Skip to main content
SpringerLink
Log in

TRIOB: A Trusted Virtual Computing Environment Based on Remote I/O Binding Mechanism

  • Conference paper
Cryptology and Network Security (CANS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6467))

Included in the following conference series:

  • 614 Accesses

Abstract

When visiting cloud computing platforms, users are very concerned about the security of their personal data. Current cloud computing platforms have not provided a virtual computing environment which is fully trusted by users. Meanwhile, the management domain of cloud computing platform is subject to malicious attacks, which can seriously affect the trustworthiness of the virtual computing environment. This paper presents a new approach to build a trusted virtual computing environment in data centers. By means of three innovative technologies, the user’s data can be remotely stored into trusted storage resources, the user’s virtual computing environment is isolated, and the user can automatically detect the rootkit attacks against the cloud computing management domain. We design and implement a Xen-based prototype system called TRIOB. This manuscript presents the design, implementation, and evaluation of TRIOB, with a focus on rootkits detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barham, P., Dragovic, B., Fraser, K., et al.: Xen and the Art of Virtualization. In: Proc. of the 19th ACM Symp. on Operating Systems Principles 2003, pp. 164–177 (2003)

    Google Scholar 

  2. Huizenga, G.: Cloud Computing: Coming out of the fog. In: Proceedings of the Linux Symposium 2008, vol. 1, pp. 197–210 (2008)

    Google Scholar 

  3. Armbrust, M., Fox, A., et al.: Above the Clouds: A Berkeley View of Cloud. Technical Report No. UCB/EECS-2009-28 (2009)

    Google Scholar 

  4. Kaufman, L.M.: Data Security in the World of Cloud Computing. IEEE Security and Privacy 7(4), 61–64 (2009)

    Article  Google Scholar 

  5. Garfinkel, T., et al.: Terra: A Virtual Machine-Based Platform for Trusted Computing. In: Pro. of the 19th ACM Symp. on Operating Systems Principles 2003, pp. 193–206 (2003)

    Google Scholar 

  6. Payne, B.D., Carbone, M., Sharif, M., Lee, W.: Lares: An Architecture for Secure Active Monitoring Using Virtualization. In: Proceedings of the IEEE Symposium on Security and Privacy 2008, pp. 233–247 (2008)

    Google Scholar 

  7. Berger, S., et al.: TVDc: managing security in the trusted virtual datacenter. ACM SIGOPS Operating Systems Review 42(1), 40–47 (2008)

    Article  Google Scholar 

  8. Berger, S., Cceres, R., et al.: vTPM: Virtualizing the Trusted Platform Module. In: Proc. of the 15th Conference on USENIX Security Symposium (2006)

    Google Scholar 

  9. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium (2004)

    Google Scholar 

  10. Tan, T., Simmonds, R., et al.: Image Management in a Virtualized Data Center. ACM SIGMETRICS Performance Evaluation Review 36(2), 4–9 (2008)

    Article  Google Scholar 

  11. Warfield, A., Hand, S., Fraser, K., Deegan, T.: Facilitating the development of soft devices. In: USENIX Annual Technical Conference 2005 (2005)

    Google Scholar 

  12. Sun, Y., Fang, H., Song, Y., et al.: TRainbow: a new trusted virtual machine based platform. International Journal Frontiers of Computer Science in China 4(1), 47–64 (2010)

    Article  Google Scholar 

  13. Murray, D.G., Milos, G., Hand, S.: Improving Xen Security through Disaggregation. In: Proc. Of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments 2008, pp. 151–160 (2008)

    Google Scholar 

  14. Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proc. of the Network and Distributed Systems Security Symposium 2003, pp. 191–206 (2003)

    Google Scholar 

  15. Amazon Elastic Compute Cloud (Amazon EC2), http://aws.amazon.com/ec2/

  16. Payne, B., Carbone, M., Lee, W.: Secure and Flexible Monitoring of Virtual Machines. In: Computer Security Applications Conference 2007, pp. 385–397 (2007)

    Google Scholar 

  17. Jones, S.T., Arpaci-Dusseau, A.C., et al.: Antfarm: Tracking Processes in a Virtual Machine Environment. In: Proc. of USENIX Annual Technical Conference 2006 (2006)

    Google Scholar 

  18. Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction. In: Proc. of the 14th ACM Conference on Computer and Communications Security 2007, pp. 128–138 (2007)

    Google Scholar 

  19. Linux kernel rootkits - protecting the system’s Ring-Zero, http://www.sans.org/reading_room/whitepapers/honors/linux-kernel-rootkits-protecting-systems_1500

  20. Weinhold, C., Hartig, H.: VPFS: building a virtual private file system with a small trusted computing base. In: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pp. 81–93 (2008)

    Google Scholar 

  21. Weele, E.V., Lau, B., et al.: Protecting Confidential Data on Personal Computers with Storage Capsules. In: Proceedings of the 18th USENIX Security Symposium 2009 (2009)

    Google Scholar 

  22. Yang, J., Shin, K.G.: Using Hypervisor to Provide Application Data Secrecy on a Per-Page Basis. In: Pro. of the Fourth International Conference on Virtual Execution Environments 2008, pp. 71–80 (2008)

    Google Scholar 

  23. Chen, X., Garfinkel, T., et al.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In: Proc. of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems 2008, pp. 2–13 (2008)

    Google Scholar 

  24. Chandra, R., Zeldovich, N., Sapuntzakis, C., Lam, M.S.: The collective: a cache-based system management architecture. In: Proc. of the 2nd Conference on Symposium on Networked Systems Design and Implementation 2005, vol. 2, pp. 259–272 (2005)

    Google Scholar 

  25. Kumar, S., Schwan, K.: Netchannel: a VMM-level mechanism for continuous, transparent device access during VM migration. In: Pro. of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments 2008 (2008)

    Google Scholar 

  26. Aiken, S., Grunwald, D., Pleszkun, A.R., Willeke, J.: A performance analysis of the iSCSI protocol. IEEE MSST (2003)

    Google Scholar 

  27. Petroni, N.L., et al.: Copilot: a Coprocessor-based Kernel Runtime Integrity Monitor. In: Proc. of the 13th Conference on USENIX Security Symposium (2004)

    Google Scholar 

  28. Seshadri, A., Luk, M., Shi, E., et al.: Pioneer: Verifying Code Integrity and Enforcing Unhampered Code Execution on Legacy Systems. In: The 20th ACM Symposium on Operating Systems Principles (2005)

    Google Scholar 

  29. Fraser, K., et al.: Safe Hardware Access with the Xen Virtual Machine Monitor. In: Proceedings of the 1st Workshop on Operating System and Architectural Support for the on Demand IT InfraStructure, Boston, MA (2004)

    Google Scholar 

  30. Wojtczuk, R.: Subverting the Xen Hypervisor. Black Hat USA (2008)

    Google Scholar 

  31. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3253l

  32. Goodin, D.: Webhost hack wipes out data for 100,000 sites, http://www.theregister.co.uk/2009/06/08/webhost_attack

  33. Lineberry, A.: Malicious Code Injection via /dev/mem. Black Hat 2009 (2009)

    Google Scholar 

  34. Milos, G., Murray, D.G.: Boxing clever with IOMMUs. In: Proceedings of the 1st ACM Workshop on Virtual Machine Security 2008, pp. 39–44 (2008)

    Google Scholar 

  35. Murray, D.G., Hand, S.: Privilege separation made easy: trusting small libraries not big processes. In: Proceedings of the 1st European Workshop on System Security 2008, pp. 40–46 (2008)

    Google Scholar 

  36. Dalton, C.I., Plaquin, D., et al.: Trusted virtual platforms: a key enabler for converged client devices. SIGOPS Oper. Syst. Rev. 43(1), 36–43 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of Computer System and Architecture, Institute of Computing Technology, Chinese Academy of Sciences, China

    Haifeng Fang, Yiqiang Zhao, Yuzhong Sun & Zhiyong Liu

  2. Graduate University of Chinese Academy of Sciences, China

    Haifeng Fang

  3. High Performance Computer Research Center, Institute of Computing Technology, Chinese Academy of Sciences, China

    Hui Wang

Authors
  1. Haifeng Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hui Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yiqiang Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuzhong Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhiyong Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Information Science and Technology, Multimedia University, Jalan Ayer Keroh Lama, 75450, Melaka, Malaysia

    Swee-Huay Heng

  2. Department of Computer Science, Rutgers University, 96 Frelinghuysen Road, 08854, Piscataway, NJ, USA

    Rebecca N. Wright

  3. Faculty of Engineering and Science, Universiti Tunku Abdul Rahman, Kuala Lumpur Campus, Jalan Genting Klang, 53300, Kuala Lumpur, Malaysia

    Bok-Min Goi

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fang, H., Wang, H., Zhao, Y., Sun, Y., Liu, Z. (2010). TRIOB: A Trusted Virtual Computing Environment Based on Remote I/O Binding Mechanism. In: Heng, SH., Wright, R.N., Goi, BM. (eds) Cryptology and Network Security. CANS 2010. Lecture Notes in Computer Science, vol 6467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17619-7_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17619-7_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17618-0

  • Online ISBN: 978-3-642-17619-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation