HyperPS: A Virtual-Machine Memory Protection Approach Through Hypervisor's Privilege Separation
The HostOS or Hypervisor constitutes the most important cornerstone of today's commercial cloud environment security. Unfortunately, the HostOS/Hypervisor, especially the QEMU-KVM architecture, is not immune to all vulnerabilities and exploitations. Recently, researchers have put forward lots o...
Gespeichert in:
| Veröffentlicht in: | IEEE transactions on dependable and secure computing 2023-07, Vol.20 (4), p.2925-2938 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 2938 |
|---|---|
| container_issue | 4 |
| container_start_page | 2925 |
| container_title | IEEE transactions on dependable and secure computing |
| container_volume | 20 |
| creator | Lin, Kunli Liu, Wenqing Zhang, Kun Tu, Bibo |
| description | The HostOS or Hypervisor constitutes the most important cornerstone of today's commercial cloud environment security. Unfortunately, the HostOS/Hypervisor, especially the QEMU-KVM architecture, is not immune to all vulnerabilities and exploitations. Recently, researchers have put forward lots of schemes to protect Virtual Machines under the compromised HostOS/Hypervisor. However, some of these schemes rely on special hardware facilities, while other (e.g., Nested Virtualization schemes) require large modification to current commercial cloud architecture. In this paper, we present a novel scheme, named HyperPS, to implement virtual machine protection under the compromised HostOS/Hypervisor. The key idea of HyperPS is to deprive the HostOS/Hypervisor of the privileges of managing the physical memory into an isolated and trusted execution environment. HyperPS does not rely customized hardware or extra processor privilege. HyperPS shares the same privilege with the HostOS. We have implemented a fully functional prototype based on the KVM in Intel x86_64 architecture. Experiment results show that HyperPS has achieved an acceptable trade-off between security and performance. |
| doi_str_mv | 10.1109/TDSC.2022.3200206 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_2836060633</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9863665</ieee_id><sourcerecordid>2836060633</sourcerecordid><originalsourceid>FETCH-LOGICAL-c245t-2ee96e1e0c678f7409294e7321e148160a7f0ec3cd9abad09f788eb8d3078cbb3</originalsourceid><addsrcrecordid>eNo9kE1LAzEQhoMoWKs_QLwEPHjamo_dbOKt1E9osdDqNWTT2Tal7a7JbqH_3qwtksME5nlnhgehW0oGlBL1OH-ejQaMMDbgjBBGxBnqUZXShBAqz-M_S7MkUzm9RFchrCOSSpX2kH4_1OCnsyc8xN_ON63ZJBNjV24HeALbyh_w1FcN2MZVOzysa1_FLp6vfNUuV_gvvXeh8g8hgm7vNrAEPIPaeNNFrtFFaTYBbk61j75eX-aj92T8-fYxGo4Ty9KsSRiAEkCBWJHLMk-JYiqFnDMKNJVUEJOXBCy3C2UKsyCqzKWEQi44yaUtCt5H98e58cCfFkKj11Xrd3GlZpILEh_nkaJHyvoqBA-lrr3bGn_QlOjOo-486s6jPnmMmbtjxgHAP6-k4EJk_BdpBm8M</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2836060633</pqid></control><display><type>article</type><title>HyperPS: A Virtual-Machine Memory Protection Approach Through Hypervisor's Privilege Separation</title><source>IEEE Electronic Library (IEL)</source><creator>Lin, Kunli ; Liu, Wenqing ; Zhang, Kun ; Tu, Bibo</creator><creatorcontrib>Lin, Kunli ; Liu, Wenqing ; Zhang, Kun ; Tu, Bibo</creatorcontrib><description>The HostOS or Hypervisor constitutes the most important cornerstone of today's commercial cloud environment security. Unfortunately, the HostOS/Hypervisor, especially the QEMU-KVM architecture, is not immune to all vulnerabilities and exploitations. Recently, researchers have put forward lots of schemes to protect Virtual Machines under the compromised HostOS/Hypervisor. However, some of these schemes rely on special hardware facilities, while other (e.g., Nested Virtualization schemes) require large modification to current commercial cloud architecture. In this paper, we present a novel scheme, named HyperPS, to implement virtual machine protection under the compromised HostOS/Hypervisor. The key idea of HyperPS is to deprive the HostOS/Hypervisor of the privileges of managing the physical memory into an isolated and trusted execution environment. HyperPS does not rely customized hardware or extra processor privilege. HyperPS shares the same privilege with the HostOS. We have implemented a fully functional prototype based on the KVM in Intel x86_64 architecture. Experiment results show that HyperPS has achieved an acceptable trade-off between security and performance.</description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2022.3200206</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Cloud computing ; Computer architecture ; Cybersecurity ; Hardware ; hypervisor ; Kernel ; KVM ; Linux ; Microprocessors ; privilege separation ; Virtual environments ; Virtual machine monitors ; Virtual machine protection ; Virtual machining ; Virtual memory systems ; Virtualization</subject><ispartof>IEEE transactions on dependable and secure computing, 2023-07, Vol.20 (4), p.2925-2938</ispartof><rights>Copyright IEEE Computer Society 2023</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c245t-2ee96e1e0c678f7409294e7321e148160a7f0ec3cd9abad09f788eb8d3078cbb3</cites><orcidid>0000-0002-0278-7420 ; 0000-0001-8923-1582 ; 0000-0003-2278-0979</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9863665$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9863665$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Lin, Kunli</creatorcontrib><creatorcontrib>Liu, Wenqing</creatorcontrib><creatorcontrib>Zhang, Kun</creatorcontrib><creatorcontrib>Tu, Bibo</creatorcontrib><title>HyperPS: A Virtual-Machine Memory Protection Approach Through Hypervisor's Privilege Separation</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>The HostOS or Hypervisor constitutes the most important cornerstone of today's commercial cloud environment security. Unfortunately, the HostOS/Hypervisor, especially the QEMU-KVM architecture, is not immune to all vulnerabilities and exploitations. Recently, researchers have put forward lots of schemes to protect Virtual Machines under the compromised HostOS/Hypervisor. However, some of these schemes rely on special hardware facilities, while other (e.g., Nested Virtualization schemes) require large modification to current commercial cloud architecture. In this paper, we present a novel scheme, named HyperPS, to implement virtual machine protection under the compromised HostOS/Hypervisor. The key idea of HyperPS is to deprive the HostOS/Hypervisor of the privileges of managing the physical memory into an isolated and trusted execution environment. HyperPS does not rely customized hardware or extra processor privilege. HyperPS shares the same privilege with the HostOS. We have implemented a fully functional prototype based on the KVM in Intel x86_64 architecture. Experiment results show that HyperPS has achieved an acceptable trade-off between security and performance.</description><subject>Cloud computing</subject><subject>Computer architecture</subject><subject>Cybersecurity</subject><subject>Hardware</subject><subject>hypervisor</subject><subject>Kernel</subject><subject>KVM</subject><subject>Linux</subject><subject>Microprocessors</subject><subject>privilege separation</subject><subject>Virtual environments</subject><subject>Virtual machine monitors</subject><subject>Virtual machine protection</subject><subject>Virtual machining</subject><subject>Virtual memory systems</subject><subject>Virtualization</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kE1LAzEQhoMoWKs_QLwEPHjamo_dbOKt1E9osdDqNWTT2Tal7a7JbqH_3qwtksME5nlnhgehW0oGlBL1OH-ejQaMMDbgjBBGxBnqUZXShBAqz-M_S7MkUzm9RFchrCOSSpX2kH4_1OCnsyc8xN_ON63ZJBNjV24HeALbyh_w1FcN2MZVOzysa1_FLp6vfNUuV_gvvXeh8g8hgm7vNrAEPIPaeNNFrtFFaTYBbk61j75eX-aj92T8-fYxGo4Ty9KsSRiAEkCBWJHLMk-JYiqFnDMKNJVUEJOXBCy3C2UKsyCqzKWEQi44yaUtCt5H98e58cCfFkKj11Xrd3GlZpILEh_nkaJHyvoqBA-lrr3bGn_QlOjOo-486s6jPnmMmbtjxgHAP6-k4EJk_BdpBm8M</recordid><startdate>20230701</startdate><enddate>20230701</enddate><creator>Lin, Kunli</creator><creator>Liu, Wenqing</creator><creator>Zhang, Kun</creator><creator>Tu, Bibo</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope><orcidid>https://orcid.org/0000-0002-0278-7420</orcidid><orcidid>https://orcid.org/0000-0001-8923-1582</orcidid><orcidid>https://orcid.org/0000-0003-2278-0979</orcidid></search><sort><creationdate>20230701</creationdate><title>HyperPS: A Virtual-Machine Memory Protection Approach Through Hypervisor's Privilege Separation</title><author>Lin, Kunli ; Liu, Wenqing ; Zhang, Kun ; Tu, Bibo</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c245t-2ee96e1e0c678f7409294e7321e148160a7f0ec3cd9abad09f788eb8d3078cbb3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Cloud computing</topic><topic>Computer architecture</topic><topic>Cybersecurity</topic><topic>Hardware</topic><topic>hypervisor</topic><topic>Kernel</topic><topic>KVM</topic><topic>Linux</topic><topic>Microprocessors</topic><topic>privilege separation</topic><topic>Virtual environments</topic><topic>Virtual machine monitors</topic><topic>Virtual machine protection</topic><topic>Virtual machining</topic><topic>Virtual memory systems</topic><topic>Virtualization</topic><toplevel>online_resources</toplevel><creatorcontrib>Lin, Kunli</creatorcontrib><creatorcontrib>Liu, Wenqing</creatorcontrib><creatorcontrib>Zhang, Kun</creatorcontrib><creatorcontrib>Tu, Bibo</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Lin, Kunli</au><au>Liu, Wenqing</au><au>Zhang, Kun</au><au>Tu, Bibo</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>HyperPS: A Virtual-Machine Memory Protection Approach Through Hypervisor's Privilege Separation</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2023-07-01</date><risdate>2023</risdate><volume>20</volume><issue>4</issue><spage>2925</spage><epage>2938</epage><pages>2925-2938</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>The HostOS or Hypervisor constitutes the most important cornerstone of today's commercial cloud environment security. Unfortunately, the HostOS/Hypervisor, especially the QEMU-KVM architecture, is not immune to all vulnerabilities and exploitations. Recently, researchers have put forward lots of schemes to protect Virtual Machines under the compromised HostOS/Hypervisor. However, some of these schemes rely on special hardware facilities, while other (e.g., Nested Virtualization schemes) require large modification to current commercial cloud architecture. In this paper, we present a novel scheme, named HyperPS, to implement virtual machine protection under the compromised HostOS/Hypervisor. The key idea of HyperPS is to deprive the HostOS/Hypervisor of the privileges of managing the physical memory into an isolated and trusted execution environment. HyperPS does not rely customized hardware or extra processor privilege. HyperPS shares the same privilege with the HostOS. We have implemented a fully functional prototype based on the KVM in Intel x86_64 architecture. Experiment results show that HyperPS has achieved an acceptable trade-off between security and performance.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2022.3200206</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0002-0278-7420</orcidid><orcidid>https://orcid.org/0000-0001-8923-1582</orcidid><orcidid>https://orcid.org/0000-0003-2278-0979</orcidid></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 1545-5971 |
| ispartof | IEEE transactions on dependable and secure computing, 2023-07, Vol.20 (4), p.2925-2938 |
| issn | 1545-5971 1941-0018 |
| language | eng |
| recordid | cdi_proquest_journals_2836060633 |
| source | IEEE Electronic Library (IEL) |
| subjects | Cloud computing Computer architecture Cybersecurity Hardware hypervisor Kernel KVM Linux Microprocessors privilege separation Virtual environments Virtual machine monitors Virtual machine protection Virtual machining Virtual memory systems Virtualization |
| title | HyperPS: A Virtual-Machine Memory Protection Approach Through Hypervisor's Privilege Separation |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-19T07%3A29%3A04IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=HyperPS:%20A%20Virtual-Machine%20Memory%20Protection%20Approach%20Through%20Hypervisor's%20Privilege%20Separation&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Lin,%20Kunli&rft.date=2023-07-01&rft.volume=20&rft.issue=4&rft.spage=2925&rft.epage=2938&rft.pages=2925-2938&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2022.3200206&rft_dat=%3Cproquest_RIE%3E2836060633%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2836060633&rft_id=info:pmid/&rft_ieee_id=9863665&rfr_iscdi=true |