微信服务号

微信订阅号

2025年6月1日 16:49 星期日
首页 > 过刊浏览>2015年第26卷第8期 >2124-2137. DOI:10.13328/j.cnki.jos.004684
PDF HTML阅读 XML下载 导出引用 引用提醒
基于虚拟机监控器的隐私透明保护
作者:
基金项目:

国家自然科学基金(60933003); 国家高技术研究发展计划(863)(2012AA0109 04); 教育部高等学校博士学科点专项科研基金(20120201110010)


Transparent Privacy Protection Based on Virtual Machine Monitor
Author:
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [32]
    • |
  • 相似文献 [20]
    • | | |
  • 文章评论
    摘要:

    操作系统漏洞经常被攻击者利用,从而以内核权限执行任意代码(返回用户态攻击,ret2user)以及窃取用户隐私数据.使用虚拟机监控器构建了一个对操作系统及应用程序透明的内存访问审查机制,提出了一种低性能开销并且无法被绕过的内存页面使用信息实时跟踪策略;结合安全加载器,保证了动态链接库以及应用程序的代码完整性.能够确保即使操作系统内核被攻击,应用程序的内存隐私数据依然无法被窃取.在Linux操作系统上进行了原型实现及验证,实验结果表明,该隐私保护机制对大多数应用只带来6%~10%的性能负载.

    Abstract:

    The vulnerabilities of OS kernel are usually exploited by attackers to execute arbitrary code with kernel privilege (i.e., return-to-user attacks, ret2user) and to steal other processes' private data. In this paper, a transparent OS kernel memory access mediator based on VMM (virtual machine monitor) is proposed, and a non-bypassable low performance overhead memory page tracker is provided to get the memory usage information in real-time. Combined with a safe loader, the new method guarantees the code integrity of dynamic shared objects during run-time. It also ensure that, even when the OS kernel is compromised, the application's memory private data is still safe. A prototype is implemented on the Linux OS, and the evaluation experiments show that it only incurs about 6%~10% performance overhead for most SPEC benchmark tests.

    参考文献
    [1] CVE-2008-0600. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600
    [2] CVE-2010-4258. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4258
    [3] On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns. http://seclists.org/dailydave/2007/q1/224
    [4] Kemerlis VP, Portokalidis G, Keromytis AD. kGuard: Lightweight kernel protection against return-to-user attacks. In: Proc. of the 21st USENIX Conf. on Security Symp. 2012.
    [5] Jr Petroni NL, Hicks M. Automated detection of persistent kernel control-flow attacks. In: Proc. of the 14th ACM Conf. on Computer and Communications Security. ACM Press, 2007. 103-115. [doi: 10.1145/1315245.1315260]
    [6] Rhee J, Riley R, Xu D, Jiang X. Defeating dynamic data kernel rootkit attacks via VMM-based guest-transparent monitoring. In: Proc. of the Int'l Conf. on Availability, Reliability and Security (ARES 2009). IEEE, 2009. 74-81. [doi: 10.1109/ARES.2009.116]
    [7] Jin H, et al. Computer System Virtualization Theory and Application. Beijing: Tsinghua University Press, 2008. 1-26 (in Chinese).
    [8] Feng DG, Zhang M, Zhang Y, Xu Z. Study on cloud computing security. Ruan Jian Xue Bao/Journal of Software, 2011,22(1): 71-83 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3958.htm [doi: 10.3724/SP.J.1001.2011.03958]
    [9] Hofmann OS, Kim S, Dunn AM, Lee MZ, Witchel E. InkTag: Secure applications on an untrusted operating system. In: Proc. of the 18th Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS). ACM Press, 2013. 265- 278. [doi: 10.1145/2451116.2451146]
    [10] Strackx R, Piessens F. Fides: Selectively hardening software application components against kernel-level or process-level malware. In: Proc. of the 19th ACM Conf. on Computer and Communications Security (CCS 2012). ACM Press, 2012. 2-13. [doi: 10.1145/ 2382196.2382200]
    [11] McCune JM, Li Y, Qu N, Zhou Z, Datta A, Gligor V, Perrig A. TrustVisor: Efficient TCB reduction and attestation. In: Proc. of the IEEE Symp. on Security and Privacy (SP). IEEE, 2010. 143-158. [doi: 10.1109/SP.2010.17]
    [12] Yang J, Shin K. Using hypervisor to provide data secrecy for user applications on a per-page basis. In: Proc. of the 4th ACM SIGPLAN/SIGOPS Int'l Conf. on Virtual Execution Environments. ACM Press, 2008. 71-80. [doi: 10.1145/1346256.1346267]
    [13] Xiang GF, Jin H, Zou DQ, Chen XG. Virtualization-Based security monitoring. Ruan Jian Xue Bao/Journal of Software, 2012,23(8): 2173-2187 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/4219.htm [doi: 10.3724/SP.J.1001.2012.04219]
    [14] McKeen F, Alexandrovich I, Berenzon A, Rozas CV, Shafi H, Shanbhogue V, Savagaonkar UR. Innovative instructions and software model for isolated execution. In: Proc. of the 2nd Int'l Workshop on Hardware and Architectural Support for Security and Privacy. ACM Press, 2013. 10-19. [doi: 10.1145/2487726.2488368]
    [15] Duc G, Keryell R. Cryptopage: An efficient secure architecture with memory encryption, integrity and information leakage protection. In: Proc. of the 22nd Annual Computer Security Applications Conf. (ACSAC 2006). IEEE, 2006. 483-492. [doi: 10. 1109/ACSAC.2006.21]
    [16] Suh GE, Clarke D, Gassend B, Van Dijk M, Devadas S. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In: Proc. of the 17th Annual Int'l Conf. on Supercomputing. ACM Press, 2003. 160-171. [doi: 10.1145/782814.782838]
    [17] George V, Piazza T, Jiang H. Technology Insight: Intel Next Generation Microarchitecture Codename Ivy Bridge. 2011.
    [18] Prandini M, Ramilli M. Return-Oriented programming. Security & Privacy, IEEE, 2012,10(6):84-87. [doi: 10.1109/MSP.2012.152]
    [19] Dai YH, Qi Y, Ren JB, Shi Y, Wang XG, Yu X. A lightweight VMM on many core for high performance computing. In: Proc. of the 9th ACM SIGPLAN/SIGOPS Int'l Conf. on Virtual Execution Environments. ACM Press, 2013. 111-120. [doi: 10.1145/24515 12.2451535]
    [20] The GNU C library (glibc). 2014. http://www.gnu.org/software/libc/libc.html
    [21] Dai YH, Shi Y, Qi Y, Ren JB, Wang PJ. Design and verification of a lightweight reliable virtual machine monitor for a many- core architecture. Frontiers of Computer Science, 2013,7(1):34-43. [doi: 10.1007/s11704-012-2084-0]
    [22] Li JK, Wang Z, Jiang XX, Grace M, Bahram S. Defeating return-oriented rootkits with “return-less” kernels. In: Proc. of the 5th European Conf. on Computer Systems (EuroSys). ACM Press, 2010. 195-208. [doi: 10.1145/1755913.1755934]
    [23] Trusted Computing Group. Trusted platform module (TPM) summary. 2014. http://www.trustedcomputinggroup.org/resources/ trusted_platform_module_tpm_summary
    [24] Klein G, Elphinstone K, Heiser G, Andronick J, Cock D, Derrin P, Elkaduwe D, Engelhardt K, Kolanski R, Norrish M, Sewell T, Tuch H, Winwood S. seL4: Formal verification of an OS kernel. In: Proc. of the ACM SIGOPS 22nd Symp. on Operating Systems Principles. ACM Press, 2009. 207-220. [doi: 10.1145/1629575.1629596]
    [25] Wang Z, Jiang XX, Cui WD, Ning P. Countering kernel rootkits with lightweight hook protection. In: Proc. of the 16th ACM Conf. on Computer and Communications Security. ACM Press, 2009. 545-554. [doi: 10.1145/1653662.1653728]
    [26] Seshadri A, Luk M, Qu N, Perrig A. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity Oses. ACM SIGOPS Operating Systems Review, 2007,41(6):335-350. [doi: 10.1145/1323293.1294294]
    [27] Riley R, Jiang X, Xu D. Guest-Transparent prevention of kernel rootkits with VMM-based memory shadowing. In: Proc. of the Recent Advances in Intrusion Detection. Springer-Verlag, 2008. 1-20. [doi: 10.1007/978-3-540-87403-4_1]
    [28] Onarlioglu K, Bilge L, Lanzi A, Balzarotti D, Kirda E. G-Free: Defeating return-oriented programming through gadget-less binaries. In: Proc. of the 26th Annual Computer Security Applications Conf. (ACSAC). IEEE, 2010. 49-58. [doi: 10.1145/1920261.19202 69]
    [29] Lie D, Thekkath C, Mitchell M, Lincoln P, Boneh D, Mitchell J, Horowitz M. Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices, 2000,35(11):168-177. [doi: 10.1145/356989.357005]
    [30] Azab A, Ning P, Zhang XL. SICE: A hardware-level strongly isolated computing environment for x86 multi-core platforms. In: Proc. of the 18th ACM Conf. on Computer and Communications Security. ACM Press, 2011. 375-388. [doi: 10.1145/2046707.204 6752]
    [31] Garfinkel T, Pfaff B, Chow J, Rosenblum M, Boneh D. Terra: A virtual machine-based platform for trusted computing. ACM SIGOPS Operating Systems Review, 2003,37(5):193-206. [doi: 10.1145/1165389.945464]
    [32] Chen HB, Zhang FZ, Chen C, Yang ZY, Chen R, Zang B, Yew PC, Mao WB. Tamper-Resistant execution in an untrusted operating system using a virtual machine monitor. 2007. http://ppi.fudan.edu.cn/system/publications/paper/chaos-ppi-tr.pdfChen XX, Garfinkel T, Lewis EC, Subrahmanyam P, Waldspurger CA, Boneh D, Dwoskin J, Ports DRK. Overshadow: A virtualizationbased approach to retrofitting protection in commodity operating systems. ACM SIGPLAN Notices, 2008,43(3):2- 13. [doi: 10.1145/1353536.1346284]
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

任建宝,齐勇,戴月华,王晓光,宣宇,史椸.基于虚拟机监控器的隐私透明保护.软件学报,2015,26(8):2124-2137

复制
分享
文章指标
  • 点击次数:3959
  • 下载次数: 4961
  • HTML阅读次数: 1338
  • 引用次数: 0
历史
  • 收稿日期:2014-02-28
  • 最后修改日期:2014-07-31
  • 在线发布日期: 2015-08-05
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19987193位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号