Title: | HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data |
Author: | Ding, Baozeng
; He, Yeping
; Wu, Yanjun
; Lin, Yuqi
|
Conference Name: | 7th IEEE International Conference on Software Security and Reliability (SERE)
|
Conference Date: | JUN 18-20, 2013
|
Issued Date: | 2013
|
Conference Place: | Gaithersburg, MD
|
Keyword: | virtualization
; hypervisor introspection
; non-control data
|
Publish Place: | IEEE COMPUTER SOC
|
Indexed Type: | CPCI
|
ISBN: | 978-0-7695-5030-5
|
Department: | [Ding, Baozeng; He, Yeping; Wu, Yanjun; Lin, Yuqi] Chinese Acad Sci, Inst Software, Beijing 100864, Peoples R China.
|
Abstract: | Continuing bug reports and exploits in hypervisors indicate that hypervisors face similar integrity threats as tradition software. Previous approaches to protect a hypervisor that utilize hardware features are not easy to be extended. Besides, they mainly focus on code or control data integrity, without pay much attention to protecting non-control data. In this paper, we present HyperVerify, a novel architecture to monitor hypervisor non-control data using a trusted VM. Since a VM cannot directly access a hypervisor's memory, HyperVerify programs a popular device driver to read the hypervisor's hardware state in the trusted VM. Then a memory analysis library is used to translate the low-level hardware state into the high level hypervisor context. Several monitoring processes use such context to monitor hypervisor non-control data integrity. Each of the processes is responsible for monitoring one kind of non-control data. It is flexible for HyperVerify to support monitoring new kinds of data structure. The experimental evaluation of our prototype shows that HyperVerify incurs at most 4% performance overhead to end users. |
English Abstract: | Continuing bug reports and exploits in hypervisors indicate that hypervisors face similar integrity threats as tradition software. Previous approaches to protect a hypervisor that utilize hardware features are not easy to be extended. Besides, they mainly focus on code or control data integrity, without pay much attention to protecting non-control data. In this paper, we present HyperVerify, a novel architecture to monitor hypervisor non-control data using a trusted VM. Since a VM cannot directly access a hypervisor's memory, HyperVerify programs a popular device driver to read the hypervisor's hardware state in the trusted VM. Then a memory analysis library is used to translate the low-level hardware state into the high level hypervisor context. Several monitoring processes use such context to monitor hypervisor non-control data integrity. Each of the processes is responsible for monitoring one kind of non-control data. It is flexible for HyperVerify to support monitoring new kinds of data structure. The experimental evaluation of our prototype shows that HyperVerify incurs at most 4% performance overhead to end users. |
Language: | 英语
|
Content Type: | 会议论文
|
URI: | http://ir.iscas.ac.cn/handle/311060/16531
|
Appears in Collections: | 软件所图书馆_会议论文
|
There are no files associated with this item.
|
Recommended Citation: |
Ding, Baozeng,He, Yeping,Wu, Yanjun,et al. HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data[C]. 见:7th IEEE International Conference on Software Security and Reliability (SERE). Gaithersburg, MD. JUN 18-20, 2013.
|
|
|