Title :
LWRM: A lightweight response mechanism for TCG TOCTOU attack
Author :
Xiaolin Chang ; Bin Xing ; Jiqiang Liu ; Muppala, J.K.
Author_Institution :
Dept. of Comput. Eng., Beijing JiaoTong Univ., Beijing, China
Abstract :
The current TCG architecture suffers from the time-of-check-to-time-of-use (TOCTOU) attacks in commodity PC operating systems (OS), in which kernel rootkits can get unrestricted access to OS resources. VMM-based approaches running at a privilege level higher than that of virtual machine (VM) kernel can effectively detect dynamic or static data attacks occurring in VMs. This paper proposes a lightweight response mechanism (LWRM) for TCG TOCTOU attacks occurring in VMs. LWRM has the following features: (1) compared to the existing response mechanism, LWRM is more effective in defeating the TCG TOCTOU attacks; (2) LWRM imposes less overhead on the system during normal execution; (3) LWRM is transparent to the kernel rootkits; and (4) LWRM can work in the scenarios with more than one run-time trusted virtual machine. We describe the design idea and the implementation by using the Xen virtual machine monitor (VMM) and the virtual TPM facility shipped with the Xen.
Keywords :
operating system kernels; security of data; virtual machines; PC operating systems; TCG TOCTOU attack; VMM-based approach; Xen virtual machine monitor; dynamic data attack detection; kernel rootkits; lightweight response mechanism; run-time trusted virtual machine kernel; static data attack detection; time-of-check-to-time-of-use attacks; virtual TPM facility; Computer science; Hardware; Kernel; Operating systems; Protection; Runtime; Virtual machine monitors; Virtual machining; Virtual manufacturing; Voice mail; TOCTOU attacks; kernel rootkit; trusted computing; virtual machines;
Conference_Titel :
Performance Computing and Communications Conference (IPCCC), 2009 IEEE 28th International
Conference_Location :
Scottsdale, AZ
Print_ISBN :
978-1-4244-5737-3
DOI :
10.1109/PCCC.2009.5403811
