A Hypervisor-Based System for Protecting Software Runtime Memory and Persistent Storage

摘要

An important goal of software security is to ensure sensitive/secret data owned by a program shall be exclusively accessible by the program. An obstacle to such security goal is that modern commodity operating systems (OS) for the sake of speed and flexibility have a unified linear address space-any OS kernel program can access all the linear addresses. As a result, rootkits or malicious system software are able to control the OS virtual address space, harvest the sensitive data used by software programs on the compromised computer, and report the data to remote entities controlled by hackers.rnIn this paper, we present a holistic approach against sophisticated malware. Instead of. focusing on the security of various abstraction layers of OS, we utilize the hardware techniques to directly provide the trust services to software programs. Without modifying OS, we leverage the virtual machine monitor technologies to create a lightweight hypervisor for fine-grain software runtime memory protection. As a result, a program's memory could be hidden from other high privilege system software in a single commodity OS. In addition, we propose the data locker component in the hypervisor, which prevents the sensitive data of software program in persistent storage from leaking to rootkits or other malware. For the performance evaluation, the implementation based on hardware-assisted x86 virtualization technology is presented and experimental results are reported.