Hypervisor-based background encryption

Omote, Yushi; Chubachi, Yosuke; Shinagawa, Takahiro; Kitamura, Toshio; Eiraku, Hideki; Matsubara, Katsuya

doi:10.1145/2245276.2232073

Cited by 3 publications

(4 citation statements)

References 16 publications

(16 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hypervisor-based Background Encryption [39] This study proposes a hypervisor-based approach that enables instant disk encryption without interfering with user activities.…”

Section: Cloud Shreddermentioning

confidence: 99%

Survey of Techniques on Data Leakage Protection and Methods to address the Insider threat

Montano

Aranda²,

Diaz³

et al. 2022

Cluster Comput

View full text Add to dashboard Cite

Data leakage is a problem that companies and organizations face every day around the world. Mainly the data leak caused by the internal threat posed by authorized personnel to manipulate confidential information. The main objective of this work is to survey the literature to detect the existing techniques to protect against data leakage and to identify the methods used to address the insider threat. For this, a literature review of scientific databases was carried out in the period from 2011 to 2022, which resulted in 42 relevant papers. It was obtained that from 2017 to date, 60% of the studies found are concentrated and that 90% come from conferences and publications in journals. Significant advances were detected in protection systems against data leakage with the incorporation of new techniques and technologies, such as machine learning, blockchain, and digital rights management policies. In 40% of the relevant studies, significant interest was shown in avoiding internal threats. The most used techniques in the analyzed DLP tools were encryption and machine learning.

show abstract

“…Hypervisor-based Background Encryption [39] This study proposes a hypervisor-based approach that enables instant disk encryption without interfering with user activities.…”

Section: Cloud Shreddermentioning

confidence: 99%

Survey of Techniques on Data Leakage Protection and Methods to address the Insider threat

Montano

Aranda²,

Diaz³

et al. 2022

Cluster Comput

View full text Add to dashboard Cite

show abstract

“…-We present a set of protocols for transparent full disk encryption performed at the hypervisor level; while hypervisor-based background encryption has been explored earlier [18], our protocol focuses on a different key handling mechanism where the control over the domain master keys protecting the data storage is transferred to an external trusted party. -We extend previously introduced protocols for trusted launch of VM instances in public IaaS environments [14,16] by introducing additional parameters to direct the allocation of storage resources to a certain administrative domain.…”

Section: Contributionmentioning

confidence: 99%

“…Below follow two examples of this approach, which could be used in combination with the protocols described in this paper. BitVisor (introduced in [28] and further in [29]) is a thin hypervisor based on Intel VT-x and AMD-V designed to enforce I/O device security of virtualized guests. The hypervisor uses a parapass-through architecture that allows to forward a subset of the I/O instructions (keyboard and mouse actions) without modification in order to have a minimal impact on the performance of the VM instances.…”

Section: Related Workmentioning

confidence: 99%

Domain-Based Storage Protection (DBSP) in Public Infrastructure Clouds

2013

View full text Add to dashboard Cite

Confidentiality and integrity of data in Infrastructure-as-a-Service (IaaS) environments increase in relevance as adoption of IaaS advances towards maturity. While current solutions assume a high degree of trust in IaaS provider staff and infrastructure management processes, earlier incidents have demonstrated that neither are impeccable. In this paper we introduce Domain-Based Storage Protection (DBSP) a data confidentiality and integrity protection mechanism for IaaS environments, which relies on trusted computing principles to provide transparent storage isolation between IaaS clients. We describe the building blocks of this mechanism and provide a set of detailed protocols for generation and handling of keys for confidentiality and integrity protection of data stored by guest VM instances. The protocols assume an untrusted IaaS provider and aim to prevent both malicious and accidental faulty configurations that could lead to breach of data confidentiality and integrity in IaaS deployments.

show abstract

“…It provides parapass-through device drivers that intercept I/O requests and responses to insert additional operations such as security enforcement. The BitVisor core and BitVisor extensions provide a wide range of security facilities such as VPN, background storage encryption [20], and malware signature detection [21]. The major advantage of BitVisor is a small TCB (Trusted Computing Base).…”

Section: Introductionmentioning

confidence: 99%

Checkpointing an Operating System Using a Parapass-through Hypervisor

Oyama

Kawasaki

Takahashi

2015

Journal of Information Processing

View full text Add to dashboard Cite

Abstract:Many dynamic malware analysis systems based on hypervisors have been proposed. Although they support malware analysis effectively, many of them have a shortcoming that permits the malware to easily recognize the virtualized hardware and change its execution to prevent analysis. We contend that this drawback can be mitigated using a hypervisor that virtualizes the minimum number of hardware accesses. This paper proposes a hypervisor-based mechanism that can function as a building block for dynamic malware analysis systems. The mechanism provides the facility for checkpointing and restoring a guest OS. It is designed for a parapass-through hypervisor, that is, a hypervisor that runs directly on the hardware and does not execute a host OS or an administrative guest OS. The advantage of using a parapass-through hypervisor is that it provides a virtual machine whose hardware configuration and behavior is similar to the underlying physical machine, and hence, it can be stealthier than other hypervisors. We extend the parapassthrough hypervisor BitVisor with the proposed mechanism, and demonstrate that the resulting system can successfully checkpoint and restore the states of Linux and Windows OSes. We confirm that hypervisor detectors running on the system cannot identify the virtualized hardware, and determine that they are executing on a physical machine. We also confirm that the system imposes minimal overhead on the execution times of the benchmark programs.

show abstract

Hypervisor-based background encryption

Cited by 3 publications

References 16 publications

Survey of Techniques on Data Leakage Protection and Methods to address the Insider threat

Survey of Techniques on Data Leakage Protection and Methods to address the Insider threat

Domain-Based Storage Protection (DBSP) in Public Infrastructure Clouds

Checkpointing an Operating System Using a Parapass-through Hypervisor

Contact Info

Product

Resources

About