RandHyp: Preventing Attacks via Xen Hypercall Interface - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2012

RandHyp: Preventing Attacks via Xen Hypercall Interface

Résumé

Virtualization plays a key role in constructing cloud environments and providing services. Although the main jobs of the hypervisors are to guarantee proper isolation between domains and provide them services, the hypercall interface provided by the hypervisor for cross-layer interactions with domains gives attackers the possibility to breach the isolation or cause denial of service from inside the domains. In this paper, we propose a transparent approach that uses randomization technique to protect the hypercall interface. In our approach, even facing a total compromise of a domain, the security of the virtualization platforms can be guaranteed. We have built a prototype called RandHyp based on Xen. Our experimental results show that RandHyp can effectively prevent attacks via Xen hypercall interface with a small overhead.
Fichier principal
Vignette du fichier
978-3-642-30436-1_12_Chapter.pdf (177.52 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01518261 , version 1 (04-05-2017)

Licence

Paternité

Identifiants

Citer

Feifei Wang, Ping Chen, Bing Mao, Li Xie. RandHyp: Preventing Attacks via Xen Hypercall Interface. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. pp.138-149, ⟨10.1007/978-3-642-30436-1_12⟩. ⟨hal-01518261⟩
250 Consultations
459 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More