Applications of Hypervisors in Security
Julkaistu sarjassa
JYU dissertationsTekijät
Päivämäärä
2019Tekijänoikeudet
© The Author & University of Jyväskylä
As malware continue to evolve, so do the countermeasures which attempt to fight
them. A modern computer system typically has many security services installed
on top of its operating system which include antivirus, application-control, IDS,
firewall, and many more.
Modern operating systems are a highly complex pieces of software which
typically contains millions of lines of code. Furthermore, primarily due to endless
hardware support, new code is regularly added, resulting in a security sink with
an open drain.
Most security services run on top of the operating system and, therefore,
are subject to the security of the operating system and its applications. In case of
a vulnerability, these services can be removed, thus rendering them them completely
useless. This thesis proposes a thin hypervisor-based architecture for a
system on top of which a variety of security services can be implemented. These
services run in a secure, isolated environment. Furthermore, the proposed system
can hide the presence of these security services. The proposed system architecture
provides strong security guarantees.
The thesis presents four common, heavily researched security problems and
proposes four solutions, which are all based on the proposed architecture. The
proposed solutions can compete, and even outperform current solutions, both in
terms of security and performance.
Keywords: trusted computing, virtualization, hypervisor, thin hypervisor, unauthorised
execution, malware analysis, code encryption, memory forensics
...
Julkaisija
Jyväskylän yliopistoISBN
978-951-39-7854-9ISSN Hae Julkaisufoorumista
2489-9003Julkaisuun sisältyy osajulkaisuja
- Artikkeli I: Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (2019). Hypervisor-Based White Listing of Executables. IEEE Security & Privacy, 17 (5), 58-67. DOI: 10.1109/MSEC.2019.2910218
- Artikkeli II: Kiperberg, M., Leon, R., Resh, A., Algawi, A., & Zaidenberg, N. (2019). Hypervisor-assisted Atomic Memory Acquisition in Modern Systems. In P. Mori, S. Furnell, & O. Camp (Eds.), ICISSP 2019 : Proceedings of the 5th International Conference on Information Systems Security and Privacy, Volume 1 (pp. 155-162). Setúbal: SCITEPRESS Science And Technology Publications. DOI: 10.5220/0007566101550162
- Artikkeli III: Kiperberg, M., Leon, R., Resh, A., Algawi, A., & Zaidenberg, N. J. (2019). Hypervisor-based Protection of Code. IEEE Transactions on Information Forensics and Security, 14 (8), 2203-2216. DOI: 10.1109/TIFS.2019.2894577
- Artikkeli IV: Resh, A., Kiperberg, M., Leon, R., & Zaidenberg, N. J. (2017). Preventing Execution of Unauthorized Native-Code Software. International Journal of Digital Content Technology and its Applications, 11 (3), 72-90.
- Artikkeli V: Resh, A., Kiperberg, M., Leon, R., & Zaidenberg, N. (2017). System for Executing Encrypted Native Programs. International Journal of Digital Content Technology and its Applications, 11 (3), 56-71.
- Artikkeli VI:Leon, R.; Kiperberg, M.; Leon Zabag, A. A.; Zaidenberg. N.J. Hypervisor-assisted Dynamic Malware Analysis. ACM Transactions on Privacy and Security (TOPS), submitted.
Metadata
Näytä kaikki kuvailutiedotKokoelmat
- JYU Dissertations [775]
- Väitöskirjat [3431]
Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Hypervisor-assisted Atomic Memory Acquisition in Modern Systems
Kiperberg, Michael; Leon, Roee; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer (SCITEPRESS Science And Technology Publications, 2019)Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, ... -
Hypervisor-Based White Listing of Executables
Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE Computer Society Press, 2019)We describe an efficient system for ensuring code integrity of an operating system (OS), both its own code and application code. The proposed system can protect from an attacker who has full control over the OS kernel. An ... -
Hypervisor-based Protection of Code
Kiperberg, Michael; Leon, Roee; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE, 2019)The code of a compiled program is susceptible to reverse-engineering attacks on the algorithms and the business logic that are contained within the code. The main existing countermeasure to reverse-engineering is obfuscation. ... -
Using Hypervisors to Overcome Structured Exception Handler Attacks
Algawi, Asaf; Kiperberg, Michael; Leon, Roee; Zaidenberg, Nezer (Academic Conferences International, 2019)Microsoft windows is a family of client and server operating systems that needs no introduction. Microsoft windows operating system family has a feature to handle exceptions by storing in the stack the address of an ... -
HyperIO : A Hypervisor-Based Framework for Secure IO
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2023)Malware often attempts to steal input and output through human interface devices to obtain confidential information. We propose to use a thin hypervisor, called “HyperIO”, to realize a secure path between input and output ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.