基于邻接点的VMM动态完整性度量方法

doi:10.11959/j.issn.1000-436x.2015210

Abstract

Abstract:

Due to its high privilege and complicated runtime memory,dynamic integrity measurement for VMM (virtual machine monitor) was always a great difficulty in the current study.An innovative method based on the adjacency data was proposed,which used a neighbor as the host of a measurement module.According to an integrity model in memory page granularity and a new improved measurement algorithm,dynamic integrity measurement for VMM was imple-mented.Experimental data shows it could detect the integrity broken accurately,only causing a moderate performance loss for computing intensive tasks.

Key words: VMM, integrity, dynamic measurement, adjacency data, ring of measurement

Tao WU,Qiu-song YANG,Ye-ping HE. Method of dynamic integrity measurement for VMM based on adjacency data[J]. Journal on Communications, 2015, 36(9): 169-180.

Figures/Tables 11

References 24

[1]	MCCUNE J , PARNO B , PERRIG A , et al. Minimal TCB code execu-tion[A]. Proc of IEEE Symposium on Security and Privacy[C]. 2007.267-272.
[2]	MCCUNE J , PARNO B , PERRIG A , et al. An execution infrastructure for TCB minimization[A]. Proc of Eurosys[C]. 2008.
[3]	MCCUNE J , LI Y , QU N , et al. TrustVisor:efficient TCB reduction and attestation[A]. Proc of IEEE Symposium on Security and Pri-vacy[C]. 2010.143-158.
[4]	SANDHU R S . On five definitions of data integrity[A]. Proc of the 7th IFIP WG 11.3 Working Conference on Database Security[C]. 1993.257-268.
[5]	Department of Defense,USA. Trusted Computer System Evaluation Criteria,TCSEC[S]. 1985.
[6]	Trusted Computing Group. TPM Main Specification Level 2,Revision 116[EB/OL]. .
[7]	HOFMANN O , KIM S , DUNN A , et al. Inktag:secure applications on an untrusted operating system[A]. Proc of the 18th International Con-ference on Architectural Support for Programming Languages and Operating Systems,ASPLOS 2013[C]. 2013.253-264.
[8]	WANG Z , WU C , GRACE M , et al. Isolating commodity hosted hypervisors with hyperlock[A]. Proc of Eurosys[C]. 2010.127-140.
[9]	CRISWELL J , DAUTENHAHN N , ADVE V . Virtual ghost:protecting applications from hostile operating systems[A]. Proc of the 19th In-ternational Conference on Architectural Support for Programming Languages and Operating Systems,ASPLOS 2014[C]. 2014.81-96.
[10]	SAILER R , ZHANG X , JAEGER T , VAN DOORN L . Design and implementation of a TCG-based integrity measurement architecture[A]. Proc of the 13th USENIX Security Symposium[C]. 2004.16.
[11]	KIL C , SEZER E , AZAB A , NING P , ZHANG X . Remote attestation to dynamic system properties:towards providing complete system in-tegrity evidence[A]. Proc of the 39th International Conference on De-pendable Systems and Networks[C]. 2009.
[12]	ZHANG F , CHEN H B . Security-preserving live migration of virtual machines in the cloud[J]. Journal of Network and Systems Manage-ment, 2013,21(4): 562-587.
[13]	AZAB A , NING P , WANG Z , et al. HyperSentry:enabling stealthy in-context measurement of hypervisor integrity[A]. Proc of the 17th Con-ference on Computer and Communications Security[C]. 2010.38-49.
[14]	AZAB A , NING P , SEZER E , et al. A hypervisor-based integrity measurement agent[A]. Proc of the Annual Computer Security Appli-cations Conference[C]. 2009.461-470.
[15]	DAVI L , SADEGHI A , WINANDY M . Dynamic.integrity measure-ment and attestation:towards defense against return-oriented pro-gramming attacks[A]. Proc of the 2009 ACM Workshop on Scalable Trusted Computing[C]. 2009.49-54.
[16]	LIU Z , LEE J , ZENG J , et al. CPU transparent protection of OS kernel and hypervisor integrity with programmable DRAM[A]. Proc of The 40th In-ternational Symposium on Computer Architecture[C]. 2013.392-403.
[17]	SAILER R , ZHANG X , JAEGER T , et al. Design and implementation of a TCG-based integrity measurement architecture[A]. Proc of the 13th Usenix Security Symposium[C]. 2004.
[18]	WANG Z , JIANG X X . Hypersafe:a lightweight approach to provide lifetime hypervisor control-flow integrity[A]. Proc of IEEE Sympo-sium on Security and Privacy[C]. 2010.
[19]	CLARK C , FRASER K , HAND S , et al. Live migration of virtual machines[A]. Proc of the 2nd Symposium on Networked Systems De-sign and Implementation[C]. 2005.
[20]	JO C , GUSTAFSSON E , SON J , et al. Efficient live migration of virtual machines using shared storage[A]. Proc of the 9th Annual International Conference on Virtual Execution Environments[C]. 2013.41-50.
[21]	SONG X , SHI J C , LIU R , et al. Parallelizing live migration of virtual machines[A]. Proc of the 9th Annual International Conference on Virtual Execution Environments[C]. 2013.85-96.
[22]	TAKEMURA C , CRAWFORD L . The Book of Xen:A Practical Guide for the System Administrator[A]. No Starch Press, 2009.
[23]	Xen Project.[EB/OL] .
[24]	WANG Z , JIANG X X , CUI W D , et al. Countering kernel rootkits with lightweight hook protection[A]. Proc of the 16th ACM Conference on Computer and Communications Security[C]. 2009.

Metrics

Recommended 0

No Suggested Reading articles found!

ID	IP地址	静态度量	动态度量	邻接ID	安全标签
1	10.3.3.1	1	95	Q	Top
2	10.3.3.2	1	80	1	Middle
3	10.3.3.3	1	90	2	Low
...	10.3.3....	1	…	…	…
Q	10.3.3.Q	1	85	Q?1	Top

Method of dynamic integrity measurement for VMM based on adjacency data

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 24

Related Articles 15

Metrics

Recommended 0

[1]	Bibo TU, Jie CHENG, Haojun XIA, Kun ZHANG, Ruina SUN. Overview of research on trusted attestation technology of cloud virtualization platform [J]. Journal on Communications, 2021, 42(12): 212-225.
[2]	Yang LIU, Jun LI, Wenyun CHEN, Mugen PENG. Research on endogenous security data sharing mechanism of F-RAN for 6G [J]. Journal on Communications, 2021, 42(1): 67-78.
[3]	Xiangsong ZHANG,Chen LI,Zhenhua LIU. Key-exposure resilient integrity auditing scheme with encrypted data deduplication [J]. Journal on Communications, 2019, 40(4): 95-106.
[4]	Miaomiao TIAN,Chuang GAO,Jie CHEN. Identity-based cloud storage integrity checking from lattices [J]. Journal on Communications, 2019, 40(4): 128-139.
[5]	Junfeng TIAN,Tianle LI. Data integrity verification based on model cloud federation of TPA [J]. Journal on Communications, 2018, 39(8): 113-124.
[6]	Qian MENG,Jianfeng MA,Kefei CHEN,Yinbin MIAO,Tengfei YANG. Data comparable encryption scheme based on cloud computing in Internet of things [J]. Journal on Communications, 2018, 39(4): 167-175.
[7]	Wenxian JIANG,Zhenxing ZHANG,Jingjing WU. Reversible digital watermarking-based protocol for data integrity in wireless sensor network [J]. Journal on Communications, 2018, 39(3): 118-127.
[8]	Shaohui WANG,Xiaoxiao PAN,Zhiwei WANG,Fu XIAO,Ruchuan WANG. Analysis and improvement on identity-based cloud data integrity verification scheme [J]. Journal on Communications, 2018, 39(11): 98-105.
[9]	Yuan SHI,Huan-guo ZHANG,Bo ZHAO,Zhao YU. Security-enhanced live migration based on SGX for virtual machine [J]. Journal on Communications, 2017, 38(9): 65-75.
[10]	Yun-fei LIU,Yong-jun WANG,UShao-jing F. Lightweight integrity verification scheme for cloud based group data [J]. Journal on Communications, 2016, 37(Z1): 140-146.
[11]	Dong-hai TIAN,Jun-hua CHEN,Xiao-qi JIA,Chang-zhen HU. Design and implementation of a model for OS kernel integrity protection [J]. Journal on Communications, 2015, 36(Z1): 118-125.
[12]	Wei FENG,Yu QIN,Deng-guo FENG,Bo YANG,Ying-jun ZHANG. Design and implementation of secure Windows platform based on TCM [J]. Journal on Communications, 2015, 36(8): 91-103.
[13]	Rui LI,Jin-guo LI,Hao CHEN. Safe and secure classification protocol in two-tiered sensor networks [J]. Journal on Communications, 2015, 36(2): 56-67.
[14]	Kai HE,Chuan-he HUANG,Xiao-mao WANG,Jing WANG,Jiao-li SHI. Aggregated privacy-preserving auditing for cloud data integrity [J]. Journal on Communications, 2015, 36(10): 119-132.
[15]	Li YAN,Run-hua SHI,Hong ZHONG,Jie CUI,Shun ZHANG,Yan XU. Integrity checking protocol with identity-based proxy signature in mobile cloud computing [J]. Journal on Communications, 2015, 36(10): 278-286.