CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Hypervisor integrity measurement assistant

Lars Rasmusson ; Mazdak Rajabi Nasab (Institutionen för data- och informationsteknik, Nätverk och system, Datakommunikation och distribuerade system (Chalmers))
CLOSER 2013 - Proceedings of the 3rd International Conference on Cloud Computing and Services Science p. 26-35. (2013)
[Konferensbidrag, refereegranskat]

An attacker who has gained access to a computer may want to run arbitrary programs of his choice, and upload or modify configuration files, etc. We can severely restrict the power of the attacker by having a white-list of approved file checksums and a mechanism that prevents the kernel from loading any file with a bad checksum. The check may be placed in the kernel, but that requires a kernel that is prepared for it. The check may also be placed in a hypervisor which intercepts the kernel and prevents the kernel from loading a bad file. Moving the integrity check out from the VM kernel makes it harder for the intruder to bypass the check. We describe the implementation of two systems and give performance results. In the first implementation the checksumming and decision is performed by the hypervisor instead of by the kernel. In the second implementation the kernel computes the checksum and only the final integrity decision is made by the hypervisor. We conclude that it is technically possible to put file integrity control into the hypervisor, both for kernels without and with pre-compiled support for integrity measurement.

Nyckelord: Checksumming, Cloud computing, Hosted computing, Machine code inspection, Security, Untrusted code, Virtual machine

Denna post skapades 2013-11-28.
CPL Pubid: 187759