Secpod: A framework for virtualization-based security systems

Proceedings of the 2015 USENIX Annual Technical Conference, USENIX ATC 2015

Volumn , Issue , 2015, Pages 347-360

  Wang, Xiaoguang ^a   Chen, Yue ^a   Wang, Zhi ^a   Qi, Yong ^b   Zhou, Yajin ^c  

^a FLORIDA STATE UNIVERSITY   (United States)

^b XI'AN JIAOTONG UNIVERSITY   (China)

^c Qihoo 360 ^*  (China)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER HARDWARE; SECURITY SYSTEMS; VIRTUAL REALITY;

EXTENSIBLE FRAMEWORK; HARDWARE VIRTUALIZATION; KERNEL MEMORY; MEMORY PROTECTION; PAGE TABLE; SECURE SPACE; VIRTUALIZATION-BASED SECURITIES;

VIRTUALIZATION;

EID: 85007468031     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (50)

1. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-Flow Integrity: Principles, Implementations, and Applications. In Proceedings of the 12th ACM Conference on Computer and Communications Security, November 2005.
2. A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen. HypervisionAcross Worlds: Real-timeKernel Protection from theARM TrustZone Secure World. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, 2014.
3. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. L. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the Art of Virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, October 2003.
4. D. P. Bovet and M. Cesati. Understanding the Linux Kernel. O'Reilly, 2005.
5. P. M. Chen and B. D. Noble. When Virtual Is Better Than Real. In Proceedings of the Eighth Workshop on Hot Topics in Operating Systems, HOTOS '01, 2001.
6. X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A.Waldspurger, D. Boneh, J. Dwoskin, and D. R. Ports. Overshadow: A virtualizationbased approach to retrofitting protection in commodity operating systems. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XIII, 2008.
7. P. Colp, M. Nanavati, J. Zhu, W. Aiello, G. Coker, T. Deegan, P. Loscocco, and A. Warfield. Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles, October 2011.
8. J. Criswell, N. Dautenhahn, and V. Adve. KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP '14, 2014.
9. J. Criswell, A. Lenharth, D. Dhurjati, and V. Adve. Secure Virtual Architecture: A Safe Execution Environment for Commodity Operating Systems. In Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles, SOSP '07, 2007.
10. CVE Database. Common Vulnerabilities and Exposures Database. http://www.cvedetails.com/.
11. N. Dautenhahn, T. Kasampalis, W. Dietz, J. Criswell, and V. Adve. Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '15, 2015.
12. Data Execution Prevention. http://en.wikipedia.org/wiki/Data-Execution-Prevention.
13. A. Dinaburg, P. Royal, M. Sharif, and W. Lee. Ether: Malware Analysis via Hardware Virtualization Extensions. In Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS '08, 2008.
14. B. Dolan-Gavitt, T. Leek, M. Zhivich, J. Giffin, and W. Lee. Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection. In Security and Privacy (SP), 2011 IEEE Symposium on, 2011.
15. U. Erlingsson, S. Valley, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: Software Guards for System Address Spaces. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, November 2006.
16. Y. Fu and Z. Lin. Space Traveling Across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12, 2012.
17. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the 10th Network and Distributed System Security Symposium, Febuary 2003.
18. C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum. Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. In Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, 2012.
19. J. L. Hennessy and D. A. Patterson. Computer ARchitecture: A Quantitative Approach. Morgan Kaufmann, 2012.
20. Intel. Intel 64 and IA-32 Architectures Software Developers Manual, Feb 2014.
21. X. Jiang and X. Wang. "Out-of-the-Box" Monitoring of VM-based High-interaction Honeypots. In Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection, RAID'07, 2007.
22. X. Jiang, X. Wang, and D. Xu. Stealthy Malware Detection Through VMM-based "Out-Of-the-Box" Semantic View Reconstruction. In Proceedings of the 14th ACM Conference on Computer and Communications Security, October 2007.
23. V. P. Kemerlis, G. Portokalidis, and A. D. Keromytis. kGuard: Lightweight Kernel Protection Against Return-to-user Attacks. In Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, 2012.
24. A. Kivity, Y. Kamay, D. Laor, U. Lublin, and A. Liguori. kvm: The Linux Virtual Machine Monitor. In Proceedings of the 2007 Ottawa Linux Symposium, June 2007.
25. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal Verification of an OS Kernel. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles, October 2009.
26. P. Larsen, A. Homescu, S. Brunthaler, and M. Franz. SoK: Automated Software Diversity. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP '14, 2014.
27. J. Li, Z. Wang, X. Jiang, M. Grace, and S. Bahram. Defeating Return-Oriented Rootkits with "Returnless" Kernels. In Proceedings of the 5th ACM SIGOPS EuroSys Conference, April 2010.
28. L. Litty, H. A. Lagar-Cavilla, and D. Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In Proceedings of the 17th USENIX Security Symposium, July 2008.
29. D. G. Murray, G. Milos, and S. Hand. Improving Xen Security through Disaggregation. In Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, March 2008.
30. T. Murray, D. Matichuk, M. Brassil, P. Gammie, T. Bourke, S. Seefried, C. Lewis, X. Gao, and G. Klein. seL4: From General Purpose to a Proof of Information Flow Enforcement. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP '13, 2013.
31. R. Riley, X. Jiang, and D. Xu. Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. In Proceedings of the 11th Recent Advances in Intrusion Detection, September 2008.
32. R. Riley, X. Jiang, and D. Xu. Multi-Aspect Profiling of Kernel Rootkit Behavior. In Proceedings of the 4th ACM SIGOPS EuroSys Conference, April 2009.
33. A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In Proceedings of the 21st ACMACMSymposium on Operating Systems Principles, October 2007.
34. H. Shacham. The Geometry of Innocent Flesh on the Bone: Return-Into-Libc without Function Calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security, October 2007.
35. M. Sharif, W. Lee, W. Cui, and A. Lanzi. Secure In-VM Monitoring Using Hardware Virtualization. In Proceedings of the 16th ACM Conference on Computer and Communications Security, November 2009.
36. A. Silberschatz, P. B. Galvin, and G. Gagne. Operating System Concepts. Wiley, 2012.
37. D. Srinivasan, Z. Wang, X. Jiang, and D. Xu. Process Out-grafting: An Efficient "out-of-VM" Approach for Fine-grained Process Execution Monitoring. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, 2011.
38. A. Srivastava and J. Giffin. Efficient Monitoring of Untrusted Kernel-Mode Execution. In Proceedings of the 18th Annual Network and Distributed System Security Symposium, February 2011.
39. M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the Reliability of Commodity Operating Systems. In Proceedings of the 19th ACM symposium on Operating Systems Principles, October 2003.
40. J. Szefer, E. Keller, R. B. Lee, and J. Rexford. Eliminating the Hypervisor Attack Surface for a More Secure Cloud. In Proceedings of the 18th ACM Conference on Computer and Communications Security, October 2011.
41. Trusted Boot project. Trusted Boot. http://tboot.sourceforge.net/.
42. VMware. Performance Evaluation of Intel EPT Hardware Assist. https://www.vmware.com/pdf/Perf-ESX-Intel-EPT-eval.pdf.
43. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient Software-based Fault Isolation. In Proceedings of the 14th ACM Symposium On Operating System Principles, December 1993.
44. Z. Wang and X. Jiang. HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Contr ol-Flow Integrity. In Proceedings of the 31st IEEE Symposium on Security and Privacy, May 2010.
45. Z. Wang, X. Jiang, W. Cui, and P. Ning. Countering Kernel Rootkits with Lightweight Hook Protection. In Proceedings of the 16th ACM Conference on Computer and Communications Security, November 2009.
46. Z. Wang, C. Wu, M. Grace, and X. Jiang. Isolating Commodity Hosted Hypervisors with HyperLock. In Proceedings of the 7th ACMeuropean conference on Computer Systems, April 2012.
47. Wikipedia. DMA Attack. http://en.wikipedia.org/wiki/DMA-attack.
48. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Orm, S. Okasaka, N. Narula, N. Fullagar, and G. Inc. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Proceedings of the 30th IEEE Symposium on Security and Privacy, May 2009.
49. B. Zeng, G. Tan, and U. Erlingsson. Strato: ARetargetable Framework for Low-level Inlined-reference Monitors. In Proceedings of the 22Nd USENIX Conference on Security, SEC'13, 2013.
50. B. Zeng, G. Tan, and G. Morrisett. Combining Control-flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, 2011.