Checking Function-Level Kernel Control Flow Integrity for Cloud Computing

Lin Ye, Xiangzhan Yu, Lei Yu, Bin Guo, Dongyang Zhan, Xiaojiang Du, Mohsen Guizani

Research output: Contribution to journalArticlepeer-review

2 Scopus citations

Abstract

With the advancement of cloud computing, the control flow integrity (CFI) of virtual machines' kernel becomes more and more important for the security of cloud services. Many CFI checking and protecting approaches have been proposed. Among them, dynamic analysis approaches have the best detection capability, but they are rarely used because of the high overhead introduced to the virtual machines to be monitored. In this paper, we propose a function-level kernel CFI checking approach to meet the performance requirements in the cloud. By combining the static memory analysis and the dynamic tracing, our system can achieve high detection capability with low overhead. Since the analysis and tracing targets of our system are kernel functions, our system incurs lower overhead to the monitored virtual machines than the instruction-level monitors. We propose two models to describe the kernel control flows. After building the secure control flow database by learning the normal behaviors, we can detect abnormal control flows in real time. With the help of virtualization and virtual machine introspection techniques, we implement a prototype system in the hardware virtualization environment. From the evaluation, our system has high detection capability with reasonable overhead.

Original languageEnglish
Article number8419756
Pages (from-to)41856-41865
Number of pages10
JournalIEEE Access
Volume6
DOIs
StatePublished - 25 Jul 2018

Keywords

  • Control flow integrity
  • function-level analysis
  • virtual machine introspection

Fingerprint

Dive into the research topics of 'Checking Function-Level Kernel Control Flow Integrity for Cloud Computing'. Together they form a unique fingerprint.

Cite this