Publications-Periodical Articles
Article View/Open
Publication Export
-
題名 Hardware-Assisted MMU Redirection for In-guest Monitoring and API Profiling 作者 蕭舜文
Hsiao, Shun-Wen
孫雅麗
陳孟彰貢獻者 資管系 日期 2020-01 上傳時間 2020-05-27 摘要 With the advance of hardware, network, and virtualization technologies, cloud computing has prevailed and become the target of security threats such as the cross virtual machine (VM) side channel attack, with which malicious users exploit vulnerabilities to gain information or access to other guest virtual machines. Among the many virtualization technologies, the hypervisor manages the shared resource pool to ensure that the guest VMs can be properly served and isolated from each other. However, while managing the shared hardware resources, due to the presence of the virtualization layer and different CPU modes (root and non-root mode), when a CPU is switched to non-root mode and is occupied by a guest machine, a hypervisor cannot intervene with a guest at runtime. Thus, the execution status of a guest is like a black box to a hypervisor, and the hypervisor cannot mediate possible malicious behavior at runtime. To rectify this, we propose a hardware-assisted VMI (virtual machine introspection) based in-guest process monitoring mechanism which supports monitoring and management applications such as process profiling. The mechanism allows hooks placed within a target process (which the security expert selects to monitor and profile) of a guest virtual machine and handles hook invocations via the hypervisor. In order to facilitate the needed monitoring and/or management operations in the guest machine, the mechanism redirects access to in-guest memory space to a controlled, self-defined memory within the hypervisor by modifying the extended page table (EPT) to minimize guest and host machine switches. The advantages of the proposed mechanism include transparency, high performance, and comprehensive semantics. To demonstrate the capability of the proposed mechanism, we develop an API profiling system (APIf) to record the API invocations of the target process. The experimental results show an average performance degradation of about 2.32%, far better than existing simila... 關聯 IEEE Transactions on Information Forensics and Security 資料類型 article DOI http://doi.org/10.1109/TIFS.2020.2969514 dc.contributor 資管系 dc.creator (作者) 蕭舜文 dc.creator (作者) Hsiao, Shun-Wen dc.creator (作者) 孫雅麗 dc.creator (作者) 陳孟彰 dc.date (日期) 2020-01 dc.date.accessioned 2020-05-27 - dc.date.available 2020-05-27 - dc.date.issued (上傳時間) 2020-05-27 - dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/129971 - dc.description.abstract (摘要) With the advance of hardware, network, and virtualization technologies, cloud computing has prevailed and become the target of security threats such as the cross virtual machine (VM) side channel attack, with which malicious users exploit vulnerabilities to gain information or access to other guest virtual machines. Among the many virtualization technologies, the hypervisor manages the shared resource pool to ensure that the guest VMs can be properly served and isolated from each other. However, while managing the shared hardware resources, due to the presence of the virtualization layer and different CPU modes (root and non-root mode), when a CPU is switched to non-root mode and is occupied by a guest machine, a hypervisor cannot intervene with a guest at runtime. Thus, the execution status of a guest is like a black box to a hypervisor, and the hypervisor cannot mediate possible malicious behavior at runtime. To rectify this, we propose a hardware-assisted VMI (virtual machine introspection) based in-guest process monitoring mechanism which supports monitoring and management applications such as process profiling. The mechanism allows hooks placed within a target process (which the security expert selects to monitor and profile) of a guest virtual machine and handles hook invocations via the hypervisor. In order to facilitate the needed monitoring and/or management operations in the guest machine, the mechanism redirects access to in-guest memory space to a controlled, self-defined memory within the hypervisor by modifying the extended page table (EPT) to minimize guest and host machine switches. The advantages of the proposed mechanism include transparency, high performance, and comprehensive semantics. To demonstrate the capability of the proposed mechanism, we develop an API profiling system (APIf) to record the API invocations of the target process. The experimental results show an average performance degradation of about 2.32%, far better than existing simila... dc.format.extent 3290091 bytes - dc.format.mimetype application/pdf - dc.relation (關聯) IEEE Transactions on Information Forensics and Security dc.title (題名) Hardware-Assisted MMU Redirection for In-guest Monitoring and API Profiling dc.type (資料類型) article dc.identifier.doi (DOI) 10.1109/TIFS.2020.2969514 dc.doi.uri (DOI) http://doi.org/10.1109/TIFS.2020.2969514
