Abstract
The foreign mapping mechanism of Xen is used in privileged virtual machines (VM) for platform management. With help of it, a privileged VM can map arbitrary machine frames of memory from a specific VM into its page tables. This leaves a vulnerability that malware may compromise the secrecy of normal VMs by exploiting the foreign mapping mechanism. To address this privacy exposure, we present a novel application’s memory privacy protection (AMP2) scheme by exploiting hypervisor. In AMP2, an application can protect its memory privacy by registering its address space into hypervisor; before the application exists or cancels its protection, any foreign mapping to protected pages will be disabled. With these measures, AMP2 prevents sensitive data leakage when malware attempts to eavesdrop them by exploiting foreign mapping. Finally, extensive experiments are performed to validate AMP2. The experimental results show that AMP2 achieves strong privacy resilency while incurs only 2% extra overhead for CPU workloads.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Barham, P., Dragovic, B., Fraser, K., et al.: Xen and the Art of Virtualization. In: 19th ACM Symposium on Operating Systems Principles (SOSP), Bolton Landing, pp. 164–177 (2003)
Waldspurger, C.A.: Memory resource management in VMware ESX Server. In: 5th Symposium on Operating Systems Design and Implementation (OSDI), New York, pp. 181–194 (2002)
Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: kvm: the Linux virtual machine monitor. In: The 2007 Ottawa Linux Symposium, Ottawa, pp. 225–230 (2007)
Garfinkel, T., Rosenblum, M.: A Virtual machine Introspection-Based Architecture for Intrusion Detection. In: 10th Network and Distributed System Security Symposium (NDSS), San Diego, pp. 191–206 (2003)
Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: Tracking processes in a virtual machine environment. In: Proceedings of the 2006 Annual USENIX Technical Conference, Boston, pp. 1–14 (2006)
Quynh, N.A., Suzaki, K.: Xenprobe: A lightweight user-space probing framework for xen virtual machine. In: USENIX Annual Technical Conference, San Diego (2007)
Payne, B.D., Carbone, M., Lee, W.: Secure and Flexible Monitoring of Virtual machines. In: The Annual Computer Security Applications Conference (ACSAC), Miami Beach, pp. 385–397 (2007)
Srivastava, A., Giffin, J.: Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 39–58. Springer, Heidelberg (2008)
Jiang, X., Wang, X., Xu, D.: Stealthy Malware Detection through VMM-based ”out-of-the-box” Semantic View Reconstruction. In: 14th ACM Conference on Computer and Communications Security (CCS), Alexandria (2007)
Petroni, N.L., Hicks, M.: Automated Detection of Persistent Kernel Control-Flow Attacks. In: 14th ACM Conference on Computer and Communications Security, CCS, Alexandria (2007)
Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: VMM-based hidden process detection and identification using Lycosid. In: International Conference on Virtual Execution Environments (VEE), New York, pp. 91–100 (2008)
Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor support for identifying covertly executing binaries. In: 17th Conference on Security Symposium (USENIX SECURITY), San Jose, pp. 243–258 (2008)
Litty, L., Lie, D.: Manitou: A layer-below approach to fighting malware. In: The Workshop on Architectural and System Support for Improving Software Dependability (ASID), pp. 6–11, San Jose (2006)
Murray, D.G., Milos, G., Hand, S.: Improving Xen Security through Disaggregation. In: 4th International Conference on Virtual Execution Environments (VEE), New York, pp. 151–160 (2008)
Jiang, X., Wang, X.: “Out-of-the-Box” Monitoring of VM-Based High-Interaction Honeypots. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 198–218. Springer, Heidelberg (2007)
Yang, J., Shin, K.: Using hypervisor to provide Data Secrey for User Applications on a Per-Page Basis. In: Proc. of the 4th International Conference on Virtual Execution Environments (VEE), New York, pp. 71–80 (2008)
Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, et al.: Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. In: Proc. of the 13th Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Seattle (2008)
Borders, K., Weele, E.V., Lau, B., Prakash, A.: Protecting Confidential Data on Personal Computers with Storage Capsules. In: 18th USENIX Security Symposium (USENIX SECURITY), Montreal (2009)
Wojtczuk, R.: Subverting the Xen Hypervisor. In: Black Hat, USA (2008)
Wang, Z., Jiang, X.: HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In: Proc. of the 31st IEEE Symposium on Security & Privacy (SSP), Oakland (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Gao, H., Wang, L., Liu, W., Peng, Y., Zhang, H. (2012). Preventing Secret Data Leakage from Foreign Mappings in Virtual Machines. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds) Security and Privacy in Communication Networks. SecureComm 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 96. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31909-9_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-31909-9_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31908-2
Online ISBN: 978-3-642-31909-9
eBook Packages: Computer ScienceComputer Science (R0)