Advertisement

Mitigating the Lying-Endpoint Problem in Virtualized Network Access Frameworks

  • Ravi Sahita
  • Uday R. Savagaonkar
  • Prashant Dewan
  • David Durham
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4785)

Abstract

Malicious root-kits modify the in-memory state of programs executing on an endpoint to hide themselves from security software. Such attacks negatively affect network-based security frameworks that depend on the trustworthiness of endpoint software. In network access control frameworks this issue is called the lying-endpoint problem, where a compromised endpoint spoofs software integrity reports to render the framework untrustworthy. We present a novel architecture called Virtualization-enabled Integrity Services (VIS) to protect the run-time integrity of network-access software in an untrusted environment. We describe the design of a VIS-protected network access stack, and characterize its performance. We show that a network access stack running on an existing operating system can be protected using VIS with less than 5% overhead, even when each network packet causes protection enforcement.

Keywords

Network Access Framework Lying Endpoint Virtualization Memory Protections 

References

  1. 1.
    Cisco*: Cisco* Network Admission Control. http://www.cisco.com/go/nac
  2. 2.
    Microsoft*: Microsoft* Network Access Protection. http://www.microsoft.com/nap
  3. 3.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. Special Interest Group on Operating Systems: Operating Systems Review 37, 193–206 (2003)CrossRefGoogle Scholar
  4. 4.
    Whitaker, A., Shaw, M., Gribble, S.D.: Scale and performance in the Denali isolation kernel. In: OSDI 2002. Proceedings of the Fifth Symposium on Operating System Design and Implementation, Boston, MA (December 2002)Google Scholar
  5. 5.
    Cox, R.S., Gribble, S.D., Levy, H.M., Hansen, J.G.: A safety-oriented platform for web applications. In: SP 2006. Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 350–364. IEEE Computer Society Press, Washington, DC, USA (2006)Google Scholar
  6. 6.
    Thumann, M., Roecher, D.J.: NACATTACK–hacking the cisco* NAC framework. In: Blackhat Europe (2007)Google Scholar
  7. 7.
    Microsoft*: Digital signatures for kernel modules on x64-based systems running windows* vista* (2006), http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx
  8. 8.
    Intel Corporation: IA-32 Intel®  Architecture Software Developers Manual. http://www.intel.com/products/processor/manuals/index.htm
  9. 9.
    Engler, D.R., Kaashoek, M.F., James O’Toole, J.: Exokernel: an operating system architecture for application-level resource management. In: Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles, pp. 251–266. ACM Press, New York (1995)CrossRefGoogle Scholar
  10. 10.
    Witchel, E., Cates, J., Asanović, K.: Mondrian memory protection. In: Proceedings of the Tenth International Conference on Architectural Support for Programming Languages and Operating Systems, San Jose, CA (October 2002)Google Scholar
  11. 11.
    Chen, B., Morris, R.: Certifying program execution with secure processors. In: 9th Workshop on Hot Topics in Operating Systems (2003)Google Scholar
  12. 12.
    Miller, F.W.: Simple memory protection for embedded operating system kernels. In: Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference, pp. 299–308. USENIX Association, Berkeley, CA, USA (2002)Google Scholar
  13. 13.
    Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: SSYM 2005. Proceedings of the 14th conference on USENIX Security Symposium, pp. 17–17. USENIX Association, Berkeley, CA, USA (2005)Google Scholar
  14. 14.
    Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: SP 1997. Proceedings of the 1997 IEEE Symposium on Security and Privacy, p. 65. IEEE Computer Society Press, Washington, DC, USA (1997)Google Scholar
  15. 15.
    Kiriansky, V., Bruening, D., Amarasinghe, S.P.: Secure execution via program shepherding. In: Proceedings of the 11th USENIX Security Symposium, pp. 191–206. USENIX Association, Berkeley, CA, USA (2002)Google Scholar
  16. 16.
    McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Seshadri, A.: Minimal TCB code execution. In: IEEE Symposium on Security and Privacy, pp. 267–272. IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  17. 17.
    Kaslin, K.: Kernel malware: The attack from within. In: Association of anti-Virus Asia Researchers (AVAR) International Conference, New Zealand (2006)Google Scholar
  18. 18.
    Kapoor, A., Sallam, A.: Rootkits part 2: A technical primer (2006), http://www.mcafee.com/us/local_content/white_papers/wp_rootkits_0407.pdf
  19. 19.
    Naraine, R.: Shadow walker pushes envelope for stealth rootkits (2005), http://www.eweek.com/article2/0,1895,1841266,00.asp
  20. 20.
    Symantec*: Symantec* internet security threat report: Trends for july-dec 2006 (March 2007)Google Scholar
  21. 21.
    Thimbleby, H., Anderson, S., Cairns, P.: A framework for modelling trojans and computer virus infection. The Computer Journal 41(7), 445–458 (1998)CrossRefzbMATHGoogle Scholar
  22. 22.
    Devine, S., Bugnion, E., Rosenblum, M.: Virtualization system including a virtual machine monitor for a computer with a segmented architecture (1998)Google Scholar
  23. 23.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM Press, New York (2003)CrossRefGoogle Scholar
  24. 24.
    Smith, J.E., Uhlig, R.: Virtual Machines: Architectures, Implementations, and Applications. In: HOTCHIPS: A Symposium on High Performance Chips (2005)Google Scholar
  25. 25.
    Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. Technical Report RC23982, IBM Corporation (June 2006)Google Scholar
  26. 26.
    Hiremane, R.: Intel® Virtualization Technology for Directed I/O (Intel® VT-d). Technology@Intel Magazine 4(10) (May 2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2007

Authors and Affiliations

  • Ravi Sahita
    • 1
  • Uday R. Savagaonkar
    • 1
  • Prashant Dewan
    • 1
  • David Durham
    • 1
  1. 1.Intel Corporation, 2111 NE 25th Ave, Hillsboro, ORUSA

Personalised recommendations