3 research outputs found
Kernel Control-Flow Integrity of Multiple Virtual Machines in Real-Time using Intel Processor Trace
No full textνμλ
Όλ¬Έ (μμ¬)-- μμΈλνκ΅ λνμ : 곡과λν μ κΈ°Β·μ 보곡νλΆ, 2019. 2. λ°±μ€ν₯.μ€λλ ν΄λΌμ°λ μ»΄ν¨ν
κΈ°μ μ μ¬λ¬Ό μΈν°λ· μλΉμ€, μΈκ³΅μ§λ₯ μλΉμ€ λ± λ€μν μλΉμ€λ₯Ό μν΄ μ¬μ©λκ³ μλ€. νμ§λ§ μ΄λ κ² ν΄λΌμ°λμ λ§μ μ 보λ€μ΄ μ²λ¦¬λκ² λλ©΄μ μ΄λ¬ν ν΄λΌμ°λ μ»΄ν¨ν
νκ²½μ λν 보μ λ¬Έμ μ λν μ°λ €λ 컀μ§κ³ μλ μν©μ΄λ€. μ΄λ₯Ό μν΄ ν΄λΌμ°λ μ»΄ν¨ν
νκ²½μμ κ°μλ¨Έμ μ 무결μ±μ 보μ₯νκΈ° μν λ€μν μ°κ΅¬κ° μ§νλμμ§λ§, μμ§ κ°μλ¨Έμ 컀λμ μ€ν νλ¦ λ¬΄κ²°μ±μ κ²½μ°μλ 컀λ μ½λλ₯Ό μμ ν΄μΌν λΏ μλλΌ ν¨μ¨μ μΌλ‘ 보νΈλ νμ§ λͺ»νμλ€. λν μ€μ ν΄λΌμ°λ νκ²½μμλ λ€μμ κ°μλ¨Έμ μ΄ λμμ μ€νλλ©° κ°κ°μ κ°μλ¨Έμ μ΄ μλ‘ λ€λ₯Έ 컀λλ‘ λμν μ μκΈ° λλ¬Έμ κ°μλ¨Έμ λ€ κ°μ ꡬλΆμ νμλ‘ νλ€. μ΄μ μ΄λ² λ
Όλ¬Έμμλ ν΄λΌμ°λ νκ²½μμ κ°μλ¨Έμ 컀λμ μμ μμ΄ μ€μκ°μΌλ‘ λ€μμ κ°μλ¨Έμ μ λν΄ ν¨μ¨μ μΌλ‘ κ°μλ¨Έμ 컀λμ μ€ν νλ¦ λ¬΄κ²°μ±μ 보νΈνλ RTC-VMμ μ μνλ€. μ΄λ₯Ό μν΄ RTC-VMμ λμμ μ€νλλ μ¬λ¬ κ°μ κ°μλ¨Έμ μ ꡬλΆνμ¬ κ°κ°μ λν΄ λ¬΄κ²°μ±μ κ²μ¦ν μ μκ² κ΅¬νλμλ€. λν, κ°μλ¨Έμ μ€ν νλ¦ μ 보μ λν μ μ€ μμ΄ μ€μκ°μΌλ‘ λͺ¨λν°λ§ν μ μλ€. κ·Έλ¦¬κ³ ν¨μ¨μ μΌλ‘ μν νλ¦ μ 보λ₯Ό μ»κΈ° μν΄ RTC-VMμ μ΅κ·Ό μΈν
μν€ν
μ²μμ μ§μνλ νλμ¨μ΄ κΈ°λ₯μΈ Processor Trace (PT)λ₯Ό νμ©νμμΌλ©°, κ°μλ¨Έμ μ μ±λ₯ μ€νμμλ 7.5%μ μ μ μ±λ₯ μ€λ²ν€λλ‘ μν νλ¦ λ¬΄κ²°μ±μ 보μ₯νμλ€.Nowadays cloud computing technology is used for a variety of services, such as the internet of things and artificial intelligence. However, as more data is being processed in the cloud, there is growing concern about security issues in the cloud computing environment. To solve this concern, many studies have been conducted to ensure the integrity of virtual machines in a cloud computing environment. However, in the case of the control flow integrity for the virtual machine, existing studies are not only necessary to modify the kernel code, but also cannot protect it efficiently. Also, since multiple VMs which can have different kernel one another run simultaneously in real-world cloud computing environment, it is required to identify VMs. In this paper, we propose RTC-VM which efficiently protects the control flow integrity of VM kernel for multiple VMs without modification of VM kernel in real-time. For this purpose, RTC-VM is implemented to enforce control flow integrity of each VM with identifying multiple VMs which run concurrently. In addition, RTC-VM can monitor in real-time without loss of execution control-flow information. For efficient monitoring, RTC-VM utilizes Processor Trace (PT), a hardware feature that is recently supported by Intel architecture. According to the experimental results, RTC-VM incurs on average 7.5% overhead.μ 1 μ₯ μκ° 1
μ 2 μ₯ λ°°κ²½ λ° κ³΅κ²© λͺ¨λΈ 3
μ 1 μ μΈν
νλ‘μΈμ νΈλ μ΄μ€ 3
μ 2 μ 곡격 λͺ¨λΈ 4
μ 3 μ₯ λμμΈ λ° κ΅¬ν 5
μ 1 μ λμμΈ κ°μ 5
μ 2 μ μ€νλΌμΈ λ°μ΄λ리 λΆμ 6
μ 3 μ κ°μλ¨Έμ λ¨μ λ²νΌ κ΄λ¦¬ 7
μ 4 μ μ€μκ°μ± 보μ₯ 8
μ 5 μ λ¬΄κ²°μ± κ²μ¦ μκ³ λ¦¬μ¦ 10
μ 4 μ₯ μ€ν κ²°κ³Ό 13
μ 1 μ μ€ν νκ²½ λ° νλ‘ν νμ
ꡬν 13
μ 2 μ μ±λ₯ μ€λ²ν€λ 13
μ 3 μ 곡격 νμ§ 14
μ 5 μ₯ κ΄λ ¨ μ°κ΅¬ 15
μ 1 μ Virtaul Machine Introspection 15
μ 2 μ Control Flow Integrity using Intel PT 15
μ 3 μ Kernel Control Flow Integrity 15
μ 6 μ₯ κ²°λ‘ 17
μ°Έκ³ λ¬Έν 18
Abstract 20Maste
