Title :
Using a Hypervisor to Migrate Running Operating Systems to Secure Virtual Machines
Author :
Nomoto, Tsutomu ; Oyama, Yoshihiro ; Eiraku, Hideki ; Shinagawa, Takahiro ; Kato, Kazuhiko
Author_Institution :
Dept. of Comput. Sci., Univ. of Electro-Commun., Tokyo, Japan
Abstract :
We propose HyperShield, which is a hypervisor that can be inserted into and removed from a running operating system, for improving security. While many existing security-oriented hypervisors require modifying or rebooting an overlying operating system, HyperShield does not require this. HyperShield is intended to be a general framework for various security mechanisms. The current implementation provides two mechanisms for preventing kernel-level buffer overflow. One detects the execution of user code with the kernel privilege, and the other detects malicious modification of a return address in a control stack. HyperShield is implemented on Linux as a loadable kernel module. When the module is inserted, it places itself under the operating system and executes as a hypervisor. The operating system is migrated into a virtual machine and managed by the hypervisor. HyperShield detects attacks by combining virtualization of memory management with a hardware-assisted execution-bit feature. We have confirmed through experiments that HyperShield successfully prevented kernel-level buffer overflow attacks.
Keywords :
Linux; data visualisation; security of data; storage management; virtual machines; HyperShield; Linux; memory management; operating system; security oriented hypervisors; virtual machine; virtualization; Kernel; Monitoring; Registers; Security; Virtual machine monitors; Virtual machining; Security; hypervisors; operating systems; virtual machine monitors;
Conference_Titel :
Computer Software and Applications Conference (COMPSAC), 2010 IEEE 34th Annual
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-7512-4
Electronic_ISBN :
0730-3157
DOI :
10.1109/COMPSAC.2010.11
