HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data

Continuing bug reports and exploits in hyper visors indicate that hyper visors face similar integrity threats as tradition software. Previous approaches to protect a hyper visor that utilize hardware features are not easy to be extended. Besides, they mainly focus on code or control data integrity, without pay much attention to protecting non-control data. In this paper, we present Hyper Verify, a novel architecture to monitor hyper visor non-control data using a trusted VM. Since a VM cannot directly access a hyper visor´s memory, Hyper Verify programs a popular device driver to read the hyper visor´s hardware state in the trusted VM. Then a memory analysis library is used to translate the low-level hardware state into the high level hyper visor context. Several monitoring processes use such context to monitor hyper visor non-control data integrity. Each of the processes is responsible for monitoring one kind of non-control data. It is flexible for Hyper Verify to support monitoring new kinds of data structure. The experimental evaluation of our prototype shows that Hyper Verify incurs at most 4% performance overhead to end users.