Reliability and Security Monitoring of Virtual Machines using Hardware Architectural Invariants
Title | Reliability and Security Monitoring of Virtual Machines using Hardware Architectural Invariants |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Cuong Pham, University of Illinois at Urbana-Champaign, Zachary J. Estrada, University of Illinois at Urbana-Champaign, Zbigniew Kalbarczyk, University of Illinois at Urbana-Champaign, Ravishankar K. Iyer, University of Illinois at Urbana-Champaign |
Conference Name | 44th International Conference on Dependable Systems and Networks |
Publisher | IEEE Computer Society |
Conference Location | Atlanta, GA |
Keywords | architectural invariants, Data Driven Security Models and Analysis, Monitoring, NSA SoS Lablets Materials, science of security, UIUC, virtual machines |
Abstract | This paper presents a solution that simultaneously addresses both reliability and security (RnS) in a monitoring framework. We identify the commonalities between reliability and security to guide the design of HyperTap, a hypervisor-level framework that efficiently supports both types of monitoring in virtualization environments. In HyperTap, the logging of system events and states is common across monitors and constitutes the core of the framework. The audit phase of each monitor is implemented and operated independently. In addition, HyperTap relies on hardware invariants to provide a strongly isolated root of trust. HyperTap uses active monitoring, which can be adapted to enforce a wide spectrum of RnS policies. We validate Hy- perTap by introducing three example monitors: Guest OS Hang Detection (GOSHD), Hidden RootKit Detection (HRKD), and Privilege Escalation Detection (PED). Our experiments with fault injection and real rootkits/exploits demonstrate that HyperTap provides robust monitoring with low performance overhead. |
Notes | Winner of the William C. Carter Award for Best Paper based on PhD work and Best Paper Award voted by conference participants. |
URL | https://publish.illinois.edu/science-of-security-lablet/files/2014/05/Reliability-and-Security-Monit... |
Citation Key | node-23290 |
Attachment | Size |
---|---|
bytes |