Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Systemic threats to hypervisor non-control data

  • Author(s): Baozeng Ding 1, 2, 3, 4 ; Yeping He 2, 3 ; Yanjun Wu 2, 3 ; Jiageng Yu 1, 2, 3, 4
    • View affiliations
    • Affiliations: 1: Graduate University, Chinese Academy of Sciences, Beijing 100049, People's Republic of China;
      2: National Engineering Research Center for Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100190, People's Republic of China;
      3: National Engineering Research Center for Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing100190, People's Republic of China;
      4: Graduate University, Chinese Academy of Sciences, Beijing100049, People's Republic of China
  • Source: Volume 7, Issue 4, December 2013, p. 349 – 354
    DOI:  10.1049/iet-ifs.2012.0252 , Print ISSN 1751-8709, Online ISSN 1751-8717
© The Institution of Engineering and Technology
Received 15/08/2012, Accepted 10/12/2012, Revised 05/12/2012, Published

Hypervisors are becoming a widespread virtualisation layer in current computer systems. Recent successful attacks against hypervisors indicate that they face the similar integrity threats as traditional operating systems. Current approaches that secure hypervisors mainly focus on code or control-data integrity, without paying attention to non-control data integrity. In this study the authors construct attacks that target hypervisor non-control data to demonstrate which types of data within the Xen hypervisor are critical to system security. It shows privilege, resource utilisation and security policy related data are vulnerable to return-oriented programming or DMA attacks. By modifying their values from one to another, the whole system's performance will be affected. By discussing current approaches that secure hypervisors, which are not suitable for non-control data, the work is to motivate new innovation in this area to protect them.

Inspec keywords: security of data; virtualisation; data integrity

Other keywords: hypervisor noncontrol data; data integrity; virtualisation layer; return-oriented programming; Xen hypervisor; secure hypervisors; systemic threats; DMA attacks; computer systems; system security

Subjects: Data security

References

    1. 1)
      • 7. Garfinkel, T., Rosenblum, M.: ‘A virtual machine introspection based architecture for intrusion detection’. Proc. Int. Conf. on Annual Network and Distributed Systems Security Symp., San Diego, CA, USA, February 2003, pp. 191206.
    2. 2)
      • 10. Litty, L., Lagar-Cavilla, H.A., Lie, D.: ‘Hypervisor support for identifying covertly executing binaries’. Proc. Int. Conf. on USENIX Security Symp., San Jose, CA, USA, July 2008, pp. 243258.
    3. 3)
      • 4. Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: ‘Non-control-data attacks are realistic threats’. Proc. Int. Conf. on USENIX Security Symp., Baltimore, MD, USA, July 2005, pp. 177192.
    4. 4)
      • 21. Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: ‘Linux security modules: general security support for the linux kernel’. Proc. Int. Conf. on USENIX Security Symp., San Francisco, CA, USA, August 2002, pp. 1731.
    5. 5)
      • 8. Jiang, X., Wang, X., Xu, D.: ‘Stealthy malware detection through vmm-based ‘out-of-the-box’ semantic view reconstruction’. Proc. Int. Conf. ACM Conf. on Computer and Communications Security, Alexandria, VA, USA, Oct 2007, pp. 128138.
    6. 6)
      • 7. Garfinkel, T., Rosenblum, M.: ‘A virtual machine introspection based architecture for intrusion detection’. Proc. Int. Conf. on Annual Network and Distributed Systems Security Symp., San Diego, CA, USA, February 2003, pp. 191206.
    7. 7)
      • 16. Wang, Z., Jiang, X.: ‘HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity’. Proc. Int. Conf. IEEE Symp. on Security and Privacy, Oakland, CA, USA, May, 2010, pp. 380395.
    8. 8)
      • 1. Designer, S.: ‘“return-to-libc” attack’ (Bugtraq, 1997).
    9. 9)
      • 4. Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: ‘Non-control-data attacks are realistic threats’. Proc. Int. Conf. on USENIX Security Symp., Baltimore, MD, USA, July 2005, pp. 177192.
    10. 10)
      • 21. Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: ‘Linux security modules: general security support for the linux kernel’. Proc. Int. Conf. on USENIX Security Symp., San Francisco, CA, USA, August 2002, pp. 1731.
    11. 11)
      • 18. Ding, B., Wu, Y., He, Y., Tian, S., Guan, B., Wu, G.: ‘Return-oriented programming attack on the Xen hypervisor’. Proc. Int. Conf. Int. Conf. on Availability, Reliability and Security, Prague, Czech, August 2012, pp. 479484.
    12. 12)
      • 9. Payne, D., Carbone, M., Sharif, M., Lee, W.: ‘Lares: an architecture for secure active monitoring using virtualization’. Proc. Int. Conf. on IEEE Symp. on Security and Privacy, Oakland, CA, USA, May 2008, pp. 233247.
    13. 13)
      • 31. Rutkowska, J., Wojtczuk, R.: ‘Preventing and detecting Xen hypervisor subversions’. Proc. Int. Conf. on Blackhat, LasVegas, NV, USA, August 2008.
    14. 14)
      • 12. CVE-2011–1898. http://cve.mitre.org/cgi-bin/cvena-me.cgi?name=CVE-2011-1898, accessed August 2012.
    15. 15)
      • 17. Shacham, H.: ‘The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)’. Proc. Int. Conf. ACM Conf. on Computer and Communications Security, Alexandria, VA, USA, October 2007, pp. 552561.
    16. 16)
      • 27. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: ‘Control-flow integrity: principles, implementations, and applications’. Proc. Int. Conf. ACM Conf. on Computer and Communications Security, Alexandria, Virginia, USA, November, 2005, pp. 340353.
    17. 17)
      • 14. Wang, J., Stavrou, A., Ghosh, A.: ‘HyperCheck: a hardware-assisted integrity monitor’. Proc. Int. Conf. Int. Symp. on Recent Advances in Intrusion Detection, Ottawa, Ontario, Canada, September 2010, pp. 158177.
    18. 18)
      • 20. Coker, G.: ‘Xen security modules (xsm)’. Proc. Int. Conf. on XenSummit, New York, USA, April 2007.
    19. 19)
      • 15. Azab, A.M., Ning, P., Wang, Z., Jiang, X., Zhang, X., Skalsky, N.C.: ‘HyperSentry: enabling stealthy in-context measurement of hypervisor integrity’. Proc. Int. Conf. ACM Conf. on Computer and Communications Security, Chicago, IL, USA, October 2010, pp. 3849.
    20. 20)
      • 19. http://www.tux.org/pub/tux/ benchmarks/System/unixbench, accessed August 2012.
    21. 21)
      • 5. Baliga, A., Kamat, P., Iftode, L.: ‘Lurking in the shadows: identifying systemic threats to kernel data’. Proc. Int. Conf. IEEE Symp. on Security and Privacy, Oakland, CA, USA, May 2007, pp. 246251.
    22. 22)
      • 13. Wojtczuk, R., Rutkowska, J., Tereshkin, A.: ‘Xen 0wningTrilogy’. http://invisiblethingslab.com/itl/Resources.html, accessed August 2012.
    23. 23)
      • 2. United States Computer Emergency Readiness Team. ‘Technical Cyber Security Alerts’, http://www.uscert.gov/cas/techalerts/, accessed August 2012.
    24. 24)
      • 3. Microsoft Security Bulletin, http://www.microsoft.com/technet/security/, accessed August 2012.
    25. 25)
      • 29. Shinagawa, T., Eiraku, H., Tanimoto, K., et al: ‘BitVisor: a thin Hypervisor for enforcing I/O device security’. Proc. Int. Conf. ACM SIGPLAN/SIGOPS Int. Conf. on Virtual Execution Environments, Washington DC, March 2009, pp. 121130.
    26. 26)
      • 11. Barham, P., Dragovic, B., Fraser, K., et al: ‘Xen and the Art of Virtualization’. Proc. Int. Conf. ACM Symp. on Operating Systems Principles, Bolton Landing, NY, USA, Oct 2003, pp. 164177.
    27. 27)
      • 23. Brewer, D.F.C., Nash, M.J.: ‘The chinese wall security policy’. Proc. Int. Conf. on IEEE Symp. on Security and Privacy, Oakland, CA, USA, May, 1989, pp. 206214.
    28. 28)
      • 6. Fu rootkit. http://www.rootkit.com/project.php?id=12, accessed August 2012.
    29. 29)
      • 28. McCune, J.M., Li, Y., Qu, N., et al: ‘Trustvisor: Efficient tcb reduction and attestation’. Proc. Int. Conf. IEEE Symp. on Security and Privacy, Berleley/Oakland, CA, USA, May 2010, pp. 143158.
    30. 30)
      • 32. Wojtczuk, R., Rutkowska, J.: ‘Following the white rabbit: software attacks against Intel VT-d technology’. Available at http://invisiblethingslab.com/resources/2011, accessed August, 2012.
    31. 31)
      • 24. Fraser, K.: ‘x86: Update xen-detect utility to scan for Xen signature in CPUID space’. December 2008, xen-unstable mailing list.
    32. 32)
      • 22. Sailer, R., Valdez, E., Jaeger, T., et al: ‘shype: secure hypervisor approach to trusted virtualized systems’. IBM Research Report RC23511, 2005.
    33. 33)
      • 30. Steinberg, U., Kauer, B.: ‘NOVA: A microhypervisor-based secure virtualization architecture’. Proc. Int. Conf. on ACM European Conf. in Computer Systems, Paris, France, April 2010, pp. 209222.
    34. 34)
      • 10. Litty, L., Lagar-Cavilla, H.A., Lie, D.: ‘Hypervisor support for identifying covertly executing binaries’. Proc. Int. Conf. on USENIX Security Symp., San Jose, CA, USA, July 2008, pp. 243258.
    35. 35)
      • 25. Liston, T., Skoudis, E.: ‘On the cutting edge: Thwarting virtual machine detection’. July 2006.
    36. 36)
      • 26. Smith, V., Quist, D.: ‘Hacking Malware: offense is the new defense’. Proc. Int. Conf. Defcon, Las Vegas, NV, USA, August 2006.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2012.0252
Loading

Related content

content/journals/10.1049/iet-ifs.2012.0252
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address