Efficient Virtualization-based Application Protection against Untrusted Operating System
Conference Proceeding Article
Commodity monolithic operating systems are abundant with vulnerabilities that lead to rootkit attacks. Once an operating system is subverted, the data and execution of user applications are fully exposed to the adversary, regardless whether they are designed and implemented with security considerations. Existing application protection schemes have various drawbacks, such as high performance overhead, large Trusted Computing Base (TCB), or hardware modification. In this paper, we present the design and implementation of AppShield, a hypervisor-based approach that reliably safeguards code, data and execution integrity of a critical application, in a more efficient way than existing systems. The protection overhead is localized to the protected application only, so that unprotected applications and the operating system run without any performance loss. In addition to the performance advantage, AppShield tackles several newly identified threats in this paper which are not systematically addressed previously. We build a prototype of AppShield with a tiny hypervisor, and experiment with AppShield by running several off-the-shelf applications on a Linux platform. The results testify to AppShield's low performance costs in terms of CPU computation, disk I/O and network I/O.
application protection, isolated execution environment, address space isolation, untrusted OS
Computer Sciences | Information Security
AsiaCCS'15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security: April 14-17, 2015, Singapore
City or Country
CHENG, Yueqiang; DING, Xuhua; and DENG, Robert H..
Efficient Virtualization-based Application Protection against Untrusted Operating System. (2015). AsiaCCS'15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security: April 14-17, 2015, Singapore. 345-356. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/2880