Journal of Software:2015.26(8):2124-2137

(西安交通大学 计算机科学与技术系, 陕西 西安 710049)
Transparent Privacy Protection Based on Virtual Machine Monitor
REN Jian-Bao,QI Yong,DAI Yue-Hua,WANG Xiao-Guang,XUAN Yu,SHI Yi
(Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, China)
Chart / table
Similar Articles
Article :Browse 2315   Download 1942
Received:February 28, 2014    Revised:July 31, 2014
> 中文摘要: 操作系统漏洞经常被攻击者利用,从而以内核权限执行任意代码(返回用户态攻击,ret2user)以及窃取用户隐私数据.使用虚拟机监控器构建了一个对操作系统及应用程序透明的内存访问审查机制,提出了一种低性能开销并且无法被绕过的内存页面使用信息实时跟踪策略;结合安全加载器,保证了动态链接库以及应用程序的代码完整性.能够确保即使操作系统内核被攻击,应用程序的内存隐私数据依然无法被窃取.在Linux操作系统上进行了原型实现及验证,实验结果表明,该隐私保护机制对大多数应用只带来6%~10%的性能负载.
Abstract:The vulnerabilities of OS kernel are usually exploited by attackers to execute arbitrary code with kernel privilege (i.e., return-to-user attacks, ret2user) and to steal other processes' private data. In this paper, a transparent OS kernel memory access mediator based on VMM (virtual machine monitor) is proposed, and a non-bypassable low performance overhead memory page tracker is provided to get the memory usage information in real-time. Combined with a safe loader, the new method guarantees the code integrity of dynamic shared objects during run-time. It also ensure that, even when the OS kernel is compromised, the application's memory private data is still safe. A prototype is implemented on the Linux OS, and the evaluation experiments show that it only incurs about 6%~10% performance overhead for most SPEC benchmark tests.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(60933003); 国家高技术研究发展计划(863)(2012AA0109 04); 教育部高等学校博士学科点专项科研基金(20120201110010) 国家自然科学基金(60933003); 国家高技术研究发展计划(863)(2012AA0109 04); 教育部高等学校博士学科点专项科研基金(20120201110010)
Foundation items:
Reference text:


REN Jian-Bao,QI Yong,DAI Yue-Hua,WANG Xiao-Guang,XUAN Yu,SHI Yi.Transparent Privacy Protection Based on Virtual Machine Monitor.Journal of Software,2015,26(8):2124-2137