Nioh: Hardening the hypervisor by filtering illegal I/O requests to virtual devices

Junya Ogasawara; Kenji Kono

doi:10.1145/3134600.3134648

Nioh: Hardening the hypervisor by filtering illegal I/O requests to virtual devices

Junya Ogasawara, Kenji Kono

Department of Information and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

Vulnerabilities in hypervisors are crucial in multi-Tenant clouds since they can undermine the security of all virtual machines (VMs) consolidated on a vulnerable hypervisor. Unfortunately, 107 vulnerabilities in KVM+QEMUand 38 vulnerabilities in Xen have been reported in 2016. The device-emulation layer in hypervisors is a hotbed of vulnerabilities because the code for virtualizing devices is complicated and requires knowledge on the device internals.We propose a "device request filter", called Nioh, that raises the bar for attackers to exploit the vulnerabilities in hypervisors. The key insight behind Nioh is that malicious I/O requests attempt to exploit vulnerabilities and violate device specifications in many cases. Nioh inspects I/O requests from VMs and rejects those that do not conform to a device specification.Adevice specification is modeled as a device automaton in Nioh, an extended automaton to facilitate the description of device specifications. The software framework is also provided to encapsulate the interactions between the device request filter and the underlying hypervisors. The results of our attack evaluation suggests that Nioh can defend against attacks that exploit vulnerabilities in device emulation, i.e., CVE-2015-5158, CVE-2016-1568, CVE-2016-4439, and CVE-2016-7909. This paper shows that the notorious VENOM attack can be detected and rejected by using Nioh.

Original language	English
Title of host publication	Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017
Publisher	Association for Computing Machinery
Pages	542-552
Number of pages	11
Volume	Part F132521
ISBN (Electronic)	9781450353458
DOIs	https://doi.org/10.1145/3134600.3134648
Publication status	Published - 2017 Dec 4
Event	33rd Annual Computer Security Applications Conference, ACSAC 2017 - Orlando, United States Duration: 2017 Dec 4 → 2017 Dec 8

Other

Other	33rd Annual Computer Security Applications Conference, ACSAC 2017
Country	United States
City	Orlando
Period	17/12/4 → 17/12/8

Fingerprint

Hardening

Specifications

Virtual machine

Keywords

VENOM
Virtual Device
Virtualization

ASJC Scopus subject areas

Human-Computer Interaction
Computer Networks and Communications
Computer Vision and Pattern Recognition
Software

Cite this

Ogasawara, J., & Kono, K. (2017). Nioh: Hardening the hypervisor by filtering illegal I/O requests to virtual devices. In Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017 (Vol. Part F132521, pp. 542-552). Association for Computing Machinery. https://doi.org/10.1145/3134600.3134648

Nioh : Hardening the hypervisor by filtering illegal I/O requests to virtual devices. / Ogasawara, Junya; Kono, Kenji.

Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. Vol. Part F132521 Association for Computing Machinery, 2017. p. 542-552.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ogasawara, J & Kono, K 2017, Nioh: Hardening the hypervisor by filtering illegal I/O requests to virtual devices. in Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. vol. Part F132521, Association for Computing Machinery, pp. 542-552, 33rd Annual Computer Security Applications Conference, ACSAC 2017, Orlando, United States, 17/12/4. https://doi.org/10.1145/3134600.3134648

Ogasawara J, Kono K. Nioh: Hardening the hypervisor by filtering illegal I/O requests to virtual devices. In Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. Vol. Part F132521. Association for Computing Machinery. 2017. p. 542-552 https://doi.org/10.1145/3134600.3134648

Ogasawara, Junya ; Kono, Kenji. / Nioh : Hardening the hypervisor by filtering illegal I/O requests to virtual devices. Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. Vol. Part F132521 Association for Computing Machinery, 2017. pp. 542-552

@inproceedings{a33fe8f58c7e4ab2bd686ed0511e6976,

title = "Nioh: Hardening the hypervisor by filtering illegal I/O requests to virtual devices",

abstract = "Vulnerabilities in hypervisors are crucial in multi-Tenant clouds since they can undermine the security of all virtual machines (VMs) consolidated on a vulnerable hypervisor. Unfortunately, 107 vulnerabilities in KVM+QEMUand 38 vulnerabilities in Xen have been reported in 2016. The device-emulation layer in hypervisors is a hotbed of vulnerabilities because the code for virtualizing devices is complicated and requires knowledge on the device internals.We propose a {"}device request filter{"}, called Nioh, that raises the bar for attackers to exploit the vulnerabilities in hypervisors. The key insight behind Nioh is that malicious I/O requests attempt to exploit vulnerabilities and violate device specifications in many cases. Nioh inspects I/O requests from VMs and rejects those that do not conform to a device specification.Adevice specification is modeled as a device automaton in Nioh, an extended automaton to facilitate the description of device specifications. The software framework is also provided to encapsulate the interactions between the device request filter and the underlying hypervisors. The results of our attack evaluation suggests that Nioh can defend against attacks that exploit vulnerabilities in device emulation, i.e., CVE-2015-5158, CVE-2016-1568, CVE-2016-4439, and CVE-2016-7909. This paper shows that the notorious VENOM attack can be detected and rejected by using Nioh.",

keywords = "VENOM, Virtual Device, Virtualization",

author = "Junya Ogasawara and Kenji Kono",

year = "2017",

month = "12",

day = "4",

doi = "10.1145/3134600.3134648",

language = "English",

volume = "Part F132521",

pages = "542--552",

booktitle = "Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017",

publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - Nioh

T2 - Hardening the hypervisor by filtering illegal I/O requests to virtual devices

AU - Ogasawara, Junya

AU - Kono, Kenji

PY - 2017/12/4

Y1 - 2017/12/4

N2 - Vulnerabilities in hypervisors are crucial in multi-Tenant clouds since they can undermine the security of all virtual machines (VMs) consolidated on a vulnerable hypervisor. Unfortunately, 107 vulnerabilities in KVM+QEMUand 38 vulnerabilities in Xen have been reported in 2016. The device-emulation layer in hypervisors is a hotbed of vulnerabilities because the code for virtualizing devices is complicated and requires knowledge on the device internals.We propose a "device request filter", called Nioh, that raises the bar for attackers to exploit the vulnerabilities in hypervisors. The key insight behind Nioh is that malicious I/O requests attempt to exploit vulnerabilities and violate device specifications in many cases. Nioh inspects I/O requests from VMs and rejects those that do not conform to a device specification.Adevice specification is modeled as a device automaton in Nioh, an extended automaton to facilitate the description of device specifications. The software framework is also provided to encapsulate the interactions between the device request filter and the underlying hypervisors. The results of our attack evaluation suggests that Nioh can defend against attacks that exploit vulnerabilities in device emulation, i.e., CVE-2015-5158, CVE-2016-1568, CVE-2016-4439, and CVE-2016-7909. This paper shows that the notorious VENOM attack can be detected and rejected by using Nioh.

AB - Vulnerabilities in hypervisors are crucial in multi-Tenant clouds since they can undermine the security of all virtual machines (VMs) consolidated on a vulnerable hypervisor. Unfortunately, 107 vulnerabilities in KVM+QEMUand 38 vulnerabilities in Xen have been reported in 2016. The device-emulation layer in hypervisors is a hotbed of vulnerabilities because the code for virtualizing devices is complicated and requires knowledge on the device internals.We propose a "device request filter", called Nioh, that raises the bar for attackers to exploit the vulnerabilities in hypervisors. The key insight behind Nioh is that malicious I/O requests attempt to exploit vulnerabilities and violate device specifications in many cases. Nioh inspects I/O requests from VMs and rejects those that do not conform to a device specification.Adevice specification is modeled as a device automaton in Nioh, an extended automaton to facilitate the description of device specifications. The software framework is also provided to encapsulate the interactions between the device request filter and the underlying hypervisors. The results of our attack evaluation suggests that Nioh can defend against attacks that exploit vulnerabilities in device emulation, i.e., CVE-2015-5158, CVE-2016-1568, CVE-2016-4439, and CVE-2016-7909. This paper shows that the notorious VENOM attack can be detected and rejected by using Nioh.

KW - VENOM

KW - Virtual Device

KW - Virtualization

UR - http://www.scopus.com/inward/record.url?scp=85038936091&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85038936091&partnerID=8YFLogxK

U2 - 10.1145/3134600.3134648

DO - 10.1145/3134600.3134648

M3 - Conference contribution

AN - SCOPUS:85038936091

VL - Part F132521

SP - 542

EP - 552

BT - Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017

PB - Association for Computing Machinery

ER -

Access to Document

10.1145/3134600.3134648