skip to main content
tutorial

HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM

Authors Info & Claims
Published:08 April 2017Publication History
Skip Abstract Section

Abstract

Once compromising the hypervisor, remote or local adversaries can easily access other customers' sensitive data in the memory and context of guest virtual machines (VMs). VM isolation is an efficient mechanism for protecting the memory of guest VMs from unauthorized access. However, previous VM isolation systems either modify hardware architecture or introduce a software module without being protected, and most of them focus on the x86 architecture.

This paper proposes HA-VMSI, a lightweight hardware-assisted VM isolation approach for ARM, to provide runtime protection of guest VMs, even with a compromised hypervisor. In the ARM TrustZone secure world, a thin security monitor is introduced as HA-VMSI's entire TCB. Hence, the security monitor is much less vulnerable and safe from attacks that can compromise the hypervisor. The key of HA-VMSI is decoupling the functions of memory isolation among VMs from the hypervisor into the security monitor. As a result, the hypervisor can only update the Stage-2 page tables of VMs via the security monitor, which inspects and approves each new mapping. It is worth noting that HA-VMSI is more secure and effective than current software approaches, and more flexible and compatible than hardware approaches. We have implemented a prototype for KVM hypervisor with multiple Linux as guest OSes on Juno board. The security assessment and performance evaluation show that HA-VMSI is effective, efficient and practical.

References

  1. Gunawi H S, Hao M, Leesatapornwongsa T, et al. What Bugs Live in the Cloud? A Study of 3000+ Issues in Cloud Systems. In Proceedings of SOCC, pages 1--14, 2014.Google ScholarGoogle Scholar
  2. CVEdetails.com, Xen: Vulnerability statistics, http://www.cvedetails.com/vendor/6276/XEN.html.Google ScholarGoogle Scholar
  3. Vmware: Vulnerability statistics. http://www.cvedetails.com/vendor/252/Vmware.html.Google ScholarGoogle Scholar
  4. ELHAGE, N. Virtualization Under Attack: Breaking out of KVM. In Black Hat USA Conference, 2011.Google ScholarGoogle Scholar
  5. K. Kortchinsky. CLOUDBURST: A VMware Guest to Host Escape Story. In Black Hat USA Conference, 2009.Google ScholarGoogle Scholar
  6. Techspot. Google fired employees for breaching user privacy. http://www.techspot.com/news/40280-google-firedemployees-for-breaching-user-privacy.html.Google ScholarGoogle Scholar
  7. Azab A M, Ning P, Shah J, et al. Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. In Proceedings of CCS, pages 90--102, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Zhou Y, Wang X, Chen Y, et al. Armlock: Hardware-based Fault Isolation for ARM. In Proceedings of CCS, pages 558--569, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. ARM Ltd. TrustZone. http://www.arm.com/products/processors/technologies/trustzone.php.Google ScholarGoogle Scholar
  10. Wang B, Zheng Y, Lou W, et al. DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking. Computer Networks, 81: 308--319, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. ARM Ltd. ARM Cryptography Extension. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0500e/DDI0500E_cortex_a53_r0p3_trm.pdf.Google ScholarGoogle Scholar
  12. Weinhold C, Hrtig H. jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components. In Proceedings of ATC, 2011.Google ScholarGoogle Scholar
  13. Ranjbar A, Komu M, Salmela P, et al. An SDN-based Approach to Enhance the End-to-End Security: SSL/TLS Case Study. In Proceedings of the IEEE/IFIP NOMS, pages 281--288, 2016.Google ScholarGoogle ScholarCross RefCross Ref
  14. Dall C, Nieh J. KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor. In Proceedings of ASPLOS, pages 333--348, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. R. Wojtczuk and J. Rutkowska. Attacking SMM Memory via Intel CPU Cache Poisoning. Invisible Things Lab, 2009.Google ScholarGoogle Scholar
  16. KVM Project. http://www.linux-kvm.org/page/KSM.Google ScholarGoogle Scholar
  17. Fangxiao Ning, Min Zhu, et al. Group-based Memory Deduplication Against Covert Channel Attacks in Virtualized Environments. In Proceedings of TrustCom, 2016. Google ScholarGoogle ScholarCross RefCross Ref
  18. ARM-software. ARM Trusted Firmware. https://github.com/ARM-software/arm-trusted-firmware.Google ScholarGoogle Scholar
  19. Rosenberg, D. QSEE TrustZone Kernel Integer Overflow Vulnerability. In Black Hat USA Conference, 2014.Google ScholarGoogle Scholar
  20. Vulnerability Summary for CVE-2009-2287. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2287.Google ScholarGoogle Scholar
  21. Vulnerability Summary for CVE-2016-1570. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1570.Google ScholarGoogle Scholar
  22. Vulnerability Summary for CVE-2015-8967. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8967.Google ScholarGoogle Scholar
  23. Vulnerability Summary for CVE-2014-3124. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3124.Google ScholarGoogle Scholar
  24. Kim T, Peinado M, Mainar-Ruiz G. STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in The Cloud. In Proceedings of USENIX Security, pages 189--204, 2012.Google ScholarGoogle Scholar
  25. Varadarajan V, Ristenpart T, Swift M. Scheduler-based Defenses Against Cross-VM Side-Channels. In Proceedings of USENIX Security, pages 687--702, 2014.Google ScholarGoogle Scholar
  26. R. Sailer, E. Valdez, T. Jaeger, et al. sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. Technical Report, IBM Research, 2005.Google ScholarGoogle Scholar
  27. A. Seshadri, M. Luk, N. Qu, and A. Perrig. Secvisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In Proceedings of SOSP, pages 335--350, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. R. Riley, X. Jiang, and D. Xu. Guest-transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. In Proceedings of RAID, pages 1--20, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Zhi Wang, Xuxian Jiang, Weidong Cui, and Peng Ning. Countering Kernel Rootkits with Lightweight Hook Protection. In Proceedings of CCS, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Hofmann O S, Dunn A M, Kim S, et al. Ensuring Operating System Kernel Integrity with OSck. In Proceedings of ASPLOS, pages 279--290, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. T. Shinagawa, H. Eiraku, K. Tanimoto, etc. BitVisor: A Thin Hypervisor for Enforcing I/O Device Security. In Proceedings of VEE, pages 121--130, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. X. Jiang, X. Wang, and D. Xu. Stealthy Malware Detection Through VMM-based Out-of-the-box Semantic View Reconstruction. In Proceedings of CCS, pages 128--138, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. M. Sharif, W. Lee, W. Cui, and A. Lanzi. Secure In-VM Monitoring Using Hardware Virtualization. In Proceedings of CCS, pages 477--487, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Chen X, Garfinkel T, Lewis E C, et al. Overshadow: A Virtualization-based Approach to Retrofitting Protection in Commodity Operating Systems. Acm Sigops Operating Systems Review, 36(1): 2--13, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. J. Yang and K. Shin. Using Hypervisor to Provide Data Secrecy for User Applications on a Per-Page Basis. In Proceedings of VEE, pages 71--80, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Mccune J M, Li Y, Qu N, et al. TrustVisor: Efficient TCB Reduction and Attestation. In Proceedings of S&P, pages 143--158, 2010.Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Hofmann O S, Kim S, Dunn A M, et al. InkTag: Secure Applications on an Untrusted Operating System. In Proceedings of ASPLOS, pages 265--278, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Ren J, Qi Y, Dai Y, et al. AppSec: A Safe Execution Environment for Security Sensitive Applications. n Proceedings of VEE, pages 187--199, 2015.Google ScholarGoogle Scholar
  39. D. Champagne and R. Lee. Scalable Architectural Support for Trusted Software. In Proceedings of HPCA, pages 1--12, 2010. Google ScholarGoogle ScholarCross RefCross Ref
  40. S. Chhabra, B. Rogers, Y. Solihin, and M. Prvulovic. Secureme: A Hardware-Software Approach to Full System Security. In Proceedings of ICS, pages 108--119, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Wang J, Stavrou A, Ghosh A. HyperCheck: A Hardware-Assisted Integrity Monitor. In Proceedings of RAID, pages 158--177, 2010. Google ScholarGoogle ScholarCross RefCross Ref
  42. Azab A M, Ning P, Wang Z, et al. HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity. In Proceedings of CCS, pages 38--49, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Wang Z, Jiang X. Hypersafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In Proceedings of S&P, pages 380--395, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Klein G, Elphinstone K, Heiser G, et al. seL4: Formal Verification of an OS Kernel. In Proceedings of SOSP, pages 207--220, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Murray T, Matichuk D, Brassil M, et al. seL4: From General Purpose to a Proof of Information Flow Enforcement. In Proceedings of S&P, pages 415--429, 2013.Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Steinberg, U. and B. Kauer. NOVA: A Microhypervisor-Based Secure Virtualization Architecture. In Proceedings of EUROSYS, pages 209--222, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Wang Z, Wu C, Grace M, et al. Isolating Commodity Hosted Hypervisors with Hyperlock. In Proceedings of CCS, pages 127--140, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Wu C, Wang Z, Jiang X. Taming Hosted Hypervisors with (Mostly) Deprivileged Execution. In Proceedings of NDSS, pages 146--161, 2013.Google ScholarGoogle Scholar
  49. Keller E, Szefer J, Rexford J, et al. NoHype: Virtualized Cloud Infrastructure without the Virtualization. In Proceedings of ISCA, pages 350--361, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Szefer J, Keller E, Lee R B, et al. Eliminating the Hypervisor Attack Surface for a More Secure Cloud. In Proceedings of CCS, pages 401--412, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Wang X, Qi Y, Dai Y, et al. TrustOSV: Building Trustworthy Executing Environment with Commodity Hardware for a Safe Cloud. Journal of Computers, 9(10): 2303--2314, 2014. Google ScholarGoogle ScholarCross RefCross Ref
  52. Zhang F, Chen J, Chen H, et al. CloudVisor: Retrofitting Protection of Virtual Machines in Multi-Tenant Cloud with Nested Virtualization. In Proceedings of SOSP, pages 203--216, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Jin S, Ahn J, Cha S, et al. Architectural Support for Secure Virtualization under a Vulnerable Hypervisor. In Proceedings of MICRO, pages 272--283, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Szefer J, Lee R B. Architectural Support for Hypervisor-Secure Virtualization. In Proceedings of ASPLOS, pages 437--450, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Xia Y, Liu Y, Chen H. Architecture Support for Guest-Transparent VM Protection from Untrusted Hypervisor and Physical Attacks. In Proceedings of HPCA, pages 246--257, 2013.Google ScholarGoogle Scholar
  56. Evtyushkin D, Elwell J, Ozsoy M, et al. Iso-x: A Flexible Architecture for Hardware-Managed Isolated Execution. In Proceedings of MICRO, pages 190--202, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. McKeen F, Alexandrovich I, Berenzon A, et al. Innovative Instructions and Software Model for Isolated Execution. In Proceedings of HASP, pages 73--80, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Popa R A, Redfield C M S, Zeldovich N, et al. CryptDB: Protecting Confidentiality with Encrypted Query Processing. In Proceedings of SOSP, pages 85--100, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Tetali S D, Lesani M, Majumdar R, et al. MrCrypt: Static Analysis for Secure Cloud Computations. In Proceedings of OOPSLA, pages 271--286, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. C. Gentry, S. Halevi, and N. Smart. Homomorphic Evaluation of the AES Circuit. Advances in Cryptology, pages 850--867, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 52, Issue 7
      VEE '17
      July 2017
      256 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/3140607
      Issue’s Table of Contents
      • cover image ACM Conferences
        VEE '17: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments
        April 2017
        261 pages
        ISBN:9781450349482
        DOI:10.1145/3050748

      Copyright © 2017 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 8 April 2017

      Check for updates

      Qualifiers

      • tutorial
      • Research
      • Refereed limited

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!