HyperCheck: A Hardware-Assisted Integrity Monitor

13 years 10 months ago

Download www.cs.gmu.edu

Abstract. Over the past few years, virtualization has been employed to environments ranging from densely populated cloud computing clusters to home desktop computers. Security researchers embraced virtual machine monitors (VMMs) as a new mechanism to guarantee deep isolation of untrusted software components. Unfortunately, their widespread adoption promoted VMMs as a prime target for attackers. In this paper, we present HyperCheck, a hardware-assisted tampering detection framework designed to protect the integrity of VMMs and, for some classes of attacks, the underlying operating system (OS). HyperCheck leverages the CPU System Management Mode (SMM), present in x86 systems, to securely generate and transmit the full state of the protected machine to an external server. Using HyperCheck, we were able to ferret-out rootkits that targeted the integrity of both the Xen hypervisor and traditional OSes. Moreover, HyperCheck is robust against attacks that aim to disable or block its operation...

Jiang Wang, Angelos Stavrou, Anup K. Ghosh

Real-time Traffic

Cloud Computing Clusters | Computer Networks | Hardware-assisted Tampering Detection | Home Desktop Computers | RAID 2010 |

claim paper

Post Info
More Details (n/a)

Added	30 Jan 2011
Updated	30 Jan 2011
Type	Journal
Year	2010
Where	RAID
Authors	Jiang Wang, Angelos Stavrou, Anup K. Ghosh

Comments (0)

Sciweavers

HyperCheck: A Hardware-Assisted Integrity Monitor

Cloud Computing Clusters | Computer Networks | Hardware-assisted Tampering Detection | Home Desktop Computers | RAID 2010 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers