| Title: | HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data |
| Author: | Ding, Baozeng
; He, Yeping
; Wu, Yanjun
; Lin, Yuqi
|
| Conference Name: | 7th IEEE International Conference on Software Security and Reliability (SERE)
|
| Conference Date: | JUN 18-20, 2013
|
| Issued Date: | 2013
|
| Conference Place: | Gaithersburg, MD
|
| Keyword: | virtualization
; hypervisor introspection
; non-control data
|
| Publish Place: | IEEE COMPUTER SOC
|
| Indexed Type: | CPCI
|
| ISBN: | 978-0-7695-5030-5
|
| Department: | [Ding, Baozeng; He, Yeping; Wu, Yanjun; Lin, Yuqi] Chinese Acad Sci, Inst Software, Beijing 100864, Peoples R China.
|
| Abstract: | Continuing bug reports and exploits in hypervisors indicate that hypervisors face similar integrity threats as tradition software. Previous approaches to protect a hypervisor that utilize hardware features are not easy to be extended. Besides, they mainly focus on code or control data integrity, without pay much attention to protecting non-control data. In this paper, we present HyperVerify, a novel architecture to monitor hypervisor non-control data using a trusted VM. Since a VM cannot directly access a hypervisor's memory, HyperVerify programs a popular device driver to read the hypervisor's hardware state in the trusted VM. Then a memory analysis library is used to translate the low-level hardware state into the high level hypervisor context. Several monitoring processes use such context to monitor hypervisor non-control data integrity. Each of the processes is responsible for monitoring one kind of non-control data. It is flexible for HyperVerify to support monitoring new kinds of data structure. The experimental evaluation of our prototype shows that HyperVerify incurs at most 4% performance overhead to end users. |
| English Abstract: | Continuing bug reports and exploits in hypervisors indicate that hypervisors face similar integrity threats as tradition software. Previous approaches to protect a hypervisor that utilize hardware features are not easy to be extended. Besides, they mainly focus on code or control data integrity, without pay much attention to protecting non-control data. In this paper, we present HyperVerify, a novel architecture to monitor hypervisor non-control data using a trusted VM. Since a VM cannot directly access a hypervisor's memory, HyperVerify programs a popular device driver to read the hypervisor's hardware state in the trusted VM. Then a memory analysis library is used to translate the low-level hardware state into the high level hypervisor context. Several monitoring processes use such context to monitor hypervisor non-control data integrity. Each of the processes is responsible for monitoring one kind of non-control data. It is flexible for HyperVerify to support monitoring new kinds of data structure. The experimental evaluation of our prototype shows that HyperVerify incurs at most 4% performance overhead to end users. |
| Language: | 英语
|
| Content Type: | 会议论文
|
| URI: | http://ir.iscas.ac.cn/handle/311060/16531
|
| Appears in Collections: | 软件所图书馆_会议论文
|
|
There are no files associated with this item.
|
| Recommended Citation: | |
Ding, Baozeng,He, Yeping,Wu, Yanjun,et al. HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data[C]. 见:7th IEEE International Conference on Software Security and Reliability (SERE). Gaithersburg, MD. JUN 18-20, 2013.
|
|
|
