Cited By
View all- Dangl TSentanoe SReiser H(2024)Active and passive virtual machine introspection on AMD and ARM processorsJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2024.103101149:COnline publication date: 1-Apr-2024
T-VMI: Trusted Virtual Machine Introspection in Cloud Environments
Authors: 
Lina Jia, Min Zhu, Bibo TuAuthors Info & Claims
Pages 478 - 487
Abstract
Nowadays, the vulnerability of cloud environment exposed in security places Virtual Machine Introspection(VMI) at risk: once attackers subvert any layers of cloud environment, such as host, virtual machine manager(VMM) or qemu, VMI will be exposed undoubtedly to those attackers too. Nearly all existing VMI techniques implicitly assume that both VMM by which VMI accesses specific VM data and host which VMI is running on, are nonmalicious and immutable. Unfortunately, this assumption can be potentially violated with the growing shortage of security in cloud environment. Once VMM or host is exploited, attackers can tamper the code or hijack the data of VMI, then, falsify VM information and certifications to Cloud system's administrators who try to make sure the security of specific VM in certain compute node. This paper proposes a new trusted VMI monitor frame: T-VMI, which can avoid the malicious subversion of the routine of VMI. T-VMI guarantees the integrity of VMI code using isolation and the correctness of VMI data using high privilege level instruction and appropriate trap mechanism. This model is evaluated on a simulation environment by using ARM Foundation Model 8.0 and has been presented on a real development ARMv8 JUNO-r0 board. We finished the comprehensive experiments including effectiveness and performance, and the result and analysis show T-VMI has achieved the aim of expected effectiveness with acceptable performance cost.
References
[1]
Fernandes, Diogo AB, et al. Security issues in cloud environments: a survey. International Journal of Information Security, 2014.
[2]
Yao, Fangzhou, Read Sprabery, and Roy H, Campbell. CryptVMI: a flexible and encrypted virtual machine introspection system in the cloud. Proceedings of the 2nd international workshop on Security in cloud computing, 2014.
[3]
Jin, Seongwook, et al. Hardware-Assisted Secure Resource Accounting under a Vulnerable Hypervisor. ACM SIGPLAN Notices, 2015.
[4]
Xia, Yubin, Yutao Liu, and Haibo Chen. Architecture support for guest-transparent VM protection from untrusted hypervisor and physical attacks. High Performance Computer Architecture (HPCA), IEEE 19th International Symposium on, 2013.
[5]
Bahram, Sina, et al. Dksm: Subverting virtual machine introspection for fun and profit. Reliable Distributed Systems, 29th IEEE Symposium on, 2010.
[6]
Fu, Yangchun, Zhiqiang Lin, and Kevin W. Hamlen. Subverting system authentication with context-aware, reactive virtual machine introspection. Proceedings of the 29th Annual Computer Security Applications Conference, 2013.
[7]
Payne, Bryan D, DP De A. Martim, and Wenke Lee. Secure and flexible monitoring of virtual machines. Computer Security Applications Conference, 2007.
[8]
Bryan D.Payne,Martim D.P.de A.Carbone,Wenke Lee. https://github.com/libvmi/libvmi/tree/master/tools/qemu-kvm-patch.
[9]
Dubrulle, P. Blind hypervision to protect virtual machine privacy against hypervisor escape vulnerabilities. IEEE 13th International Conference on Industrial Informatics (INDIN), 2015.
[10]
Garfinkel, Tal, and Mendel Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. Proceedings of the Network & Distributed Systems Security Symposium, 2003.
[11]
Westphal, Florian. VMI-PL: A monitoring language for virtual platforms using virtual machine introspection. Digital Investigation, 2014.
[12]
Hizver, Jennia, and Tzi-cker Chiueh. Real-time deep virtual machine introspection and its applications. ACM SIGPLAN Notices, 2014.
[13]
Zhang, Tianwei, and Ruby B. Lee. Cloudmonatt: An architecture for security health monitoring and attestation of virtual machines in cloud computing. 42nd Annual International Symposium on Computer Architecture (ISCA), 2015.
[14]
Baig, Mirza Basim. CloudFlow: Cloud-wide policy enforcement using fast VM introspection. Cloud Engineering (IC2E),IEEE International Conference on, 2014.
[15]
ARM Architecture Reference Manual.ARMv8, for ARMv8-A architecture profile. http://www.arm.com.
[16]
ARM TrustZone. http://www.arm.com/products/ security-on-arm/trustzone.
[17]
ARM Trusted Firmware. https://github.com/ARM-software/arm-trusted-firmware.
[18]
ARM Trusted Firmware Design. https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/firmware-design.
[19]
ARM Virtualization Extensions. http://www.arm.com/products/processors/technologies/virtualization-extensions.
[20]
Dall, Christoffer, and Jason Nieh. KVM/ARM: the design and implementation of the Linux ARM hypervisor. ACM SIGPLAN Notices, 2014.
[21]
OPTEE-OS. https://github.com/OP-TEE/optee_os.
[22]
OPTEE-OS. https://github.com/OP-TEE/optee_os/optee_design.
[23]
ARM DEN0028A, SMC Calling Convention System Software on ARM Platforms.
[24]
Shi, Jiangyong, Yuexiang Yang, and Chengye Li. A disjunctive VMI model based on XSM. IEEE International Conference on Smart City/SocialCom/SustainCom(SmartCity), 2015.
[25]
Zhang, Youhui. Virtual-machine-based intrusion detection on file-aware block level storage. 18th International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD), 2006.
[26]
Dolan-Gavitt, Brendan. Virtuoso: Narrowing the semantic gap in virtual machine introspection. IEEE Symposium on Security and Privacy, 2011.
[27]
Sharif, Monirul I. Secure in-vm monitoring using hardware virtualization. Proceedings of the 16th ACM conference on Computer and communications security, 2009.
[28]
Crawford, Martin, and Gilbert Peterson. Insider Threat Detection using Virtual Machine Introspection. System Sciences (HICSS),46th Hawaii International Conference on, 2013.
[29]
Jouad, Mohammed. Security challenges in intrusion detection. Cloud Technologies and Applications (CloudTech), 2015 International Conference on, 2015.
[30]
Payne, Bryan D. Lares: An architecture for secure active monitoring using virtualization.IEEE Symposium on Security and Privacy, 2008.
Recommendations
RapidVMI: Fast and multi-core aware active virtual machine introspection
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and SecurityVirtual machine introspection (VMI) is a technique for the external monitoring of virtual machines. Through previous work, it became apparent that VMI can contribute to the security of distributed systems and cloud architectures by facilitating stealthy ...
Process out-grafting: an efficient "out-of-VM" approach for fine-grained process execution monitoring
CCS '11: Proceedings of the 18th ACM conference on Computer and communications securityRecent rapid malware growth has exposed the limitations of traditional in-host malware-defense systems and motivated the development of secure virtualization-based out-of-VM solutions. By running vulnerable systems as virtual machines (VMs) and moving ...
Secure and robust monitoring of virtual machines through guest-assisted introspection
RAID'12: Proceedings of the 15th international conference on Research in Attacks, Intrusions, and DefensesCurrent monitoring solutions for virtual machines do not incorporate both security and robustness. Out-of-guest applications achieve security by using virtual machine introspection and not relying on in-guest components, but do not achieve robustness ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2017
1167 pages
ISBN:9781509066100
Sponsors
Publisher
IEEE Press
Publication History
Published: 14 May 2017
Check for updates
Author Tags
Qualifiers
- Tutorial
- Research
- Refereed limited
Conference
CCGrid '17
Sponsor:
CCGrid '17: 16th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing
May 14 - 17, 2017
Madrid, Spain
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 150Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 05 Feb 2025
Other Metrics
Citations
Cited By
View all- Dangl TSentanoe SReiser H(2024)Active and passive virtual machine introspection on AMD and ARM processorsJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2024.103101149:COnline publication date: 1-Apr-2024
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in