Cargando…
Hardware assisted hypervisor introspection
In this paper, we introduce hypervisor introspection, an out-of-box way to monitor the execution of hypervisors. Similar to virtual machine introspection which has been proposed to protect virtual machines in an out-of-box way over the past decade, hypervisor introspection can be used to protect hyp...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer International Publishing
2016
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4870477/ https://www.ncbi.nlm.nih.gov/pubmed/27330913 http://dx.doi.org/10.1186/s40064-016-2257-7 |
| _version_ | 1782432439581278208 |
|---|---|
| author | Shi, Jiangyong Yang, Yuexiang Tang, Chuan |
| author_facet | Shi, Jiangyong Yang, Yuexiang Tang, Chuan |
| author_sort | Shi, Jiangyong |
| collection | PubMed |
| description | In this paper, we introduce hypervisor introspection, an out-of-box way to monitor the execution of hypervisors. Similar to virtual machine introspection which has been proposed to protect virtual machines in an out-of-box way over the past decade, hypervisor introspection can be used to protect hypervisors which are the basis of cloud security. Virtual machine introspection tools are usually deployed either in hypervisor or in privileged virtual machines, which might also be compromised. By utilizing hardware support including nested virtualization, EPT protection and #BP, we are able to monitor all hypercalls belongs to the virtual machines of one hypervisor, include that of privileged virtual machine and even when the hypervisor is compromised. What’s more, hypercall injection method is used to simulate hypercall-based attacks and evaluate the performance of our method. Experiment results show that our method can effectively detect hypercall-based attacks with some performance cost. Lastly, we discuss our furture approaches of reducing the performance cost and preventing the compromised hypervisor from detecting the existence of our introspector, in addition with some new scenarios to apply our hypervisor introspection system. |
| format | Online Article Text |
| id | pubmed-4870477 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2016 |
| publisher | Springer International Publishing |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-48704772016-06-21 Hardware assisted hypervisor introspection Shi, Jiangyong Yang, Yuexiang Tang, Chuan Springerplus Research In this paper, we introduce hypervisor introspection, an out-of-box way to monitor the execution of hypervisors. Similar to virtual machine introspection which has been proposed to protect virtual machines in an out-of-box way over the past decade, hypervisor introspection can be used to protect hypervisors which are the basis of cloud security. Virtual machine introspection tools are usually deployed either in hypervisor or in privileged virtual machines, which might also be compromised. By utilizing hardware support including nested virtualization, EPT protection and #BP, we are able to monitor all hypercalls belongs to the virtual machines of one hypervisor, include that of privileged virtual machine and even when the hypervisor is compromised. What’s more, hypercall injection method is used to simulate hypercall-based attacks and evaluate the performance of our method. Experiment results show that our method can effectively detect hypercall-based attacks with some performance cost. Lastly, we discuss our furture approaches of reducing the performance cost and preventing the compromised hypervisor from detecting the existence of our introspector, in addition with some new scenarios to apply our hypervisor introspection system. Springer International Publishing 2016-05-17 /pmc/articles/PMC4870477/ /pubmed/27330913 http://dx.doi.org/10.1186/s40064-016-2257-7 Text en © The Author(s). 2016 Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. |
| spellingShingle | Research Shi, Jiangyong Yang, Yuexiang Tang, Chuan Hardware assisted hypervisor introspection |
| title | Hardware assisted hypervisor introspection |
| title_full | Hardware assisted hypervisor introspection |
| title_fullStr | Hardware assisted hypervisor introspection |
| title_full_unstemmed | Hardware assisted hypervisor introspection |
| title_short | Hardware assisted hypervisor introspection |
| title_sort | hardware assisted hypervisor introspection |
| topic | Research |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4870477/ https://www.ncbi.nlm.nih.gov/pubmed/27330913 http://dx.doi.org/10.1186/s40064-016-2257-7 |
| work_keys_str_mv | AT shijiangyong hardwareassistedhypervisorintrospection AT yangyuexiang hardwareassistedhypervisorintrospection AT tangchuan hardwareassistedhypervisorintrospection |