hGuard: A Framework to Measure Hypervisor Critical Files
文献类型:会议论文
| 作者 | Ding, Baozeng ; He, Yeping ; Zhou, Qiming ; Wu, Yanjun ; Wu, Jingzheng |
| 出版日期 | 2013 |
| 会议名称 | 7th IEEE International Conference on Software Security and Reliability (SERE) |
| 会议日期 | JUN 18-20, 2013 |
| 会议地点 | Gaithersburg, MD |
| 关键词 | Hypervisor critical files integrity measurement |
| 页码 | 177-182 |
| 中文摘要 | Virtualization has been widely adopted in current computer systems. A key part of virtualization is a hypervisor, which virtualizes physical resources to be shared among multiple guest virtual machines (VMs). Configuration files and security policy files used by the hypervisor control VMs' behavior. If these critical files are tampered with, all the VMs that run on the same hypervisor will be affected. This paper presents hGuard, a framework to measure hypervisor critical files. Each time a critical file is updated, its hash is stored into a non-volatile storage of the trusted chip. When a critical file is loaded into memory, a measurement module computes its hash and a validation module checks its integrity by comparing this hash with that stored in the non-volatile storage. Only if they are the same could the files be used and continuous operation will be allowed. The experiment shows that hGuard can detect illegal modification of hypervisor critical files. |
| 英文摘要 | Virtualization has been widely adopted in current computer systems. A key part of virtualization is a hypervisor, which virtualizes physical resources to be shared among multiple guest virtual machines (VMs). Configuration files and security policy files used by the hypervisor control VMs' behavior. If these critical files are tampered with, all the VMs that run on the same hypervisor will be affected. This paper presents hGuard, a framework to measure hypervisor critical files. Each time a critical file is updated, its hash is stored into a non-volatile storage of the trusted chip. When a critical file is loaded into memory, a measurement module computes its hash and a validation module checks its integrity by comparing this hash with that stored in the non-volatile storage. Only if they are the same could the files be used and continuous operation will be allowed. The experiment shows that hGuard can detect illegal modification of hypervisor critical files. |
| 收录类别 | CPCI |
| 会议录出版地 | IEEE COMPUTER SOC |
| 语种 | 英语 |
| ISBN号 | 978-0-7695-5030-5 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/16532]  |
| 专题 | 软件研究所_软件所图书馆_会议论文 |
| 推荐引用方式 GB/T 7714 | Ding, Baozeng,He, Yeping,Zhou, Qiming,et al. hGuard: A Framework to Measure Hypervisor Critical Files[C]. 见:7th IEEE International Conference on Software Security and Reliability (SERE). Gaithersburg, MD. JUN 18-20, 2013. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。