Institutional Repository
| HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data | |
| Ding, Baozeng; He, Yeping; Wu, Yanjun; Lin, Yuqi | |
| 2013 | |
| Conference Name | 7th IEEE International Conference on Software Security and Reliability (SERE) |
| Pages | 26-35 |
| Conference Date | JUN 18-20, 2013 |
| Conference Place | Gaithersburg, MD |
| Indexed Type | CPCI |
| Publish Place | IEEE COMPUTER SOC |
| ISBN | 978-0-7695-5030-5 |
| Department | [Ding, Baozeng; He, Yeping; Wu, Yanjun; Lin, Yuqi] Chinese Acad Sci, Inst Software, Beijing 100864, Peoples R China. |
| English Abstract | Continuing bug reports and exploits in hypervisors indicate that hypervisors face similar integrity threats as tradition software. Previous approaches to protect a hypervisor that utilize hardware features are not easy to be extended. Besides, they mainly focus on code or control data integrity, without pay much attention to protecting non-control data. In this paper, we present HyperVerify, a novel architecture to monitor hypervisor non-control data using a trusted VM. Since a VM cannot directly access a hypervisor's memory, HyperVerify programs a popular device driver to read the hypervisor's hardware state in the trusted VM. Then a memory analysis library is used to translate the low-level hardware state into the high level hypervisor context. Several monitoring processes use such context to monitor hypervisor non-control data integrity. Each of the processes is responsible for monitoring one kind of non-control data. It is flexible for HyperVerify to support monitoring new kinds of data structure. The experimental evaluation of our prototype shows that HyperVerify incurs at most 4% performance overhead to end users.; Continuing bug reports and exploits in hypervisors indicate that hypervisors face similar integrity threats as tradition software. Previous approaches to protect a hypervisor that utilize hardware features are not easy to be extended. Besides, they mainly focus on code or control data integrity, without pay much attention to protecting non-control data. In this paper, we present HyperVerify, a novel architecture to monitor hypervisor non-control data using a trusted VM. Since a VM cannot directly access a hypervisor's memory, HyperVerify programs a popular device driver to read the hypervisor's hardware state in the trusted VM. Then a memory analysis library is used to translate the low-level hardware state into the high level hypervisor context. Several monitoring processes use such context to monitor hypervisor non-control data integrity. Each of the processes is responsible for monitoring one kind of non-control data. It is flexible for HyperVerify to support monitoring new kinds of data structure. The experimental evaluation of our prototype shows that HyperVerify incurs at most 4% performance overhead to end users. |
| Keyword | Virtualization Hypervisor Introspection Non-control Data |
| Language | 英语 |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/16531 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Ding, Baozeng,He, Yeping,Wu, Yanjun,et al. HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data[C]. IEEE COMPUTER SOC,2013:26-35. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment