Preventing Secret Data Leakage from Foreign Mappings in Virtual Machines

The foreign mapping mechanism of Xen is used in privileged virtual machines (VM) for platform management. With help of it, a privileged VM can map arbitrary machine frames of memory from a specific VM into its page tables. This leaves a vulnerability that malware may compromise the secrecy of normal VMs by exploiting the foreign mapping mechanism. To address this privacy exposure, we present a novel application’s memory privacy protection (AMP2) scheme by exploiting hypervisor. In AMP2, an application can protect its memory privacy by registering its address space into hypervisor; before the application exists or cancels its protection, any foreign mapping to protected pages will be disabled. With these measures, AMP2 prevents sensitive data leakage when malware attempts to eavesdrop them by exploiting foreign mapping. Finally, extensive experiments are performed to validate AMP2. The experimental results show that AMP2 achieves strong privacy resilency while incurs only 2% extra overhead for CPU workloads.

[1]  Xuxian Jiang,et al.  Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction , 2007, CCS '07.

[2]  Kevin Borders,et al.  Protecting Confidential Data on Personal Computers with Storage Capsules , 2009, USENIX Security Symposium.

[3]  Andrea C. Arpaci-Dusseau,et al.  VMM-based hidden process detection and identification using Lycosid , 2008, VEE '08.

[4]  David Lie,et al.  Hypervisor Support for Identifying Covertly Executing Binaries , 2008, USENIX Security Symposium.

[5]  Abhinav Srivastava,et al.  Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections , 2008, RAID.

[6]  Wenke Lee,et al.  Secure and Flexible Monitoring of Virtual Machines , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[7]  David Lie,et al.  Manitou: a layer-below approach to fighting malware , 2006, ASID '06.

[8]  Xuxian Jiang,et al.  "Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots , 2007, RAID.

[9]  Carl A. Waldspurger,et al.  Memory resource management in VMware ESX server , 2002, OSDI '02.

[10]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[11]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[12]  Kang G. Shin,et al.  Using hypervisor to provide data secrecy for user applications on a per-page basis , 2008, VEE '08.

[13]  Michael W. Hicks,et al.  Automated detection of persistent kernel control-flow attacks , 2007, CCS '07.

[14]  Rafal Wojtczuk Subverting the Xen hypervisor , 2008 .

[15]  Kuniyasu Suzaki,et al.  Xenprobus, a Lightweight User-Space Probing Framework for Xen Virtual Machine , 2007, USENIX Annual Technical Conference.

[16]  Andrea C. Arpaci-Dusseau,et al.  Antfarm: Tracking Processes in a Virtual Machine Environment , 2006, USENIX Annual Technical Conference, General Track.

[17]  A. Kivity,et al.  kvm : the Linux Virtual Machine Monitor , 2007 .

[18]  Steven Hand,et al.  Improving Xen security through disaggregation , 2008, VEE '08.

[19]  Zhi Wang,et al.  HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity , 2010, 2010 IEEE Symposium on Security and Privacy.