Title

DriverGuard: A Fine-grained Protection On I/O Flow

Publication Type

Conference Proceeding Article

Publication Date

9-2011

Abstract

Most commodity peripheral devices and their drivers are geared to achieve high performance with security functions being opted out. The absence of security measures invites attacks on the I/O data and consequently threats those applications feeding on them, such as biometric authentication. In this paper, we present the design and implementation of DriverGuard, a hypervisor based protection mechanism which dynamically shields I/O flows such that I/O data are not exposed to the malicious kernel. Our design leverages a composite of cryptographic and virtualization techniques to achieve fine-grained protection. DriverGuard is lightweight as it only needs to protect around 2% of the driver code’s execution. We have tested DriverGuard with three input devices and two output devices. The experiments show that DriverGuard induces negligible overhead to the applications.

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

Computer Security – ESORICS 2011: 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14

Volume

6879

First Page

227

Last Page

244

ISBN

9783642238222

Identifier

10.1007/978-3-642-23822-2_13

Publisher

Springer Verlag

City or Country

Leuven, Belgium

Additional URL

http://dx.doi.org/10.1007/978-3-642-23822-2_13

Comments

Lecture Notes in Computer Science, 2011, Volume 6879/2011, 227-244