Enforcing trust for execution-protection in modern environments
The business world is exhibiting a growing dependency on computer systems,
their operations and the databases they contain. Unfortunately, it also suffers
from an ever growing recurrence of malicious software attacks. Malicious attack
vectors are diverse and the computer-security industry is producing an
abundance of behavioral-pattern detections to combat the phenomenon.
Modern processors contain hardware virtualization capabilities that
support implementation of hypervisors for the purpose of managing multiple
Virtual-Machines (VMs) on a single computer platform. The facilities provided
by hardware virtualization grant the hypervisor control of the hardware
platform at an effective privilege level that supersedes the OS.
The purpose of this work is to research and develop a methodology based
on a thin-hypervisor that exploits the virtues of hardware virtualization for the
purpose of protecting a computer system against malicious penetration. To
successfully accomplish this, the thin-hypervisor must be guaranteed to be
trusted, with respect to its instructions its configuration structures and its true
control over the hardware platform. Moreover, it must be able to protect itself
indefinitely from subversion. The methodology presented here describes the
means to establish a trusted thin-hypervisor and demonstrates how it may be
exercised to restrict code execution exclusively to pre-signed, whitelisted,
software.
This methodology provides resistance to most APT attack vectors,
including those based on zero-day vulnerabilities that may slip under
behavioral-pattern radars.
...
Publisher
University of JyväskyläISBN
978-951-39-6887-8ISSN Search the Publication Forum
1456-5390Keywords
Metadata
Show full item recordCollections
- Väitöskirjat [3585]
License
Related items
Showing items with similar title or keywords.
-
Preventing reverse engineering of native and managed programs
Kiperberg, Michael (University of Jyväskylä, 2015)One of the important aspects of protecting software from attack, theft of algorithms, or illegal software use is eliminating the possibility of performing reverse engineering. One common method used to deal with these ... -
Hypervisor-Based White Listing of Executables
Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE Computer Society Press, 2019)We describe an efficient system for ensuring code integrity of an operating system (OS), both its own code and application code. The proposed system can protect from an attacker who has full control over the OS kernel. An ... -
Preventing Execution of Unauthorized Native-Code Software
Resh, Amit; Kiperberg, Michael; Leon, Roee; Zaidenberg, Nezer J. (Convergence Information Society (GlobalCIS), 2017)The business world is exhibiting a growing dependency on computer systems, their operations and the databases they contain. Unfortunately, it also suffers from an ever growing recurrence of malicious software attacks. ... -
Hypervisor-assisted Atomic Memory Acquisition in Modern Systems
Kiperberg, Michael; Leon, Roee; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer (SCITEPRESS Science And Technology Publications, 2019)Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, ... -
H-KPP : Hypervisor-Assisted Kernel Patch Protection
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2022)We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious ...