Article

HIMA: A Hypervisor-Based Integrity Measurement Agent

Authors:

Ahmed M. Azab,

Peng Ning,

Emre C. Sezer,

Xiaolan ZhangAuthors Info & Claims

ACSAC '09: Proceedings of the 2009 Annual Computer Security Applications Conference

Pages 461 - 470

https://doi.org/10.1109/ACSAC.2009.50

Published: 07 December 2009 Publication History

Publisher Site

Abstract

Integrity measurement is a key issue in building trust in distributed systems. A good solution to integrity measurement has to provide both strong isolation between the measurement agent and the measurement target and Time of Check to Time of Use (TOCTTOU) consistency (i.e., the consistency between measured version and executed version throughout the lifetime of the target). Unfortunately, none of the previous approaches provide (or can be easily modified to provide) both capabilities. This paper presents HIMA, a hypervisor-based agent that measures the integrity of Virtual Machines (VMs) running on top of the hypervisor, which provides both capabilities identified above. HIMA performs two complementary tasks: (1) active monitoring of critical guest events and (2) guest memory protection. The former guarantees that the integrity measures are refreshed whenever the guest VM memory layout changes (e.g., upon creation of processes), while the latter ensures that integrity measurement of user programs cannot be bypassed without HIMA's knowledge. This paper also reports the experimental evaluation of a HIMA prototype using both micro-benchmark and application benchmark; the experimental results indicate that HIMA is a practical solution for real world applications.

Cited By

View all

Röckl JBernsdorf NMüller TQuek TGao DZhou JCardenas A(2024)TeeFilter: High-Assurance Network Filtering Engine for High-End IoT and Edge Devices based on TEEsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637643(1568-1583)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637643
Eichler CRöckl JJung BSchlenk RMüller THönig T(2024)Profiling with trust: system monitoring from trusted execution environmentsDesign Automation for Embedded Systems10.1007/s10617-024-09283-128:1(23-44)Online publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1007/s10617-024-09283-1
Wang ZZhuang YYan Z(2020)TZ-MRASSecurity and Communication Networks10.1155/2020/17561302020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/1756130
Show More Cited By

Recommendations

HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
CCS '10: Proceedings of the 17th ACM conference on Computer and communications security

This paper presents HyperSentry, a novel framework to enable integrity measurement of a running hypervisor (or any other highest privileged software layer on a system). Unlike existing solutions for protecting privileged software, HyperSentry does not ...
Secure and privacy-aware multiplexing of hardware-protected TPM integrity measurements among virtual machines
ICISC'12: Proceedings of the 15th international conference on Information Security and Cryptology

Measuring the integrity of critical operating system components and securely storing these measurements in a hardware-protected Trusted Platform Module (TPM) is a well-known approach for improving system security. However, currently it is not possible ...
Architectural support for hypervisor-secure virtualization
ASPLOS XVII: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ACSAC '09: Proceedings of the 2009 Annual Computer Security Applications Conference

December 2009

492 pages

ISBN:9780769539195

Publisher

IEEE Computer Society

United States

Publication History

Published: 07 December 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Röckl JBernsdorf NMüller TQuek TGao DZhou JCardenas A(2024)TeeFilter: High-Assurance Network Filtering Engine for High-End IoT and Edge Devices based on TEEsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637643(1568-1583)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637643
Eichler CRöckl JJung BSchlenk RMüller THönig T(2024)Profiling with trust: system monitoring from trusted execution environmentsDesign Automation for Embedded Systems10.1007/s10617-024-09283-128:1(23-44)Online publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1007/s10617-024-09283-1
Wang ZZhuang YYan Z(2020)TZ-MRASSecurity and Communication Networks10.1155/2020/17561302020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/1756130
Heinrich MVateva-Gurova TArul TKatzenbeisser SSuri NBirkholz HFuchs AKrauß CZhdanova MKuzhiyelil DTverdyshev SSchlehuber C(2019)Security Requirements Engineering in Safety-Critical Railway Signalling NetworksSecurity and Communication Networks10.1155/2019/83489252019Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1155/2019/8348925
Kiperberg MLeon RResh AAlgawi AZaidenberg N(2019)Hypervisor-Based Protection of CodeIEEE Transactions on Information Forensics and Security10.1109/TIFS.2019.289457714:8(2203-2216)Online publication date: 1-Aug-2019
https://dl.acm.org/doi/10.1109/TIFS.2019.2894577
Gutierrez MZhao ZDoupé AShoshitaishvili YAhn GChang CRührmair UHolcomb DGuajardo J(2018)CacheLightProceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security10.1145/3266444.3266449(65-74)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3266444.3266449
Ali TIsmail RMusa SNauman MKhan S(2018)Design and implementation of an attestation protocol for measured dynamic behaviorThe Journal of Supercomputing10.1007/s11227-017-2054-274:11(5746-5773)Online publication date: 1-Nov-2018
https://dl.acm.org/doi/10.1007/s11227-017-2054-2
Chen QAzab AGanesh GNing PKarri RSinanoglu OSadeghi AYi X(2017)PrivWatcherProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3053029(167-178)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3053029
Rein AKarri RSinanoglu OSadeghi AYi X(2017)DRIVEProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3052975(728-742)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3052975
Wu TYang QHe Y(2017)A secure and rapid response architecture for virtual machine migration from an untrusted hypervisor to a trusted oneFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-016-5190-611:5(821-835)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s11704-016-5190-6
Show More Cited By

Abstract

Cited By

Recommendations

HyperSentry: enabling stealthy in-context measurement of hypervisor integrity

Secure and privacy-aware multiplexing of hardware-protected TPM integrity measurements among virtual machines

Architectural support for hypervisor-secure virtualization

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations