoids centralized failure by considering one of the hosts from DC as HC that helps in maintaining DC in running state. Each host in DC has many VM's with the threshold limit beyond which it can't provide service.To maintain threshold , the host's in DC does VM migration across various hosts. The data in migration is in the form of plaintext, the intruder can analyze packet movement and can control hosts traffic. The incorporation of security mechanism on hosts in DC helps protecting data in migration. This paper discusses an approach for dynamic HC selection, VM selection and secure VM migration over cloud environment.

show abstract

Guardian: Hypervisor as Security Foothold for Personal Computers

Cited by 11 publications

References 28 publications

Efficient Virtualization-Based Application Protection Against Untrusted Operating System

Efficient Virtualization-Based Application Protection Against Untrusted Operating System

KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels

NDynamic Framework for Secure VM Migration over Cloud Computing

Contact Info

Product

Resources

About