The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture

被引:4
|
作者
Buhren, Robert [1 ]
Vetter, Julian [1 ]
Nordholz, Jan [1 ]
机构
[1] Tech Univ Berlin, Berlin, Germany
来源
INFORMATION AND COMMUNICATIONS SECURITY, ICICS 2016 | 2016年 / 9977卷
关键词
Rootkit; Hypervisor; ARM; Virtualization;
D O I
10.1007/978-3-319-50011-9_29
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The virtualization capabilities of today's systems offer rootkits excellent hideouts, where they are fairly immune to countermeasures. In this paper, we evaluate the vulnerability to hypervisor-based rootkits of ARM-based platforms, considering both ARMv7 and ARMv8. We implement a proof-of-concept rootkit to prove the validity of our findings. We then detail the anatomy of an attack wherein a hypervisor rootkit and a userspace process collaborate to undermine the isolation properties enforced by the Linux kernel. Based on our discoveries, we explore the possibilities of mitigating each attack vector. Finally, we discuss methods to detect such highly privileged rootkits so as to conceive more effective countermeasures.
引用
收藏
页码:376 / 391
页数:16
相关论文
共 50 条
  • [21] Network and hypervisor-based attacks in cloud computing environments
    Montasari, Reza
    Macdonald, Stuart
    Hosseinian-Far, Amin
    Carroll, Fiona
    Daneshkhah, Alireza
    INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS, 2021, 13 (06) : 630 - 651
  • [22] A Survey on Hypervisor-Based Monitoring: Approaches, Applications, and Evolutions
    Bauman, Erick
    Ayoade, Gbadebo
    Lin, Zhiqiang
    ACM COMPUTING SURVEYS, 2015, 48 (01)
  • [23] Xen on ARM: System virtualization using Xen hypervisor for ARM-based secure mobile phones
    Hwang, Joo-Young
    Suh, Sang-Bum
    Heo, Sung-Kwan
    Park, Chan-Ju
    Ryu, Jae-Min
    Park, Seong-Yeol
    Kim, Chul-Ryun
    2008 5TH IEEE CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE, VOLS 1-3, 2008, : 257 - 261
  • [24] HyperCrop: A Hypervisor-Based Countermeasure for Return Oriented Programming
    Jiang, Jun
    Jia, Xiaoqi
    Feng, Dengguo
    Zhang, Shengzhi
    Liu, Peng
    INFORMATION AND COMMUNICATIONS SECURITY, 2011, 7043 : 360 - +
  • [25] A Hypervisor-Based Privacy Agent for Mobile and IoT Systems
    Klingensmith, Neil
    Kim, Younghyun
    Banerjee, Suman
    HOTMOBILE '19 - PROCEEDINGS OF THE 20TH INTERNATIONAL WORKSHOP ON MOBILE COMPUTING SYSTEMS AND APPLICATIONS, 2019, : 21 - 26
  • [26] HyperWallet: cryptocurrency wallet as a secure hypervisor-based application
    Zaidenberg, Nezer Jacob
    Kiperberg, Michael
    EURASIP JOURNAL ON INFORMATION SECURITY, 2024, 2024 (01):
  • [27] HyperCrypt: Hypervisor-based Encryption of Kernel and User Space
    Goetzfried, Johannes
    Doerr, Nico
    Palutke, Ralph
    Mueller, Tilo
    PROCEEDINGS OF 2016 11TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, (ARES 2016), 2016, : 79 - 87
  • [28] Laccolith: Hypervisor-Based Adversary Emulation With Anti-Detection
    Orbinato, Vittorio
    Feliciano, Marco Carlo
    Cotroneo, Domenico
    Natella, Roberto
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2024, 21 (06) : 5374 - 5387
  • [29] Efficient DLP-visor: An efficient hypervisor-based DLP
    Kiperberg, Michael
    Amit, Guy
    Yeshooroon, Amir
    Zaidenberg, Nezer J.
    21ST IEEE/ACM INTERNATIONAL SYMPOSIUM ON CLUSTER, CLOUD AND INTERNET COMPUTING (CCGRID 2021), 2021, : 344 - 355
  • [30] HyperFlex: An SDN Virtualization Architecture with Flexible Hypervisor Function Allocation
    Blenk, Andreas
    Basta, Arsany
    Kellerer, Wolfgang
    PROCEEDINGS OF THE 2015 IFIP/IEEE INTERNATIONAL SYMPOSIUM ON INTEGRATED NETWORK MANAGEMENT (IM), 2015, : 397 - 405
12345