Publication Type

PhD Dissertation

Version

publishedVersion

Publication Date

1-2014

Abstract

Applications are integral to our daily lives to help us processing sensitive I/O data, such as individual passwords and camera streams, and private application data, such as financial information and medical reports. However, applications and sensitive data all surfer from the attacks from kernel rootkits in the traditional architecture, where the commodity OS that is supposed to be the secure foothold of the system is routinely compromised due to the large code base and the broad attack surface. Fortunately, the virtualization technology has significantly reshaped the landscape of the modern computer system, and provides a variety of new opportunities for us to protect application and sensitive data. In this dissertation, we first design and implement a lightweight and reliable hypervisor Guardian as the system secure foothold, which leverages virtualization technology and a secure boot and shutdown mechanism to protect itself in its whole life cycle. Guardian is the first bare-metal hypervisor with integrity and availability guarantees. Moreover, we extend Guardian to be a framework of secure foothold, which consists of summarized common security primitives for facilitating our proposed systems and other security services. Based on the reliable secure foothold (Guardian), we propose AppShield, which protects critical applications through putting them into isolated execution environments (IEEs). In an IEE, AppShield is able to reliably and efficiently protect data secrecy and integrity of a critical application, as well as the execution integrity, against kernel rootkit attacks. Moreover, it is able to defend against newly identified threats, which are evidence that protecting applications against the malicious OS is more difficult than previously realized. The inputs and outputs of protected application are not protected by AppShield such that they could be tampered by kernel rootkits. To fix this gap, we propose a trusted path (TP) scheme, named as Driverguard, to protect I/O flows between hardware input/output devices and protected applications. DriverGuard is the first generic approach that protects all kinds of I/O flows with a combination of cryptographic and virtualization techniques. The combination of IEE and TP could protect almost all applications and sensitive data. But for certain user data, we could do it better. In this dissertation, we purpose a dedicated system KGuard to protect user passwords in the increasingly popular online services without needing any IEE and trusted path. In particular, KGuard does not trust any software components in the guest kernel and user space (without IEE requirement), and also not leverage any special hardware to assist the protection. We implement the prototypes of all the above systems, and evaluate their performance overheads. The experiment results show that the performance costs on CPU computation and device I/O are insignificant.

Keywords

virtualization based security, isolated execution environment, trusted path, I/O data protection, application protection, reliable secure foothold

Degree Awarded

PhD in Information Systems

Discipline

Databases and Information Systems | Information Security | Systems Architecture

Supervisor(s)

DENG, Robert H.; DING, Xuhua

First Page

1

Last Page

179

Publisher

Singapore Management University

City or Country

Singapore

Copyright Owner and License

Author

Download

Share

COinS