H-securebox: A hardened memory data protection framework on ARM devices

ARM devices (mobile phone, IoT devices) are getting more popular in our daily life due to the low power consumption and cost. These devices carry a huge number of user's private information, which attracts attackers' attention and increase the security risk. The operating systems (e.g., An...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHANG, Zhangkai, LI, Zhoujun, XIA, Chunhe, CUI, Jinhua, MA, Jinxin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2018
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/4113
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5116
record_format dspace
spelling sg-smu-ink.sis_research-51162018-09-06T03:24:08Z H-securebox: A hardened memory data protection framework on ARM devices ZHANG, Zhangkai LI, Zhoujun XIA, Chunhe CUI, Jinhua MA, Jinxin ARM devices (mobile phone, IoT devices) are getting more popular in our daily life due to the low power consumption and cost. These devices carry a huge number of user's private information, which attracts attackers' attention and increase the security risk. The operating systems (e.g., Android, Linux) works out many memory data protection strategies on user's private information. However, the monolithic OS may contain security vulnerabilities that are exploited by the attacker to get root or even kernel privilege. Once the kernel privilege is obtained by the attacker, all data protection strategies will be gone and user's private information can be taken away. In this paper, we propose a hardened memory data protection framework called H-Securebox to defeat kernel-level memory data stolen attacks. H-Securebox leverages ARM hardware virtualization technique to protect the data on the memory with hypervisor privilege. We designed three types H-Securebox for programing developers to use. Although the attacker may have kernel privilege, she can not touch private data inside H-Securebox, since hypervisor privilege is higher than kernel privilege. With the implementation of H-Securebox system assisting by a tiny hypervisor on Raspberry Pi2 development board, we measure the performance overhead of our system and do the security evaluations. The results positively show that the overhead is negligible and the malicious application with root or kernel privilege can not access the private data protected by our system. 2018-06-21T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/4113 info:doi/10.1109/DSC.2018.00053 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University ARM hypervisor Data privacy Kernel level attack Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic ARM hypervisor
Data privacy
Kernel level attack
Information Security
spellingShingle ARM hypervisor
Data privacy
Kernel level attack
Information Security
ZHANG, Zhangkai
LI, Zhoujun
XIA, Chunhe
CUI, Jinhua
MA, Jinxin
H-securebox: A hardened memory data protection framework on ARM devices
description ARM devices (mobile phone, IoT devices) are getting more popular in our daily life due to the low power consumption and cost. These devices carry a huge number of user's private information, which attracts attackers' attention and increase the security risk. The operating systems (e.g., Android, Linux) works out many memory data protection strategies on user's private information. However, the monolithic OS may contain security vulnerabilities that are exploited by the attacker to get root or even kernel privilege. Once the kernel privilege is obtained by the attacker, all data protection strategies will be gone and user's private information can be taken away. In this paper, we propose a hardened memory data protection framework called H-Securebox to defeat kernel-level memory data stolen attacks. H-Securebox leverages ARM hardware virtualization technique to protect the data on the memory with hypervisor privilege. We designed three types H-Securebox for programing developers to use. Although the attacker may have kernel privilege, she can not touch private data inside H-Securebox, since hypervisor privilege is higher than kernel privilege. With the implementation of H-Securebox system assisting by a tiny hypervisor on Raspberry Pi2 development board, we measure the performance overhead of our system and do the security evaluations. The results positively show that the overhead is negligible and the malicious application with root or kernel privilege can not access the private data protected by our system.
format text
author ZHANG, Zhangkai
LI, Zhoujun
XIA, Chunhe
CUI, Jinhua
MA, Jinxin
author_facet ZHANG, Zhangkai
LI, Zhoujun
XIA, Chunhe
CUI, Jinhua
MA, Jinxin
author_sort ZHANG, Zhangkai
title H-securebox: A hardened memory data protection framework on ARM devices
title_short H-securebox: A hardened memory data protection framework on ARM devices
title_full H-securebox: A hardened memory data protection framework on ARM devices
title_fullStr H-securebox: A hardened memory data protection framework on ARM devices
title_full_unstemmed H-securebox: A hardened memory data protection framework on ARM devices
title_sort h-securebox: a hardened memory data protection framework on arm devices
publisher Institutional Knowledge at Singapore Management University
publishDate 2018
url https://ink.library.smu.edu.sg/sis_research/4113
_version_ 1770574313267658752