Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
9-2011
Abstract
Most commodity peripheral devices and their drivers are geared to achieve high performance with security functions being opted out. The absence of security measures invites attacks on the I/O data and consequently threats those applications feeding on them, such as biometric authentication. In this paper, we present the design and implementation of DriverGuard, a hypervisor based protection mechanism which dynamically shields I/O flows such that I/O data are not exposed to the malicious kernel. Our design leverages a composite of cryptographic and virtualization techniques to achieve fine-grained protection. DriverGuard is lightweight as it only needs to protect around 2% of the driver code’s execution. We have tested DriverGuard with three input devices and two output devices. The experiments show that DriverGuard induces negligible overhead to the applications.
Discipline
Information Security
Research Areas
Information Security and Trust
Publication
Computer Security – ESORICS 2011: 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14
Volume
6879
First Page
227
Last Page
244
ISBN
9783642238222
Identifier
10.1007/978-3-642-23822-2_13
Publisher
Springer
City or Country
Cham
Citation
CHENG, Yueqiang; DING, Xuhua; and DENG, Robert H..
DriverGuard: A fine-grained protection on I/O flow. (2011). Computer Security – ESORICS 2011: 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14. 6879, 227-244.
Available at: https://ink.library.smu.edu.sg/sis_research/1418
Copyright Owner and License
Publisher
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1007/978-3-642-23822-2_13