HyperPS: A Hypervisor Monitoring Approach Based on Privilege Separation

In monolithic operating system (OS), any error of system software can be exploit to destroy the whole system. The situation becomes much more severe in cloud environment, when the kernel and the hypervisor share the same address space. The security of guest Virtual Machines (VMs), both sensitive data and vital code, can no longer be guaranteed, once the hypervisor is compromised. Therefore, it is essential to deploy some security approaches to secure VMs, regardless of the hypervisor is safe or not. Some approaches propose microhypervisor reducing attack surface, or a new software requiring a higher privilege level than hypervisor. In this paper, we propose a novel approach, named HyperPS, which separates the fundamental and crucial privilege into a new trusted environment in order to monitor hypervisor. A pivotal condition for HyperPS is that hypervisor must not be allowed to manipulate any security-sensitive system resources, such as page tables, system control registers, interaction between VM and hypervisor as well as VM memory mapping. Besides, HyperPS proposes a trusted environment which does not rely on any higher privilege than the hypervisor. We have implemented a prototype for KVM hypervisor on x86 platform with multiple VMs running Linux. KVM with HyperPS can be applied to current commercial cloud computing industry with portability. The security analysis shows that this approach can provide effective monitoring against attacks, and the performance evaluation confirms the efficiency of HyperPS

[1]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[2]  Yong Qi,et al.  Nosv: A lightweight nested-virtualization VMM for hosting high performance computing on cloud , 2017, J. Syst. Softw..

[3]  Bo Li,et al.  CloudAuditor: A Cloud Auditing Framework Based on Nested Virtualization , 2016, 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud).

[4]  Peng Liu,et al.  MyCloud: supporting user-configured privacy protection in cloud computing , 2013, ACSAC.

[5]  Yue Chen,et al.  Design and Implementation of SecPod, A Framework for Virtualization-Based Security Systems , 2015, IEEE Transactions on Dependable and Secure Computing.

[6]  Yunheung Paek,et al.  Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM , 2017, NDSS.

[7]  Zhi Wang,et al.  Isolating commodity hosted hypervisors with HyperLock , 2012, EuroSys '12.

[8]  Peng Liu,et al.  Detangling Resource Management Functions from the TCB in Privacy-Preserving Virtualization , 2014, ESORICS.

[9]  Yunheung Paek,et al.  KI-Mon ARM: A Hardware-Assisted Event-triggered Monitoring Platform for Mutable Kernel Object , 2019, IEEE Transactions on Dependable and Secure Computing.

[10]  Liang Deng,et al.  Dancing with Wolves: Towards Practical Event-driven VMM Monitoring , 2017, VEE.

[11]  Udo Steinberg,et al.  NOVA: a microhypervisor-based secure virtualization architecture , 2010, EuroSys '10.

[12]  Peng Ning,et al.  SKEE: A lightweight Secure Kernel-level Execution Environment for ARM , 2016, NDSS.

[13]  Zhi Wang,et al.  Taming Hosted Hypervisors with (Mostly) Deprivileged Execution , 2013, NDSS.

[14]  Yunheung Paek,et al.  Vigilare: toward snoop-based kernel integrity monitor , 2012, CCS '12.