Efficient Virtualization-Based Application Protection Against Untrusted Operating System

Cheng, Yueqiang; Ding, Xuhua; Deng, Robert H.

doi:10.1145/2714576.2714618

Cited by 14 publications

(14 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cheng et al [57] present a hypervisor-based approach, AppShield, for protecting data, code and execution integrity of an application against OS level malware attacks. In this design, hypervisor separates the address space for application to be protected from the rest of the applications.…”

Section: Mandatory Access Controlmentioning

confidence: 99%

“…Shu et al [55] In use An approach for secure file sharing where access is controlled through proxy server which utilizes the keys stored with each file Denial of Service attack, Rollback attack, Passive monitoring, Timing channel attack Cheng et al [57] In use Approach for protection of application's data from kernel level attacks where hypervisor provides the services of authorizing requests from kernel.…”

Section: Malware Attacksmentioning

confidence: 99%

“…The fact reported in Data Breach Investigation Report [181] of Verizon Inc. endorses our observation, which states that in 86% of the cases, the evidence of data breach attack was recorded by the installed detection system, which could not analyse and report the data breaches in a timely fashion. In our review, we found a number of countermeasures (e.g., [39], [40], [41], [42], [44], [48], [52], [53], [55], [57], [76], [83], [84], [86], [87], [95], [97], [112], [113],…”

Section: Rq3 Open and Future Challengesmentioning

confidence: 99%

See 2 more Smart Citations

Data exfiltration: A review of external attack vectors and countermeasures

Ullah

Edwards

Ramdhany

et al. 2018

Journal of Network and Computer Applications

View full text Add to dashboard Cite

Context: One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective: This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method: We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results: We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion: This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in 'in use' state, therefore, future research needs to be directed towards securing data in 'in rest' and 'in transit' states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.

show abstract

Section: Mandatory Access Controlmentioning

confidence: 99%

Section: Malware Attacksmentioning

confidence: 99%

Section: Rq3 Open and Future Challengesmentioning

confidence: 99%

See 1 more Smart Citation

Data exfiltration: A review of external attack vectors and countermeasures

Ullah

Edwards

Ramdhany

et al. 2018

Journal of Network and Computer Applications

View full text Add to dashboard Cite

show abstract

“…The past years have seen a significant effort in the design of systems that shield applications from the operating system [19], [18], [49], [42], [27], [20], [22], [35], [10]. Such shielding systems typically use trusted hardware or a hypervisor to prevent the operating system from reading or writing to an application's memory and from directly tampering with its execution.…”

Section: Introductionmentioning

confidence: 99%

Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems

Cui

Peinado

2015

2015 IEEE Symposium on Security and Privacy

523

555

View full text Add to dashboard Cite

The presence of large numbers of security vulnerabilities in popular feature-rich commodity operating systems has inspired a long line of work on excluding these operating systems from the trusted computing base of applications, while retaining many of their benefits. Legacy applications continue to run on the untrusted operating system, while a small hypervisor or trusted hardware prevents the operating system from accessing the applications' memory.In this paper, we introduce controlled-channel attacks, a new type of side-channel attack that allows an untrusted operating system to extract large amounts of sensitive information from protected applications on systems like Overshadow, InkTag or Haven. We implement the attacks on Haven and InkTag and demonstrate their power by extracting complete text documents and outlines of JPEG images from widely deployed application libraries.Given these attacks, it is unclear if Overshadow's vision of protecting unmodified legacy applications from legacy operating systems running on off-the-shelf hardware is still tenable.

show abstract

“…Therefore, for example, when the kernel wishes to modify a page table entry, it calls a dedicated inner function, the SMC call transparently reroutes the control flow to RKP running within the TrustZone which performs the operation and returns control to the kernel. This mode of operation resembles hardware-based paravirtualization [30], in which the TrustZone plays the role of the hypervisor and the kernel calls to it to perform key tasks in a secure manner. A similar mechanism to RKP, but with less features is presented in Sprobes [39].…”

Section: Timamentioning

confidence: 99%

Secure Containers in Android: the Samsung KNOX Case Study

Kanonov¹,

Wool²

2016

Preprint

View full text Add to dashboard Cite

Bring Your Own Device (BYOD) is a growing trend among enterprises, aiming to improve workers' mobility and productivity via their smartphones. The threats and dangers posed by the smartphones to the enterprise are also ever-growing. Such dangers can be mitigated by running the enterprise software inside a "secure container" on the smartphone. In our work we present a systematic assessment of security critical areas in design and implementation of a secure container for Android using reverse engineering and attacker-inspired methods. We do this through a case-study of Samsung KNOX, a real-world product deployed on millions of devices. Our research shows how KNOX security features work behind the scenes and lets us compare the vendor's public security claims against reality. Along the way we identified several design weaknesses and a few vulnerabilities that were disclosed to Samsung.

show abstract

Efficient Virtualization-Based Application Protection Against Untrusted Operating System

Cited by 14 publications

References 25 publications

Data exfiltration: A review of external attack vectors and countermeasures

Data exfiltration: A review of external attack vectors and countermeasures

Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems

Secure Containers in Android: the Samsung KNOX Case Study

Contact Info

Product

Resources

About