Supporting Virtualization-Aware Security Solutions Using a Systematic Approach to Overcome the Semantic Gap
Honolulu, HI, USA USA
June 24, 2012 to June 29, 2012
A prerequisite to implementing virtualization-aware security solutions is to solve the "semantic gap" problem. Current approaches require a deep knowledge of the kernel data to manually solve the semantic gap. However, kernel data is very complex; an Operating System (OS) kernel contains thousands of data structures that have direct and indirect (pointer) relations between each other with no explicit integrity constraints. This complexity makes it impractical to use manual methods. In this paper, we present a new solution to systematically and efficiently solve the semantic gap for any OS, without any prior knowledge of the OS. We present: (i) KDD, a tool that systematically builds a precise kernel data definition for any C-based OS such as Windows and Linux. KDD generates this definition by performing points-to analysis on the kernel's source code to disambiguate the pointer relations. (ii) SVA, a security appliance that solves the semantic gap based on the generated definition, to systematically and externally map the virtual machines' physical memory and extract the runtime dynamic objects. We have implemented prototypes for KDD and SVA, and have performed different experiments to prove their effectiveness.
Kernel, Security, Semantics, Data structures, Context, Runtime, Algorithm design and analysis, virtualization-aware security solutions, Kernel data structures, semantic gap, points-to analysis, IaaS
Amani S. Ibrahim, James Hamlyn-Harris, John Grundy, Mohamed Almorsy, "Supporting Virtualization-Aware Security Solutions Using a Systematic Approach to Overcome the Semantic Gap", CLOUD, 2012, 2013 IEEE Sixth International Conference on Cloud Computing, 2013 IEEE Sixth International Conference on Cloud Computing 2012, pp. 836-843, doi:10.1109/CLOUD.2012.129