Hypervisor-based Protection of Code
Kiperberg, M., Leon, R., Resh, A., Algawi, A., & Zaidenberg, N. J. (2019). Hypervisor-based Protection of Code. IEEE Transactions on Information Forensics and Security, 14(8), 2203-2216. https://doi.org/10.1109/TIFS.2019.2894577
Julkaistu sarjassa
IEEE Transactions on Information Forensics and SecurityPäivämäärä
2019Tekijänoikeudet
© 2019 IEEE.
The code of a compiled program is susceptible to reverse-engineering attacks on the algorithms and the business logic that are contained within the code. The main existing countermeasure to reverse-engineering is obfuscation. Generally, obfuscation methods suffer from two main deficiencies: 1) the obfuscated code is less efficient than the original and 2) with sufficient effort, the original code may be reconstructed. We propose a method that is based on cryptography and virtualization. The most valuable functions are encrypted and remain inaccessible even during their execution, thus preventing their reconstruction. A specially crafted hypervisor is responsible for decryption, execution, and protection of the encrypted functions. We claim that the system can provide protection even if the attacker: 1) has access to the operating system kernel and 2) can intercept communication over the system bus. The evaluation of the system’s efficiency suggests that it can compete with and outperform obfuscation-based methods.
...
Julkaisija
IEEEISSN Hae Julkaisufoorumista
1556-6013Asiasanat
Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/28884986
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
H-KPP : Hypervisor-Assisted Kernel Patch Protection
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2022)We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious ... -
Hypervisor-Based White Listing of Executables
Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE Computer Society Press, 2019)We describe an efficient system for ensuring code integrity of an operating system (OS), both its own code and application code. The proposed system can protect from an attacker who has full control over the OS kernel. An ... -
Analysing Multidimensional Strategies for Cyber Threat Detection in Security Monitoring
Shelke, Palvi; Hämäläinen, Timo (Academic Conferences International Ltd, 2024)The escalating risk of cyber threats requires continuous advances in security monitoring techniques. This survey paper provides a comprehensive overview of recent research into novel methods for cyber threat detection, ... -
Using Hypervisors to Overcome Structured Exception Handler Attacks
Algawi, Asaf; Kiperberg, Michael; Leon, Roee; Zaidenberg, Nezer (Academic Conferences International, 2019)Microsoft windows is a family of client and server operating systems that needs no introduction. Microsoft windows operating system family has a feature to handle exceptions by storing in the stack the address of an ... -
HyperIO : A Hypervisor-Based Framework for Secure IO
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2023)Malware often attempts to steal input and output through human interface devices to obtain confidential information. We propose to use a thin hypervisor, called “HyperIO”, to realize a secure path between input and output ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.