Visible to the public Reliability and Security Monitoring of Virtual Machines using Hardware Architectural InvariantsConflict Detection Enabled

TitleReliability and Security Monitoring of Virtual Machines using Hardware Architectural Invariants
Publication TypeConference Paper
Year of Publication2014
AuthorsCuong Pham, University of Illinois at Urbana-Champaign, Zachary J. Estrada, University of Illinois at Urbana-Champaign, Zbigniew Kalbarczyk, University of Illinois at Urbana-Champaign, Ravishankar K. Iyer, University of Illinois at Urbana-Champaign
Conference Name44th International Conference on Dependable Systems and Networks
PublisherIEEE Computer Society
Conference LocationAtlanta, GA
Keywordsarchitectural invariants, Data Driven Security Models and Analysis, Monitoring, NSA SoS Lablets Materials, science of security, UIUC, virtual machines
Abstract

This paper presents a solution that simultaneously addresses both reliability and security (RnS) in a monitoring framework. We identify the commonalities between reliability and security to guide the design of HyperTap, a hypervisor-level framework that efficiently supports both types of monitoring in virtualization environments. In HyperTap, the logging of system events and states is common across monitors and constitutes the core of the framework. The audit phase of each monitor is implemented and operated independently. In addition, HyperTap relies on hardware invariants to provide a strongly isolated root of trust. HyperTap uses active monitoring, which can be adapted to enforce a wide spectrum of RnS policies. We validate Hy- perTap by introducing three example monitors: Guest OS Hang Detection (GOSHD), Hidden RootKit Detection (HRKD), and Privilege Escalation Detection (PED). Our experiments with fault injection and real rootkits/exploits demonstrate that HyperTap provides robust monitoring with low performance overhead.

Notes

Winner of the William C. Carter Award for Best Paper based on PhD work and Best Paper Award voted by conference participants.

URLhttps://publish.illinois.edu/science-of-security-lablet/files/2014/05/Reliability-and-Security-Monit...
Citation Keynode-23290

Other available formats:

Reliability and Security Monitoring of Virtual Machines using Hardware Architectural Invariants
AttachmentSize
bytes