Paper Info
Title
Reliability and Security Monitoring of Virtual Machines Using Hardware Architectural Invariants.
Abstract
This paper presents a solution that simultaneously addresses both reliability and security (RnS) in a monitoring framework. We identify the commonalities between reliability and security to guide the design of HyperTap, a hypervisor-level framework that efficiently supports both types of monitoring in virtualization environments. In HyperTap, the logging of system events and states is common across monitors and constitutes the core of the framework. The audit phase of each monitor is implemented and operated independently. In addition, HyperTap relies on hardware invariants to provide a strongly isolated root of trust. HyperTap uses active monitoring, which can be adapted to enforce a wide spectrum of RnS policies. We validate HyperTap by introducing three example monitors: Guest OS Hang Detection (GOSHD), Hidden RootKit Detection (HRKD), and Privilege Escalation Detection (PED). Our experiments with fault injection and real rootkits/exploits demonstrate that HyperTap provides robust monitoring with low performance overhead.
Year
DOI
Venue
2014
10.1109/DSN.2014.19
DSN
Keywords
Field
DocType
reliability,hypervisor,rootkit,ped,security,invariant,data structures,virtual machines,hardware,kernel
Virtualization,Virtual machine,Computer science,Privilege escalation,Hypervisor,Real-time computing,Computer hardware,Fault injection,Distributed computing,Data structure,Rootkit,Exploit,Operating system,Embedded system
Conference
ISSN
Citations 
PageRank 
1530-0889
8
0.64
References 
Authors
0
5
Name
Order
Citations
PageRank
Cuong Pham128420.72
Zachary Estrada2122.04
Phuong Cao3334.90
Zbigniew Kalbarczyk41896159.48
Ravishankar K. Iyer53489504.32