UVHM: Model Checking Based Formal Analysis Scheme for Hypervisors

  • Yuchao She
  • Hui Li
  • Hui Zhu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7804)


Hypervisors act a central role in virtualization for cloud computing. However, current security solutions, such as installing IDS model on hypervisors to detect known and unknown attacks, can not be applied well to the virtualized environments. Whats more, people have not raised enough concern about vulnerabilities of hypervisors themselves. Existing works mainly focusing on hypervisors’ code analysis can only verify the correctness, rather than security, or only be suitable for open-source hypervisors. In this paper, we design a binary analysis tool using formal methods to discover vulnerabilities of hypervisors. In the scheme, Z notation, VDM, B, Object-Z or CSP formalism can be utilized as suitable modeling and specification languages. Our proposal sequently follows the process of disassembly, modeling, specification, and verification. Finally, the effectiveness of the method is demonstrated by detecting the vulnerability of Xen-3.3.0 in which a bug is added.


hypervisor security model checking formal analysis 


  1. 1.
    Marshall, D.: Microsoft Hyper-V gets its first security patch. Infoworld (February 2010),
  2. 2.
    Vulnerability report: MS11-047 – Vulnerability in Microsoft Hyper-V could cause denial of service (June 2011),
  3. 3.
    Clarke, E., Grumberg, O., Long, D.: Model Checking. MIT Press (1999)Google Scholar
  4. 4.
    Baier, C., Katoen, J.P.: Principles of Model Checking. MIT Press (2008)Google Scholar
  5. 5.
    Leinenbach, D., Santen, T.: Verifying the Microsoft Hyper-V Hypervisor with VCC. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 806–809. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Freitas, L., McDermott, J.: Formal methods for security in the Xenon hypervisor. International Journal on Software Tools for Technology Transfer 13(5), 463–489 (2011)CrossRefGoogle Scholar
  7. 7.
    Webster, M., Malcolm, G.: Detection of metamorphic and virtualization-based malware using algebraic specifi cation. In: EICAR 2008 (2008)Google Scholar
  8. 8.
    Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley (2004)Google Scholar
  9. 9.
    Ball, T., Levin, V., Rajamani, S.K.: A Decade of Software Model Checking with SLAM. Communications of the ACM 54(7), 68–76 (2011)CrossRefGoogle Scholar
  10. 10.
    Denning, D.: lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Shen, J., Qing, S.: A Dynamic Information Flow Model of Secure Systems. In: CCS, pp. 341–343 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Yuchao She
    • 1
  • Hui Li
    • 1
  • Hui Zhu
    • 1
    • 2
  1. 1.State Key Laboratory of Integrated Service Networks (ISN)Xidian UniversityXi’anP.R. China
  2. 2.Network and Data Security Key Laboratory of Sichuan ProvinceXidian UniversityChengduP.R. China

Personalised recommendations