Xiaoguang Wang,Yong Qi,Zhi Wang,Yue Chen,Yajin Zhou

DOI: https://doi.org/10.1109/tdsc.2017.2675991

2019-01-01

Abstract:The OS kernel is critical to the security of a computer system. Many systems have been proposed to improve its security. A fundamental weakness of those systems is that page tables, the data structures that control the memory protection, are not isolated from the vulnerable kernel, and thus subject to tampering. To address that, researchers have relied on virtualization for reliable kernel memory protection. Unfortunately, such memory protection requires to monitor every update to the guest's page tables. This fundamentally conflicts with the recent advances in the hardware virtualization support. In this paper, we propose SecPod, an extensible framework for virtualization-based security systems that can provide both strong isolation and the compatibility with modern hardware. SecPod has two key techniques: paging delegation delegates and audits the kernel's paging operations to a secure space; execution trapping intercepts the (compromised) kernel's attempts to subvert SecPod by misusing privileged instructions. We have implemented a prototype of SecPod based on KVM. Our experiments show that SecPod is both effective and efficient.

Ji-Ming Chen,Shi Chen,Xiang Wang,Lin,Li Wang

DOI: https://doi.org/10.1155/2021/2729949

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the rapid development of Internet of Things technology, a large amount of user information needs to be uploaded to the cloud server for computing and storage. Side-channel attacks steal the private information of other virtual machines by coresident virtual machines to bring huge security threats to edge computing. Virtual machine migration technology is currently the main way to defend against side-channel attacks. VM migration can effectively prevent attackers from realizing coresident virtual machines, thereby ensuring data security and privacy protection of edge computing based on the Internet of Things. This paper considers the relevance between application services and proposes a VM migration strategy based on service correlation. This strategy defines service relevance factors to quantify the degree of service relevance, build VM migration groups through service relevance factors, and effectively reduce communication overhead between servers during migration, design and implement the VM memory migration based on the post-copy method, effectively reduce the occurrence of page fault interruption, and improve the efficiency of VM migration.

Chen Wen-Zhi,Zhu Hong-Wei,Huang Wei

DOI: https://doi.org/10.1109/CW.2008.110

2008-01-01

Abstract:The security problem became more severe since the security requirement of different applications may conflict with the others in distributed application or grid computing. Virtualization technology can improvethe system's security, but did not satisfy the requirement of virtual resource sharing and inner-domain communication in distributed services and grid computing. By dividing the virtual resources into sharing virtual resources and normal ones, SeVMM provided secure mechanism for inter-domain communication control, which formed the base of multi-level security control model for virtual machine monitors, operating systems and applications. Case study and application showed that SeVMM improved the system's security without causing significant performance penalty.

Xinghui Zhu,Guang Lu,Fei Yu,Shuqiang Yang,Miaoliang Zhu

DOI: https://doi.org/10.1109/IMSCCS.2006.108

2006-01-01

Abstract:In today's operating system, memory management policies based on the data-copying and hidden mechanisms blocks the system performance which is far from expectation. This paper introduces an innovative memory management system powered by vertical architecture PVM. The paper first describes the model and architecture of PVM, followed by an analysis of lazy management of virtual address space and the management of two-layer-cached physical memory.

Siqin Zhao,Kang Chen,Weimin Zheng

DOI: https://doi.org/10.1109/ChinaGrid.2009.45

2009-01-01

Abstract:It is very important to protect critical resources such as private data and code in computer systems. It is promising to protect private data and to improve the system security by leveraging the isolation attribute of virtual machine(VM). The isolation attribute of VM is provided by Virtual Machine Monitor (VMM) that runs in higher priority than guest OSes. If the critical components are isolated in VMs,access control can be enforced or attestation can be made when the subject is accessing via VMs. In this way, VMs can improve the security level of critical components such as OS, kernel, data, and applications. For computer system security, VMs can be used to detect malware intrusions and to protect critical components, which can be implemented by integrating detection or protection mechanism in either VMM or VMs. Authentication is required to create trustful VMs. This paper surveys technologies related of using virtual machines to enhance system security.

陈文智,姚远,杨建华,何钦铭

DOI: https://doi.org/10.3724/sp.j.1016.2009.01311

2009-01-01

Chinese Journal of Computers

Abstract:With the rapidly development of personal computer hardware,to construct multiple isolated computing domains through virtualization technology has already become a future direction of PC. To avoid the difficulties caused by implementing VMM on traditional IA-32 architecture through software virtualization technology,the authors designed and implemented a VMM based on Intel VT-x technology — Pcanel/V2. Pcanel/V2 utilizes the latest hardware virtualization technology to configure a controllable virtual execution environment and run multiple operating systems directly without any modification of source code. While the accesses to hardware resources by the guest operating system are monitored,various sensitive situations which occur in the guest operating system can also be handled correspondingly by Pcanel/V2. Concurrent execution of Linux and VxWorks on Pcanel/V2 has been realized and corresponding evaluation results show that Pcanel/V2 architecture simplifies the complexity of the design process while increasing the overall performance by approximately 10% compared to software virtual technology.

Francesco Gadaleta,Raoul Strackx,Nick Nikiforakis,Frank Piessens,Wouter Joosen

DOI: https://doi.org/10.48550/arXiv.1405.6058

2014-05-22

Abstract:Protecting commodity operating systems and applications against malware and targeted attacks has proven to be difficult. In recent years, virtualization has received attention from security researchers who utilize it to harden existing systems and provide strong security guarantees. This has lead to interesting use cases such as cloud computing where possibly sensitive data is processed on remote, third party systems. The migration and processing of data in remote servers, poses new technical and legal questions, such as which security measures should be taken to protect this data or how can it be proven that execution of code wasn't tampered with. In this paper we focus on technological aspects. We discuss the various possibilities of security within the virtualization layer and we use as a case study \HelloRootkitty{}, a lightweight invariance-enforcing framework which allows an operating system to recover from kernel-level attacks. In addition to \HelloRootkitty{}, we also explore the use of special hardware chips as a way of further protecting and guaranteeing the integrity of a virtualized system.

Cryptography and Security

Xian Chen,Wenzhi Chen,Peng Long,Zhongyong Lu,Zonghui Wang

DOI: https://doi.org/10.1109/cbd.2013.32

2013-01-01

Abstract:For the ability to explore the memory's fullest potential, memory de-duplication has been widely experimented with in current main stream virtualization platforms. A lot of work has been done to improve the efficiency of memory de-duplication, while too little attention was paid to the introduced security issues which have been proved by prior work. To deal with this security risk and efficiently manage the memory we start our work in this paper. We first conduct extensive experiments on different OS platforms to study the realistic situation of page sharing. By analyzing the results we find: 1) Page sharing is contributed mostly by self-sharing (nearly 90%), and the self-sharing rate varies significantly between Linux and Windows OS platforms. Compared with self-sharing the inter-VM sharing rate is extremely low, under 1% in most cases. 2) Page size has a larger influence on Linux platform than Windows platform, so sub-page de-duplication proposed in prior work may achieve better performance on Linux platform. On the basis of above findings we propose a group-based secure page sharing model (or GSKSM), in which we consider both VM processes and normal processes. We have successfully implemented it in Linux kernel 3.6.6, and the experiment results show it works well with negligible overhead. Finally based on GSKSM we further present an efficient memory management approach (or SEMMA), which combines GSKSM and balloon technique to efficiently manage the memory, and the preliminary experiment result is satisfactory.

陶照平,黄皓

2012-01-01

Abstract:Through analysis of the data management of windows operating system and the technology of hardware assist virtualization,a data protection model is developed to protect the sensitive data of the application program.Then a sensitive data protection system based on hypervisor is developed.The attacks for static data are effectively blocked by pretreatment encryption technology and the physical page frame encryption technology.Hiding the plaintext of the application is achieved by double shadow page table and data execution protection technology.The system monitors the access control of page table to prevent protected area of application to be maliciously modified.

Wenzhi Chen,Zhipeng Zhang,Jianhua Yang,Qinming He

DOI: https://doi.org/10.1007/s11859-010-0301-y

2010-01-01

Wuhan University Journal of Natural Sciences

Abstract:This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains. vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolated circumstance from the virtual domain, and can be attested by a remote party in an efficient way. These properties will be guaranteed even if the guest operating system is malicious. This protects the secure sensitive codes against the malicious codes in the Guest OS, e.g., the kernel rootkits. We present an approach to dynamically measure and isolate the launch environment on the virtual machines based on the para-virtualization technology and a novel virtualization of trusted platform module (TPM). Our performance experiment result shows that the overhead introduced by vCerberus is minimized; the performance of the launch environment in vCerberus is as competitive as the guest OS running on mainstream hypervisors.

Siqin Zhao,Kang Chen,Weimin Zheng

DOI: https://doi.org/10.1109/gcc.2009.14

2009-01-01

Abstract:When a denial-of-service happens, the malicious programs often occupies too much computing resources. A defending schema proposed in this paper can use virtual machine monitor to detect such attack by adapting threshold of available resources. If the defending system assures existence of attack, it will live duplicates the operating system together with the tagged applications to reserved isolated environment. The isolated environment is another virtual machine that is similar to the original one. At the meantime, execution of the operating system and tagged application keeps continuously both in new environment and original one. Through this way, the defending system can protect the running of the operating system and tagged applications from denial-of-service attack.

LI Xun,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137x.2011.12.015

2011-01-01

Computer Science

Abstract:Kernel-level attacks compromise operating system security by tampering with critical data and control flow in the kernel.Current approaches defend against these attacks by applying code integrity or control flow integrity control methods.However,they focus on only a certain aspect and cannot give a complete integrity monitoring solution.This paper analyzed the kernel integrity principle and got practical requirements to ensure kernel integrity.Critical data objects effect operating system function directly.Only certain code is able to modify critical data objects at certain conditions to ensure data integrity.All factors about code execution sequence are protected and monitored to ensure control flow integrity.Implementation in Xen VMM(Virtual Machine Monitor) using hardware virtualization,or referred to as HVM(Hardware Virtual Machine) is introduced to protect and monitor Linux kernel.Experiments show that the solution can detect and prevent attacks and bugs compromising the kernel.

CHEN Wen-zhi,HUANG Wei,XIE Cheng,HE Qin-ming

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.02.016

2009-01-01

Abstract:Virtualization was introduced to increase the security of embedded devices while avoiding the shortcomings caused by the hardware-based approach such as poor flexibility,high complexity and high production cost of equipments.Virtualization platform SmartVP offers a secure system environment by the software-based approach.SmartVP partitions the computing resources on the ARM processor into two parallel sets,one for standard real-time operating system T-Kernel and the other for general-purpose operating system Linux.The trusted computing base of SmartVP is constructed by protecting the code and data of the software on T-Kernel,as well as by implementing the fundamental security services and interfaces.Both performance benchmark and applications show that SmartVP improves the security of embedded devices and reduces the implementing risk together with developing time and cost.

XiaoLin Wang

DOI: https://doi.org/10.1007/s11434-010-9995-7

2010-01-01

Abstract:Professors Wang and Luo and their group in the Department of Computer Science and Technology, Peking University (PKU), have recently introduced a new memory virtualization technique called Dynamic Memory Paravirtualization (DMP). With DMP, binary code in the guest operating system can be dynamically patched by the hypervisor for improved performance. Their study is published in Issue 53 (January 2010) of SCIENCE CHINA Information Sciences and is a significant contribution to system virtualization technology. Virtualization, as a key technical basis of cloud computing, is predicted to have the highest impact on the future trends of service center infrastructure and operations through to 2012. Both Intel and AMD have redesigned their processors to enable hardware virtualization support. Several kinds of virtual machine monitors, such as Xen, VMware and KVM, have been developed using paravirtualization or full virtualization technology. Paravirtualization can reduce the overhead of virtualization dramatically, but the source code of the guest operating system needs to be modified following the paravirtualization guide. Full virtualization does not require any change to the existing guest operation system, but usually needs virtualization assistance from hardware, and thus suffers a significant loss of performance. As shown in the Figure 1, dynamic paravirtualization, as the core idea of DMP, differing from both paravirtualization and full virtualization, introduces a novel approach to designing a virtual machine monitor. In dynamic paravirtualization, the virtual machine monitor dynamically monitors and replaces hot instructions, which cause the greatest overhead for virtualization, in the guest operating system. The replacement of hot instructions is completely transparent to the guest operating system. “We are able to gain the performance benefit of paravirtualization while keeping the applicability of full virtualization to legacy operation systems”, said Professors Wang and Luo.

Jin YU,Hao HUANG

DOI: https://doi.org/10.11897/SP.J.1016.2017.00414

2017-01-01

Abstract:How to effectively ensure the operation security of the guest virtual machine on a cloud computing platform is a hot topic at present.The system function hook and control method is one of the key technologies that are used to monitor the client system.Although the function hook and control method adopted in the security monitoring program based on the kernel interface of the operation system and the introspection program of the virtual machine based on the virtualization technology can meet the requirements of the security monitoring,the system still has some defects:the function hook can be easily bypassed;the system call hook method is single and limited;the internal function of the client application can't be hooked;the executing process of the function cannot be controlled;the security mechanism may result in extra large performance overhead.In this paper,an automatic function hook and control program of the guest virtual machine system based on virtualization technology (VMSPY) is proposed.The main functions of the modules are realized in the VMM,the codes of the guest system are analyzed automatically and generated dynamically via the disassembly engine.Besides,the privileged instruction sequence designed is inserted in a proper position to realize the system call hook.The internal function of the application is intercepted under the condition that it is not affected by the address space layout randomization (ASLR) technology.The code instruction sequence of the hooked function is simulated and executed automatically in the VMM according to the strategy to realize the control of the executing process of the system call and the application function.The privileged instruction sequence inserted in the guest system is protected through the memory page authorization mechanism to prevent the impact of the guest system.A cache mechanism is used to reduce the extra performance overhead as much as possible.

Jingyu Hua,Kouichi Sakurai

DOI: https://doi.org/10.1145/2245276.2232011

2012-01-01

Abstract:In the present operating systems such as Linux, all the kernel modules, including unknown extensions, run in the same address space. They are granted the highest privilege and can access arbitrary memory without any limitation. This is at the root of kernel rootkits, which are malware seriously threatening the kernel integrity. In this paper, we present Barrier , a lightweight hypervisor designed for enhancing the kernel integrity of personal computers by isolating the kernel modules. Since this hypervisor is designed for the OS protection on PCs, it does not implement unnecessary virtualization features that are commonly found on the general-purpose hypervisors to support running multiple OS instances concurrently on the same server. As a result, it is much smaller and also much easier to use, especially for unprofessional users. Barrier leverages the hardware-supported memory virtualization to isolate the kernel modules into different address spaces. All the interactions across address spaces have to go through a strict mediation based on some predefined MAC rules. This greatly increases the attacker's hardness to compromise the kernel integrity. We have implemented a prototype of Barrier. The evaluation results show that Barrier can well protect the kernel integrity without bringing unaffordable performance overheads.

Zhang Xiaohan,Zhang Yuan,Chi Xinjian,Yang Min

DOI: https://doi.org/10.11999/jeit191036

2020-01-01

Abstract:Android system is now increasingly used in different kinds of smart devices, such as smart phones, smart watches, smart TVs and smart cars. Unfortunately, reverse attacks against Android applications are also emerging, which not only violates the intellectual right of application developers, but also brings security risks to end users. Existing Android application protection methods such as naming obfuscation, dynamic loading, and code hiding can protect Java code and native (C/C++) code, but are relatively simple and easy to be bypassed. A more promising method is to use instruction virtualization, but previous binary-based methods target specific architecture (x86), and cannot be applied to protect Android devices with different architectures. An architecture-independent instruction virtualization method is proposed, a prototype named Virtual Machine Packing Protection (VMPP) to protect Android native code is designed and implemented. VMPP includes a register-based fix-length instruction set, an interpreter to execute virtualized instructions, and a set of toolchains for developers to use to protect their code. VMPP is tested on a large number of C/C++ code and realworld Android applications. The results show that VMPP can effectively protect the security of Android native code for different architectures with low overhead.

Igor Korkin

DOI: https://doi.org/10.48550/arXiv.1805.11847

2018-05-30

Abstract:One of the main issues in the OS security is providing trusted code execution in an untrusted environment. During executing, kernel-mode drivers dynamically allocate memory to store and process their data: Windows core kernel structures, users' private information, and sensitive data of third-party drivers. All this data can be tampered with by kernel-mode malware. Attacks on Windows-based computers can cause not just hiding a malware driver, process privilege escalation, and stealing private data but also failures of industrial CNC machines. Windows built-in security and existing approaches do not provide the integrity and confidentiality of the allocated memory of third-party drivers. The proposed hypervisor-based system (AllMemPro) protects allocated data from being modified or stolen. AllMemPro prevents access to even 1 byte of allocated data, adapts for newly allocated memory in real time, and protects the driver without its source code. AllMemPro works well on newest Windows 10 1709 x64.

Cryptography and Security

MA Jian-kun,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137x.2011.11.024

2011-01-01

Computer Science

Abstract:The message flow of Windows operating system was introduced and the potential threats was analyzed.A solution based on hardware-assisted virtualization was developed to defend against the software key logger.A virtual machine monitor was implemented using Intel virtual technology.When the protected thread is reading keyboard input,the keyboard interrupt is handled in the virtual machine monitor.By reading scan code of the keyboard in the virtual machine monitor,the keyboard input can be safely sent to the protected thread.

赵阳,刘明芳,林曦君

DOI: https://doi.org/10.3969/j.issn.1671-0428.2013.03.004

IF: 5.105

2013-01-01

Computers & Security

Abstract:With the development of cloud computing, virtualization technology, interaction in virtual machines on the same physical host also encounters hitherto unknown security problem. This paper is based on trusted computing, using shared memory mechanism based on KVM, applies dedicated security trusted pipeline, and uses trusted measurement to verify the authenticity and reliability of two virtual machines. By encrypting memory pseudo address, it isolates other virtual machine except the interaction of the two sides, and guarantees the information trusted and security during the communication process. At last, we analyze and summarize the method.