Barrier

A lightweight hypervisor for protecting kernel integrity via memory isolation

Jingyu Hua, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

In the present operating systems such as Linux, all the kernel modules, including unknown extensions, run in the same address space. They are granted the highest privilege and can access arbitrary memory without any limitation. This is at the root of kernel rootkits, which are malware seriously threatening the kernel integrity. In this paper, we present Barrier, a lightweight hypervisor designed for enhancing the kernel integrity of personal computers by isolating the kernel modules. Since this hypervisor is designed for the OS protection on PCs, it does not implement unnecessary virtualization features that are commonly found on the general-purpose hypervisors to support running multiple OS instances concurrently on the same server. As a result, it is much smaller and also much easier to use, especially for unprofessional users. Barrier leverages the hardware-supported memory virtualization to isolate the kernel modules into different address spaces. All the interactions across address spaces have to go through a strict mediation based on some predefined MAC rules. This greatly increases the attacker's hardness to compromise the kernel integrity. We have implemented a prototype of Barrier. The evaluation results show that Barrier can well protect the kernel integrity without bringing unaffordable performance overheads.

Original languageEnglish
Title of host publication27th Annual ACM Symposium on Applied Computing, SAC 2012
Pages1470-1477
Number of pages8
DOIs
Publication statusPublished - Jul 12 2012
Event27th Annual ACM Symposium on Applied Computing, SAC 2012 - Trento, Italy
Duration: Mar 26 2012Mar 30 2012

Publication series

NameProceedings of the ACM Symposium on Applied Computing

Other

Other27th Annual ACM Symposium on Applied Computing, SAC 2012
CountryItaly
CityTrento
Period3/26/123/30/12

Fingerprint

Data storage equipment
Computer operating systems
Personal computers
Computer hardware
Servers
Hardness
Malware
Virtualization
Linux

All Science Journal Classification (ASJC) codes

  • Software

Cite this

Hua, J., & Sakurai, K. (2012). Barrier: A lightweight hypervisor for protecting kernel integrity via memory isolation. In 27th Annual ACM Symposium on Applied Computing, SAC 2012 (pp. 1470-1477). (Proceedings of the ACM Symposium on Applied Computing). https://doi.org/10.1145/2245276.2232011

Barrier : A lightweight hypervisor for protecting kernel integrity via memory isolation. / Hua, Jingyu; Sakurai, Kouichi.

27th Annual ACM Symposium on Applied Computing, SAC 2012. 2012. p. 1470-1477 (Proceedings of the ACM Symposium on Applied Computing).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hua, J & Sakurai, K 2012, Barrier: A lightweight hypervisor for protecting kernel integrity via memory isolation. in 27th Annual ACM Symposium on Applied Computing, SAC 2012. Proceedings of the ACM Symposium on Applied Computing, pp. 1470-1477, 27th Annual ACM Symposium on Applied Computing, SAC 2012, Trento, Italy, 3/26/12. https://doi.org/10.1145/2245276.2232011
Hua J, Sakurai K. Barrier: A lightweight hypervisor for protecting kernel integrity via memory isolation. In 27th Annual ACM Symposium on Applied Computing, SAC 2012. 2012. p. 1470-1477. (Proceedings of the ACM Symposium on Applied Computing). https://doi.org/10.1145/2245276.2232011
Hua, Jingyu ; Sakurai, Kouichi. / Barrier : A lightweight hypervisor for protecting kernel integrity via memory isolation. 27th Annual ACM Symposium on Applied Computing, SAC 2012. 2012. pp. 1470-1477 (Proceedings of the ACM Symposium on Applied Computing).
@inproceedings{515bcfd31ac24f359e382f768c3e7ffb,
title = "Barrier: A lightweight hypervisor for protecting kernel integrity via memory isolation",
abstract = "In the present operating systems such as Linux, all the kernel modules, including unknown extensions, run in the same address space. They are granted the highest privilege and can access arbitrary memory without any limitation. This is at the root of kernel rootkits, which are malware seriously threatening the kernel integrity. In this paper, we present Barrier, a lightweight hypervisor designed for enhancing the kernel integrity of personal computers by isolating the kernel modules. Since this hypervisor is designed for the OS protection on PCs, it does not implement unnecessary virtualization features that are commonly found on the general-purpose hypervisors to support running multiple OS instances concurrently on the same server. As a result, it is much smaller and also much easier to use, especially for unprofessional users. Barrier leverages the hardware-supported memory virtualization to isolate the kernel modules into different address spaces. All the interactions across address spaces have to go through a strict mediation based on some predefined MAC rules. This greatly increases the attacker's hardness to compromise the kernel integrity. We have implemented a prototype of Barrier. The evaluation results show that Barrier can well protect the kernel integrity without bringing unaffordable performance overheads.",
author = "Jingyu Hua and Kouichi Sakurai",
year = "2012",
month = "7",
day = "12",
doi = "10.1145/2245276.2232011",
language = "English",
isbn = "9781450308571",
series = "Proceedings of the ACM Symposium on Applied Computing",
pages = "1470--1477",
booktitle = "27th Annual ACM Symposium on Applied Computing, SAC 2012",

}

TY - GEN

T1 - Barrier

T2 - A lightweight hypervisor for protecting kernel integrity via memory isolation

AU - Hua, Jingyu

AU - Sakurai, Kouichi

PY - 2012/7/12

Y1 - 2012/7/12

N2 - In the present operating systems such as Linux, all the kernel modules, including unknown extensions, run in the same address space. They are granted the highest privilege and can access arbitrary memory without any limitation. This is at the root of kernel rootkits, which are malware seriously threatening the kernel integrity. In this paper, we present Barrier, a lightweight hypervisor designed for enhancing the kernel integrity of personal computers by isolating the kernel modules. Since this hypervisor is designed for the OS protection on PCs, it does not implement unnecessary virtualization features that are commonly found on the general-purpose hypervisors to support running multiple OS instances concurrently on the same server. As a result, it is much smaller and also much easier to use, especially for unprofessional users. Barrier leverages the hardware-supported memory virtualization to isolate the kernel modules into different address spaces. All the interactions across address spaces have to go through a strict mediation based on some predefined MAC rules. This greatly increases the attacker's hardness to compromise the kernel integrity. We have implemented a prototype of Barrier. The evaluation results show that Barrier can well protect the kernel integrity without bringing unaffordable performance overheads.

AB - In the present operating systems such as Linux, all the kernel modules, including unknown extensions, run in the same address space. They are granted the highest privilege and can access arbitrary memory without any limitation. This is at the root of kernel rootkits, which are malware seriously threatening the kernel integrity. In this paper, we present Barrier, a lightweight hypervisor designed for enhancing the kernel integrity of personal computers by isolating the kernel modules. Since this hypervisor is designed for the OS protection on PCs, it does not implement unnecessary virtualization features that are commonly found on the general-purpose hypervisors to support running multiple OS instances concurrently on the same server. As a result, it is much smaller and also much easier to use, especially for unprofessional users. Barrier leverages the hardware-supported memory virtualization to isolate the kernel modules into different address spaces. All the interactions across address spaces have to go through a strict mediation based on some predefined MAC rules. This greatly increases the attacker's hardness to compromise the kernel integrity. We have implemented a prototype of Barrier. The evaluation results show that Barrier can well protect the kernel integrity without bringing unaffordable performance overheads.

UR - http://www.scopus.com/inward/record.url?scp=84863588835&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84863588835&partnerID=8YFLogxK

U2 - 10.1145/2245276.2232011

DO - 10.1145/2245276.2232011

M3 - Conference contribution

SN - 9781450308571

T3 - Proceedings of the ACM Symposium on Applied Computing

SP - 1470

EP - 1477

BT - 27th Annual ACM Symposium on Applied Computing, SAC 2012

ER -