research-article

Traps, events, emulation, and enforcement: managing the yin and yang of virtualization-based security

Authors:
Sergey Bratus

Dartmouth College, Hanover, NH, USA

Dartmouth College, Hanover, NH, USA
View Profile

,
Michael E. Locasto

Dartmouth College, Hanover, NH, USA

Dartmouth College, Hanover, NH, USA
View Profile

,
Ashwin Ramaswamy

Dartmouth College, Hanover, NH, USA

Dartmouth College, Hanover, NH, USA
View Profile

,
Sean W. Smith

Dartmouth College, Hanover, NH, USA

Dartmouth College, Hanover, NH, USA
View Profile

VMSec '08: Proceedings of the 1st ACM workshop on Virtual machine securityOctober 2008Pages 49–58https://doi.org/10.1145/1456482.1456491

Published:27 October 2008Publication History

VMSec '08: Proceedings of the 1st ACM workshop on Virtual machine security

Pages 49–58

ABSTRACT

We question current trends that attempt to leverage virtualization techniques to achieve security goals. We suggest that the security role of a virtual machine centers on being a policy interpreter rather than a resource provider. These two roles (security reference monitor and resource emulator) are currently conflated within the context of virtual machines and VMMs. We believe that this ``double-duty'' leads to both a significant performance impact as well as a bloated virtualization layer. Increased complexity reduces confidence that the code is elementary enough to verify or trust from a security perspective. Ironically, as more security-related functionality is shoved into a VM platform, the system becomes less trustworthy as it becomes increasingly trusted.

We argue that a principle reason for such an unfortunate situation is the lack of efficient hardware trapping mechanisms. We propose an architecture to help ameliorate this problem by transferring the security enforcement and program analysis roles from the virtualization component to a policy-directed FPGA.

References

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-Flow Integrity: Principles, Implementations, and Applications. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2005. Google ScholarDigital Library
H. Agrawal. Towards Automatic Debugging of Computer Programs, August 1991.Google Scholar
T. Beauchamp and D. Weston. Re:Trace - Applied Reverse Engineering on OS X.Google Scholar
T. Beauchamp and D. Weston. Re:Trace - Applied Reverse Engineering on OS X. RECON 2008, 2008. Montreal, Quebec.Google Scholar
F. Bellard. QEMU, a Fast and Portable Dynamic Translator. In Proceedings of the 2005 USENIX Annual Technical Conference, FREENIX Track, pages 41--46, April 2005. Google ScholarDigital Library
S. M. Bellovin. Virtual Machines, Virtual Security. Communications of the ACM, 49(10), October 2006. Google ScholarDigital Library
F. Brooks. The Mythical Man Month. Addison-Wesley Professional, 2 edition, 1995. Google ScholarDigital Library
D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Proceedings of the International Symposium on Code Generation and Optimization, pages 265--275, 2003. Google ScholarDigital Library
B. Buck and J. K. Hollingsworth. An API for Runtime Code Patching. The International Journal of High Performance Computing Applications, 14(4):317--329, Winter 2000. Google ScholarDigital Library
B. Cantrill, M. W. Shapiro, and A. H. Leventhal. Dynamic instrumentation of production systems. In USENIX Annual Technical Conference, General Track, pages 15--28, 2004. Google ScholarDigital Library
P. A. Karger and D. R. Safford. Security and Performance Trade-Offs in I/O Operations for Virtual Machine Monitors. In IBM Research Technical Report RC24500 (W0802--069), February 2008.Google Scholar
S. T. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, and Y. Zhou. Designing and Implementing Malicious Hardware. In Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2008. Google ScholarDigital Library
V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure Execution Via Program Shepherding. In Proceedings of the 11th USENIX Security Symposium, August 2002. Google ScholarDigital Library
C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In Proceedings of Programming Language Design and Implementation (PLDI), June 2005. Google ScholarDigital Library
mayhem. The Cerberus ELF Interface. Phrack, 2003.Google Scholar
N. Nethercote and J. Seward. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI 2007), June 2007. Google ScholarDigital Library
E. B. Nightingale, D. Peek, P. M. Chen, and J. Flinn. Parallelizing Security Checks on Commodity Hardware. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2008. Google ScholarDigital Library
J. Oplinger and M. S. Lam. Enhancing Software Reliability with Speculative Threads. In Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS X), October 2002. Google ScholarDigital Library
V. Prasad, W. Cohen, F. C. Eigler, M. Hunt, J. Keniston, and B. Chen. Locating system problems using dynamic instrumentation. 2005.Google Scholar
T. Roscoe, K. Elphinstone, and G. Heiser. Hype and Virtue. In Proceedings of the $11^th$ Workshop on Hot Topics in Operating Systems (HOTOS XI), May 2007. Google ScholarDigital Library
E. C. Sezer, P. Ning, C. Kil, and J. Xu. MemSherlock: an Automated Debugger for Unknown Memory Corruption Vulnerabilities. In Proceedings of the 14th ACM conference on Computer and communications security (CCS 2007), pages 562--572, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
T. E. shell crew. Embedded ELF Debugging: the middle head of Cerberus. Phrack, 2003.Google Scholar
R. M. Stallman, R. H. Pesch, and S. Shebs. Debugging with GDB: The GNU Source-Level Debugger. Free Software Foundation, 2003.Google Scholar
H. Yin, Z. Liang, and D. Song. HookFinder: Identifying and Understanding Malware Hooking Behaviors. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS), February 2008.Google Scholar

Index Terms

Traps, events, emulation, and enforcement: managing the yin and yang of virtualization-based security
1. Computer systems organization
  1. Architectures
    1. Other architectures
      1. Data flow architectures
2. Hardware
  1. Very large scale integration design
    1. Application-specific VLSI designs

Recommendations

SRVM: Hypervisor Support for Live Migration with Passthrough SR-IOV Network Devices
VEE '16

Single-Root I/O Virtualization (SR-IOV) is a specification that allows a single PCI Express (PCIe) device (ysical function or PF) to be used as multiple PCIe devices (virtual functions or VF). In a virtualization system, each VF can be directly assigned ...
Read More
SRVM: Hypervisor Support for Live Migration with Passthrough SR-IOV Network Devices
VEE '16: Proceedings of the12th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Single-Root I/O Virtualization (SR-IOV) is a specification that allows a single PCI Express (PCIe) device (ysical function or PF) to be used as multiple PCIe devices (virtual functions or VF). In a virtualization system, each VF can be directly assigned ...
Read More
Enabling Instantaneous Relocation of Virtual Machines with a Lightweight VMM Extension
CCGRID '10: Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing

We are developing an efficient resource management system with aggressive virtual machine (VM) relocation among physical nodes in a data center. Existing live migration technology, however, requires a long time to change the execution host of a VM, it ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
VMSec '08: Proceedings of the 1st ACM workshop on Virtual machine security
October 2008
66 pages
ISBN:9781605582986
DOI:10.1145/1456482
Program Chairs:
Jason Nieh
Columbia University
,
Angelos Stavrou
George Mason University
Copyright © 2008 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 27 October 2008
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
debugging
security policy
traps
virtualization
Qualifiers
- research-article
Conference
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 5
  Total Citations
  View Citations
- 634
  Total Downloads
- Downloads (Last 12 months)9
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.