中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 会议论文
Title:
hGuard: A Framework to Measure Hypervisor Critical Files
Author: Ding, Baozeng ; He, Yeping ; Zhou, Qiming ; Wu, Yanjun ; Wu, Jingzheng
Conference Name: 7th IEEE International Conference on Software Security and Reliability (SERE)
Conference Date: JUN 18-20, 2013
Issued Date: 2013
Conference Place: Gaithersburg, MD
Keyword: Hypervisor ; critical files ; integrity ; measurement
Publish Place: IEEE COMPUTER SOC
Indexed Type: CPCI
ISBN: 978-0-7695-5030-5
Department: [Ding, Baozeng; He, Yeping; Zhou, Qiming; Wu, Yanjun; Wu, Jingzheng] Chinese Acad Sci, Inst Software, Beijing 100864, Peoples R China.
Abstract: Virtualization has been widely adopted in current computer systems. A key part of virtualization is a hypervisor, which virtualizes physical resources to be shared among multiple guest virtual machines (VMs). Configuration files and security policy files used by the hypervisor control VMs' behavior. If these critical files are tampered with, all the VMs that run on the same hypervisor will be affected. This paper presents hGuard, a framework to measure hypervisor critical files. Each time a critical file is updated, its hash is stored into a non-volatile storage of the trusted chip. When a critical file is loaded into memory, a measurement module computes its hash and a validation module checks its integrity by comparing this hash with that stored in the non-volatile storage. Only if they are the same could the files be used and continuous operation will be allowed. The experiment shows that hGuard can detect illegal modification of hypervisor critical files.
English Abstract: Virtualization has been widely adopted in current computer systems. A key part of virtualization is a hypervisor, which virtualizes physical resources to be shared among multiple guest virtual machines (VMs). Configuration files and security policy files used by the hypervisor control VMs' behavior. If these critical files are tampered with, all the VMs that run on the same hypervisor will be affected. This paper presents hGuard, a framework to measure hypervisor critical files. Each time a critical file is updated, its hash is stored into a non-volatile storage of the trusted chip. When a critical file is loaded into memory, a measurement module computes its hash and a validation module checks its integrity by comparing this hash with that stored in the non-volatile storage. Only if they are the same could the files be used and continuous operation will be allowed. The experiment shows that hGuard can detect illegal modification of hypervisor critical files.
Language: 英语
Content Type: 会议论文
URI: http://ir.iscas.ac.cn/handle/311060/16532
Appears in Collections:软件所图书馆_会议论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Ding, Baozeng,He, Yeping,Zhou, Qiming,et al. hGuard: A Framework to Measure Hypervisor Critical Files[C]. 见:7th IEEE International Conference on Software Security and Reliability (SERE). Gaithersburg, MD. JUN 18-20, 2013.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Ding, Baozeng]'s Articles
[He, Yeping]'s Articles
[Zhou, Qiming]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Ding, Baozeng]‘s Articles
[He, Yeping]‘s Articles
[Zhou, Qiming]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace