TY - JOUR
T1 - Checking Function-Level Kernel Control Flow Integrity for Cloud Computing
AU - Ye, Lin
AU - Yu, Xiangzhan
AU - Yu, Lei
AU - Guo, Bin
AU - Zhan, Dongyang
AU - Du, Xiaojiang
AU - Guizani, Mohsen
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2018/7/25
Y1 - 2018/7/25
N2 - With the advancement of cloud computing, the control flow integrity (CFI) of virtual machines' kernel becomes more and more important for the security of cloud services. Many CFI checking and protecting approaches have been proposed. Among them, dynamic analysis approaches have the best detection capability, but they are rarely used because of the high overhead introduced to the virtual machines to be monitored. In this paper, we propose a function-level kernel CFI checking approach to meet the performance requirements in the cloud. By combining the static memory analysis and the dynamic tracing, our system can achieve high detection capability with low overhead. Since the analysis and tracing targets of our system are kernel functions, our system incurs lower overhead to the monitored virtual machines than the instruction-level monitors. We propose two models to describe the kernel control flows. After building the secure control flow database by learning the normal behaviors, we can detect abnormal control flows in real time. With the help of virtualization and virtual machine introspection techniques, we implement a prototype system in the hardware virtualization environment. From the evaluation, our system has high detection capability with reasonable overhead.
AB - With the advancement of cloud computing, the control flow integrity (CFI) of virtual machines' kernel becomes more and more important for the security of cloud services. Many CFI checking and protecting approaches have been proposed. Among them, dynamic analysis approaches have the best detection capability, but they are rarely used because of the high overhead introduced to the virtual machines to be monitored. In this paper, we propose a function-level kernel CFI checking approach to meet the performance requirements in the cloud. By combining the static memory analysis and the dynamic tracing, our system can achieve high detection capability with low overhead. Since the analysis and tracing targets of our system are kernel functions, our system incurs lower overhead to the monitored virtual machines than the instruction-level monitors. We propose two models to describe the kernel control flows. After building the secure control flow database by learning the normal behaviors, we can detect abnormal control flows in real time. With the help of virtualization and virtual machine introspection techniques, we implement a prototype system in the hardware virtualization environment. From the evaluation, our system has high detection capability with reasonable overhead.
KW - Control flow integrity
KW - function-level analysis
KW - virtual machine introspection
UR - http://www.scopus.com/inward/record.url?scp=85050600584&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85050600584&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2018.2859767
DO - 10.1109/ACCESS.2018.2859767
M3 - Article
AN - SCOPUS:85050600584
VL - 6
SP - 41856
EP - 41865
JO - IEEE Access
JF - IEEE Access
M1 - 8419756
ER -