Change search
ReferencesLink to record
Permanent link

Direct link
Hypervisor Integrity Measurement Assistant
RISE, Swedish ICT, SICS. RISE, Swedish ICT, SICS, Computer Systems Laboratory. SEC.
TESPEVS.
Number of Authors: 2
2012 (English)Report (Other academic)
Abstract [en]

An attacker who has gained access to a computer may want to upload or modify configuration files, etc., and run arbitrary programs of his choice. We can severely restrict the power of the attacker by having a white-list of approved file checksums and preventing the kernel from loading loading any file with a bad checksum. The check may be placed in the kernel, but that requires a kernel that is prepared for it. The check may also be placed in a hypervisor which intercepts and prevents the kernel from loading a bad file. We describe the implementation of and give performance results for two systems. In one the checksumming, or integrity measurement, and decision is performed by the hypervisor instead of the OS. In the other only the final integrity decision is done in the hypervisor. By moving the integrity check out from the VM kernel it becomes harder for the intruder to bypass the check. We conclude that it is technically possible to put file integrity control into the hypervisor, both for kernels without and with pre-compiled support for integrity measurement.

Place, publisher, year, edition, pages
Kista, Sweden: Swedish Institute of Computer Science , 2012, 11.
Series
SICS Technical Report, ISSN 1100-3154 ; 2012:06
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:ri:diva-24054OAI: oai:DiVA.org:ri-24054DiVA: diva2:1043133
Projects
TESPEVSCNS
Available from: 2016-10-31 Created: 2016-10-31

Open Access in DiVA

fulltext(394 kB)5 downloads
File information
File name FULLTEXT01.pdfFile size 394 kBChecksum SHA-512
244348bda01af81d761c5edfad518784fa121877eda6ea201dc8147f2dfad02226466a15b72f1264e93de6047db608319b952dad66c9d5d20a4a7bf4f74f83e9
Type fulltextMimetype application/pdf

By organisation
SICSComputer Systems Laboratory
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 5 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 3 hits
ReferencesLink to record
Permanent link

Direct link