More Web Proxy on the site http://driver.im/

research-article

Virtual machine-provided context sensitive page mappings

Authors:

Nathan E. Rosenblum,

Gregory Cooksey,

Barton P. MillerAuthors Info & Claims

VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Pages 81 - 90

https://doi.org/10.1145/1346256.1346268

Published: 05 March 2008 Publication History

Abstract

Context sensitive page mappings provide different mappings from virtual addresses to physical page frames depending on whether a memory reference occurs in a data or instruction context. Such differences can be used to modify the behavior of programs that reference their executable code in a data context. Previous work has demonstrated several applications of context sensitive page mappings, including protection against buffer-overrun attacks and circumvention of self-checksumming codes. We extend context sensitive page mappings to the virtual machine monitor, allowing operation independent of the guest operating system. Our technique takes advantage of the VMM's role in enforcing protection between guest operating systems to interpose on guest OS memory management operations and selectively introduce context sensitive page mappings.

In this paper, we describe extensions to the Xen hypervisor that support context sensitive page mappings in unmodified guest operating systems. We demonstrate the utility of our technique in a case study by instrumenting and modifying self-checksumming tamper-resistant binaries. We further demonstrate that context sensitive page mappings can be provided by the VMM without incurring extensive overhead. Our measurements indicate only minor performance penalties stem from use of this technique. We suggest several further applications of VMM-provided context sensitive page mappings, including OS hardening and protection of processes from malicious applications.

References

[1]

ASPACK SOFTWARE. ASProtect Website. http://www.aspack.com/asprotect.html.

[2]

BARHAM, P., DRAGOVIC, B., FRASER, K., HAND, S., HARRIS, T., HO, A., NEUGEBAUER, R., PRATT, I., AND WARFIELD, A. Xen and the art of virtualization. In SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles (New York, NY, USA, 2003), ACM Press, pp. 164--177.

Digital Library

[3]

BUCK, B., AND HOLLINGSWORTH, J.K. An api for runtime code patching. Int. J. High Perform. Comput. Appl. 14, 4 (2000), 317--329.

Digital Library

[4]

BUTLER, J., UNDERCOFFER, J., AND PINKSTON, J. Hidden processes: the implication for intrusion detection. In Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society (2003), pp. 116--121.

[5]

GARFINKEL, T., AND ROSENBLUM, M. A virtual machine introspection based architecture for intrusion detection. In Proc. Network and Distributed Systems Security Symposium (February 2003).

[6]

GIFFIN, J. T., CHRISTODORESCU, M., AND KRUGER, L. Strengthening software self-checksumming via self-modifying code. In ACSAC'05: Proceedings of the 21st Annual Computer Security Applications Conference (Washington, DC, USA, 2005), IEEE Computer Society, pp. 23--32.

Digital Library

[7]

HOLLINGSWORTH, J.K., NIAM, O., MILLER, B.P., XU, Z., GONCALVES, M.J.R., AND ZHENG, L. MDL: A language and compiler for dynamic program instrumentation. In PACT'97: Proceedings of the 1997 International Conference on Parallel Architectures and Compilation Techniques (Washington, DC, USA, 1997), IEEE Computer Society, p. 201.

Digital Library

[8]

JONES, S. T. Implicit Operating System Awareness in a Virtual Machine Monitor. PhD thesis, University of Wisconsin-Madison, 2007.

Digital Library

[9]

KRUEGEL, C., ROBERTSON, W., AND VIGNA, G. Detecting kernellevel rootkits through binary analysis. ACSAC'04: Proceedings of the 20th Annual Computer Security Applications Conference (2004), 91--100.

Digital Library

[10]

MORGENSTERN, M., AND BROSCH, T. Runtime Packers: The Hidden Problem? In Black Hat USA (Las Vegas, USA, 2007).

[11]

PAX TEAM. PaX. http://pax.grsecurity.net.

[12]

SPARKS, S., AND BUTLER, J. "ShadowWalker": Raising the bar for rootkit detection. In Black Hat Japan (Tokyo, Japan, 2005).

[13]

VAN DE VEN, A. New security enhancements in red hat enterprise linux v.3, update 3. Tech. rep., Red Hat, Inc., 2004.

[14]

VAN OORSCHOT, P. C., SOMAYAJI, A., AND WURSTER, G. Hardware-assisted circumvention of self-hashing software tamper resistance. IEEE Trans. Dependable Secur. Comput. 2, 2 (2005), 82--92.

Digital Library

[15]

VON NEUMANN, J. First draft of a report on the EDVAC. IEEE Ann. Hist. Comput. 15, 4 (1993), 27--75.

Digital Library

[16]

WURSTER, G., VAN OORSCHOT, P., AND SOMAYAJI, A. A generic attack on checksumming--based software tamper resistance. In IEEE Symposium on Security and Privacy (2005), IEEE Computer Society, pp. 127--138.

Digital Library

Cited By

Gandhi JBasu AHill MSwift M(2014)BadgerTrapACM SIGARCH Computer Architecture News10.1145/2669594.266959942:2(20-23)Online publication date: 15-Sep-2014
https://dl.acm.org/doi/10.1145/2669594.2669599
Roundy KMiller B(2013)Binary-code obfuscations in prevalent packer toolsACM Computing Surveys10.1145/2522968.252297246:1(1-32)Online publication date: 11-Jul-2013
https://dl.acm.org/doi/10.1145/2522968.2522972
Basu AGandhi JChang JHill MSwift M(2013)Efficient virtual memory for big memory serversACM SIGARCH Computer Architecture News10.1145/2508148.248594341:3(237-248)Online publication date: 23-Jun-2013
https://dl.acm.org/doi/10.1145/2508148.2485943
Show More Cited By

Index Terms

Virtual machine-provided context sensitive page mappings
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software creation and management
    1. Designing software
  2. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

Hybrid CPU Management for Adapting to the Diversity of Virtual Machines

As an important cornerstone for clouds, virtualization plays a vital role in building this emerging infrastructure. Virtual machines (VMs) with a variety of workloads may run simultaneously on a physical machine in the cloud platform. The scheduling ...
Xen and co.: communication-aware CPU scheduling for consolidated xen-based hosting platforms
VEE '07: Proceedings of the 3rd international conference on Virtual execution environments

Recent advances in software and architectural support for server virtualization have created interest in using this technology in the design of consolidated hosting platforms. Since virtualization enables easier and faster application migration as well ...
A Technical Review for Efficient Virtual Machine Migration
CUBE '13: Proceedings of the 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies

This paper presents the recent technical research survey on the efficient live migration of virtual machines. Virtual machine migration is required for many reasons like load balancing, energy reduction, dynamic resizing, and to increase availability. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

March 2008

190 pages

ISBN:9781595937964

DOI:10.1145/1346256

General Chair:
David Gregg
Trinity College Dublin, Ireland
,
Program Chairs:
Vikram Adve
University of Illinois at Urbana-Champaign, USA
,
Brian Bershad
Google, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 March 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

VEE '08

Sponsor:

VEE '08: International Conference on Virtual Execution Environments

March 5 - 7, 2008

WA, Seattle, USA

Acceptance Rates

VEE '08 Paper Acceptance Rate 18 of 57 submissions, 32%;

Overall Acceptance Rate 80 of 235 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
572
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 18 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gandhi JBasu AHill MSwift M(2014)BadgerTrapACM SIGARCH Computer Architecture News10.1145/2669594.266959942:2(20-23)Online publication date: 15-Sep-2014
https://dl.acm.org/doi/10.1145/2669594.2669599
Roundy KMiller B(2013)Binary-code obfuscations in prevalent packer toolsACM Computing Surveys10.1145/2522968.252297246:1(1-32)Online publication date: 11-Jul-2013
https://dl.acm.org/doi/10.1145/2522968.2522972
Basu AGandhi JChang JHill MSwift M(2013)Efficient virtual memory for big memory serversACM SIGARCH Computer Architecture News10.1145/2508148.248594341:3(237-248)Online publication date: 23-Jun-2013
https://dl.acm.org/doi/10.1145/2508148.2485943
Basu AGandhi JChang JHill MSwift MMendelson A(2013)Efficient virtual memory for big memory serversProceedings of the 40th Annual International Symposium on Computer Architecture10.1145/2485922.2485943(237-248)Online publication date: 23-Jun-2013
https://dl.acm.org/doi/10.1145/2485922.2485943
Wu YSun PHuang CLu SLai SChen Y(2013)EagleEyeProceedings of the 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN.2013.6575300(1-12)Online publication date: 24-Jun-2013
https://dl.acm.org/doi/10.1109/DSN.2013.6575300
Sun JLi XChen HTan H(2009)A Virtualized Harvard Architectural Approach to Protect Kernel CodeProceedings of the 2009 First International Workshop on Education Technology and Computer Science - Volume 0210.1109/ETCS.2009.491(1020-1024)Online publication date: 7-Mar-2009
https://dl.acm.org/doi/10.1109/ETCS.2009.491

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents