Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers

Research Article

Preventing Secret Data Leakage from Foreign Mappings in Virtual Machines

Download
484 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-31909-9_25,
        author={Hanjun Gao and Lina Wang and Wei Liu and Yang Peng and Hao Zhang},
        title={Preventing Secret Data Leakage from Foreign Mappings in Virtual Machines},
        proceedings={Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2012},
        month={10},
        keywords={Direct Foreign mappings Virtual machine Hyprevisor Privacy Secrecy Data leakage},
        doi={10.1007/978-3-642-31909-9_25}
    }
    
  • Hanjun Gao
    Lina Wang
    Wei Liu
    Yang Peng
    Hao Zhang
    Year: 2012
    Preventing Secret Data Leakage from Foreign Mappings in Virtual Machines
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-31909-9_25
Hanjun Gao1,*, Lina Wang, Wei Liu1, Yang Peng1, Hao Zhang1
  • 1: Wuhan University
*Contact email: ghjwhu@sina.com

Abstract

The foreign mapping mechanism of Xen is used in privileged virtual machines (VM) for platform management. With help of it, a privileged VM can map arbitrary machine frames of memory from a specific VM into its page tables. This leaves a vulnerability that malware may compromise the secrecy of normal VMs by exploiting the foreign mapping mechanism. To address this privacy exposure, we present a novel application’s memory privacy protection (AMP) scheme by exploiting hypervisor. In AMP, an application can protect its memory privacy by registering its address space into hypervisor; before the application exists or cancels its protection, any foreign mapping to protected pages will be disabled. With these measures, AMP prevents sensitive data leakage when malware attempts to eavesdrop them by exploiting foreign mapping. Finally, extensive experiments are performed to validate AMP. The experimental results show that AMP achieves strong privacy resilency while incurs only 2% extra overhead for CPU workloads.