SecVisor

Seshadri, Arvind; Luk, Mark; Qu, Ning; Perrig, Adrian

doi:10.1145/1294261.1294294

Cited by 404 publications

(15 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Running kernel monitoring: SecVisor and TrustVisor preserves the integrity of kernel code and data with a hypervisor that executes the monitored kernel as a guest OS as mentioned earlier [46], [47]. In an approach was proposed by Sharif et al [48] SIM achieves real-time inspection of kernel behavior that depend on the insertion of a monitoring mechanism into a guest OS's memory space.…”

Section: Outside Kernelmentioning

confidence: 99%

Mitigation of Kernel Memory Corruption Using Multiple Kernel Memory Mechanism

Kuzuno¹,

Yamauchi

2021

IEEE Access

View full text Add to dashboard Cite

Operating systems adopt kernel protection methods (e.g., mandatory access control, kernel address space layout randomization, control flow integrity, and kernel page table isolation) as essential countermeasures to reduce the likelihood of kernel vulnerability attacks. However, kernel memory corruption can still occur via the execution of malicious kernel code at the kernel layer. This is because the vulnerable kernel code and the attack target kernel code or kernel data are located in the same kernel address space. To gain complete control of a host, adversaries focus on kernel code invocations, such as function pointers that rely on the starting points of the kernel protection methods. To mitigate such subversion attacks, this paper presents multiple kernel memory (MKM), which employs an alternative design for kernel address space separation. The MKM mechanism focuses on the isolation granularity of the kernel address space during each execution of the kernel code. MKM provides two kernel address spaces, namely, i) the trampoline kernel address space, which acts as the gateway feature between user and kernel modes and ii) the security kernel address space, which utilizes the localization of the kernel protection methods (i.e., kernel observation). Additionally, MKM achieves the encapsulation of the vulnerable kernel code to prevent access to the kernel code invocations of the separated kernel address space. The evaluation results demonstrated that MKM can protect the kernel code and kernel data from a proof-of-concept kernel vulnerability that could lead to kernel memory corruption. In addition, the performance results of MKM indicate that the system call overhead latency ranges from 0.020 µs to 0.5445 µs, while the web application benchmark ranges from 196.27 µs to 6,685.73 µs for each download access of 100,000 Hypertext Transfer Protocol sessions. MKM attained a 97.65% system benchmark score and a 99.76% kernel compilation time.

show abstract

Section: Outside Kernelmentioning

confidence: 99%

Mitigation of Kernel Memory Corruption Using Multiple Kernel Memory Mechanism

Kuzuno¹,

Yamauchi

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The TCB is only 250 lines of code and is meant to execute small sensitive pieces of code. SecVisor [Seshadri et al 2007] is a tiny hypervisor that ensures code integrity for OS kernels by checking that only previously approved code can execute in kernel mode. SecVisor exploits late launch technologies to boot the system safely.…”

Section: 34mentioning

confidence: 99%

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Sgandurra

Lupu

2016

ACM Comput. Surv.

View full text Add to dashboard Cite

Virtualization technology enables Cloud providers to efficiently use their computing services and resources. Even if the benefits in terms of performance, maintenance, and cost are evident, virtualization has also been exploited by attackers to devise new ways to compromise a system. To address these problems, research security solutions have considerably evolved over the years to cope with new attacks and threat models. In this work we review the protection strategies proposed in the literature and show how some of the solutions have been invalidated by new attacks, or threat models, that were previously not considered. The goal is to show the evolution of the threats, and of the related security and trust assumptions, in virtualized systems which have given rise to complex threat models and the corresponding sophistication of protection strategies to deal with such attacks. We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers, in particular hardware, virtualization, OS, application.

show abstract

“…SMEP [9] prohibits kernel-mode processes from executing codes in user space, which makes it infeasible to inject malicious code into user space. [10] proposes SecVisor, a tiny hypervisor that ensures code integrity, which ensures that only user-approved code can execute in kernel mode. It can protect the kernel against code injection attacks.…”

Section: Related Workmentioning

confidence: 99%

Security Identifier Randomization: A Method to Prevent Kernel Privilege-Escalation Attacks

Wei

Zuo

Ding

et al. 2016

2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA)

View full text Add to dashboard Cite

Privilege escalation attack is one of the serious threats to Linux. So the protection of the root user is an important requirement for Linux systems and SELinux has tackled this issue in some degree. But by exploiting kernel privilege-escalation vulnerabilities, the attackers can tamper security identifiers allocated for the process's security contexts, which are the foundation of SELinux enforcing access control. So we propose security identifier randomization method, which can increase the difficulty of kernel privilege-escalation attacks. This method is application transparent and its influence on overall system performance is within 1%.

show abstract

SecVisor

Cited by 404 publications

References 9 publications

Mitigation of Kernel Memory Corruption Using Multiple Kernel Memory Mechanism

Mitigation of Kernel Memory Corruption Using Multiple Kernel Memory Mechanism

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Security Identifier Randomization: A Method to Prevent Kernel Privilege-Escalation Attacks

Contact Info

Product

Resources

About