OB-IMA: out-of-the-box integrity measurement approach for guest virtual machines
Corresponding Author
Bin Xing
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Correspondence to: Bin Xing, School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China.
E-mail: [email protected]
Search for more papers by this authorZhen Han
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Search for more papers by this authorXiaolin Chang
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Search for more papers by this authorJiqiang Liu
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Search for more papers by this authorCorresponding Author
Bin Xing
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Correspondence to: Bin Xing, School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China.
E-mail: [email protected]
Search for more papers by this authorZhen Han
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Search for more papers by this authorXiaolin Chang
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Search for more papers by this authorJiqiang Liu
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Search for more papers by this authorSummary
Infrastructure as a Service cloud provides elasticity and scalable virtual machines (VMs) as computing service to multiple tenants, but the tenants lose the full control of their data. Measuring the integrity of critical files of the VMs and providing the integrity attestation to the tenants on the basis of TCG trusted computing techniques is an effective way to alleviate their anxiety. This paper considers how to measure the integrity of the processes run in guest VMs and files opened in guest VMs. We propose an out-of-the-box integrity measurement approach to measure the integrity of critical files through system call (syscall) interception without any modification of the guest VMs. Out-of-the-box integrity measurement approach can not only measure the integrity of all files that have been considered by existing approaches but also measure the integrity of the system configuration files, program loaders, and script interpreters, which affect the system behaviors and integrity. The ability of supporting both system and manual measurement policies makes our approach flexible. We implement this approach in Xen hypervisor with little modification of the existing syscall interception method, and this approach can be ported to other virtualization platform easily. Copyright © 2014 John Wiley & Sons, Ltd.
References
- 1 Trusted Computing Group. (Available from: https://www.trustedcomputinggroup.org/) [Accessed on 1 July 2013].
- 2 Trusted Computing Group. Trusted platform module (TPM) specifications. (Available from: https://www.trustedcomputinggroup.org/specs/TPM) [Accessed on 1 July 2013].
- 3 Jiang X, Wang X, Xu D. Stealthy malware detection through VMM-based “Out-of-the-Box” semantic view reconstruction. Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), October 2007, 2007, 128–138. DOI: 10.1145/1315245.1315262.
- 4 Sailer R, Zhang X, Jaeger T, Doorn LV. Design and implementation of a TCG-based integrity measurement architecture. Proceedings of the 13th USENIX Security Symposium (SSYM), August 2004, 2004; 16–16.
- 5 Jaeger T, Sailer R, Shankar U. PRIMA: policy-reduced integrity measurement architecture. Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT), June 2006, 2006; 19–28. DOI: 10.1145/1133058.1133063.
- 6 Catuogno L, Visconti I. An architecture for kernel-level verification of executables at run time. The Computer Journal 2004; 47(5): 511–526. DOI: 10.1093/comjnl/47.5.511.
- 7
Catuogno L,
Gassirà R,
Masullo M,
Visconti I. SmartK: smart cards in operating systems at kernel level. Information Security Technical Report 2013; 17(3): 93–104. DOI: 10.1016/j.istr.2012.10.003.
10.1016/j.istr.2012.10.003 Google Scholar
- 8 Cheng G, Jin H, Zou D, Zhang X. Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing. Concurrency and Computation: Practice and Experience 2005; 22(13): 1893–1910. DOI: 10.1002/cpe.1614.
- 9 Azab AM, Ning P, Sezer EC, Zhang X. HIMA: a hypervisor-based integrity measurement agent. Proceedings of the 25th Computer Security Applications Conference (ACSAC), December 2009, 2009; 461–470. DOI: 10.1109/ACSAC.2009.50.
- 10 Neisse R, Holling D, Pretschnet A. Implenting trust in cloud infrastructures. Proceedings of 11th the IEEE/ACM International Conference on Cluster, Cloud and Grid Computing (CCGRID), May 2011, 2011; 524–533. DOI: 10.1109/CCGrid.2011.35.
- 11 Zou B, Zhang H. Integrity protection and attestation of security critical executions on virtualized platform in cloud computing environment. Proceedings of the 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, August 2013, 2013; 2071–2075. DOI: 10.1109/GreenCom-iThings-CPSCom.2013.388.
- 12 Quynh NA, Takefuji Y. A novel approach for a file-system integrity monitor tool of Xen virtual machine. Proceedings of the 2nd ACM Sumposium on Information, Computer and Communications Security (ASIACCS), March 2007, 2007; 194–202. DOI: 10.1145/1229285.1229313.
- 13 Srinivasan D, Wang Z, Jiang X, Xu D. Process out-grafting: an efficient “Out-of-VM” approach for fine-grained process execution monitoring. Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), October 2011, 2011; 363–374.
- 14 Hwang T, Shin Y, Son K, Park H. Design of a hypervisor-based rootkit detection method for virtualized systems in cloud computing environments. Proceedings of the 2013 AASRI Winter International Conference on Engineering and Technology, December 2013, 2013; 27–32. DOI: to be assigned soon.
- 15 Wang X, Karri R. NumChecker: detecting kernel control-flow modifying rootkits by using hardware performance counters. Proceedings of the 50th Annual Design Automation Conference (DAC), May 2013, 2013; 79. DOI: 10.1145/2463209.2488831.
- 16 Dinaburg A, Royal P, Sharif M, Lee W. Ether: malware analysis via hardware virtualization extensions. Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS), October 2008, 2008; 51–62. DOI: 10.1145/14557701455779.
- 17 Barham P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A. Xen and the art of virtualization. Proceedings of the 19th ACM Symposium on Operating Systems Principles (SSOP), December 2003, 2003; 164–177. DOI: 10.1145/945445.945462.
- 18 Berger S, Cáceres R, Goldman KA, Perez R, Sailer R, Doorn LV. vTPM: virtualizing the trusted platform module. Proceedings of the 15th USENIX Security Symposium (SSYM), August 2006, 2006; 21–21.
- 19 Griffin J L, Jaeger T, Perez R, Sailer R, Doorn LV, Cáceres R. Trusted virtual domains: toward secure distributed services. Proceedings of the 1st Conference on Hot Topics in System Dependability (HotDep), June 2005, 2005; 4–4.
- 20
Catuogno L,
Löhr H,
Manulis M,
Sadeghi AR,
Stüble C,
Winandy M. Trusted virtual domains: color your network. Datenschutz und Datensicherheit DuD 2010; 34(5): 289–294. DOI: 10.1007/s11623-010-0089-0.
10.1007/s11623‐010‐0089‐0 Google Scholar
- 21 Catuogno L, Dmitrienko A, Eriksson K, Kuhlmann D, Ramunno G, Sadeghi AR, Schulz S, Schunter M, Winandy M, Zhan J. Trusted virtual domains - design, implementation and lessons learned. Lecture Notes in Computer Science 2010; 6163: 156–179. DOI: 10.1007/978-3-642-14597-1_10.
- 22
Berger S,
Cáceres R,
Pendarakis D,
Sailer R,
Valdez E. TVDc: managing security in the trusted virtual datacenter. ACM SIGOPS Operating Systems Review 2008; 42(1): 40–47. DOI: 10.1145/1341312.1341321.
10.1145/1341312.1341321 Google Scholar
- 23 McCune JM, Jaeger T, Berger S, Cáceres R, Sailer R. Shamon: a system for distributed mandatory access control. Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC), December 2006, 2006; 23–32. DOI: 10.1109/ACSAC.2006.47.
- 24 Payne BD, de Carbone MDP, Lee W. Secure and flexible monitoring of virtual machines. Proceeding of the 23rd Computer Security Applications Conference (ACSAC), December 2007, 2007; 385–397. DOI: 10.1109/ACSAC.2007.10.
- 25 Wu X, Gao Y, Tian X, Song Y, Guo B, Feng B, Sun Y. SecMon: a secure introspection framework for hardware virtualization. Proceedings of the 2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, Febrary 2013, 2013; 282–286. DOI: 10.1109/PDP.2013.48.
- 26 Trusted Computing Group. TCG Specification Architecture Overview, Specification Revision 1.4. (Available from: https://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version_14) [Accessed on 1 July 2013].
- 27 Strace. (Available from: http://sourceforge.net/projects/strace/) [Accessed on 1 July 2013].
- 28 Frédéric B, Olivier F. Syscall Interception in Xen Hypervisor. (Available from: http://hal.archives-ouvertes.fr/docs/00/43/10/31/PDF/Technical_Report_Syscall_Interception.pdf) [Accessed on 1 July 2013].
- 29 Tamberi F, Maggiari D, Sgandurra D, Baiardi F. Semantics-driven introspection in a virtual environment. IEEE Computer Society: Los Alamitos, 2008; 299–302. DOI: 10.1109/IAS.2008.17.
- 30
Baiardi F,
Maggiari D,
Sgandurra D,
Tamberi F. Transparent process monitoring in a virtual environment. Electronic Notes in Theoretical Computer Science 2009; 236: 85–100. DOI: 10.1016/j.entcs.2009.03.016.
10.1016/j.entcs.2009.03.016 Google Scholar
- 31 Baiardia F, Sgandurra D. Attestation of integrity of overlay networks. Journal of Systems Architecture 2011; 57(4): 463–473. DOI: 10.1016/j.sysarc.2010.06.001.
- 32 XenTrace. (Available from: http://www.xen.org/) [Accessed on 1 July 2013].
- 33 libMicro. (Available from: https://java.net/projects/libmicro/pages/Home/) [Accessed on 1 July 2013].
- 34 Hund R, Holz T, Freiling FC. Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. Proceedings of the 18th USENIX Security Symposium (SSYM), August 2009, 2009; 383–398.
- 35 Shacham H. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), October 2007, 2007; 552–561. DOI: 10.1145/1315245.1315313.
- 36 Davi L, Sadeghi AR, Winandy M. ROPdefender: a detection tool to defend against return-oriented programming attacks. Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), March 2011, 2011; 40–51. DOI: 10.1145/1966913.1966920.
- 37 Bahram S, Jiang X, Wang Z, Rhee J, Xu D. DKSM: subverting virtual machine introspection for fun and profit. Proceedings of the 29th IEEE Symposium on Reliable Destributed Systems, October 2008, 2008; 82–91. DOI: 10.1109/SRDS.2010.39.
