ISCAS OpenIR
hGuard: A Framework to Measure Hypervisor Critical Files
Ding, Baozeng; He, Yeping; Zhou, Qiming; Wu, Yanjun; Wu, Jingzheng
2013
会议名称7th IEEE International Conference on Software Security and Reliability (SERE)
页码177-182
会议日期JUN 18-20, 2013
会议地点Gaithersburg, MD
收录类别CPCI
出版地IEEE COMPUTER SOC
ISBN978-0-7695-5030-5
部门归属[Ding, Baozeng; He, Yeping; Zhou, Qiming; Wu, Yanjun; Wu, Jingzheng] Chinese Acad Sci, Inst Software, Beijing 100864, Peoples R China.
摘要Virtualization has been widely adopted in current computer systems. A key part of virtualization is a hypervisor, which virtualizes physical resources to be shared among multiple guest virtual machines (VMs). Configuration files and security policy files used by the hypervisor control VMs' behavior. If these critical files are tampered with, all the VMs that run on the same hypervisor will be affected. This paper presents hGuard, a framework to measure hypervisor critical files. Each time a critical file is updated, its hash is stored into a non-volatile storage of the trusted chip. When a critical file is loaded into memory, a measurement module computes its hash and a validation module checks its integrity by comparing this hash with that stored in the non-volatile storage. Only if they are the same could the files be used and continuous operation will be allowed. The experiment shows that hGuard can detect illegal modification of hypervisor critical files.; Virtualization has been widely adopted in current computer systems. A key part of virtualization is a hypervisor, which virtualizes physical resources to be shared among multiple guest virtual machines (VMs). Configuration files and security policy files used by the hypervisor control VMs' behavior. If these critical files are tampered with, all the VMs that run on the same hypervisor will be affected. This paper presents hGuard, a framework to measure hypervisor critical files. Each time a critical file is updated, its hash is stored into a non-volatile storage of the trusted chip. When a critical file is loaded into memory, a measurement module computes its hash and a validation module checks its integrity by comparing this hash with that stored in the non-volatile storage. Only if they are the same could the files be used and continuous operation will be allowed. The experiment shows that hGuard can detect illegal modification of hypervisor critical files.
关键词Hypervisor Critical Files Integrity Measurement
语种英语
内容类型会议论文
URI标识http://ir.iscas.ac.cn/handle/311060/16532
专题中国科学院软件研究所
推荐引用方式
GB/T 7714
Ding, Baozeng,He, Yeping,Zhou, Qiming,et al. hGuard: A Framework to Measure Hypervisor Critical Files[C]. IEEE COMPUTER SOC,2013:177-182.
条目包含的文件
条目无相关文件。
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Ding, Baozeng]的文章
[He, Yeping]的文章
[Zhou, Qiming]的文章
百度学术
百度学术中相似的文章
[Ding, Baozeng]的文章
[He, Yeping]的文章
[Zhou, Qiming]的文章
必应学术
必应学术中相似的文章
[Ding, Baozeng]的文章
[He, Yeping]的文章
[Zhou, Qiming]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。