Computer
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Improving the reliability of commodity operating systems
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Intel Virtualization Technology
Computer
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A comparison of software and hardware techniques for x86 virtualization
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Certifying program execution with secure processors
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Hello rootKitty: a lightweight invariance-enforcing framework
ISC'11 Proceedings of the 14th international conference on Information security
Composable IO: a novel resource sharing platform in personal Clouds
The Journal of Supercomputing
Virtualization: Issues, security threats, and solutions
ACM Computing Surveys (CSUR)
Security-Preserving Live Migration of Virtual Machines in the Cloud
Journal of Network and Systems Management
| Hi-index | 0.01 |
An important goal of software security is to ensure sensitive/secret data owned by a program shall be exclusively accessible by the program. An obstacle to such security goal is that modern commodity operating systems (OS) for the sake of speed and flexibility have a unified linear address space--any OS kernel program can access all the linear addresses. As a result, rootkits or malicious system software are able to control the OS virtual address space, harvest the sensitive data used by software programs on the compromised computer, and report the data to remote entities controlled by hackers. In this paper, we present a holistic approach against sophisticated malware. Instead of focusing on the security of various abstraction layers of OS, we utilize the hardware techniques to directly provide the trust services to software programs. Without modifying OS, we leverage the virtual machine monitor technologies to create a lightweight hypervisor for fine-grain software runtime memory protection. As a result, a program's memory could be hidden from other high privilege system software in a single commodity OS. In addition, we propose the data locker component in the hypervisor, which prevents the sensitive data of software program in persistent storage from leaking to rootkits or other malware. For the performance evaluation, the implementation based on hardware-assisted x86 virtualization technology is presented and experimental results are reported.