HyperForce: Hypervisor-enforced execution of security-critical code

Francesco Gadaleta; Nick Nikiforakis; Jan Tobias Mühlberg; Wouter Joosen

doi:10.1007/978-3-642-30436-1_11

HyperForce: Hypervisor-enforced execution of security-critical code

Francesco Gadaleta
, Nick Nikiforakis
, Jan Tobias Mühlberg
, Wouter Joosen

Computer Science

Stony Brook University

KU Leuven

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

The sustained popularity of the cloud and cloud-related services accelerate the evolution of virtualization-enabling technologies. Modern off-the-shelf computers are already equipped with specialized hardware that enables a hypervisor to manage the simultaneous execution of multiple operating systems. Researchers have proposed security mechanisms that operate within such a hypervisor to protect the virtualized operating systems from attacks. These mechanisms improve in security over previous techniques since the defense system is no longer part of an operating system's attack surface. However, due to constant transitions between the hypervisor and the operating systems, these countermeasures typically incur a significant performance overhead. In this paper we present HyperForce, a framework which allows the deployment of security-critical code in a way that significantly outperforms previous in-hypervisor systems while maintaining similar guarantees with respect to security and integrity. HyperForce is a hybrid system which combines the performance of an in-guest security mechanism with the security of in-hypervisor one. We evaluate our framework by using it to re-implement an invariance-based rootkit detection system and show the performance benefits of a HyperForce-utilizing countermeasure.

Original language	English
Title of host publication	Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings
Pages	126-137
Number of pages	12
DOIs	https://doi.org/10.1007/978-3-642-30436-1_11
State	Published - 2012
Event	27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012 - Heraklion, Crete, Greece Duration: Jun 4 2012 → Jun 6 2012

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	376 AICT

Conference

Conference	27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012
Country/Territory	Greece
City	Heraklion, Crete
Period	06/4/12 → 06/6/12

Keywords

countermeasure
hypervisor
virtual devices
virtualization

Access to Document

10.1007/978-3-642-30436-1_11

Cite this

Gadaleta, F., Nikiforakis, N., Mühlberg, J. T., & Joosen, W. (2012). HyperForce: Hypervisor-enforced execution of security-critical code. In Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings (pp. 126-137). (IFIP Advances in Information and Communication Technology; Vol. 376 AICT). https://doi.org/10.1007/978-3-642-30436-1_11

@inproceedings{94919c98b65e4fde9875ea1e6c03295d,

title = "HyperForce: Hypervisor-enforced execution of security-critical code",

abstract = "The sustained popularity of the cloud and cloud-related services accelerate the evolution of virtualization-enabling technologies. Modern off-the-shelf computers are already equipped with specialized hardware that enables a hypervisor to manage the simultaneous execution of multiple operating systems. Researchers have proposed security mechanisms that operate within such a hypervisor to protect the virtualized operating systems from attacks. These mechanisms improve in security over previous techniques since the defense system is no longer part of an operating system's attack surface. However, due to constant transitions between the hypervisor and the operating systems, these countermeasures typically incur a significant performance overhead. In this paper we present HyperForce, a framework which allows the deployment of security-critical code in a way that significantly outperforms previous in-hypervisor systems while maintaining similar guarantees with respect to security and integrity. HyperForce is a hybrid system which combines the performance of an in-guest security mechanism with the security of in-hypervisor one. We evaluate our framework by using it to re-implement an invariance-based rootkit detection system and show the performance benefits of a HyperForce-utilizing countermeasure.",

keywords = "countermeasure, hypervisor, virtual devices, virtualization",

author = "Francesco Gadaleta and Nick Nikiforakis and M{\"u}hlberg, \{Jan Tobias\} and Wouter Joosen",

year = "2012",

doi = "10.1007/978-3-642-30436-1\_11",

language = "English",

isbn = "9783642304354",

series = "IFIP Advances in Information and Communication Technology",

pages = "126--137",

booktitle = "Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings",

note = "27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012 ; Conference date: 04-06-2012 Through 06-06-2012",

}

Gadaleta, F, Nikiforakis, N, Mühlberg, JT & Joosen, W 2012, HyperForce: Hypervisor-enforced execution of security-critical code. in Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings. IFIP Advances in Information and Communication Technology, vol. 376 AICT, pp. 126-137, 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, 06/4/12. https://doi.org/10.1007/978-3-642-30436-1_11

HyperForce: Hypervisor-enforced execution of security-critical code. / Gadaleta, Francesco; Nikiforakis, Nick; Mühlberg, Jan Tobias et al.
Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings. 2012. p. 126-137 (IFIP Advances in Information and Communication Technology; Vol. 376 AICT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - HyperForce

T2 - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012

AU - Gadaleta, Francesco

AU - Nikiforakis, Nick

AU - Mühlberg, Jan Tobias

AU - Joosen, Wouter

PY - 2012

Y1 - 2012

N2 - The sustained popularity of the cloud and cloud-related services accelerate the evolution of virtualization-enabling technologies. Modern off-the-shelf computers are already equipped with specialized hardware that enables a hypervisor to manage the simultaneous execution of multiple operating systems. Researchers have proposed security mechanisms that operate within such a hypervisor to protect the virtualized operating systems from attacks. These mechanisms improve in security over previous techniques since the defense system is no longer part of an operating system's attack surface. However, due to constant transitions between the hypervisor and the operating systems, these countermeasures typically incur a significant performance overhead. In this paper we present HyperForce, a framework which allows the deployment of security-critical code in a way that significantly outperforms previous in-hypervisor systems while maintaining similar guarantees with respect to security and integrity. HyperForce is a hybrid system which combines the performance of an in-guest security mechanism with the security of in-hypervisor one. We evaluate our framework by using it to re-implement an invariance-based rootkit detection system and show the performance benefits of a HyperForce-utilizing countermeasure.

AB - The sustained popularity of the cloud and cloud-related services accelerate the evolution of virtualization-enabling technologies. Modern off-the-shelf computers are already equipped with specialized hardware that enables a hypervisor to manage the simultaneous execution of multiple operating systems. Researchers have proposed security mechanisms that operate within such a hypervisor to protect the virtualized operating systems from attacks. These mechanisms improve in security over previous techniques since the defense system is no longer part of an operating system's attack surface. However, due to constant transitions between the hypervisor and the operating systems, these countermeasures typically incur a significant performance overhead. In this paper we present HyperForce, a framework which allows the deployment of security-critical code in a way that significantly outperforms previous in-hypervisor systems while maintaining similar guarantees with respect to security and integrity. HyperForce is a hybrid system which combines the performance of an in-guest security mechanism with the security of in-hypervisor one. We evaluate our framework by using it to re-implement an invariance-based rootkit detection system and show the performance benefits of a HyperForce-utilizing countermeasure.

KW - countermeasure

KW - hypervisor

KW - virtual devices

KW - virtualization

UR - https://www.scopus.com/pages/publications/84863910128

U2 - 10.1007/978-3-642-30436-1_11

DO - 10.1007/978-3-642-30436-1_11

M3 - Conference contribution

SN - 9783642304354

T3 - IFIP Advances in Information and Communication Technology

SP - 126

EP - 137

BT - Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings

Y2 - 4 June 2012 through 6 June 2012

ER -

HyperForce: Hypervisor-enforced execution of security-critical code

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this