RandHyp: Preventing Attacks via Xen Hypercall Interface

Abstract : Virtualization plays a key role in constructing cloud environments and providing services. Although the main jobs of the hypervisors are to guarantee proper isolation between domains and provide them services, the hypercall interface provided by the hypervisor for cross-layer interactions with domains gives attackers the possibility to breach the isolation or cause denial of service from inside the domains. In this paper, we propose a transparent approach that uses randomization technique to protect the hypercall interface. In our approach, even facing a total compromise of a domain, the security of the virtualization platforms can be guaranteed. We have built a prototype called RandHyp based on Xen. Our experimental results show that RandHyp can effectively prevent attacks via Xen hypercall interface with a small overhead.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.138-149, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_12〉
Liste complète des métadonnées

Littérature citée [16 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01518261
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:56
Dernière modification le : jeudi 4 mai 2017 - 14:53:51
Document(s) archivé(s) le : samedi 5 août 2017 - 13:32:32

Fichier

978-3-642-30436-1_12_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Feifei Wang, Ping Chen, Bing Mao, Li Xie. RandHyp: Preventing Attacks via Xen Hypercall Interface. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.138-149, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_12〉. 〈hal-01518261〉

Partager

Métriques

Consultations de la notice

239

Téléchargements de fichiers

124