Publication Type

PhD Dissertation

Publication Date



Applications are integral to our daily lives to help us processing sensitive I/O data, such as individual passwords and camera streams, and private application data, such as financial information and medical reports. However, applications and sensitive data all surfer from the attacks from kernel rootkits in the traditional architecture, where the commodity OS that is supposed to be the secure foothold of the system is routinely compromised due to the large code base and the broad attack surface. Fortunately, the virtualization technology has significantly reshaped the landscape of the modern computer system, and provides a variety of new opportunities for us to protect application and sensitive data. In this dissertation, we first design and implement a lightweight and reliable hypervisor Guardian as the system secure foothold, which leverages virtualization technology and a secure boot and shutdown mechanism to protect itself in its whole life cycle. Guardian is the first bare-metal hypervisor with integrity and availability guarantees. Moreover, we extend Guardian to be a framework of secure foothold, which consists of summarized common security primitives for facilitating our proposed systems and other security services. Based on the reliable secure foothold (Guardian), we propose AppShield, which protects critical applications through putting them into isolated execution environments (IEEs). In an IEE, AppShield is able to reliably and efficiently protect data secrecy and integrity of a critical application, as well as the execution integrity, against kernel rootkit attacks. Moreover, it is able to defend against newly identified threats, which are evidence that protecting applications against the malicious OS is more difficult than previously realized. The inputs and outputs of protected application are not protected by AppShield such that they could be tampered by kernel rootkits. To fix this gap, we propose a trusted path (TP) scheme, named as Driverguard, to protect I/O flows between hardware input/output devices and protected applications. DriverGuard is the first generic approach that protects all kinds of I/O flows with a combination of cryptographic and virtualization techniques. The combination of IEE and TP could protect almost all applications and sensitive data. But for certain user data, we could do it better. In this dissertation, we purpose a dedicated system KGuard to protect user passwords in the increasingly popular online services without needing any IEE and trusted path. In particular, KGuard does not trust any software components in the guest kernel and user space (without IEE requirement), and also not leverage any special hardware to assist the protection. We implement the prototypes of all the above systems, and evaluate their performance overheads. The experiment results show that the performance costs on CPU computation and device I/O are insignificant.


virtualization based security, isolated execution environment, trusted path, I/O data protection, application protection, reliable secure foothold

Degree Awarded

PhD in Information Systems


Databases and Information Systems | Information Security | Systems Architecture


DENG, Robert H.; DING, Xuhua

First Page


Last Page



Singapore Management University

City or Country


Copyright Owner and License


Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.