Virtual Machine Monitor-based Hiding Method for Access to Debug Registers

Submitted by grigby1 on Thu, 07/08/2021 - 2:27pm

Title	Virtual Machine Monitor-based Hiding Method for Access to Debug Registers
Publication Type	Conference Paper
Year of Publication	2020
Authors	Sato, Masaya, Taniguchi, Hideo, Nakamura, Ryosuke
Conference Name	2020 Eighth International Symposium on Computing and Networking (CANDAR)
Keywords	composability, cryptography, Cyber physical system, debug register, Hardware, Monitoring, Operating systems, pubcrawl, Registers, resilience, Resiliency, security, system security, virtual machine, virtual machine monitor, Virtual machine monitors, virtual machine security, Virtual machining, Writing
Abstract	To secure a guest operating system running on a virtual machine (VM), a monitoring method using hardware breakpoints by a virtual machine monitor is required. However, debug registers are visible to guest operating systems; thus, malicious programs on a guest operating system can detect or disable the monitoring method. This paper presents a method to hide access to debug registers from programs running on a VM. Our proposed method detects programs' access to debug registers and disguises the access as having succeeded. The register's actual value is not visible or modifiable to programs, so the monitoring method is hidden. This paper presents the basic design and evaluation results of our method.
DOI	10.1109/CANDAR51075.2020.00036
Citation Key	sato_virtual_2020

Groups: