Reliability and security monitoring of virtual machines using hardware architectural invariants

Cuong Pham, Zachary Estrada, Phuong Cao, Zbigniew Kalbarczyk, Ravishankar K. Iyer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper presents a solution that simultaneously addresses both reliability and security (RnS) in a monitoring framework. We identify the commonalities between reliability and security to guide the design of Hyper Tap, a hyper visor-level framework that efficiently supports both types of monitoring in virtualization environments. In Hyper Tap, the logging of system events and states is common across monitors and constitutes the core of the framework. The audit phase of each monitor is implemented and operated independently. In addition, Hyper Tap relies on hardware invariants to provide a strongly isolated root of trust. Hyper Tap uses active monitoring, which can be adapted to enforce a wide spectrum of RnS policies. We validate Hyper Tap by introducing three example monitors: Guest OS Hang Detection (GOSHD), Hidden Root Kit Detection (HRKD), and Privilege Escalation Detection (PED). Our experiments with fault injection and real root kits/exploits demonstrate that Hyper Tap provides robust monitoring with low performance overhead.

Original languageEnglish (US)
Title of host publicationProceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages13-24
Number of pages12
ISBN (Electronic)9781479922338
DOIs
StatePublished - Sep 18 2014
Event44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 - Atlanta, United States
Duration: Jun 23 2014Jun 26 2014

Publication series

NameProceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014

Other

Other44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014
CountryUnited States
CityAtlanta
Period6/23/146/26/14

Keywords

  • Fault Injection
  • Hypervisor
  • Invariant
  • Monitoring
  • Reliability
  • Rootkit
  • Security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software

Fingerprint Dive into the research topics of 'Reliability and security monitoring of virtual machines using hardware architectural invariants'. Together they form a unique fingerprint.

Cite this