Using VisorFlow to Control Information Flow without Modifying the Operating System Kernel or its Userspace

被引：0

作者：

Shockley, Matt ^{[1
]}

Maixner, Chris ^{[1
]}

Johnson, Ryan ^{[2
]}

DeRidder, Mitch ^{[1
]}

Petullo, W. Michael ^{[1
]}

机构：

[1] US Mil Acad, West Point, NY 10996 USA

[2] US Army Cyber Sch, Ft Gordon, GA USA

来源：

PROCEEDINGS OF THE 2017 INTERNATIONAL WORKSHOP ON MANAGING INSIDER SECURITY THREATS (MIST'17) | 2017年

基金：

美国国家科学基金会;

关键词：

D O I：

10.1145/3139923.3139924

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

VISORFLOW aims to monitor the flow of information between processes without requiring modifications to the operating system kernel or its userspace. VISORFLOW runs in a privileged Xen domain and monitors the system calls executing in other domains running either Linux or Windows. VISORFLOW uses its observations to prevent confidential information from leaving a local network. We describe the design and implementation of VISORFLOW, describe how we used VISORFLOW to confine naive users and malicious insiders during the 2017 Cyber-Defense Exercise, and provide performance measurements. We have released VISORFLOW and its companion library, libguestrace, as open-source software.

引用

页码：13 / 24

页数：12

共 50 条

[1] NumChecker: Detecting Kernel Control-flow Modifying Rootkits by Using Hardware Performance Counters
Wang, Xueyang
Karri, Ramesh
2013 50TH ACM / EDAC / IEEE DESIGN AUTOMATION CONFERENCE (DAC), 2013,
[2] Applying a usage control model in an operating system kernel
Teigao, Rafael
Maziero, Carlos
Santin, Altair
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2011, 34 (04) : 1342 - 1352
[3] User-level DMA without operating system kernel modification
Markatos, EP
Katevenis, MGH
THIRD INTERNATIONAL SYMPOSIUM ON HIGH-PERFORMANCE COMPUTER ARCHITECTURE - PROCEEDINGS, 1997, : 322 - 331
[4] Fire phoenix cluster operating system kernel and its evaluation
Zhan, Jianfeng
Sun, Ninghui
2005 IEEE INTERNATIONAL CONFERENCE ON CLUSTER COMPUTING (CLUSTER), 2006, : 325 - +
[5] Verifying the Reliability of Operating System-Level Information Flow Control Systems in Linux
Georget, Laurent
Jaume, Mathieu
Piolle, Guillaume
Tronel, Frederic
Tong, Valerie Viet Triem
2017 IEEE/ACM 5TH INTERNATIONAL FME WORKSHOP ON FORMAL METHODS IN SOFTWARE ENGINEERING (FORMALISE) PROCEEDINGS, 2017, : 10 - 16
[6] Using an in-kernel hypervisor to protect the integrity of operating system
Chen, Zhixian
Cui, Jun
Liu, Wei
Huang, Hao
Xu, Bin
ICIC Express Letters, 2014, 8 (08): : 2357 - 2363
[7] USING LOTOS FOR SPECIFYING THE CHORUS DISTRIBUTED OPERATING SYSTEM KERNEL
PECHEUR, C
COMPUTER COMMUNICATIONS, 1992, 15 (02) : 93 - 102
[8] PLANNING OF PERIODIC PROCESSING OF INFORMATION IN A SYSTEM OPERATING WITHOUT INTERRUPTIONS
BEYLIN, AM
GILMAN, AL
ENGINEERING CYBERNETICS, 1973, 11 (03): : 451 - 455
[9] Using an In-kernel Hypervisor to Protect the Integrity of Operating System
Chen, Zhi-xian
Cui, Jun
Liu, Wei
Huang, Hao
2011 INTERNATIONAL CONFERENCE ON COMPUTERS, COMMUNICATIONS, CONTROL AND AUTOMATION (CCCA 2011), VOL III, 2010, : 94 - 97
[10] Nekray: A Linux Kernel-Based Customized Operating System for Information Kiosk
Sad, A. S. M. Mehedi Hasan
Choyon, Md Mashrur Sakib
Rhydwan, Abu Hasnat Md
Shikder, Kawshik
Hossain, Chowdhury Akram
INTERNATIONAL JOURNAL OF EMBEDDED AND REAL-TIME COMMUNICATION SYSTEMS (IJERTCS), 2021, 12 (03): : 49 - 68

← 1 2 3 4 5 →