Institutional Repository
| HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data | |
| Ding, Baozeng; He, Yeping; Wu, Yanjun; Lin, Yuqi | |
| 2013 | |
| 会议名称 | 7th IEEE International Conference on Software Security and Reliability (SERE) |
| 页码 | 26-35 |
| 会议日期 | JUN 18-20, 2013 |
| 会议地点 | Gaithersburg, MD |
| 收录类别 | CPCI |
| 出版地 | IEEE COMPUTER SOC |
| ISBN | 978-0-7695-5030-5 |
| 部门归属 | [Ding, Baozeng; He, Yeping; Wu, Yanjun; Lin, Yuqi] Chinese Acad Sci, Inst Software, Beijing 100864, Peoples R China. |
| 摘要 | Continuing bug reports and exploits in hypervisors indicate that hypervisors face similar integrity threats as tradition software. Previous approaches to protect a hypervisor that utilize hardware features are not easy to be extended. Besides, they mainly focus on code or control data integrity, without pay much attention to protecting non-control data. In this paper, we present HyperVerify, a novel architecture to monitor hypervisor non-control data using a trusted VM. Since a VM cannot directly access a hypervisor's memory, HyperVerify programs a popular device driver to read the hypervisor's hardware state in the trusted VM. Then a memory analysis library is used to translate the low-level hardware state into the high level hypervisor context. Several monitoring processes use such context to monitor hypervisor non-control data integrity. Each of the processes is responsible for monitoring one kind of non-control data. It is flexible for HyperVerify to support monitoring new kinds of data structure. The experimental evaluation of our prototype shows that HyperVerify incurs at most 4% performance overhead to end users.; Continuing bug reports and exploits in hypervisors indicate that hypervisors face similar integrity threats as tradition software. Previous approaches to protect a hypervisor that utilize hardware features are not easy to be extended. Besides, they mainly focus on code or control data integrity, without pay much attention to protecting non-control data. In this paper, we present HyperVerify, a novel architecture to monitor hypervisor non-control data using a trusted VM. Since a VM cannot directly access a hypervisor's memory, HyperVerify programs a popular device driver to read the hypervisor's hardware state in the trusted VM. Then a memory analysis library is used to translate the low-level hardware state into the high level hypervisor context. Several monitoring processes use such context to monitor hypervisor non-control data integrity. Each of the processes is responsible for monitoring one kind of non-control data. It is flexible for HyperVerify to support monitoring new kinds of data structure. The experimental evaluation of our prototype shows that HyperVerify incurs at most 4% performance overhead to end users. |
| 关键词 | Virtualization Hypervisor Introspection Non-control Data |
| 语种 | 英语 |
| 内容类型 | 会议论文 |
| URI标识 | http://ir.iscas.ac.cn/handle/311060/16531 |
| 专题 | 中国科学院软件研究所 |
| 推荐引用方式 GB/T 7714 | Ding, Baozeng,He, Yeping,Wu, Yanjun,et al. HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data[C]. IEEE COMPUTER SOC,2013:26-35. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论