HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
Zhi Wang,Xuxian Jiang +1 more
- pp 380-395
Reads0
Chats0
TLDR
This paper presents HyperSafe, a lightweight approach that endows existing Type-I bare-metal hypervisors with a unique self-protection capability to provide lifetime control flow integrity and shows HyperSafe can reliably enable the hypervisor self- protection and provide the integrity guarantee with a small performance overhead.Abstract:
Virtualization is being widely adopted in today’s computing systems. Its unique security advantages in isolating and introspecting commodity OSes as virtual machines (VMs) have enabled a wide spectrum of applications. However, a common, fundamental assumption is the presence of a trustworthy hypervisor. Unfortunately, the large code base of commodity hypervisors and recent successful hypervisor attacks (e.g., VM escape) seriously question the validity of this assumption. In this paper, we present HyperSafe, a lightweight approach that endows existing Type-I bare-metal hypervisors with a unique self-protection capability to provide lifetime control flow integrity. Specifically, we propose two key techniques. The first one, non-bypassable memory lockdown, reliably protects the hypervisor’s code and static data from being compromised even in the presence of exploitable memory corruption bugs (e.g., buffer overflows), therefore successfully providing hypervisor code integrity. The second one, restricted pointer indexing, introduces one layer of indirection to convert the control data into pointer indexes. These pointer indexes are restricted such that the corresponding call/return targets strictly follow the hypervisor control flow graph, hence expanding protection to control-flow integrity. We have built a prototype and used it to protect two open-source Type-I hypervisors: BitVisor and Xen. The experimental results with synthetic hypervisor exploits and benchmarking programs show HyperSafe can reliably enable the hypervisor self-protection and provide the integrity guarantee with a small performance overhead.read more
Citations
More filters
Journal ArticleDOI
An analysis of security issues for cloud computing
TL;DR: This work identifies the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment as well as to identify and relate vulnerabilities and threats with possible solutions.
Proceedings ArticleDOI
SoK: Eternal War in Memory
TL;DR: The current knowledge about various protection techniques are systematized by setting up a general model for memory corruption attacks, and what policies can stop which attacks are shown, to analyze the reasons why protection mechanisms implementing stricter polices are not deployed.
Proceedings ArticleDOI
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization
Kevin Z. Snow,Fabian Monrose,Lucas Davi,Alexandra Dmitrienko,Christopher Liebchen,Ahmad-Reza Sadeghi +5 more
TL;DR: This paper introduces the design and implementation of a framework based on a novel attack strategy that undermines the benefits of fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on the fly.
Proceedings ArticleDOI
Practical Control Flow Integrity and Randomization for Binary Executables
Chao Zhang,Tao Wei,Zhaofeng Chen,Lei Duan,Laszlo Szekeres,Stephen McCamant,Dawn Song,Wei Zou +7 more
TL;DR: A new practical and realistic protection method called CCFIR (Compact Control Flow Integrity and Randomization), which addresses the main barriers to CFI adoption and can stop control-flow hijacking attacks including ROP and return-into-libc.
Proceedings Article
Control flow integrity for COTS binaries
Mingwei Zhang,R. C. Sekar +1 more
TL;DR: This work demonstrates that the first work to apply CFI to complex shared libraries such as glibc is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets.
References
More filters
Journal ArticleDOI
Xen and the art of virtualization
Paul Barham,Boris Dragovic,Keir Fraser,Steven Hand,Tim Harris,Alex Ho,Rolf Neugebauer,Ian Pratt,Andrew Warfield +8 more
TL;DR: Xen, an x86 virtual machine monitor which allows multiple commodity operating systems to share conventional hardware in a safe and resource managed fashion, but without sacrificing either performance or functionality, considerably outperform competing commercial and freely available solutions.
Proceedings ArticleDOI
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
TL;DR: A new symbolic execution tool, KLEE, capable of automatically generating tests that achieve high coverage on a diverse set of complex and environmentally-intensive programs, and significantly beat the coverage of the developers' own hand-written test suite is presented.
Proceedings Article
A Virtual Machine Introspection Based Architecture for Intrusion Detection.
Tal Garfinkel,Mendel Rosenblum +1 more
TL;DR: This paper presents an architecture that retains the visibility of a host-based IDS, but pulls the IDS outside of the host for greater attack resistance, achieved through the use of a virtual machine monitor.
Proceedings ArticleDOI
seL4: formal verification of an OS kernel
Gerwin Klein,Kevin Elphinstone,Gernot Heiser,June Andronick,David Cock,Philip Derrin,Dhammika Elkaduwe,Kai Engelhardt,Rafal Kolanski,Michael Norrish,Thomas Sewell,Harvey Tuch,Simon Winwood +12 more
TL;DR: To the knowledge, this is the first formal proof of functional correctness of a complete, general-purpose operating-system kernel.
Proceedings Article
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
Crispin Cowan,Calton Pu,Dave Maier,Heather Hintony,Jonathan Walpole,Peat Bakke,Steve Beattie,Aaron Grier,Perry Wagle,Qian Zhang +9 more
TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.