Taming Hosted Hypervisors with (Mostly) Deprivileged Execution.
作者: Xuxian Jiang , Chiachih Wu , Zhi Wang
DOI:
关键词:
摘要: Recent years have witnessed increased adoption of hosted hypervisors in virtualized computer systems. By non-intrusively extending commodity OSs, can effectively take advantage a variety mature and stable features as well the existing broad user base OSs. However, virtualizing system is still rather complex task. As result, typically large code (e.g., 33.6K SLOC for KVM), which inevitably introduces exploitable software bugs. Unfortunately, any compromised hypervisor immediately jeopardize host subsequently affect all running guests same physical machine. In this paper, we present that aims to dramatically reduce exposed attack surface by deprivileging its execution mode. essence, decoupling from OS execution, our demotes mostly user-level library, not only substantially reduces (with much smaller TCB), but also brings additional benefits allowing better development debugging concurrent multiple To evaluate effectiveness, developed proof-ofconcept prototype successfully deprivileges ∼ 93.2% loadable KVM module mode while adding small TCB (2.3K SLOC) kernel. Additional evaluation results with number benchmark programs further demonstrate practicality efficiency.
fsu.edu 
ndss-symposium.org 参考文章(45)
Ted Wobber, Úlfar Erlingsson, Tom Roeder, Virtual Environments for Unreliable Extensions pp. 10- ,(2005)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
David Lie, Lionel Litty, H. Andrés Lagar-Cavilla, Hypervisor support for identifying covertly executing binaries usenix security symposium. pp. 243- 258 ,(2008)
Silas Boyd-Wickizer, Nickolai Zeldovich, Tolerating malicious device drivers in Linux usenix annual technical conference. pp. 9- 9 ,(2010)
Jeff Bonwick, The slab allocator: an object-caching kernel memory allocator usenix summer technical conference. pp. 6- 6 ,(1994)
Emin Gün Sirer, Fred B. Schneider, Kevin Walsh, Dan Williams, Patrick Reynolds, Device driver safety through a reference validation mechanism operating systems design and implementation. pp. 241- 254 ,(2008) , 10.5555/1855741.1855758
Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, Adrian Perrig, Lockdown: towards a safe and practical architecture for security applications on commodity platforms trust and trustworthy computing. pp. 34- 54 ,(2012) , 10.1007/978-3-642-30921-2_3
Jeff Dike, A user-mode port of the linux kernel ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4. pp. 7- 7 ,(2000)
Lok Kwong Yan, Heng Yin, DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis usenix security symposium. pp. 29- 29 ,(2012)
Ben-Ami Yassour, Muli Ben-Yehuda, Michael Factor, Orit Wasserman, Nadav Har'El, Anthony Liguori, Abel Gordon, Zvi Dubitzky, Michael D. Day, The turtles project: design and implementation of nested virtualization operating systems design and implementation. pp. 423- 436 ,(2010) , 10.5555/1924943.1924973