Virtualization-based System Hardening against Untrusted Kernels

Virtualization-based System Hardening against Untrusted Kernels

Applications are integral to our daily lives to help us processing sensitive I/O data, such as individual passwords and camera streams, and private application data, such as financial information and medical reports. However, applications and sensitive data all surfer from the attacks from kernel ro...

Full description

Saved in:
Bibliographic Details
Main Author: CHENG, Yueqiang
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2014
Subjects:
virtualization based security
isolated execution environment
trusted path
I/O data protection
application protection
reliable secure foothold
Databases and Information Systems
Information Security
Systems Architecture
Online Access:https://ink.library.smu.edu.sg/etd_coll/105
https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=1104&context=etd_coll
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.etd_coll-1104
record_format dspace
spelling sg-smu-ink.etd_coll-11042017-04-12T03:53:10Z Virtualization-based System Hardening against Untrusted Kernels CHENG, Yueqiang Applications are integral to our daily lives to help us processing sensitive I/O data, such as individual passwords and camera streams, and private application data, such as financial information and medical reports. However, applications and sensitive data all surfer from the attacks from kernel rootkits in the traditional architecture, where the commodity OS that is supposed to be the secure foothold of the system is routinely compromised due to the large code base and the broad attack surface. Fortunately, the virtualization technology has significantly reshaped the landscape of the modern computer system, and provides a variety of new opportunities for us to protect application and sensitive data. In this dissertation, we first design and implement a lightweight and reliable hypervisor Guardian as the system secure foothold, which leverages virtualization technology and a secure boot and shutdown mechanism to protect itself in its whole life cycle. Guardian is the first bare-metal hypervisor with integrity and availability guarantees. Moreover, we extend Guardian to be a framework of secure foothold, which consists of summarized common security primitives for facilitating our proposed systems and other security services. Based on the reliable secure foothold (Guardian), we propose AppShield, which protects critical applications through putting them into isolated execution environments (IEEs). In an IEE, AppShield is able to reliably and efficiently protect data secrecy and integrity of a critical application, as well as the execution integrity, against kernel rootkit attacks. Moreover, it is able to defend against newly identified threats, which are evidence that protecting applications against the malicious OS is more difficult than previously realized. The inputs and outputs of protected application are not protected by AppShield such that they could be tampered by kernel rootkits. To fix this gap, we propose a trusted path (TP) scheme, named as Driverguard, to protect I/O flows between hardware input/output devices and protected applications. DriverGuard is the first generic approach that protects all kinds of I/O flows with a combination of cryptographic and virtualization techniques. The combination of IEE and TP could protect almost all applications and sensitive data. But for certain user data, we could do it better. In this dissertation, we purpose a dedicated system KGuard to protect user passwords in the increasingly popular online services without needing any IEE and trusted path. In particular, KGuard does not trust any software components in the guest kernel and user space (without IEE requirement), and also not leverage any special hardware to assist the protection. We implement the prototypes of all the above systems, and evaluate their performance overheads. The experiment results show that the performance costs on CPU computation and device I/O are insignificant. 2014-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/etd_coll/105 https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=1104&context=etd_coll http://creativecommons.org/licenses/by-nc-nd/4.0/ Dissertations and Theses Collection (Open Access) eng Institutional Knowledge at Singapore Management University virtualization based security isolated execution environment trusted path I/O data protection application protection reliable secure foothold Databases and Information Systems Information Security Systems Architecture
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic virtualization based security
isolated execution environment
trusted path
I/O data protection
application protection
reliable secure foothold
Databases and Information Systems
Information Security
Systems Architecture
spellingShingle virtualization based security
isolated execution environment
trusted path
I/O data protection
application protection
reliable secure foothold
Databases and Information Systems
Information Security
Systems Architecture
CHENG, Yueqiang
Virtualization-based System Hardening against Untrusted Kernels
description Applications are integral to our daily lives to help us processing sensitive I/O data, such as individual passwords and camera streams, and private application data, such as financial information and medical reports. However, applications and sensitive data all surfer from the attacks from kernel rootkits in the traditional architecture, where the commodity OS that is supposed to be the secure foothold of the system is routinely compromised due to the large code base and the broad attack surface. Fortunately, the virtualization technology has significantly reshaped the landscape of the modern computer system, and provides a variety of new opportunities for us to protect application and sensitive data. In this dissertation, we first design and implement a lightweight and reliable hypervisor Guardian as the system secure foothold, which leverages virtualization technology and a secure boot and shutdown mechanism to protect itself in its whole life cycle. Guardian is the first bare-metal hypervisor with integrity and availability guarantees. Moreover, we extend Guardian to be a framework of secure foothold, which consists of summarized common security primitives for facilitating our proposed systems and other security services. Based on the reliable secure foothold (Guardian), we propose AppShield, which protects critical applications through putting them into isolated execution environments (IEEs). In an IEE, AppShield is able to reliably and efficiently protect data secrecy and integrity of a critical application, as well as the execution integrity, against kernel rootkit attacks. Moreover, it is able to defend against newly identified threats, which are evidence that protecting applications against the malicious OS is more difficult than previously realized. The inputs and outputs of protected application are not protected by AppShield such that they could be tampered by kernel rootkits. To fix this gap, we propose a trusted path (TP) scheme, named as Driverguard, to protect I/O flows between hardware input/output devices and protected applications. DriverGuard is the first generic approach that protects all kinds of I/O flows with a combination of cryptographic and virtualization techniques. The combination of IEE and TP could protect almost all applications and sensitive data. But for certain user data, we could do it better. In this dissertation, we purpose a dedicated system KGuard to protect user passwords in the increasingly popular online services without needing any IEE and trusted path. In particular, KGuard does not trust any software components in the guest kernel and user space (without IEE requirement), and also not leverage any special hardware to assist the protection. We implement the prototypes of all the above systems, and evaluate their performance overheads. The experiment results show that the performance costs on CPU computation and device I/O are insignificant.
format text
author CHENG, Yueqiang
author_facet CHENG, Yueqiang
author_sort CHENG, Yueqiang
title Virtualization-based System Hardening against Untrusted Kernels
title_short Virtualization-based System Hardening against Untrusted Kernels
title_full Virtualization-based System Hardening against Untrusted Kernels
title_fullStr Virtualization-based System Hardening against Untrusted Kernels
title_full_unstemmed Virtualization-based System Hardening against Untrusted Kernels
title_sort virtualization-based system hardening against untrusted kernels
publisher Institutional Knowledge at Singapore Management University
publishDate 2014
url https://ink.library.smu.edu.sg/etd_coll/105
https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=1104&context=etd_coll
_version_ 1712300872485044224

Similar Items