Wenzhi Chen,Zhipeng Zhang,Jianhua Yang,Qinming He

DOI: https://doi.org/10.1007/s11859-010-0301-y

2010-01-01

Wuhan University Journal of Natural Sciences

Abstract:This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains. vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolated circumstance from the virtual domain, and can be attested by a remote party in an efficient way. These properties will be guaranteed even if the guest operating system is malicious. This protects the secure sensitive codes against the malicious codes in the Guest OS, e.g., the kernel rootkits. We present an approach to dynamically measure and isolate the launch environment on the virtual machines based on the para-virtualization technology and a novel virtualization of trusted platform module (TPM). Our performance experiment result shows that the overhead introduced by vCerberus is minimized; the performance of the launch environment in vCerberus is as competitive as the guest OS running on mainstream hypervisors.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

CHEN Wen-zhi,HUANG Wei,XIE Cheng,HE Qin-ming

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.02.016

2009-01-01

Abstract:Virtualization was introduced to increase the security of embedded devices while avoiding the shortcomings caused by the hardware-based approach such as poor flexibility,high complexity and high production cost of equipments.Virtualization platform SmartVP offers a secure system environment by the software-based approach.SmartVP partitions the computing resources on the ARM processor into two parallel sets,one for standard real-time operating system T-Kernel and the other for general-purpose operating system Linux.The trusted computing base of SmartVP is constructed by protecting the code and data of the software on T-Kernel,as well as by implementing the fundamental security services and interfaces.Both performance benchmark and applications show that SmartVP improves the security of embedded devices and reduces the implementing risk together with developing time and cost.

Chao Zhang,Scott A. Carr,Yu Ding,Dawn Song

2015-01-01

Abstract:Virtual function calls are one of the most popular control-flow hijack attack targets. Compilers use a virtual function pointer table, called a VTable, to dynamically dispatch virtual function calls. These VTables are read-only, but pointers to them are not. VTable pointers reside in objects that are writable, allowing attackers to overwrite them. As a result, attackers can divert the control-flow of virtual function calls and launch VTable hijacking attacks. Researchers have proposed several solutions to protect virtual calls. However, they either incur high performance overhead or fail to defeat some VTable hijacking attacks. In this paper, we propose a lightweight defense solution, VTrust, to protect all virtual function calls from VTable hijacking attacks. It consists of two independent layers of defenses: virtual function type enforcement and VTable pointer sanitization. Combined with modern compilers’ default configuration, i.e., placing VTables in read-only memory, VTrust can defeat all VTable hijacking attacks and supports modularity, allowing us to harden applications module by module. We have implemented a prototype on the LLVM compiler framework. Our experiments show that this solution only introduces a low performance overhead, and it defeats real world VTable hijacking attacks.

Wei Sun

2010-01-01

Abstract:The reason to develop trusted computing was simply set forth,and the developing progress of virtualization technology and Xen was simply introduced.Then,a comprehensive research was made on the solution of IBM vTPM,which successfully achieves an implementation of virtualizing TPM in Xen.Finally,some differences between IBM vTPM and other trusted computing solutions were proposed.

Jingkai Mao,Haoran Zhu,Junchao Fan,Lin Li,Xiaolin Chang

2024-05-02

Abstract:The Virtual Machine (VM)-based Trusted-Execution-Environment (TEE) technology, like AMD Secure-Encrypted-Virtualization (SEV), enables the establishment of Confidential VMs (CVMs) to protect data privacy. But CVM lacks ways to provide the trust proof of its running state, degrading the user confidence of using CVM. The technology of virtual Trusted Platform Module (vTPM) can be used to generate trust proof for CVM. However, the existing vTPM-based approaches have the weaknesses like lack of a well-defined root-of-trust, lack of vTPM protection, and lack of vTPM's trust proof. These weaknesses prevent the generation of the trust proof of the CVM. This paper proposes an approach to generate the trust proof for AMD SEV-based CVM so as to ensure its security by using a secure vTPM to construct Trusted Complete Chain for the CVM (T3CVM). T3CVM consists of three components: 1) TR-Manager, as the well-defined root-of-trust, helps to build complete trust chains for CVMs; 2) CN-TPMCVM, a special CVM provides secure vTPMs; 3) CN-CDriver, an enhanced TPM driver. Our approach overcomes the weaknesses of existing approaches and enables trusted computing-based applications to run seamlessly in the trusted CVM. We perform a formal security analysis of T3CVM, and implement a prototype system to evaluate its performance.

Cryptography and Security,Software Engineering

Martin Radev,Mathias Morbitzer

DOI: https://doi.org/10.48550/arXiv.2010.07094

2020-10-14

Abstract:Cloud computing is a convenient model for processing data remotely. However, users must trust their cloud provider with the confidentiality and integrity of the stored and processed data. To increase the protection of virtual machines, AMD introduced SEV, a hardware feature which aims to protect code and data in a virtual machine. This allows to store and process sensitive data in cloud environments without the need to trust the cloud provider or the underlying software. However, the virtual machine still depends on the hypervisor for performing certain activities, such as the emulation of special CPU instructions, or the emulation of devices. Yet, most code that runs in virtual machines was not written with an attacker model which considers the hypervisor as malicious. In this work, we introduce a new class of attacks in which a malicious hypervisor manipulates external interfaces of an SEV or SEV-ES virtual machine to make it act against its own interests. We start by showing how we can make use of virtual devices to extract encryption keys and secret data of a virtual machine. We then show how we can reduce the entropy of probabilistic kernel defenses in the virtual machine by carefully manipulating the results of the CPUID and RDTSC instructions. We continue by showing an approach for secret data exfiltration and code injection based on the forgery of MMIO regions over the VM's address space. Finally, we show another attack which forces decryption of the VM's stack and uses Return Oriented Programming to execute arbitrary code inside the VM. While our approach is also applicable to traditional virtualization environments, its severity significantly increases with the attacker model of SEV-ES, which aims to protect a virtual machine from a benign but vulnerable hypervisor.

Cryptography and Security

Xiaowei Li,Hongxiang Sun,Qiaoyan Wen

DOI: https://doi.org/10.1109/ccis.2012.6664413

2012-01-01

Abstract:Numerous virtual machines have been designed to make full use of the adequate resources and facilitate people's lives. In turn, it results in the necessity of communication between the virtual machines. As we know, the data of communication between the virtual machines which located on the different hosts, could potentially be altered or intercepted during transport. To solve the problem, we design and operation of the transparent encryption-decryption communication mechanism (TEDCM) in the privilege virtual machine, the result suggests that the TEDCM in our paper is a good choice to solve the problem of information leakage.

Chao Zhang,Chengyu Song,Kevin Zhijie Chen,Zhaofeng Chen,Dawn Song

DOI: https://doi.org/10.14722/ndss.2015.23099

2015-01-01

Abstract:In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow hijacking attacks ineffective. Attack- ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is virtual table pointers (vfptr), which point to virtual function tables (vtable) consisting of virtual function pointers. Attackers can exploit vul- nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further virtual function calls to be hijacked (vtable hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable hijacking attacks. It uses binary rewriting to instrument security checks before virtual function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable hijacking attacks.

Chao Zhang,Dawn Song,Scott A. Carr,Mathias Payer,Tongxin Li,Yu Ding,Chengyu Song

DOI: https://doi.org/10.14722/ndss.2016.23164

2016-01-01

Abstract:Virtual function calls are one of the most popular control-flow hijack attack targets.Compilers use a virtual function pointer table, called a VTable, to dynamically dispatch virtual function calls.These VTables are read-only, but pointers to them are not.VTable pointers reside in objects that are writable, allowing attackers to overwrite them.As a result, attackers can divert the control-flow of virtual function calls and launch VTable hijacking attacks.Researchers have proposed several solutions to protect virtual calls.However, they either incur high performance overhead or fail to defeat some VTable hijacking attacks.In this paper, we propose a lightweight defense solution, VTrust, to protect all virtual function calls from VTable hijacking attacks.It consists of two independent layers of defenses: virtual function type enforcement and VTable pointer sanitization.Combined with modern compilers' default configuration, i.e., placing VTables in read-only memory, VTrust can defeat all VTable hijacking attacks and supports modularity, allowing us to harden applications module by module.We have implemented a prototype on the LLVM compiler framework.Our experiments show that this solution only introduces a low performance overhead, and it defeats real world VTable hijacking attacks.

Yoshimichi Nakatsuka,Ercan Ozturk,Alex Shamis,Andrew Paverd,Peter Pietzuch

DOI: https://doi.org/10.48550/arXiv.2205.15359

2022-05-30

Cryptography and Security

Abstract:Hardware-based Trusted Execution Environments (TEEs) are becoming increasingly prevalent in cloud computing, forming the basis for confidential computing. However, the security goals of TEEs sometimes conflict with existing cloud functionality, such as VM or process migration, because TEE memory cannot be read by the hypervisor, OS, or other software on the platform. Whilst some newer TEE architectures support migration of entire protected VMs, there is currently no practical solution for migrating individual processes containing in-process TEEs. The inability to migrate such processes leads to operational inefficiencies or even data loss if the host platform must be urgently restarted. We present CTR, a software-only design to retrofit migration functionality into existing TEE architectures, whilst maintaining their expected security guarantees. Our design allows TEEs to be interrupted and migrated at arbitrary points in their execution, thus maintaining compatibility with existing VM and process migration techniques. By cooperatively involving the TEE in the migration process, our design also allows application developers to specify stateful migration-related policies, such as limiting the number of times a particular TEE may be migrated. Our prototype implementation for Intel SGX demonstrates that migration latency increases linearly with the size of the TEE memory and is dominated by TEE system operations.

Liang Deng,Qingkai Zeng,Weiguang Wang,Yao Liu

DOI: https://doi.org/10.1109/TrustCom.2014.41

2014-01-01

Abstract:In cloud computing, hypervisor is the all-powerful software running in the highest privilege layer, thus attackers who compromise a hypervisor may jeopardize the whole cloud, especially cause memory corruption of any sensitive workloads within the cloud. In this paper, we propose a novel architecture and approach to provide memory protection from an untrusted hypervisor on current x86 platforms. Unlike previous approaches such as nested virtualization, we do not place another higher privilege TCB below the hypervisor. Instead, our approach introduces a properly isolated tiny TCB running in the same privilege level and the same address space with the hypervisor, and uses this TCB to intercept and validate hypervisor's privilege actions for memory protection. In this way, we can enforce further memory security policies only relying on the TCB even if the hypervisor is fully compromised.

沈晴霓,杜虹,卿斯汉

2010-01-01

Abstract:In view of some new security issues in the computing platform with virtualization technology, this paper proposes the application of the security-oriented virtualized trusted platform (VTP) architecture, whose trusted computing base (TCB) is hierarchal and self-contained with three layer-by-layer facilities from the trust root-hardware TPM/TCM, trusted virtual machine monitor (TVMM) to security manager(SM). Based on open-source project-XEN, it gives a sample design of the virtualized trusted platform for the virtual machine and its application's security with such mechanisms as remote attestation, information flow control, secure migration and privacy protection. Scenario analysis shows that the sample VTP can support different security goals of its applications flexibly.

Benedict Schlüter,Supraja Sridhara,Mark Kuhne,Andrin Bertschi,Shweta Shinde

2024-04-04

Abstract:Hardware-based Trusted execution environments (TEEs) offer an isolation granularity of virtual machine abstraction. They provide confidential VMs (CVMs) that host security-sensitive code and data. AMD SEV-SNP and Intel TDX enable CVMs and are now available on popular cloud platforms. The untrusted hypervisor in these settings is in control of several resource management and configuration tasks, including interrupts. We present Heckler, a new attack wherein the hypervisor injects malicious non-timer interrupts to break the confidentiality and integrity of CVMs. Our insight is to use the interrupt handlers that have global effects, such that we can manipulate a CVM's register states to change the data and control flow. With AMD SEV-SNP and Intel TDX, we demonstrate Heckler on OpenSSH and sudo to bypass authentication. On AMD SEV-SNP we break execution integrity of C, Java, and Julia applications that perform statistical and text analysis. We explain the gaps in current defenses and outline guidelines for future defenses.

Cryptography and Security

Wenhao Wang,Linke Song,Benshan Mei,Shuang Liu,Shijun Zhao,Shoumeng Yan,XiaoFeng Wang,Dan Meng,Rui Hou

2024-10-24

Abstract:Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is important to recognize that users still encounter challenges in maintaining control over the integrity of the code running within the trusted execution environments (TEEs). The presence of a sophisticated operating system (OS) raises the possibility of dynamically creating and executing any code, making user applications within TEEs vulnerable to interference or tampering if the guest OS is compromised. To address this issue, this paper introduces NestedSGX, a framework which leverages virtual machine privilege level (VMPL), a recent hardware feature available on AMD SEV-SNP to enable the creation of hardware enclaves within the guest VM. Similar to Intel SGX, NestedSGX considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested. To seamlessly protect existing applications, NestedSGX aims for compatibility with Intel SGX by simulating SGX leaf functions. We have also ported the SGX SDK and the Occlum library OS to NestedSGX, enabling the use of existing SGX toolchains and applications in the system. Performance evaluations show that context switches in NestedSGX take about 32,000 -- 34,000 cycles, approximately $1.9\times$ -- $2.1\times$ higher than that of Intel SGX. NestedSGX incurs minimal overhead in most real-world applications, with an average overhead below 2% for computation and memory intensive workloads and below 15.68% for I/O intensive workloads.

Cryptography and Security,Hardware Architecture

Zhang Xiantao,Xu Anthony X. F.,Li Qi,Yau David K. Y.,Qing Sihan,Zhang Huanguo

DOI: https://doi.org/10.1109/IPDPS.2008.4536548

2008-01-01

Abstract:With advances in hardware-assisted full virtualization technologies, system virtualization based on the virtual machine monitor (VMM) has received much recent attention. Using the Xen/IA64 hardware virtual machine implemented on Intelreg Virtualization Technology for Itaniumreg (VT-i), we investigate the design of a virtual software hash translation lookaside buffer (TLB) based on the virtual hash page table (VHPT). Experimental results show that the proposed design can significantly improve the performance of the hardware virtual machine of Xen/IA64. Our contributions are the following. First, we design and implement in the VMM a virtual hash TLB algorithm to optimize the system performance of VT-i guest virtual machines. Second, we quantify experimentally the performance benefits of the hash TLB for VT-i guest virtual machines and analyze the performance impact of the software VHPT walker with the hash TLB algorithm. Lastly, we present experiments to verify, in an SMP virtual machine system environment, the superior scalability of the hash TLB approach.

Yongkang Tang,Shaoqing Li,Fan Zhang,Liang Fang

DOI: https://doi.org/10.1049/iet-ifs.2017.0354

2018-01-01

IET Information Security

Abstract:Hardware Trojan (HT) is increasingly becoming a serious problem in the information security field. Compared to other countermeasures, thermal maps based detection can mitigate process variation (PV) and have a higher accuracy. However, HT cannot be differentiated from the others directly from the original thermal maps. Therefore, in this study, the authors first propose a general HT detection framework based on difference temperature matrix, and introduce the PV mitigation mechanism. Then, they demonstrate how principal component analysis can implement spatial projection transformation and expose HT signal. Finally, they introduce their experimental setup and design, and then validate their countermeasure with Xilinx field programmable gate arrays which are configured with the pure AES circuit and the infected AES circuits. The power proportions (PPs) of HTs in the different infected AES circuits are various. The experimental results indicate that their proposed countermeasure can clearly detect HT with 0.14% small PP.

Yuhan Xue,Shengru Li,Kai Han,Sicheng Zhao,Huibai Huang,Shui Yu,Zuqing Zhu

DOI: https://doi.org/10.1109/GLOCOM.2018.8647300

2018-01-01

Abstract:In this work, we try to address the problem of memory fragmentation in ternary content addressable memory (TCAM) in programmable data plane (PDP), by designing and implementing a novel network hypervisor for PDP, namely, TPVX. TPVX realizes the virtualization of table resources in PDP with global consideration, i.e., when mapping tenant flow tables to physical switches, TPVX considers their table sizes and the pre-formatted sub-tables in the physical network to improve TCAM utilization and avoid memory fragmentation. Our experimental results verify that with TPVX, the utilization of the table resources in PDP can be improved dramatically and the extra processing latency due to the newly-introduced overheads can be maintained well simultaneously.

LI Xun,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137x.2011.12.015

2011-01-01

Computer Science

Abstract:Kernel-level attacks compromise operating system security by tampering with critical data and control flow in the kernel.Current approaches defend against these attacks by applying code integrity or control flow integrity control methods.However,they focus on only a certain aspect and cannot give a complete integrity monitoring solution.This paper analyzed the kernel integrity principle and got practical requirements to ensure kernel integrity.Critical data objects effect operating system function directly.Only certain code is able to modify critical data objects at certain conditions to ensure data integrity.All factors about code execution sequence are protected and monitored to ensure control flow integrity.Implementation in Xen VMM(Virtual Machine Monitor) using hardware virtualization,or referred to as HVM(Hardware Virtual Machine) is introduced to protect and monitor Linux kernel.Experiments show that the solution can detect and prevent attacks and bugs compromising the kernel.