SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. InProceedingsofthetwenty-firstSymposiumonOperatingSystemsPrinciples
Uloženo v:
| Název: | SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. InProceedingsofthetwenty-firstSymposiumonOperatingSystemsPrinciples |
|---|---|
| Autoři: | Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig |
| Přispěvatelé: | The Pennsylvania State University CiteSeerX Archives |
| Zdroj: | http://www.cs.cmu.edu/%7E15712/papers//seshadri07.pdf. |
| Informace o vydavateli: | ACM |
| Rok vydání: | 2007 |
| Sbírka: | CiteSeerX |
| Témata: | Hypervisor, Code Attestation, Code Integrity, Preventing Code Injection Attacks, Memory Virtualization |
| Popis: | We propose SecVisor, a tiny hypervisor that ensures code integrity for commodity OS kernels. In particular, SecVisor ensures that only approved code can execute in kernel mode over the entire system lifetime. This protects the kernel against code injection attacks, such as kernel rootkits. SecVisor can achieve this property even against an attacker who controls everything but the CPU, the memory controller, and system memory. Further, SecVisor the attacker could have the knowledge of zero-day kernel exploits. Our design goals for SecVisor are small code size, small external interface, and ease of porting OS kernels. We rely on memory virtualization to build SecVisor and implement two versions, one using software memory virtualization and the other using CPU-supported memory virtualization. The code sizes of the runtime portions of these versions measure 1739 and 1112 lines, respectively. The size of the external interface for both versions of SecVisor is 2 hypercalls. We also port the Linux kernel version 2.6.20 to execute on SecVisor. This requires us to add 12 lines of code to the kernel and delete 81 lines, out of a total of approximately 4.3 million lines of code. |
| Druh dokumentu: | text |
| Popis souboru: | application/pdf |
| Jazyk: | English |
| Relation: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.220.5749; http://www.cs.cmu.edu/%7E15712/papers//seshadri07.pdf |
| Dostupnost: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.220.5749 http://www.cs.cmu.edu/%7E15712/papers//seshadri07.pdf |
| Rights: | Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
| Přístupové číslo: | edsbas.55DF65A5 |
| Databáze: | BASE |
Nájsť tento článok vo Web of Science | FullText | Text: Availability: 0 CustomLinks: – Url: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.220.5749# Name: EDS - BASE (s4221598) Category: fullText Text: View record from BASE – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Seshadri%20A Name: ISI Category: fullText Text: Nájsť tento článok vo Web of Science Icon: https://imagesrvr.epnet.com/ls/20docs.gif MouseOverText: Nájsť tento článok vo Web of Science |
|---|---|
| Header | DbId: edsbas DbLabel: BASE An: edsbas.55DF65A5 RelevancyScore: 837 AccessLevel: 3 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 837.334289550781 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. InProceedingsofthetwenty-firstSymposiumonOperatingSystemsPrinciples – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Arvind+Seshadri%22">Arvind Seshadri</searchLink><br /><searchLink fieldCode="AR" term="%22Mark+Luk%22">Mark Luk</searchLink><br /><searchLink fieldCode="AR" term="%22Ning+Qu%22">Ning Qu</searchLink><br /><searchLink fieldCode="AR" term="%22Adrian+Perrig%22">Adrian Perrig</searchLink> – Name: Author Label: Contributors Group: Au Data: The Pennsylvania State University CiteSeerX Archives – Name: TitleSource Label: Source Group: Src Data: <i>http://www.cs.cmu.edu/%7E15712/papers//seshadri07.pdf</i>. – Name: Publisher Label: Publisher Information Group: PubInfo Data: ACM – Name: DatePubCY Label: Publication Year Group: Date Data: 2007 – Name: Subset Label: Collection Group: HoldingsInfo Data: CiteSeerX – Name: Subject Label: Subject Terms Group: Su Data: <searchLink fieldCode="DE" term="%22Hypervisor%22">Hypervisor</searchLink><br /><searchLink fieldCode="DE" term="%22Code+Attestation%22">Code Attestation</searchLink><br /><searchLink fieldCode="DE" term="%22Code+Integrity%22">Code Integrity</searchLink><br /><searchLink fieldCode="DE" term="%22Preventing+Code+Injection+Attacks%22">Preventing Code Injection Attacks</searchLink><br /><searchLink fieldCode="DE" term="%22Memory+Virtualization%22">Memory Virtualization</searchLink> – Name: Abstract Label: Description Group: Ab Data: We propose SecVisor, a tiny hypervisor that ensures code integrity for commodity OS kernels. In particular, SecVisor ensures that only approved code can execute in kernel mode over the entire system lifetime. This protects the kernel against code injection attacks, such as kernel rootkits. SecVisor can achieve this property even against an attacker who controls everything but the CPU, the memory controller, and system memory. Further, SecVisor the attacker could have the knowledge of zero-day kernel exploits. Our design goals for SecVisor are small code size, small external interface, and ease of porting OS kernels. We rely on memory virtualization to build SecVisor and implement two versions, one using software memory virtualization and the other using CPU-supported memory virtualization. The code sizes of the runtime portions of these versions measure 1739 and 1112 lines, respectively. The size of the external interface for both versions of SecVisor is 2 hypercalls. We also port the Linux kernel version 2.6.20 to execute on SecVisor. This requires us to add 12 lines of code to the kernel and delete 81 lines, out of a total of approximately 4.3 million lines of code. – Name: TypeDocument Label: Document Type Group: TypDoc Data: text – Name: Format Label: File Description Group: SrcInfo Data: application/pdf – Name: Language Label: Language Group: Lang Data: English – Name: NoteTitleSource Label: Relation Group: SrcInfo Data: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.220.5749; http://www.cs.cmu.edu/%7E15712/papers//seshadri07.pdf – Name: URL Label: Availability Group: URL Data: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.220.5749<br />http://www.cs.cmu.edu/%7E15712/papers//seshadri07.pdf – Name: Copyright Label: Rights Group: Cpyrght Data: Metadata may be used without restrictions as long as the oai identifier remains attached to it. – Name: AN Label: Accession Number Group: ID Data: edsbas.55DF65A5 |
| PLink | https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edsbas&AN=edsbas.55DF65A5 |
| RecordInfo | BibRecord: BibEntity: Languages: – Text: English Subjects: – SubjectFull: Hypervisor Type: general – SubjectFull: Code Attestation Type: general – SubjectFull: Code Integrity Type: general – SubjectFull: Preventing Code Injection Attacks Type: general – SubjectFull: Memory Virtualization Type: general Titles: – TitleFull: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. InProceedingsofthetwenty-firstSymposiumonOperatingSystemsPrinciples Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Arvind Seshadri – PersonEntity: Name: NameFull: Mark Luk – PersonEntity: Name: NameFull: Ning Qu – PersonEntity: Name: NameFull: Adrian Perrig – PersonEntity: Name: NameFull: The Pennsylvania State University CiteSeerX Archives IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 01 Type: published Y: 2007 Identifiers: – Type: issn-locals Value: edsbas – Type: issn-locals Value: edsbas.oa Titles: – TitleFull: http://www.cs.cmu.edu/%7E15712/papers//seshadri07.pdf Type: main |
| ResultId | 1 |