The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture

被引:4
|
作者
Buhren, Robert [1 ]
Vetter, Julian [1 ]
Nordholz, Jan [1 ]
机构
[1] Tech Univ Berlin, Berlin, Germany
来源
INFORMATION AND COMMUNICATIONS SECURITY, ICICS 2016 | 2016年 / 9977卷
关键词
Rootkit; Hypervisor; ARM; Virtualization;
D O I
10.1007/978-3-319-50011-9_29
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The virtualization capabilities of today's systems offer rootkits excellent hideouts, where they are fairly immune to countermeasures. In this paper, we evaluate the vulnerability to hypervisor-based rootkits of ARM-based platforms, considering both ARMv7 and ARMv8. We implement a proof-of-concept rootkit to prove the validity of our findings. We then detail the anatomy of an attack wherein a hypervisor rootkit and a userspace process collaborate to undermine the isolation properties enforced by the Linux kernel. Based on our discoveries, we explore the possibilities of mitigating each attack vector. Finally, we discuss methods to detect such highly privileged rootkits so as to conceive more effective countermeasures.
引用
收藏
页码:376 / 391
页数:16
相关论文
共 50 条
  • [41] Hypervisor-Based Target Deployment Strategies for Time Predictability in Model-Based Development
    Schade, Florian
    Doerr, Tobias
    Becker, Jurgen
    2022 IEEE 35TH INTERNATIONAL SYSTEM-ON-CHIP CONFERENCE (IEEE SOCC 2022), 2022, : 285 - 286
  • [42] Commercial hypervisor-based task sandboxing mechanisms are unsecured? But we can fix it!
    Huo, Dongdong
    Cao, Chen
    Liu, Peng
    Wang, Yazhe
    Li, Mingxuan
    Xu, Zhen
    JOURNAL OF SYSTEMS ARCHITECTURE, 2021, 116
  • [43] High-performance vNIC framework for hypervisor-based NFV with userspace vSwitch
    Nakajima, Yoshihiro
    Masutani, Hitoshi
    Takahashi, Hirokazu
    2015 FOURTH EUROPEAN WORKSHOP ON SOFTWARE DEFINED NETWORKS - EWSDN 2015, 2015, : 43 - 48
  • [44] U-HIPE: hypervisor-based protection of user-mode processes in Windows
    Lutas, Andrei
    Colesa, Adrian
    Lukacs, Sandor
    Lutas, Dan
    JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2016, 12 (01): : 23 - 36
  • [45] HyGenICC: Hypervisor-based Generic IP Congestion Control for Virtualized Data Centers
    Abdelmoniem, Ahmed M.
    Bensaou, Brahim
    Abu, Amuda James
    2016 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), 2016,
  • [46] TGVisor: A Tiny Hypervisor-Based Trusted Geolocation Framework for Mobile Cloud Clients
    Park, Sungjin
    Yoon, Jae Nam
    Kang, Cheoloh
    Kim, Kyong Hoon
    Han, Taisook
    2015 3RD IEEE INTERNATIONAL CONFERENCE ON MOBILE CLOUD COMPUTING, SERVICES, AND ENGINEERING (MOBILECLOUD 2015), 2015, : 99 - 108
  • [47] Targeted Malicious Email Detection using Hypervisor-based Dynamic Analysis and Ensemble Learning
    Zhang, Jian
    Li, Wenzhen
    Gong, Liangyi
    Gu, Zhaojun
    Wu, Jeffrey
    2019 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM), 2019,
  • [48] Hypervisor-based cloud intrusion detection through online multivariate statistical change tracking
    Aldribi, Abdulaziz
    Traore, Issa
    Moa, Belaid
    Nwamuo, Onyekachi
    COMPUTERS & SECURITY, 2020, 88
  • [49] Performance Overhead Comparison between Hypervisor and Container based Virtualization
    Li, Zheng
    Kihl, Maria
    Lu, Qinghua
    Andersson, Jens A.
    2017 IEEE 31ST INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA), 2017, : 955 - 962
  • [50] Lightweight Multicore Virtualization Architecture exploiting ARM TrustZone
    Pinto, S.
    Oliveira, A.
    Pereira, J.
    Cabral, J.
    Monteiro, J.
    Tavares, A.
    IECON 2017 - 43RD ANNUAL CONFERENCE OF THE IEEE INDUSTRIAL ELECTRONICS SOCIETY, 2017, : 3562 - 3567
12345