• DocumentCode
    3208370
  • Title

    Croth: Effective Process Protection and Monitoring with Hardware Virtualization

  • Author

    Jiang, Menglong ; Qi, Zhengwei ; Guan, Haibing ; Karna, Anil Kumar

  • Author_Institution
    Sch. of Software & Dept. of Comput. Sci., Shanghai Jiao Tong Univ., Shanghai, China
  • fYear
    2009
  • fDate
    17-19 Dec. 2009
  • Firstpage
    633
  • Lastpage
    638
  • Abstract
    With the development of network malicious code, the existing security holes in present systems facilitate data loss. Though protection methods and software are updated day by day, some recent rootkits, that can still invisibly access kernel, make new challenges for the system security. The focal point on system security is how to protect a chosen process on the infected operating system. Process protection and monitoring are becoming more and more important for emerging networks and systems. In this paper, we present a new technique, Croth, which is based on hardware virtualization technology. It introduces a novel mechanism, Cape, that is located in virtual machine monitor (VMM). The main work of Cape is to emulate most of the operations originally done by operating system. This primitive offers an additional dimension of protection beyond the hierarchical protection domains, implemented by traditional operating systems and processor architectures. The design and implementation of hiding sensitive data is also presented in this paper. Our design has been fully implemented and used to protect a wide range of legacy process without any modification on Windows operating system. Our experimental result shows that the operating system could not get accurate data while the chosen process is controlled by Croth. It has provided a little performance overhead, however, performance is still acceptable.
  • Keywords
    data encapsulation; operating systems (computers); security of data; Cape; Croth; Windows operating system; hardware virtualization; network malicious code; process protection; protection methods; security holes; sensitive data hiding; system security; virtual machine monitor; Computer science; Control systems; Data security; Hardware; Kernel; Monitoring; Operating systems; Platform virtualization; Power system protection; Virtual machine monitors; Cape; Croth; Virtual Machine Monitor; Windows operating system; hardware virtualization;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Frontier of Computer Science and Technology, 2009. FCST '09. Fourth International Conference on
  • Conference_Location
    Shanghai
  • Print_ISBN
    978-0-7695-3932-4
  • Electronic_ISBN
    978-1-4244-5467-9
  • Type

    conf

  • DOI
    10.1109/FCST.2009.26
  • Filename
    5392850