首页 | 本学科首页   官方微博 | 高级检索  
     

基于虚拟机监控器的隐私透明保护
引用本文:任建宝,齐勇,戴月华,王晓光,宣宇,史椸.基于虚拟机监控器的隐私透明保护[J].软件学报,2015,26(8):2124-2137.
作者姓名:任建宝  齐勇  戴月华  王晓光  宣宇  史椸
作者单位:西安交通大学 计算机科学与技术系, 陕西 西安 710049,西安交通大学 计算机科学与技术系, 陕西 西安 710049,西安交通大学 计算机科学与技术系, 陕西 西安 710049,西安交通大学 计算机科学与技术系, 陕西 西安 710049,西安交通大学 计算机科学与技术系, 陕西 西安 710049,西安交通大学 计算机科学与技术系, 陕西 西安 710049
基金项目:国家自然科学基金(60933003); 国家高技术研究发展计划(863)(2012AA0109 04); 教育部高等学校博士学科点专项科研基金(20120201110010)
摘    要:操作系统漏洞经常被攻击者利用,从而以内核权限执行任意代码(返回用户态攻击,ret2user)以及窃取用户隐私数据.使用虚拟机监控器构建了一个对操作系统及应用程序透明的内存访问审查机制,提出了一种低性能开销并且无法被绕过的内存页面使用信息实时跟踪策略;结合安全加载器,保证了动态链接库以及应用程序的代码完整性.能够确保即使操作系统内核被攻击,应用程序的内存隐私数据依然无法被窃取.在Linux操作系统上进行了原型实现及验证,实验结果表明,该隐私保护机制对大多数应用只带来6%~10%的性能负载.

关 键 词:隐私保护  虚拟机监控器  嵌套页表  代码完整性
收稿时间:2014/2/28 0:00:00
修稿时间:2014/7/31 0:00:00

Transparent Privacy Protection Based on Virtual Machine Monitor
REN Jian-Bao,QI Yong,DAI Yue-Hu,WANG Xiao-Guang,XUAN Yu and SHI Yi.Transparent Privacy Protection Based on Virtual Machine Monitor[J].Journal of Software,2015,26(8):2124-2137.
Authors:REN Jian-Bao  QI Yong  DAI Yue-Hu  WANG Xiao-Guang  XUAN Yu and SHI Yi
Affiliation:Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, China,Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, China,Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, China,Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, China,Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, China and Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, China
Abstract:The vulnerabilities of OS kernel are usually exploited by attackers to execute arbitrary code with kernel privilege (i.e., return-to-user attacks, ret2user) and to steal other processes' private data. In this paper, a transparent OS kernel memory access mediator based on VMM (virtual machine monitor) is proposed, and a non-bypassable low performance overhead memory page tracker is provided to get the memory usage information in real-time. Combined with a safe loader, the new method guarantees the code integrity of dynamic shared objects during run-time. It also ensure that, even when the OS kernel is compromised, the application's memory private data is still safe. A prototype is implemented on the Linux OS, and the evaluation experiments show that it only incurs about 6%~10% performance overhead for most SPEC benchmark tests.
Keywords:privacy protection  virtual machine monitor  nested page table  code integrity
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号