The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture

被引：4

作者：

Buhren, Robert ^{[1
]}

Vetter, Julian ^{[1
]}

Nordholz, Jan ^{[1
]}

机构：

[1] Tech Univ Berlin, Berlin, Germany

来源：

INFORMATION AND COMMUNICATIONS SECURITY, ICICS 2016 | 2016年 / 9977卷

关键词：

Rootkit; Hypervisor; ARM; Virtualization;

D O I：

10.1007/978-3-319-50011-9_29

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The virtualization capabilities of today's systems offer rootkits excellent hideouts, where they are fairly immune to countermeasures. In this paper, we evaluate the vulnerability to hypervisor-based rootkits of ARM-based platforms, considering both ARMv7 and ARMv8. We implement a proof-of-concept rootkit to prove the validity of our findings. We then detail the anatomy of an attack wherein a hypervisor rootkit and a userspace process collaborate to undermine the isolation properties enforced by the Linux kernel. Based on our discoveries, we explore the possibilities of mitigating each attack vector. Finally, we discuss methods to detect such highly privileged rootkits so as to conceive more effective countermeasures.

引用

页码：376 / 391

页数：16

共 50 条

[1] Preventing hypervisor-based rootkits with trusted execution technology
Hewlett-Packard Systems Security Lab, Bristol, United Kingdom
[J]. Netw. Secur, 2008, 11 (7-12): : 7 - 12
[2] Towards Certifiable Adaptive Reservations for Hypervisor-based Virtualization
Groesbrink, Stefan
Almeida, Luis
de Sousa, Mario
Petters, Stefan M.
[J]. 2014 IEEE 20TH REAL-TIME AND EMBEDDED TECHNOLOGY AND APPLICATIONS SYMPOSIUM (RTAS), 2014, : 13 - 24
[3] A Survey on Hypervisor-based Virtualization of Embedded Reconfigurable Systems
Wulf, Cornelia
Willig, Michael
Goehringer, Diana
[J]. 2021 31ST INTERNATIONAL CONFERENCE ON FIELD-PROGRAMMABLE LOGIC AND APPLICATIONS (FPL 2021), 2021, : 249 - 256
[4] RAMinate: Hypervisor-based Virtualization for Hybrid Main Memory Systems
Hirofuchi, Takahiro
Takano, Ryousei
[J]. PROCEEDINGS OF THE SEVENTH ACM SYMPOSIUM ON CLOUD COMPUTING (SOCC 2016), 2016, : 112 - 125
[5] Towards Hierarchical Scheduling of Dependent Systems with Hypervisor-based Virtualization
Jatzkowski, Jan
Kreutz, Marcio
Rettberg, Achim
[J]. PROCEEDINGS OF THE 2015 ELECTRONIC SYSTEM LEVEL SYNTHESIS CONFERENCE (ESLSYN), 2015, : 28 - 33
[6] Hypervisor-Based Protection of Code
Kiperberg, Michael
Leon, Roee
Resh, Amit
Algawi, Asaf
Zaidenberg, Nezer J.
[J]. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2019, 14 (08) : 2203 - 2216
[7] A secure virtualization architecture based on a nested Nova hypervisor
Naji, Hala Zineb
Zbakh, Mostapha
[J]. PROCEEDINGS OF 2017 3RD INTERNATIONAL CONFERENCE OF CLOUD COMPUTING TECHNOLOGIES AND APPLICATIONS (CLOUDTECH), 2017, : 279 - 285
[8] Hypervisor-based Attestation of Virtual Environments
Lauer, Hagen
Kuntze, Nicolai
[J]. 2016 INT IEEE CONFERENCES ON UBIQUITOUS INTELLIGENCE & COMPUTING, ADVANCED & TRUSTED COMPUTING, SCALABLE COMPUTING AND COMMUNICATIONS, CLOUD AND BIG DATA COMPUTING, INTERNET OF PEOPLE, AND SMART WORLD CONGRESS (UIC/ATC/SCALCOM/CBDCOM/IOP/SMARTWORLD), 2016, : 333 - 340
[9] Hypervisor-Based White Listing of Executables
Leon, Roee S.
Kiperberg, Michael
Zabag, Anat Anatey Leon
Resh, Amit
Algawi, Asaf
Zaidenberg, Nezer J.
[J]. IEEE SECURITY & PRIVACY, 2019, 17 (05) : 58 - 67
[10] Latency Analysis of I/O Virtualization Techniques in Hypervisor-Based Real-Time Systems
Casini, Daniel
Biondi, Alessandro
Cicero, Giorgiomaria
Buttazzo, Giorgio
[J]. 2021 IEEE 27TH REAL-TIME AND EMBEDDED TECHNOLOGY AND APPLICATIONS SYMPOSIUM (RTAS 2021), 2021, : 306 - 319

← 1 2 3 4 5 →