Change search
ReferencesLink to record
Permanent link

Direct link
Hypervisor Integrity Measurement Assistant
RISE, Swedish ICT, SICS. Computer Systems Laboratory.
Number of Authors: 2
2012 (English)Report (Other academic)
Abstract [en]

An attacker who has gained access to a computer may want to upload or modify configuration files, etc., and run arbitrary programs of his choice. We can severely restrict the power of the attacker by having a white-list of approved file checksums and preventing the kernel from loading loading any file with a bad checksum. The check may be placed in the kernel, but that requires a kernel that is prepared for it. The check may also be placed in a hypervisor which intercepts and prevents the kernel from loading a bad file. We describe the implementation of and give performance results for two systems. In one the checksumming, or integrity measurement, and decision is performed by the hypervisor instead of the OS. In the other only the final integrity decision is done in the hypervisor. By moving the integrity check out from the VM kernel it becomes harder for the intruder to bypass the check. We conclude that it is technically possible to put file integrity control into the hypervisor, both for kernels without and with pre-compiled support for integrity measurement.

Place, publisher, year, edition, pages
Kista, Sweden: Swedish Institute of Computer Science , 2012, 11.
SICS Technical Report, ISSN 1100-3154 ; 2012:06
National Category
Computer and Information Science
URN: urn:nbn:se:ri:diva-15241OAI: diva2:1036557
Available from: 2016-10-13 Created: 2016-10-13

Open Access in DiVA

fulltext(394 kB)5 downloads
File information
File name FULLTEXT01.pdfFile size 394 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 5 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

ReferencesLink to record
Permanent link

Direct link