Hypervisor-based Protection of Code
Kiperberg, M., Leon, R., Resh, A., Algawi, A., & Zaidenberg, N. J. (2019). Hypervisor-based Protection of Code. IEEE Transactions on Information Forensics and Security, 14(8), 2203-2216. https://doi.org/10.1109/TIFS.2019.2894577
Date
2019Copyright
© 2019 IEEE.
The code of a compiled program is susceptible to reverse-engineering attacks on the algorithms and the business logic that are contained within the code. The main existing countermeasure to reverse-engineering is obfuscation. Generally, obfuscation methods suffer from two main deficiencies: 1) the obfuscated code is less efficient than the original and 2) with sufficient effort, the original code may be reconstructed. We propose a method that is based on cryptography and virtualization. The most valuable functions are encrypted and remain inaccessible even during their execution, thus preventing their reconstruction. A specially crafted hypervisor is responsible for decryption, execution, and protection of the encrypted functions. We claim that the system can provide protection even if the attacker: 1) has access to the operating system kernel and 2) can intercept communication over the system bus. The evaluation of the system’s efficiency suggests that it can compete with and outperform obfuscation-based methods.
...


Publisher
IEEEISSN Search the Publication Forum
1556-6013Keywords
Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/28884986
Metadata
Show full item recordCollections
License
Related items
Showing items with similar title or keywords.
-
H-KPP : Hypervisor-Assisted Kernel Patch Protection
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2022)We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious ... -
Hypervisor-Based White Listing of Executables
Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE Computer Society Press, 2019)We describe an efficient system for ensuring code integrity of an operating system (OS), both its own code and application code. The proposed system can protect from an attacker who has full control over the OS kernel. An ... -
Analysing Multidimensional Strategies for Cyber Threat Detection in Security Monitoring
Shelke, Palvi; Hämäläinen, Timo (Academic Conferences International Ltd, 2024)The escalating risk of cyber threats requires continuous advances in security monitoring techniques. This survey paper provides a comprehensive overview of recent research into novel methods for cyber threat detection, ... -
Hypervisor-assisted dynamic malware analysis
Leon, Roee S.; Kiperberg, Michael; Zabag, Anat Anatey Leon; Zaidenberg, Nezer Jacob (Springer, 2021)Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis ... -
Hypervisor memory acquisition for ARM
Ben Yehuda, Raz; Shlingbaum, Erez; Gershfeld, Yuval; Tayouri, Shaked; Zaidenberg, Nezer Jacob (Elsevier, 2021)Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the ...