University of Jyväskylä | JYX Digital Repository

  • English  | Give feedback |
    • suomi
    • English
 
  • Login
JavaScript is disabled for your browser. Some features of this site may not work without it.
View Item 
  • JYX
  • Opinnäytteet
  • Väitöskirjat
  • View Item
JYX > Opinnäytteet > Väitöskirjat > View Item

Enforcing trust for execution-protection in modern environments

Thumbnail
View/Open
3.9 Mb

Downloads:  
Show download detailsHide download details  
Published in
Jyväskylä studies in computing
Authors
Resh, Amit
Date
2016
Discipline
Tietotekniikka

 
The business world is exhibiting a growing dependency on computer systems, their operations and the databases they contain. Unfortunately, it also suffers from an ever growing recurrence of malicious software attacks. Malicious attack vectors are diverse and the computer-security industry is producing an abundance of behavioral-pattern detections to combat the phenomenon. Modern processors contain hardware virtualization capabilities that support implementation of hypervisors for the purpose of managing multiple Virtual-Machines (VMs) on a single computer platform. The facilities provided by hardware virtualization grant the hypervisor control of the hardware platform at an effective privilege level that supersedes the OS. The purpose of this work is to research and develop a methodology based on a thin-hypervisor that exploits the virtues of hardware virtualization for the purpose of protecting a computer system against malicious penetration. To successfully accomplish this, the thin-hypervisor must be guaranteed to be trusted, with respect to its instructions its configuration structures and its true control over the hardware platform. Moreover, it must be able to protect itself indefinitely from subversion. The methodology presented here describes the means to establish a trusted thin-hypervisor and demonstrates how it may be exercised to restrict code execution exclusively to pre-signed, whitelisted, software. This methodology provides resistance to most APT attack vectors, including those based on zero-day vulnerabilities that may slip under behavioral-pattern radars. ...
Publisher
University of Jyväskylä
ISBN
978-951-39-6887-8
ISSN Search the Publication Forum
1456-5390
Keywords
virtuaalikoneet hypervisorit cyber protection APT prevention hypervisor thin-hypervisor virtualization attestation trusted computing whitelisting tietoturva pääsynvalvonta virtualisointi
URI

http://urn.fi/URN:ISBN:978-951-39-6887-8

Metadata
Show full item record
Collections
  • Väitöskirjat [3079]

Related items

Showing items with similar title or keywords.

  • Preventing reverse engineering of native and managed programs 

    Kiperberg, Michael (University of Jyväskylä, 2015)
    One of the important aspects of protecting software from attack, theft of algorithms, or illegal software use is eliminating the possibility of performing reverse engineering. One common method used to deal with these ...
  • Hypervisor-assisted Atomic Memory Acquisition in Modern Systems 

    Kiperberg, Michael; Leon, Roee; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer (SCITEPRESS Science And Technology Publications, 2019)
    Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, ...
  • H-KPP : Hypervisor-Assisted Kernel Patch Protection 

    Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2022)
    We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious ...
  • Hypervisor-Based White Listing of Executables 

    Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE Computer Society Press, 2019)
    We describe an efficient system for ensuring code integrity of an operating system (OS), both its own code and application code. The proposed system can protect from an attacker who has full control over the OS kernel. An ...
  • Creating modern blue pills and red pills 

    Algawi, Asaf; Kiperberg, Michael; Leon, Roee; Resh, Amit; Zaidenberg, Nezer (Academic Conferences International, 2019)
    The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package that is designed to detect such blue pills. Since the blue pill was originally proposed there has been an ongoing arms race ...
  • Browse materials
  • Browse materials
  • Articles
  • Conferences and seminars
  • Electronic books
  • Historical maps
  • Journals
  • Tunes and musical notes
  • Photographs
  • Presentations and posters
  • Publication series
  • Research reports
  • Research data
  • Study materials
  • Theses

Browse

All of JYXCollection listBy Issue DateAuthorsSubjectsPublished inDepartmentDiscipline

My Account

Login

Statistics

View Usage Statistics
  • How to publish in JYX?
  • Self-archiving
  • Publish Your Thesis Online
  • Publishing Your Dissertation
  • Publication services

Open Science at the JYU
 
Data Protection Description

Accessibility Statement

Unless otherwise specified, publicly available JYX metadata (excluding abstracts) may be freely reused under the CC0 waiver.
Open Science Centre