FVisor: Towards Thwarting Unauthorized File Accesses with a Light-Weight Hypervisor

Various malicious applications trend to access the user´s files to achieve their functionalities. Such unauthorized file accesses may bring on the user data leakage or other threats. In this paper, we propose a novel light-weight hardware-assisted hyper visor, namely FVisor, to thwart such unauthorized file accesses. FVisor has three distinct advantages over existing hyper visor/host-based approaches: preinstalled commodity OS compatibility, non-by passable interception of files accesses and block level file-ware. Unlike typical hyper visors, deploying FVisor does not require OS reinstallation. FVisor intercepts the instruction-level interactions between the OS and the underlying hardware, instead of traditional API hooks. FVisor thus can manipulate the file accesses at the hyper visor layer instead of the OS layer, which is subvert able for the privileged malware. Besides, FVisor reconstructs the file system structures within the hyper visor at the block level without depending on the OS APIs. Our functionality evaluation shows FVisor is a feasible way to impede unauthorized file accesses while the performance evaluation shows desktop-oriented workloads achieve 93.57% of native speed on average.