Protecting files hosted on virtual machines with out-of-guest access control
Xie, Geoffrey G.
Prince, Charles D.
MetadataShow full item record
When an operating system (OS) runs on a virtual machine (VM), a hypervisor, the software that facilitates virtualization of computer hardware, provides a service called introspection, which is used for monitoring the internal state of the VM. However, a VM still shares all of the vulnerabilities of its resident OS and software. At some point in time, it will likely be the victim of a successful exploitation. In this research, we develop a security solution, leveraging introspection and enforcement of a separate shadow access control list (SACL) in the hypervisor to protect critical user files hosted on a VM against a range of zero-day attacks. The main security features of our solution include 1) zero-footprint in the guest VM by maintaining an out-of-guest SACL and other required security information in the hypervisor; 2) protection of critical user files from unauthorized access even if an attacker has managed to obtain root privileges on the VM; 3) application white listing to thwart malware execution; and 4) kernel protection by denying both kernel reboot and runtime addition of kernel modules. We conclude that our solution can successfully protect user files against unauthorized access. The observed performance overhead, although significant, remains within usable levels and is mainly attributed to the context switch between the hypervisor and the VM.
RightsCopyright is reserved by the copyright owner.
Showing items related by title, author, creator and subject.
Fannon, Robert C. (Monterey, California: Naval Postgraduate School, 2014-06);The use of virtual machine (VM) technology has expanded rapidly since AMD and Intel implemented hardware-assisted virtualization in their respective x86 architectures. These new capabilities have resulted in a corresponding ...
Grant, James A.; Szechtman, Roberto (ArXiv, 2020-07);Most existing solutions for protecting VMs assume known attack patterns or signatures and focus on detecting malicious manipulations of system files and kernel level memory structures. In this research we develop a system ...
Peppas, Alexis; Xie, Geoffrey G.; Prince, Charles D. (ArXiv, 2017-12);Most existing solutions for protecting VMs assume known attack patterns or signatures and focus on detecting malicious manipulations of system files and kernel level memory structures. In this research we develop a system ...