PhD Dissertation Proposal by ZHAO Siqi | Virtualization-based Isolation on Multicore Platforms: Issues, Methods and Applications

Virtualization-based Isolation on Multicore Platforms: Issues, Methods and Applications

About The Talk

Using hypervisor as the trust anchor to defend against malware with kernel privilege, such as rootkits, had been proposed as an effective countermeasure in the literature. However, an implicit assumption in existing works is that the underlying platform is uni-core. This assumption is increasing distant from the real-world computing landscape where multi-core machines have become ubiquitous. With the broken assumption, adversarial threads running on other cores gain capabilities that are not possible on uni-core platforms. Therefore, the security of existing works that based on hypervisor demands a careful review, which leads to this report.

In this report, we first examine the issues brought by applying existing isolation approach on multi-core platforms. We conduct an in-depth analysis and point out a few issues related to incapable thread identification, enforcement granularity, EPT management and page table checking. We also present two concrete attacks that allow the untrusted thread to break the isolation setup by existing approach. In light of the issues, we propose our Fully Isolated Micro-Computing Environment(FIMCE). FIMCE encloses a complete set of resources needed by a program and is isolated from the untrusted guest kernel. Therefore, it is immune from the issues that we reveal. It also features great flexibility in its configuration and software architecture. As a result, the environment can be tailored to various application scenarios and the protected application does not need to be self-contained. Building on top of this environment, we present an application in the context of Virtual Machine Introspection. We propose a design called Immersive Execution Environment (ImEE) for efficient introspection through consistent address space mappings. We tweak the aforementioned environment to directly reuse the page tables of a target VM and synchronize the root of the page table with the target VM. As a result, the target VM cannot present fake address mappings to the introspection tool to mislead the result.

Speaker Biography

ZHAO Siqi is a PhD candidate in the School of Information System, Singapore Management University. His research focuses on utilising virtualisation based system for security purposes such as isolated execution, access control, virtual machine introspection etc.