VM-based security overkill: A lament for applied systems security research

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2010, Pages 51-60

  Bratus, Sergey ^a   Locasto, Michael E ^b   Ramaswamy, Ashwin ^a   Smith, Sean W ^a  

^a DARTMOUTH COLLEGE   (United States)

^b UNIVERSITY OF CALGARY   (Canada)

Author keywords

isolation; virtualization; vm

Indexed keywords

ALTERNATIVE APPROACH; ISOLATION; PROGRAMMABLE HARDWARE; PROTECTION MECHANISMS; SECURITY PROPERTIES; STANDARD TOOLS; SYSTEMS SECURITY; VIRTUAL MACHINES; VIRTUALIZATIONS; VM; HYPERVISORS; SELF PROTECTION;

COMPUTER SIMULATION; EMBEDDED SOFTWARE; FIRMWARE; NETWORK SECURITY; VIRTUAL REALITY; VIRTUALIZATION;

RESEARCH; VIRTUAL MACHINE;

EID: 78751512625     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1900546.1900554     Document Type: Conference Paper

References (53)

1. ABADI, M., BUDIU, M., ERLINGSSON, U., AND LIGATTI, J. Control-Flow Integrity: Principles, Implementations, and Applications. In Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2005).
2. BAEK, K.-H., BRATUS, S., SINCLAIR, S., AND SMITH, S. Attacking and Defending Networked Embedded Devices. In 2nd Workshop on Embedded Systems Security (WESS) (Salzburg, Austria, October 2007).
3. BALIGA, A., CHEN, X., AND IFTODE, L. Paladin: Automated Detection and Containment of Rootkit Attacks. In Technical Report DCS-TR-593, Rutgers University, Department of Computer Science (2006).
4. BARHAM, P., DRAGOVIC, B., FRASER, K., HAND, S., HARRIS, T., HO, A., NEUGEBAUER, R., PRATT, I., AND WARFIELD, A. Xen and the Art of Virtualization. In 19th ACM Symposium on Operating Systems Principles (SOSP) (October 2003).
5. th ACM Conference on Computer and Communications Security (CCS) (October 2003).
6. BELLOVIN, S. M. Virtual Machines, Virtual Security. Communications of the ACM 49, 10 (October 2006).
7. BERGER, S., CÁCERES, R., GOLDMAN, K. A., PEREZ, R., SAILER, R., AND VAN DOORN, L. vTPM: Virtualizing the Trusted Platform Module. In Proceedings of the USENIX Security Symposium (2006), pp. 305-320.
8. BERGER, S., CACERES, R., GOLDMAN, K. A., PEREZ, R., SAILER, R., AND VAN DOORN, L. vTPM: Virtualizing the Trusted Platform Module. In USENIX Security Symposium (2006).
9. BICKFORD, J., O'HARE, R., BALIGA, A., GANAPATHY, V., AND IFTODE, L. Rootkits on smart phones: attacks, implications and opportunities. In HotMobile '10: Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications (New York, NY, USA, 2010), ACM, pp. 49-54.
10. nd ACM Workshop on Virtual Machine Security (VMSec) held in conjunction with ACM CCS 2009 (October 2009).
11. st ACM Workshop on Virtual Machine Security (VMSec) held in conjunction with ACM CCS 2008 (October 2008).
12. BRATUS, S., OAKLEY, J., RAMASWAMY, A., SMITH, S., AND LOCASTO, M. Katana: Towards Patching as a Runtime Part of the Compiler-Linker-Loader Toolchain. International Journal of Secure Software Engineering 1, 3 (2010), 1-17.
13. BUCHANAN, E., ROEMER, R., SHACHAM, H., AND SAVAGE, S. When good instructions go bad: Generalizing return-oriented programming to RISC. In Proceedings of CCS 2008 (Oct. 2008), P. Syverson and S. Jha, Eds., ACM Press, pp. 27-38.
14. DESIGNER, S. Getting around non-executable stack (and fix). Bugtraq mailing list, August 1997.
15. DUNLAP, G. W., KING, S., CINAR, S., BASRAI, M. A., AND CHEN, P. M. ReVirt: Enabling Intrusion Analysis Through Virtual-Machine Logging and Replay. In Proceedings of the 2002 Symposium on Operating Systems Design and Implementation (OSDI) (February 2002).
16. DURDEN, T. Bypassing PaX ASLR protection. Phrack 59, 5 (July 2002).
17. GARFINKEL, T., ADAMS, K., WARFIELD, A., AND FRANKLIN, J. Compatibility is not Transparency: VMM Detection Myths and Realities. In HOTOS'07: Proceedings of the 11th USENIX workshop on Hot topics in operating systems (Berkeley, CA, USA, 2007), USENIX Association, pp. 1-6.
18. th ISOC Symposium on Network and Distributed Systems Security (SNDSS) (February 2003).
19. th Workshop on Hot Topics in Operating Systems (May 2003), pp. 145-150.
20. GEER, D. Keynote, source boston conference. http://www.sourceconference. com/2008/sessions/dan-geer-keynote.html, March 2008.
21. HANDLEY, M., PAXSON, V., AND KREIBICH, C. Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In Proceedings of the USENIX Security Conference (2001).
22. HUND, R., HOLZ, T., AND FREILING, F. Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. In Proceedings of the 18th USENIX Security Symposium (2009).
23. KARGER, P. A. Securing virtual machine monitors: what is needed? In ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (New York, NY, USA, 2009), ACM, pp. 1-2.
24. KARGER, P. A., AND SAFFORD, D. R. I/O for Virtual Machine Monitors: Security and Performance Issues. IEEE Security and Privacy Magazine 6, 5 (2008), 16-23.
25. th ACM Conference on Computer and Communications Security (CCS) (October 2003), pp. 272-280.
26. KING, S. T., DUNLAP, G., AND CHEN, P. Operating System Support for Virtual Machines. In Proceedings of the General Track: USENIX Annual Technical Conference (June 2003).
27. KORTCHINSKY, K. Cloudburst: Hacking 3D (and Breaking Out of VMware. BlackHat USA, July 2009.
28. th Annual Computer Security Applications Conference (ACSAC) (Washington, DC, USA, 2004), IEEE Computer Society, pp. 91-100.
29. NERGAL. Advanced return-into-lib(c) exploits (PaX case study). Phrack 58, 4 (December 2001).
30. th ACM conference on Computer and Communications Security (CCS) (New York, NY, USA, 2007), ACM, pp. 103-115.
31. th Symposium on Operating Systems Design and Implementation (OSDI 2002) (December 2002), pp. 361-376.
32. PALMERS. 5 Short Stories about execve (Advances in Kernel Hacking II). Phrack 59-0x05. Team TESO.
33. PALMERS. Sub proc-root Quando Sumus (Advances in Kernel Hacking). Phrack 58-0x06.
34. th USENIX Security Symposium, pp. 179-194.
35. th USENIX Security Symposium (August 2003), pp. 207-225.
36. PROVOS, N., MAVROMMATIS, P., RAJAB, M. A., AND MONROSE, F. All Your iFRAMEs Point to Us. In USENIX Security Symposium (2008).
37. RAMASWAMY, A. Detecting kernel rootkits. Tech. Rep. TR2008-627, Dartmouth College, Computer Science, Hanover, NH, September 2008.
38. RAMASWAMY, A. Autoscopy: Detecting Pattern-Searching Rootkits via Control Flow Tracing. Tech. Rep. TR2009-644, Dartmouth College, Computer Science, Hanover, NH, May 2009.
39. RILEY, R., JIANG, X., AND XU, D. Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing. In RAID (2008).
40. th Workshop on Hot Topics in Operating Systems (HOTOS XI) (May 2007).
41. RUTKOWSKA, J. Red Pill... or how to detect VMM using (almost) one CPU instruction. http://invisiblethings.org/papers/redpill.html, November 2004.
42. SCHNEIDER, F. B. Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 1 (2000), 30-50.
43. SESHADRI, A., LUK, M., QU, N., AND PERRIG, A. Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In SOSP '07: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles (New York, NY, USA, 2007), ACM, pp. 335-350.
44. SHACHAM, H. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In Proceedings of the ACM Conference on Computer and Communications Security (2007), pp. 552-561.
45. st Information Security Practice and Experience Conference (ISPEC) (April 2005).
46. SIDIROGLOU, S., AND KEROMYTIS, A. D. A Network Worm Vaccine Architecture. In Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security (June 2003), pp. 220-225.
47. SKOUDIS, E., AND LISTON, T. Virtual Machine Security Issues. SANS FIRE Conference, July 2007.
48. STEALTH. Kernel Rootkit Experiences. Phrack 61-0x0e.
49. WANG, Z., JIANG, X., CUI, W., AND NING, P. Countering Kernel Rootkits with Lightweight Hook Protection. In Proceedings of the ACM Conference on Computer and Communications Security (2009).
50. WANG, Z., JIANG, X., CUI, W., AND WANG, X. Countering Persistent Kernel Rootkits Through Systematic Hook Discovery. In Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID) (2008).
51. WOJTCZUK, R. Defeating solar designer non-executable stack patch. Bugtraq mailing list, 1998.
52. YEE, B., SEHR, D., DARDYK, G., CHEN, B., MUTH, R., ORMANDY, T., OKASAKA, S., NARULA, N., AND FULLAGAR, N. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In IEEE Symposium on Security and Privacy (2009).
53. th Annual Network and Distributed System Security Symposium (NDSS) (February 2008).