HIMA: A hypervisor-based integrity measurement agent

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2009, Pages 461-470

  Azab, Ahmed M ^a   Ning, Peng ^a   Sezer, Emre C ^a   Zhang, Xiaolan ^b  

^a NORTH CAROLINA STATE UNIVERSITY   (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACTIVE MONITORING; DISTRIBUTED SYSTEMS; EXPERIMENTAL EVALUATION; HYPERVISOR; IN-BUILDINGS; INTEGRITY MEASUREMENT; INTEGRITY MEASURES; KEY ISSUES; MEMORY LAYOUT; MEMORY PROTECTION; MICRO-BENCHMARK; PRACTICAL SOLUTIONS; REAL-WORLD APPLICATION; TIME OF USE; USER PROGRAMS; VIRTUAL MACHINES;

BENCHMARKING; COMPUTER APPLICATIONS; NETWORK SECURITY;

QUALITY ASSURANCE;

EID: 77950820630     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2009.50     Document Type: Conference Paper

References (27)

1. R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn, "Design and implementation of a tcg-based integrity measurement architecture," in Proceedings of the 13th USENIX Security Symposium, August 2004.
2. T. Jaeger, R. Sailer, and U. Shankar, "Prima: Policy-reduced integrity measurement architecture," in Proceedings of the 2007 ACM workshop on Scalable trusted computing (SACMAT '06), June 2006.
3. A. Seshadri, M. Luk, N. Qu, and A. Perrig, "Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses," in SOSP '07: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, 2007, pp. 335-350.
4. R. Riley, X. Jiang, and D. Xu, "Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing," in RAID '08: Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection, 2008, pp. 1-20.
5. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh, "Terra: a virtual machine-based platform for trusted computing," in SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles, 2003, pp. 193-206.
6. S. Berger, R. Caceres, K. A. Goldman, R. Perez, R. Sailer, and L. van Doorn, "vTPM: Virtualizing the Trusted Platform Module," in Proceedings of the 15th USENIX Security Symposium. USENIX, August 2006, pp. 305-320.
7. X. Jiang, X. Wang, and D. Xu, "Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction," in CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, 2007, pp. 128-138.
8. S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau, "Antfarm: tracking processes in a virtual machine environment," in ATEC '06: Proceedings of the annual conference on USENIX '06 Annual Technical Conference, 2006, pp. 1-1
9. B. D. Payne, M. Carbone, and W. Lee, "Secure and flexible monitoring of virtual machines," in Annual Computer Security Applications Conference, 2007, pp. 385-397.
10. B. D. Payne, M. Carbone, M. Sharif, and W. Lee, "Lares: An architecture for secure active monitoring using virtualization," in IEEE Symposium on Security and Privacy, 2008, pp. 233-247.
11. S. Bratus, N. D'Cunha, E. Sparks, and S. W. Smith, "TOCTOU, traps, and trusted computing," in TRUST, 2008, pp. 14-32.
12. L. Litty, H. A. Lagar-Cavilla, and D. Lie, "Hypervisor support for identifying covertly executing binaries," in SS'08: Proceedings of the 17th conference on Security symposium, 2008, pp. 243-258.
13. "Xen," http://www.xen.org/, accessed in August 2009.
14. N. A. Quynh and K. Suzaki, "Xenprobes, a lightweight user-space probing framework for xen virtual machine," in ATC'07: 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference, 2007, pp. 1-14.
15. X. Jiang and X. Wang, ""Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots," in Proceedings of the 10th Recent Advances in Intrusion Detection (RAID 2007), 2007, pp. 198-218.
16. I. Corporation, "Software developer's manual vol. 3: System programming guide," June 2009.
17. D. P. Bovet and M. Cesati, Understanding the Linux Kernel, Third Edition. O'Reilly Media, Inc., November, 2005.
18. PaX, http://pax.grsecurity.net/.
19. Tux.Org, http://www.tux.org/pub/tux/benchmarks/System/unixbench/.
20. N. L. Petroni, T. Fraser, J. Molina, and W. A. Arbaugh, "Copilot - a coprocessor-based kernel runtime integrity monitor," in SSYM'04: Proceedings of the 13th conference on USENIX Security Symposium, 2004, pp. 13-13
21. E. Shi, A. Perrig, and L. van Doorn, "BIND: A fine-grained attestation service for secure distributed systems," in Proceedings of the 2005 IEEE Symposium on Security and Privacy, May 2005.
22. S. Chen, J. Xu, E. Sezer, P. Gauriar, and R. Iyer, "Non-control-data attacks are realistic threats," in Proceedings of USENIX Security Symposium, August 2005.
23. T. Garfinkel and M. Rosenblum, "A virtual machine introspection based architecture for intrusion detection," in Proceedings Network and Distributed Systems Security Symposium, 2003, pp. 191-206.
24. K. Kourai and S. Chiba, "Hyperspector: virtual distributed monitoring environments for secure intrusion detection," in VEE '05: Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, 2005, pp. 197-207.
25. A. Joshi, S. T. King, G. W. Dunlap, and P. M. Chen, "Detecting past and present intrusions through vulnerability-specific predicates," in SOSP '05: Proceedings of the twentieth ACM symposium on Operating systems principles, 2005, pp. 91-104.
26. S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau, "Vmm-based hidden process detection and identification using lycosid," in VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, 2008, pp. 91-100.
27. M. Xu, X. Jiang, R. Sandhu, and X. Zhang, "Towards a vmm-based usage control framework for os kernel integrity protection," in SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, 2007, pp. 71-80.