JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2017, Vol. 52 ›› Issue (3): 38-43.doi: 10.6040/j.issn.1671-9352.1.2016.083

Previous Articles     Next Articles

A study on security enhancement technology for KVM Hypervisor

ZHAO Dan-dan1, CHEN Xing-shu1,2*, JIN Xin1   

  1. 1. School of Computing Sichuan University, Chengdu 610065, Sichuan, China;
    2.Cybersecurity Research Institute, Sichuan University, Chengdu 610065, Sichuan, China
  • Received:2016-08-18 Online:2017-03-20 Published:2017-03-20

Abstract: To enhance the security capabilities of kernel-based virtual machine(KVM)Hypervisor, a multi-level security capabilities enhancement technology was proposed based on multi vulnerabilities, including Hypervisor type trick, VMX instructions monitoring, the ioctl system call interface protection, dynamical KVM code measurement and anti-unloading technology, to enhance the security capabilities of the KVM Hypervisor and detect some unknown attacks base interfaces of KVM in time. Eventually a prototype system on the full-virtualization platform of KVM was implemented which was called(Security-KVM, Sec-KVM). The experimental result shows that the Sec-KVM is able to hide the virtualization type of the Hypervisor which enhanced the ability of anti-attack of Hypervisor, dynamically measure the integrity of the KVM and the ioctl system call interface which prevented spread of the attacks, and detect some unknown attacks based KVM service interfaces.

Key words: virtual machine monitor, type hide, ioctl system call, KVM, dynamic measurement

CLC Number: 

  • TP316
[1] 沈余锋,余小军.云计算环境下虚拟化安全探讨[J].电力信息与通信技术,2013,11(11):6-11. SHEN Yujun, YU Xiaojun. Virtualization security discussed in cloud computing environment[J].The power of information and communication technology, 2013, 11(11):6-11.
[2] Wikipedia.Virtual Machine Escape[EB/OL].[2016-03-20].http://en.wikipedia.org/wiki/Virtual-machine-escape.
[3] DING Baozeng, HE Yeping, WU Yanjun, et al. Systemic threats to hypervisor non-control data[J].Information Security, 2013, 7(4):349-354.
[4] 沈昌祥,张焕国,王怀民,等.可信计算的研究与发展[J].中国科学:信息科学,2010,40:139-166. SHEN Changxiang, ZHANG Huanguo, WANG Huaimin, et al. Research and development of trusted computing[J].China Science: Information Science, 2010, 40:139-166.
[5] WANG Zhi, JIANG Xuxian, HyperSafe:A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity[C].Proceedings Of IEEE Symposium on Security and Privacy, 2010:380-395.
[6] AZAB A M, NING Peng, WANG Zhi, et al. HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity[C]. Proceedings of 17th ACM Conference on Computer and Communications Security, 2010:38-49.
[7] 刘宏.云计算环境下虚拟机逃逸问题研究[D].上海:上海大学计算机工程与科学学院,2015. LIU Hong. The research of virtual machine escape in cloud computing environment[D].Shanghai: School of Computer Engineering and Science, Shanghai University, 2015.
[8] XIA Yubin, LIU Yutao, CHEN Haibo, et al. Defending against VM Rollback Attack[C]. Proceedings of 2nd International Workshop on Dependability of Clouds, Data Centers and Virtual Machine Technology(DCDV 2012), 2012.
[9] 杨峰, 姜辉, 诸葛建伟,等. 虚拟机环境检测方法研究综述[J]. 中国科技论文在线, 2012, 33(8):1830-1835. YANG Feng, JIANG Hui, ZHUGE Jianwei, et al. A survey on Virtual Machine Environment Detection Methods[J]. China Science and Technology Papers Online, 2012, 33(8):1830-1835.
[10] Vpsee. How to judge whether the Linux running on the virtual machine [EB/OL].[2015-10-28].http://www.vpsee.com/2011/01/how-to-detect-if-a-linux-system-running-on-a-virtual-machine/.
[11] Corporation Intel. Intel 64 and IA-32 Architectures Software Developer’s Manual Volume3C: System Programming Guide[EB/OL]. [2015-12-25]. http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf.
[12] CrowdStrike. VENOM VIRTUALIZED ENVIRONMENT NEGLETED OPERATIONS MANIPULATION[EB/OL].[2016-01-12]. http://venom.crowdstrike.com/.
[13] 陈兴蜀, 赵丹丹, 李辉,等. 基于虚拟化的不可信模块运行监控[J]. 华中科技大学学报:自然科学版, 2016, 44(3):34-38. CHEN Xingshu, ZHAO Dandan, LI Hui, et al. Virtualization-based monitoring of untrusted extesions execution[J]. Journal of Huazhong University of Science and Technology: natural science edition, 2016, 44(3):34-38.
[14] 落尘纷扰.内核符号表的生成和查找过程[EB/OL].[2015-03-01].http://blog.csdn.net/jasonchen-gbd/article/details/44025681. LUOCEHN Fanrao.The generation of the kernel symbol table and search process [EB/OL].[2015-03-01].http://blog.csdn.net/jasonchen-gbd/article/details/44025681.
[15] Terenceli. The analysis and use of VENOM [EB/OL].[2015-06-08].http://terenceli.github.io/%E6%8A%80%E6%9C%AF/2015/06/26/venom.
[16] HANN Little. Linux System Calls Hooking Method Summary[EB/OL].[2015-03-15].http://www.cnblogs.com/LittleHann/p/3854977.html.
[17] 梭溪.动态替换Linux核心函数的原理和实现[EB/OL].[2016-03-18].https://www.ibm.com/developerworks/cn/linux/l-knldebug/. SUO Xi. The principle and implementation of dynamic replacement of the Linux kernel functions[EB/OL].[2016-03-18].https://www.ibm.com/developerworks/cn/linux/l-knldebug/.
[1] HUANG Yu-qing, ZHAO Bo, XIAO Yu, TAO Wei. A vTPM-VM live migration scheme based on KVM [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(6): 69-75.
[2] JI Xiang-min, ZHAO Bo, XIANG Shuang, XIA Zhong-lin. Formally analyzing VMM dynamic measurement based on extended LS2 [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(09): 1-8.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!