@inproceedings{3d36be622c134260a9df80e248801e75,
title = "Reliability and security monitoring of virtual machines using hardware architectural invariants",
abstract = "This paper presents a solution that simultaneously addresses both reliability and security (RnS) in a monitoring framework. We identify the commonalities between reliability and security to guide the design of Hyper Tap, a hyper visor-level framework that efficiently supports both types of monitoring in virtualization environments. In Hyper Tap, the logging of system events and states is common across monitors and constitutes the core of the framework. The audit phase of each monitor is implemented and operated independently. In addition, Hyper Tap relies on hardware invariants to provide a strongly isolated root of trust. Hyper Tap uses active monitoring, which can be adapted to enforce a wide spectrum of RnS policies. We validate Hyper Tap by introducing three example monitors: Guest OS Hang Detection (GOSHD), Hidden Root Kit Detection (HRKD), and Privilege Escalation Detection (PED). Our experiments with fault injection and real root kits/exploits demonstrate that Hyper Tap provides robust monitoring with low performance overhead.",
keywords = "Fault Injection, Hypervisor, Invariant, Monitoring, Reliability, Rootkit, Security",
author = "Cuong Pham and Zachary Estrada and Phuong Cao and Zbigniew Kalbarczyk and Iyer, {Ravishankar K.}",
note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 ; Conference date: 23-06-2014 Through 26-06-2014",
year = "2014",
month = sep,
day = "18",
doi = "10.1109/DSN.2014.19",
language = "English (US)",
series = "Proceedings of the International Conference on Dependable Systems and Networks",
publisher = "IEEE Computer Society",
pages = "13--24",
booktitle = "Proceedings of the International Conference on Dependable Systems and Networks",
}