Abstract

This paper presents a solution that simultaneously addresses both reliability and security (RnS) in a monitoring framework. We identify the commonalities between reliability and security to guide the design of Hyper Tap, a hyper visor-level framework that efficiently supports both types of monitoring in virtualization environments. In Hyper Tap, the logging of system events and states is common across monitors and constitutes the core of the framework. The audit phase of each monitor is implemented and operated independently. In addition, Hyper Tap relies on hardware invariants to provide a strongly isolated root of trust. Hyper Tap uses active monitoring, which can be adapted to enforce a wide spectrum of RnS policies. We validate Hyper Tap by introducing three example monitors: Guest OS Hang Detection (GOSHD), Hidden Root Kit Detection (HRKD), and Privilege Escalation Detection (PED). Our experiments with fault injection and real root kits/exploits demonstrate that Hyper Tap provides robust monitoring with low performance overhead.

Original languageEnglish (US)
Title of host publicationProceedings of the International Conference on Dependable Systems and Networks
PublisherIEEE Computer Society
Pages13-24
Number of pages12
ISBN (Electronic)9781479922338
DOIs
StatePublished - Sep 18 2014
Event44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 - Atlanta, United States
Duration: Jun 23 2014Jun 26 2014

Publication series

NameProceedings of the International Conference on Dependable Systems and Networks

Other

Other44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014
Country/TerritoryUnited States
CityAtlanta
Period6/23/146/26/14

Keywords

  • Fault Injection
  • Hypervisor
  • Invariant
  • Monitoring
  • Reliability
  • Rootkit
  • Security

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Reliability and security monitoring of virtual machines using hardware architectural invariants'. Together they form a unique fingerprint.

Cite this