Isolating commodity hosted hypervisors with HyperLock

Wang, Zhi; Wu, Chiachih; Grace, Mike; Jiang, Xuxian

doi:10.1145/2168836.2168850

Cited by 54 publications

(17 citation statements)

References 25 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, due to several reasons (e.g. misconfiguration, design and implementation bugs) an attacker can compromise the hypervisor, evade from isolation and potentially take over all the other guests [139]. We refer to such situation as virtual machine escape [102].…”

Section: Confidentialitymentioning

confidence: 99%

“…Indeed, a compromised VMM can threaten integrity of data [109]. More specifically, if a virtual machine is able to escape from isolation and compromise the VMM, it can access memory locations belonging to other users while having the required privileges to write or delete their content [126] [139], in such a way to perform a VM hopping attack [57,132]. The VMM can possibly be attacked through several attack vector: device drivers, VM exit events or hypercalls [84]; a throughout list of vulnerabilities typical of common VMMs used to deploy Cloud systems, can be found in [96].…”

Section: Vm Isolation Issues At This Level Virtual Machine Escaping mentioning

confidence: 99%

See 1 more Smart Citation

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

et al. 2019

View full text Add to dashboard Cite

The Internet of Things (IoT) is rapidly changing our society to a world where every "thing" is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of Cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds.

show abstract

Section: Confidentialitymentioning

confidence: 99%

Section: Vm Isolation Issues At This Level Virtual Machine Escaping mentioning

confidence: 99%

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Another branch of research focuses on improving the security of the hypervisor by adding hooks [13], [56], [57] and enforcing security policies in virtual machines [54], [58]. These methods are hypervisor-specific and run at the same level as the hypervisor.…”

Section: Related Workmentioning

confidence: 99%

“…Moreover, a number of virtual machine escape attacks [9], [10], [11] and hypervisor rootkits [12] are widely deployed. Security researchers have noticed this problem and have begun to improve hypervisor security [13], [14], [15].…”

Section: Introductionmentioning

confidence: 99%

HyperCheck: A Hardware-AssistedIntegrity Monitor

Zhang

Wang

Sun

et al. 2014

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Abstract-The advent of cloud computing and inexpensive multi-core desktop architectures has led to the widespread adoption of virtualization technologies. Furthermore, security researchers embraced virtual machine monitors (VMMs) as a new mechanism to guarantee deep isolation of untrusted software components, which, coupled with their popularity, promoted VMMs as a prime target for exploitation. In this paper, we present HyperCheck, a hardware-assisted tampering detection framework designed to protect the integrity of hypervisors and operating systems. Our approach leverages System Management Mode (SMM), a CPU mode in Â86 architecture, to transparently and securely acquire and transmit the full state of a protected machine to a remote server. We have implement two prototypes based on our framework design: HyperCheck-I and HyperCheck-II, that vary in their security assumptions and OS code dependence. In our experiments, we are able to identify rootkits that target the integrity of both hypervisors and operating systems. We show that HyperCheck can defend against attacks that attempt to evade our system. In terms of performance, we measured that HyperCheck can communicate the entire static code of Xen hypervisor and CPU register states in less than 90 million CPU cycles, or 90 ms on a 1 GHz CPU.

show abstract

“…These systems are designed to provide interesting security and functional properties including secrecy of security sensitive application code and data [7], trusted user and application interfaces [2], [4], [13], application integrity and privacy [3], [5], [10], [11], [17], debugging support [8], malware analysis, detection and runtime monitoring [6], [9], [14]- [16] and trustworthy resource accounting [1]. A majority of these hypervisor-based solutions are designed and written from scratch with the primary goal of achieving a low Trusted Computing Base (TCB) while providing a specific security property and functionality in the context of an operating system or another (more traditional) hypervisor [2]- [10].…”

Section: Introductionmentioning

confidence: 99%

Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework

Vasudevan

Chaki

Jia

et al. 2013

2013 IEEE Symposium on Security and Privacy

109

View full text Add to dashboard Cite

We present the design, implementation, and verification of XMHF-an eXtensible and Modular Hypervisor Framework. XMHF is designed to achieve three goals -modular extensibility, automated verification, and high performance. XMHF includes a core that provides functionality common to many hypervisor-based security architectures and supports extensions that augment the core with additional security or functional properties while preserving the fundamental hypervisor security property of memory integrity (i.e., ensuring that the hypervisor's memory is not modified by software running at a lower privilege level). We verify the memory integrity of the XMHF core -6018 lines of code -using a combination of automated and manual techniques. The model checker CBMC automatically verifies 5208 lines of C code in about 80 seconds using less than 2GB of RAM. We manually audit the remaining 422 lines of C code and 388 lines of assembly language code that are stable and unlikely to change as development proceeds. Our experiments indicate that XMHF's performance is comparable to popular high-performance general-purpose hypervisors for the single guest that it supports.

show abstract

Isolating commodity hosted hypervisors with HyperLock

Cited by 54 publications

References 25 publications

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

HyperCheck: A Hardware-AssistedIntegrity Monitor

Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework

Contact Info

Product

Resources

About