Security in Storage Workshop, International IEEE (2005)
San Francisco, California
Dec. 13, 2005 to Dec. 13, 2005
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SISW.2005.17
Xin Zhao , University of Michigan, USA
Kevin Borders , University of Michigan, USA
Atul Prakash , University of Michigan, USA
Protecting sensitive files from a compromised system helps administrators to thwart many attacks, discover intrusion trails, and fast restore the system to a safe state. However, most existing file protection mechanisms can be turned off after an attacker manages to exploit a vulnerability to gain privileged access. In this paper we propose SVFS, a Secure Virtual File System that uses virtual machine technology to store sensitive files in a virtual machine that is dedicated to providing secure data storage, and run applications in one or more guest virtual machines. Accesses to sensitive files must go through SVFS and are subject to access control policies. Because the access control policies are enforced independently in an isolated virtual machine, intruders cannot bypass file protection by compromising a guest VM. In addition, SVFS introduces a Virtual Remote Procedure Call mechanism as a substitute of standard RPC to deliver better performance in data exchanging across virtual machine boundaries. We implemented SVFS and tested it against attacks on a guest operating system using several available rootkits. SVFS was able to prevent most of the rootkits from being installed, and prevent all of them from persisting past reboot. We also compared the performance of SVFS to the native Ext3 file system and found that performance cost was reasonable considering the security benefits of SVFS. Our experimental results also show VRPC does improve the filesystem performance.
A. Prakash, X. Zhao and K. Borders, "Towards Protecting Sensitive Files in a Compromised System," Proceedings. Third International IEEE Security in Storage Workshop(SISW), San Francisco, CA, 2005, pp. 21-28.