DKSM:颠覆虚拟机自省的乐趣和利益

2010 29th IEEE Symposium on Reliable Distributed Systems Pub Date : 2010-10-31 DOI:10.1109/srds.2010.39

Sina Bahram, Xuxian Jiang, Zhi Wang, Michael C. Grace, Jinku Li, D. Srinivasan, J. Rhee, Dongyan Xu

{"title":"DKSM:颠覆虚拟机自省的乐趣和利益","authors":"Sina Bahram, Xuxian Jiang, Zhi Wang, Michael C. Grace, Jinku Li, D. Srinivasan, J. Rhee, Dongyan Xu","doi":"10.1109/srds.2010.39","DOIUrl":null,"url":null,"abstract":"Virtual machine (VM) introspection is a powerful technique for determining the specific aspects of guest VM execution from outside the VM. Unfortunately, existing introspection solutions share a common questionable assumption. This assumption is embodied in the expectation that original kernel data structures are respected by the untrusted guest and thus can be directly used to bridge the well-known semantic gap. In this paper, we assume the perspective of the attacker, and exploit this questionable assumption to subvert VM introspection. In particular, we present an attack called DKSM (Direct Kernel Structure Manipulation), and show that it can effectively foil existing VM introspection solutions into providing false information. By assuming this perspective, we hope to better understand the challenges and opportunities for the development of future reliable VM introspection solutions that are not vulnerable to the proposed attack.","PeriodicalId":219204,"journal":{"name":"2010 29th IEEE Symposium on Reliable Distributed Systems","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"177","resultStr":"{\"title\":\"DKSM: Subverting Virtual Machine Introspection for Fun and Profit\",\"authors\":\"Sina Bahram, Xuxian Jiang, Zhi Wang, Michael C. Grace, Jinku Li, D. Srinivasan, J. Rhee, Dongyan Xu\",\"doi\":\"10.1109/srds.2010.39\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Virtual machine (VM) introspection is a powerful technique for determining the specific aspects of guest VM execution from outside the VM. Unfortunately, existing introspection solutions share a common questionable assumption. This assumption is embodied in the expectation that original kernel data structures are respected by the untrusted guest and thus can be directly used to bridge the well-known semantic gap. In this paper, we assume the perspective of the attacker, and exploit this questionable assumption to subvert VM introspection. In particular, we present an attack called DKSM (Direct Kernel Structure Manipulation), and show that it can effectively foil existing VM introspection solutions into providing false information. By assuming this perspective, we hope to better understand the challenges and opportunities for the development of future reliable VM introspection solutions that are not vulnerable to the proposed attack.\",\"PeriodicalId\":219204,\"journal\":{\"name\":\"2010 29th IEEE Symposium on Reliable Distributed Systems\",\"volume\":\"49 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"177\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 29th IEEE Symposium on Reliable Distributed Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/srds.2010.39\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 29th IEEE Symposium on Reliable Distributed Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/srds.2010.39","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 177

摘要

虚拟机(VM)自省是一种强大的技术，用于从VM外部确定来宾VM执行的特定方面。不幸的是，现有的自省解决方案都有一个共同的可疑假设。这一假设体现在期望原始内核数据结构受到不受信任的客户机的尊重，从而可以直接用于弥合众所周知的语义差距。在本文中，我们假设攻击者的角度，并利用这个可疑的假设来破坏VM自省。特别是，我们提出了一种称为DKSM(直接内核结构操纵)的攻击，并表明它可以有效地阻止现有的VM自省解决方案提供虚假信息。通过假设这个观点，我们希望更好地理解未来可靠的VM自省解决方案开发的挑战和机遇，这些解决方案不容易受到提议的攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

DKSM: Subverting Virtual Machine Introspection for Fun and Profit

Virtual machine (VM) introspection is a powerful technique for determining the specific aspects of guest VM execution from outside the VM. Unfortunately, existing introspection solutions share a common questionable assumption. This assumption is embodied in the expectation that original kernel data structures are respected by the untrusted guest and thus can be directly used to bridge the well-known semantic gap. In this paper, we assume the perspective of the attacker, and exploit this questionable assumption to subvert VM introspection. In particular, we present an attack called DKSM (Direct Kernel Structure Manipulation), and show that it can effectively foil existing VM introspection solutions into providing false information. By assuming this perspective, we hope to better understand the challenges and opportunities for the development of future reliable VM introspection solutions that are not vulnerable to the proposed attack.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 29th IEEE Symposium on Reliable Distributed Systems

自引率

0.00%

发文量

期刊最新文献

Optimization Based Topology Control for Wireless Ad Hoc Networks to Meet QoS Requirements An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing On-Demand Recovery in Middleware Storage Systems Adaptive Routing Scheme for Emerging Wireless Ad Hoc Networks Diskless Checkpointing with Rollback-Dependency Trackability