Improving flask implementation using hardware assisted in-VM isolation

IFIP Advances in Information and Communication Technology

Volumn 376 AICT, Issue , 2012, Pages 115-125

  Ding, Baozeng ^a,b   Yao, Fufeng ^a,b   Wu, Yanjun ^a   He, Yeping ^a  

^a INSTITUTE OF SOFTWARE   (China)

^b UNIVERSITY OF CHINESE ACADEMY OF SCIENCES   (China)

Author keywords

Extended Page Tables; Flask Architecture; In VM Isolation; Security; Virtualization

Indexed keywords

BOTTLES; COMPUTER HARDWARE; DECISION MAKING; HARDWARE; SECURITY OF DATA; VIRTUALIZATION;

ADDRESS SPACE; EXPOSED TO; HARDWARE-ASSISTED; HYPERVISOR; PAGE TABLE; SECURITY; SECURITY POLICY; SECURITY SERVER;

VIRTUAL MACHINE;

EID: 84863896829     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-30436-1_10     Document Type: Conference Paper

References (24)

1. Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The Flask security architecture: system support for diverse security policies. In: Proceedings of the 8th USENIX Security Symposium, Washington, DC, pp. 123-139 (1999)
2. Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. In: Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (2001)
3. Vance, C., Watson, R.: Security Enhanced BSD. Network Associates Laboratories (2003)
4. Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 10th Annual Network and Distributed Systems Security Symposium (2003)
5. Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 128-138 (2007)
6. Payne, B.D., Carbone, M., Sharif, M., Lee, W.: Lares: An architecture for secure active monitoring using virtualization. In: Proceedings of the 29th IEEE Symposiumon Security and Privacy, pp. 233-247 (2008)
7. Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor support for identifying covertly executing binaries. In: Proceedings of the 17th USENIX Security Symposium, pp. 243-258 (2008)
8. Sharif, M., Lee, W., Cui, W., Lanzi, A.: Secure in-VM monitoring using hardware virtualization. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 477-487 (2009)
9. Intel Virtualization Technology, http://www.intel.com/technology/ virtualization
10. Inel Inc. Intel 64 and IA-32 Architecture Software Developer's Manual Volume 3B: System Programming Guide, Part 1 (2006)
11. Tux.Org (1996), http://www.tux.org/pub/tux/benchmarks/System/unixbench
12. Wang, Z., Jiang, X., Cui, W., Ning, P.: Countering kernel rootkits with lightweight hook protection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 545-554 (2009)
13. The Blue Pill Project, http://bluepillproject.org/
14. King, S.T., Chen, P.M., Wang, Y.-M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: implementing malware with virtual machines. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006)
15. Wojtczuk, R., Rutkowska, J.: Xen 0wning trilogy. In: Black Hat Conference (2008)
16. Wang, J., Stavrou, A., Ghosh, A.K.: HyperCheck: A hardware-assisted integrity monitor. In: Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (2010)
17. Azab, A.M., Ning, P., Wang, Z., Jiang, X., Zhang, X., Skalsky, N.C.: HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 38-49 (2010)
18. Wang, Z., Jiang, X.: HyperSafe, a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the IEEE Symposium on Security and Privacy (2010)
19. Wang, X., Zang, J., Wang, Z., Luo, Y., Li, X.: Selective hardware/software memory virtualization. In: Proceedings of the 7th ACM Conference on Virtual Execution Environments, pp. 217-226 (2011)
20. Devine, S., Bugnion, E., Rosenblum, M.: Virtualization system including a virtual machine monitor for a computer with a segmented architecture. US Patent, 6397242 (1998)
21. Intel Inc. Intel 64 and IA-32 Architecture Software Developer's Manual Volume 3B: System Programming Guide, Part 2 (2007)
22. Shuo, C., Xu, J., Sezer, E.C., Gauriar, P., lyer, R.K.: Non-control-data attacks are realistic threats. In: Proceedings of the 14th conference on USENIX Security Symposium (2005)
23. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the Symposium on Operating System Principles (2003)
24. Advanced Micro Devices. AMD64 Architecture Programmer's Manual Volume 2: System Programming, 3.12 edn. (2006)