research-article

HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM

Authors:

Dan MengAuthors Info & Claims

VEE '17: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Pages 242 - 256

https://doi.org/10.1145/3050748.3050767

Published: 08 April 2017 Publication History

Abstract

Once compromising the hypervisor, remote or local adversaries can easily access other customers' sensitive data in the memory and context of guest virtual machines (VMs). VM isolation is an efficient mechanism for protecting the memory of guest VMs from unauthorized access. However, previous VM isolation systems either modify hardware architecture or introduce a software module without being protected, and most of them focus on the x86 architecture.

This paper proposes HA-VMSI, a lightweight hardware-assisted VM isolation approach for ARM, to provide runtime protection of guest VMs, even with a compromised hypervisor. In the ARM TrustZone secure world, a thin security monitor is introduced as HA-VMSI's entire TCB. Hence, the security monitor is much less vulnerable and safe from attacks that can compromise the hypervisor. The key of HA-VMSI is decoupling the functions of memory isolation among VMs from the hypervisor into the security monitor. As a result, the hypervisor can only update the Stage-2 page tables of VMs via the security monitor, which inspects and approves each new mapping. It is worth noting that HA-VMSI is more secure and effective than current software approaches, and more flexible and compatible than hardware approaches. We have implemented a prototype for KVM hypervisor with multiple Linux as guest OSes on Juno board. The security assessment and performance evaluation show that HA-VMSI is effective, efficient and practical.

References

[1]

Gunawi H S, Hao M, Leesatapornwongsa T, et al. What Bugs Live in the Cloud? A Study of 3000+ Issues in Cloud Systems. In Proceedings of SOCC, pages 1--14, 2014.

[2]

CVEdetails.com, Xen: Vulnerability statistics, http://www.cvedetails.com/vendor/6276/XEN.html.

[3]

Vmware: Vulnerability statistics. http://www.cvedetails.com/vendor/252/Vmware.html.

[4]

ELHAGE, N. Virtualization Under Attack: Breaking out of KVM. In Black Hat USA Conference, 2011.

[5]

K. Kortchinsky. CLOUDBURST: A VMware Guest to Host Escape Story. In Black Hat USA Conference, 2009.

[6]

Techspot. Google fired employees for breaching user privacy. http://www.techspot.com/news/40280-google-firedemployees-for-breaching-user-privacy.html.

[7]

Azab A M, Ning P, Shah J, et al. Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. In Proceedings of CCS, pages 90--102, 2014.

Digital Library

[8]

Zhou Y, Wang X, Chen Y, et al. Armlock: Hardware-based Fault Isolation for ARM. In Proceedings of CCS, pages 558--569, 2014.

Digital Library

[9]

ARM Ltd. TrustZone. http://www.arm.com/products/processors/technologies/trustzone.php.

[10]

Wang B, Zheng Y, Lou W, et al. DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking. Computer Networks, 81: 308--319, 2015.

Digital Library

[11]

ARM Ltd. ARM Cryptography Extension. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0500e/DDI0500E_cortex_a53_r0p3_trm.pdf.

[12]

Weinhold C, Hrtig H. jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components. In Proceedings of ATC, 2011.

[13]

Ranjbar A, Komu M, Salmela P, et al. An SDN-based Approach to Enhance the End-to-End Security: SSL/TLS Case Study. In Proceedings of the IEEE/IFIP NOMS, pages 281--288, 2016.

[14]

Dall C, Nieh J. KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor. In Proceedings of ASPLOS, pages 333--348, 2014.

Digital Library

[15]

R. Wojtczuk and J. Rutkowska. Attacking SMM Memory via Intel CPU Cache Poisoning. Invisible Things Lab, 2009.

[16]

KVM Project. http://www.linux-kvm.org/page/KSM.

[17]

Fangxiao Ning, Min Zhu, et al. Group-based Memory Deduplication Against Covert Channel Attacks in Virtualized Environments. In Proceedings of TrustCom, 2016.

[18]

ARM-software. ARM Trusted Firmware. https://github.com/ARM-software/arm-trusted-firmware.

[19]

Rosenberg, D. QSEE TrustZone Kernel Integer Overflow Vulnerability. In Black Hat USA Conference, 2014.

[20]

Vulnerability Summary for CVE-2009-2287. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2287.

[21]

Vulnerability Summary for CVE-2016-1570. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1570.

[22]

Vulnerability Summary for CVE-2015-8967. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8967.

[23]

Vulnerability Summary for CVE-2014-3124. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3124.

[24]

Kim T, Peinado M, Mainar-Ruiz G. STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in The Cloud. In Proceedings of USENIX Security, pages 189--204, 2012.

[25]

Varadarajan V, Ristenpart T, Swift M. Scheduler-based Defenses Against Cross-VM Side-Channels. In Proceedings of USENIX Security, pages 687--702, 2014.

[26]

R. Sailer, E. Valdez, T. Jaeger, et al. sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. Technical Report, IBM Research, 2005.

[27]

A. Seshadri, M. Luk, N. Qu, and A. Perrig. Secvisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In Proceedings of SOSP, pages 335--350, 2007.

Digital Library

[28]

R. Riley, X. Jiang, and D. Xu. Guest-transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. In Proceedings of RAID, pages 1--20, 2008.

Digital Library

[29]

Zhi Wang, Xuxian Jiang, Weidong Cui, and Peng Ning. Countering Kernel Rootkits with Lightweight Hook Protection. In Proceedings of CCS, 2009.

Digital Library

[30]

Hofmann O S, Dunn A M, Kim S, et al. Ensuring Operating System Kernel Integrity with OSck. In Proceedings of ASPLOS, pages 279--290, 2011.

Digital Library

[31]

T. Shinagawa, H. Eiraku, K. Tanimoto, etc. BitVisor: A Thin Hypervisor for Enforcing I/O Device Security. In Proceedings of VEE, pages 121--130, 2009.

Digital Library

[32]

X. Jiang, X. Wang, and D. Xu. Stealthy Malware Detection Through VMM-based Out-of-the-box Semantic View Reconstruction. In Proceedings of CCS, pages 128--138, 2007.

Digital Library

[33]

M. Sharif, W. Lee, W. Cui, and A. Lanzi. Secure In-VM Monitoring Using Hardware Virtualization. In Proceedings of CCS, pages 477--487, 2009.

Digital Library

[34]

Chen X, Garfinkel T, Lewis E C, et al. Overshadow: A Virtualization-based Approach to Retrofitting Protection in Commodity Operating Systems. Acm Sigops Operating Systems Review, 36(1): 2--13, 2008.

Digital Library

[35]

J. Yang and K. Shin. Using Hypervisor to Provide Data Secrecy for User Applications on a Per-Page Basis. In Proceedings of VEE, pages 71--80, 2008.

Digital Library

[36]

Mccune J M, Li Y, Qu N, et al. TrustVisor: Efficient TCB Reduction and Attestation. In Proceedings of S&P, pages 143--158, 2010.

Digital Library

[37]

Hofmann O S, Kim S, Dunn A M, et al. InkTag: Secure Applications on an Untrusted Operating System. In Proceedings of ASPLOS, pages 265--278, 2013.

Digital Library

[38]

Ren J, Qi Y, Dai Y, et al. AppSec: A Safe Execution Environment for Security Sensitive Applications. n Proceedings of VEE, pages 187--199, 2015.

[39]

D. Champagne and R. Lee. Scalable Architectural Support for Trusted Software. In Proceedings of HPCA, pages 1--12, 2010.

[40]

S. Chhabra, B. Rogers, Y. Solihin, and M. Prvulovic. Secureme: A Hardware-Software Approach to Full System Security. In Proceedings of ICS, pages 108--119, 2011.

Digital Library

[41]

Wang J, Stavrou A, Ghosh A. HyperCheck: A Hardware-Assisted Integrity Monitor. In Proceedings of RAID, pages 158--177, 2010.

[42]

Azab A M, Ning P, Wang Z, et al. HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity. In Proceedings of CCS, pages 38--49, 2010.

Digital Library

[43]

Wang Z, Jiang X. Hypersafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In Proceedings of S&P, pages 380--395, 2010.

Digital Library

[44]

Klein G, Elphinstone K, Heiser G, et al. seL4: Formal Verification of an OS Kernel. In Proceedings of SOSP, pages 207--220, 2009.

Digital Library

[45]

Murray T, Matichuk D, Brassil M, et al. seL4: From General Purpose to a Proof of Information Flow Enforcement. In Proceedings of S&P, pages 415--429, 2013.

Digital Library

[46]

Steinberg, U. and B. Kauer. NOVA: A Microhypervisor-Based Secure Virtualization Architecture. In Proceedings of EUROSYS, pages 209--222, 2010.

Digital Library

[47]

Wang Z, Wu C, Grace M, et al. Isolating Commodity Hosted Hypervisors with Hyperlock. In Proceedings of CCS, pages 127--140, 2012.

Digital Library

[48]

Wu C, Wang Z, Jiang X. Taming Hosted Hypervisors with (Mostly) Deprivileged Execution. In Proceedings of NDSS, pages 146--161, 2013.

[49]

Keller E, Szefer J, Rexford J, et al. NoHype: Virtualized Cloud Infrastructure without the Virtualization. In Proceedings of ISCA, pages 350--361, 2010.

Digital Library

[50]

Szefer J, Keller E, Lee R B, et al. Eliminating the Hypervisor Attack Surface for a More Secure Cloud. In Proceedings of CCS, pages 401--412, 2011.

Digital Library

[51]

Wang X, Qi Y, Dai Y, et al. TrustOSV: Building Trustworthy Executing Environment with Commodity Hardware for a Safe Cloud. Journal of Computers, 9(10): 2303--2314, 2014.

[52]

Zhang F, Chen J, Chen H, et al. CloudVisor: Retrofitting Protection of Virtual Machines in Multi-Tenant Cloud with Nested Virtualization. In Proceedings of SOSP, pages 203--216, 2011.

Digital Library

[53]

Jin S, Ahn J, Cha S, et al. Architectural Support for Secure Virtualization under a Vulnerable Hypervisor. In Proceedings of MICRO, pages 272--283, 2011.

Digital Library

[54]

Szefer J, Lee R B. Architectural Support for Hypervisor-Secure Virtualization. In Proceedings of ASPLOS, pages 437--450, 2012.

Digital Library

[55]

Xia Y, Liu Y, Chen H. Architecture Support for Guest-Transparent VM Protection from Untrusted Hypervisor and Physical Attacks. In Proceedings of HPCA, pages 246--257, 2013.

[56]

Evtyushkin D, Elwell J, Ozsoy M, et al. Iso-x: A Flexible Architecture for Hardware-Managed Isolated Execution. In Proceedings of MICRO, pages 190--202, 2014.

Digital Library

[57]

McKeen F, Alexandrovich I, Berenzon A, et al. Innovative Instructions and Software Model for Isolated Execution. In Proceedings of HASP, pages 73--80, 2013.

Digital Library

[58]

Popa R A, Redfield C M S, Zeldovich N, et al. CryptDB: Protecting Confidentiality with Encrypted Query Processing. In Proceedings of SOSP, pages 85--100, 2011.

Digital Library

[59]

Tetali S D, Lesani M, Majumdar R, et al. MrCrypt: Static Analysis for Secure Cloud Computations. In Proceedings of OOPSLA, pages 271--286, 2013.

Digital Library

[60]

C. Gentry, S. Halevi, and N. Smart. Homomorphic Evaluation of the AES Circuit. Advances in Cryptology, pages 850--867, 2012.

Digital Library

Cited By

Pereira SSousa JPinto SMartins JCerdeira D(2022)Bao-Enclave: Virtualization-based Enclaves for Arm2022 IEEE 8th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT54382.2022.10152074(1-6)Online publication date: 26-Oct-2022
https://doi.org/10.1109/WF-IoT54382.2022.10152074
Zhou QJia XZhang SJiang NChen JZhang W(2022)SecFortress: Securing Hypervisor using Cross-layer Isolation2022 IEEE International Parallel and Distributed Processing Symposium (IPDPS)10.1109/IPDPS53621.2022.00029(212-222)Online publication date: May-2022
https://doi.org/10.1109/IPDPS53621.2022.00029
Sato MNakamura RYamauchi TTaniguchi H(2022)Improving Transparency of Hardware Breakpoints with Virtual Machine Introspection2022 12th International Congress on Advanced Applied Informatics (IIAI-AAI)10.1109/IIAIAAI55812.2022.00031(113-117)Online publication date: Jul-2022
https://doi.org/10.1109/IIAIAAI55812.2022.00031
Show More Cited By

Index Terms

HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

TwinVisor: Hardware-isolated Confidential Virtual Machines for ARM
SOSP '21: Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles

Confidential VM, which offers an isolated execution environment for cloud tenants with limited trust in the cloud provider, has recently been deployed in major clouds such as AWS and Azure. However, while ARM has become increasingly popular in cloud ...
HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM
VEE '17

Once compromising the hypervisor, remote or local adversaries can easily access other customers' sensitive data in the memory and context of guest virtual machines (VMs). VM isolation is an efficient mechanism for protecting the memory of guest VMs from ...
CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization
SOSP '11: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles

Multi-tenant cloud, which usually leases resources in the form of virtual machines, has been commercially available for years. Unfortunately, with the adoption of commodity virtualized infrastructures, software stacks in typical multi-tenant clouds are ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

VEE '17: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

April 2017

261 pages

ISBN:9781450349482

DOI:10.1145/3050748

ACM SIGPLAN Notices Volume 52, Issue 7
VEE '17
July 2017
256 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3140607
Editor:
Matthew Fluet
Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

VEE '17

Sponsor:

VEE '17: 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

April 8 - 9, 2017

Xi'an, China

Acceptance Rates

VEE '17 Paper Acceptance Rate 18 of 43 submissions, 42%;

Overall Acceptance Rate 80 of 235 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
548
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)3

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Pereira SSousa JPinto SMartins JCerdeira D(2022)Bao-Enclave: Virtualization-based Enclaves for Arm2022 IEEE 8th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT54382.2022.10152074(1-6)Online publication date: 26-Oct-2022
https://doi.org/10.1109/WF-IoT54382.2022.10152074
Zhou QJia XZhang SJiang NChen JZhang W(2022)SecFortress: Securing Hypervisor using Cross-layer Isolation2022 IEEE International Parallel and Distributed Processing Symposium (IPDPS)10.1109/IPDPS53621.2022.00029(212-222)Online publication date: May-2022
https://doi.org/10.1109/IPDPS53621.2022.00029
Sato MNakamura RYamauchi TTaniguchi H(2022)Improving Transparency of Hardware Breakpoints with Virtual Machine Introspection2022 12th International Congress on Advanced Applied Informatics (IIAI-AAI)10.1109/IIAIAAI55812.2022.00031(113-117)Online publication date: Jul-2022
https://doi.org/10.1109/IIAIAAI55812.2022.00031
Inokuchi KKourai K(2020)Secure VM management with strong user binding in semi-trusted cloudsJournal of Cloud Computing10.1186/s13677-020-0152-99:1Online publication date: 17-Jan-2020
https://doi.org/10.1186/s13677-020-0152-9
Li SKoh JNieh JHeninger NTraynor P(2019)Protecting cloud virtual machines from commodity hypervisor and host operating system exploitsProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361433(1357-1374)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361433
Patil RModi C(2019)An Exhaustive Survey on Security Concerns and Solutions at Different Components of VirtualizationACM Computing Surveys10.1145/328730652:1(1-38)Online publication date: 13-Feb-2019
https://dl.acm.org/doi/10.1145/3287306
Kumar RGoyal R(2019)On cloud security requirements, threats, vulnerabilities and countermeasuresComputer Science Review10.1016/j.cosrev.2019.05.00233:C(1-48)Online publication date: 1-Aug-2019
https://dl.acm.org/doi/10.1016/j.cosrev.2019.05.002
Ben Yehuda RZaidenberg N(2019)Protection against reverse engineering in ARMInternational Journal of Information Security10.1007/s10207-019-00450-1Online publication date: 2-Jul-2019
https://doi.org/10.1007/s10207-019-00450-1

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents