Cited By
View all- Sierra-Arriaga FBranco RLee B(2020)Security Issues and Challenges for Virtualization TechnologiesACM Computing Surveys10.1145/338219053:2(1-37)Online publication date: 19-May-2020
Privacy-preserving Virtual Machine
Pages 231 - 240
Abstract
Cloud computing systems routinely process users' confidential data, but the underlying virtualization software in use today is not constructed to minimize the exposure of such data. For instance, virtual machine (VM) checkpointing can drastically prolong the lifetime and vulnerability of confidential data without users' knowledge by storing such data as part of a persistent snapshot. A key requirement for minimizing the exposure of any data is the ability to cleanly isolate such data for either exclusion or processing. Traditional mechanisms for memory taint tracking are expensive whereas those for isolating application footprint in VM-based sandboxes are not transparent. In this paper, we propose a transparent and lightweight mechanism for isolating a confidential application's memory footprint in a VM. The key idea is for a parent VM to spawn a child VM, called a Privacy-preserving Virtual Machine (PPVM) within which the confidential application executes. Hypervisor features, such as VM checkpointing, that need to exclude the memory of a confidential application can safely ignore the child VM's memory footprint. Alternatively, features such as checkpoint encryption or malware tracking can operate only on the child VM's memory. We implement memory isolation for PPVM through a lightweight VM fork operation that uses copy-on-write to reduce the memory and filesystem overhead of the PPVM. Transparency is achieved through a confidential shell that allows the parent VM to spawn the confidential application in the PPVM and exercise control over it during runtime. We demonstrate the effectiveness of PPVM through its use with VM checkpointing, which can safely checkpoint the parent VM while excluding or encrypting the associated PPVM. We show that our PPVM implementation achieves effective memory isolation with low overheads on memory, CPU, and network performance.
References
[1]
J. P. Anderson and R. Vaughn. A guide to understanding object reuse in trusted systems. Technical report, DTIC Document, 1992.
[2]
ARM Limited. ARM Security technology: Building a Secure System using TrustZone Technology. ARM White Paper PRD29-GENC-009492C.
[3]
M. Bozyigit and M. Wasiq. User-level process checkpoint and restore for migration. SIGOPS Oper. Syst. Rev., 35(2):86--96, 2001.
[4]
X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D. R. Ports. Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. In Proc. of ASPLOS, 2008.
[5]
J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In Proc. of USENIX Security Symposium, 2004.
[6]
J. Chow, B. Pfaff, T. Garfinkel, and M. Rosenblum. Shredding your garbage: reducing data lifetime through secure deallocation. In Proc. of the USENIX Security Symposium, 2005.
[7]
A. Dinaburg, P. Royal, M. Sharif, and W. Lee. Ether: Malware analysis via hardware virtualization extensions. In Proc. of CCS, pages 51--62, 2008.
[8]
Docker Inc. https://www.docker.com/.
[9]
G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. Revirt: Enabling intrusion analysis through virtual-machine logging and replay. In Proc. of OSDI, 2002.
[10]
A. M. Dunn, M. Z. Lee, S. Jana, S. Kim, M. Silberstein, Y. Xu, V. Shmatikov, and E. Witchel. Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. In Proc. of OSDI, 2012.
[11]
T. Garfinkel, B. Pfaff, J. Chow, and M. Rosenblum. Data lifetime is a systems problem. In Proc. of ACM SIGOPS European workshop. ACM, 2004.
[12]
T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machine-based platform for trusted computing. In Proc. of SOSP, 2003.
[13]
T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proc. of NDSS, 2003.
[14]
T. Garfinkel and M. Rosenblum. When virtual is harder than real: Security challenges in virtual machine based computing environments. In Proc. of HotOS, 2005.
[15]
M. I. Gofman, R. Luo, P. Yang, and K. Gopalan. SPARC: A security and privacy aware virtual machine checkpointing mechanism. In Proc. of the ACM Workshop on Privacy in the Electronic Society (WPES), 2011.
[16]
D. Gupta, S. Lee, M. Vrable, S. Savage, A. C. Snoeren, G. Varghese, G. M. Voelker, and A. Vahdat. Difference engine: Harnessing memory redundancy in virtual machines. Communications of the ACM, 53(10):85--93, 2010.
[17]
A. Ho, M. Fetterman, C. Clark, A. Warfield, and S. Hand. Practical taint-based protection using demand emulation. In EuroSys, 2006.
[18]
Y. Hu, T. Li, P. Yang, and K. Gopalan. An application-level approach for privacy-preserving virtual machine checkpointing. In The 6th IEEE International Conference on Cloud Computing, research track, 2013.
[19]
A. Joshi, S. T. King, G. W. Dunlap, and P. M. Chen. Detecting past and present intrusions through vulnerability-specific predicates. In Proc. of the ACM SOSP, 2005.
[20]
P. Kamp and R. N. M. Watson. Jails: Confining the omnipotent root. In Proc. 2nd Intl. SANE Conference, 2000.
[21]
S. T. King, G. W. Dunlap, and P. M. Chen. Debugging operating systems with time-traveling virtual machines. In Proc. of USENIX Annual Technical Conference, pages 1--15, 2005.
[22]
A. Kivity, Y. Kamay, and D. Laor. kvm: the Linux Virtual Machine Monitor. In Proc. of Ottawa Linux Symposium, 2007.
[23]
C. Kolivas. Kernbench: http://ck.kolivas.org/apps/kernbench/kernbench-0.50/.
[24]
K. Kourai and S. Chiba. Hyperspector: Virtual distributed monitoring environments for secure intrusion detection. In ACM/USENIX International Conference on Virtual Execution Environments, pages 197 -- 207, 2005.
[25]
O. Laadan, N. Viennot, and J. Nieh. Transparent, lightweight application execution replay on commodity multiprocessor operating systems. In Proc. of ACM SIGMETRICS, 2010.
[26]
H. A. Lagar-Cavilla, J. A. Whitney, A. M. Scannell, P. Patchin, S. M. Rumble, E. de Lara, M. Brudno, and M. Satyanarayanan. SnowFlock: rapid virtual machine cloning for cloud computing. In Proc. of Eurosys, 2009.
[27]
Linux Containers. https://linuxcontainers.org/.
[28]
Microsoft Corp. Hyper-v server 2008 r2. http://www.microsoft.com/hyper-v-server/en/us/overview.aspx.
[29]
Netperf. http://www.netperf.org/netperf/.
[30]
J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Network and Distributed System Security Symposium (NDSS), 2005.
[31]
A. M. Nguyen, N. Schear, H. Jung, A. Godiyal, S. T. King, and H. D. Nguyen. MAVMM: Lightweight and Purpose Built VMM for Malware Analysis. In Annual Computer Security Applications Conference, pages 441--450, 2009.
[32]
D. A. S. d. Oliveira and S. F. Wu. Protecting kernel code and data with a virtualization-aware collaborative operating system. In Annual Computer Security Applications Conference, pages 451--460, 2009.
[33]
K. Onarlioglu, C. Mulliner, W. Robertson, and E. Kirda. Privexec: Private execution as an operating system service. In Proceedings of the 34th IEEE Symposium on Security and Privacy, 2013.
[34]
Oracle Corp. Virtualbox. www.VirtualBox.org.
[35]
B. D. Payne, M. Carbone, M. Sharif, and W. Lee. Lares: An architecture for secure active monitoring using virtualization. In IEEE Symposium on Security and Privacy, pages 233 -- 247, 2008.
[36]
Project Fargo. http://www.yellow-bricks.com/2014/10/07/project-fargo-aka-vmfork-what-is-it/.
[37]
R. Riley, X. Jiang, and D. Xu. Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing. In the 11th international symposium on Recent Advances in Intrusion Detection, pages 1--20, 2008.
[38]
P. Saxena, R. Sekar, and V. Puranik. Efficient fine-grained binary instrumentationwith applications to taint-tracking. In Proceedings of International Symposium on Code Generation and Optimization, 2008.
[39]
A. Seshadri, M. Luk, N. Qu, and A. Perrig. Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In ACM SIGOPS Operating Systems Review, volume 41(6), pages 335--350. ACM, 2007.
[40]
Smem memory reporting tool. http://selenic.com/smem.
[41]
D. A. Solomon and M. Russinovich. Inside Microsoft Windows 2000. Microsoft Press, 2000.
[42]
Sysbench. https://wiki.gentoo.org/wiki/sysbench.
[43]
R. Ta-Min, L. Litty, and D. Lie. Splitting interfaces: Making trust between applications and operating systems configurable. In Proc. of Operating Systems Design and Implementation, 2006.
[44]
VMware Inc. http://www.vmware.com/.
[45]
VMware Inc. VMWare Ace Virtualization Suite. http://www.vmware.com/products/ace/.
[46]
M. Vrable, J. Ma, J. Chen, D. Moore, E. Vandekieft, A. Snoeren, G. Voelker, and S. Savage. Scalability, fidelity, and containment in the potemkin virtual honeyfarm. SIGOPS Operating Systems Review, 39(5):148--162, 2005.
[47]
Xen Hypervisor. http://http://www.xen.org/.
[48]
D. Y. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall. Tainteraser: Protecting sensitive data leaks using application-level taint tracking. SIGOPS Oper. Syst. Rev., 45(1):142--154, Feb. 2011.
- Privacy-preserving Virtual Machine
Recommendations
An Application-Level Approach for Privacy-Preserving Virtual Machine Checkpointing
CLOUD '13: Proceedings of the 2013 IEEE Sixth International Conference on Cloud ComputingVirtualization has been widely adopted in recent years in the cloud computing platform to improve server consolidation and reduce operating cost. Virtual Machine (VM) checkpointing refers to the act of saving a persistent snapshot (or checkpoint) of a ...
Performance Metrics of Virtual Machine Live Migration
CLOUD '15: Proceedings of the 2015 IEEE 8th International Conference on Cloud ComputingLive virtual machine migration allows resources from one physical server to be moved to another with little or no interruption in the processes of the guest operating system. The process involved in performing a live migration includes copying the guest ...
A feather-weight virtual machine for windows applications
VEE '06: Proceedings of the 2nd international conference on Virtual execution environmentsMany fault-tolerant and intrusion-tolerant systems require the ability to execute unsafe programs in a realistic environment without leaving permanent damages. Virtual machine technology meets this requirement perfectly because it provides an execution ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2015
489 pages
ISBN:9781450336826
DOI:10.1145/2818000
Copyright © 2015 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- ACSA: Applied Computing Security Assoc
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 December 2015
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ACSAC 2015
ACSAC 2015: 2015 Annual Computer Security Applications Conference
December 7 - 11, 2015
CA, Los Angeles, USA
Acceptance Rates
Overall Acceptance Rate 104 of 497 submissions, 21%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 245Total Downloads
- Downloads (Last 12 months)18
- Downloads (Last 6 weeks)0
Reflects downloads up to 14 Jan 2025
Other Metrics
Citations
Cited By
View all- Sierra-Arriaga FBranco RLee B(2020)Security Issues and Challenges for Virtualization TechnologiesACM Computing Surveys10.1145/338219053:2(1-37)Online publication date: 19-May-2020
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in