TY - GEN
T1 - Nioh
T2 - 33rd Annual Computer Security Applications Conference, ACSAC 2017
AU - Ogasawara, Junya
AU - Kono, Kenji
N1 - Funding Information:
Japan Science and Technology Agency (JST CREST JPMJCR1683).
Publisher Copyright:
© 2017 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2017/12/4
Y1 - 2017/12/4
N2 - Vulnerabilities in hypervisors are crucial in multi-Tenant clouds since they can undermine the security of all virtual machines (VMs) consolidated on a vulnerable hypervisor. Unfortunately, 107 vulnerabilities in KVM+QEMUand 38 vulnerabilities in Xen have been reported in 2016. The device-emulation layer in hypervisors is a hotbed of vulnerabilities because the code for virtualizing devices is complicated and requires knowledge on the device internals.We propose a "device request filter", called Nioh, that raises the bar for attackers to exploit the vulnerabilities in hypervisors. The key insight behind Nioh is that malicious I/O requests attempt to exploit vulnerabilities and violate device specifications in many cases. Nioh inspects I/O requests from VMs and rejects those that do not conform to a device specification.Adevice specification is modeled as a device automaton in Nioh, an extended automaton to facilitate the description of device specifications. The software framework is also provided to encapsulate the interactions between the device request filter and the underlying hypervisors. The results of our attack evaluation suggests that Nioh can defend against attacks that exploit vulnerabilities in device emulation, i.e., CVE-2015-5158, CVE-2016-1568, CVE-2016-4439, and CVE-2016-7909. This paper shows that the notorious VENOM attack can be detected and rejected by using Nioh.
AB - Vulnerabilities in hypervisors are crucial in multi-Tenant clouds since they can undermine the security of all virtual machines (VMs) consolidated on a vulnerable hypervisor. Unfortunately, 107 vulnerabilities in KVM+QEMUand 38 vulnerabilities in Xen have been reported in 2016. The device-emulation layer in hypervisors is a hotbed of vulnerabilities because the code for virtualizing devices is complicated and requires knowledge on the device internals.We propose a "device request filter", called Nioh, that raises the bar for attackers to exploit the vulnerabilities in hypervisors. The key insight behind Nioh is that malicious I/O requests attempt to exploit vulnerabilities and violate device specifications in many cases. Nioh inspects I/O requests from VMs and rejects those that do not conform to a device specification.Adevice specification is modeled as a device automaton in Nioh, an extended automaton to facilitate the description of device specifications. The software framework is also provided to encapsulate the interactions between the device request filter and the underlying hypervisors. The results of our attack evaluation suggests that Nioh can defend against attacks that exploit vulnerabilities in device emulation, i.e., CVE-2015-5158, CVE-2016-1568, CVE-2016-4439, and CVE-2016-7909. This paper shows that the notorious VENOM attack can be detected and rejected by using Nioh.
KW - VENOM
KW - Virtual Device
KW - Virtualization
UR - http://www.scopus.com/inward/record.url?scp=85038936091&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85038936091&partnerID=8YFLogxK
U2 - 10.1145/3134600.3134648
DO - 10.1145/3134600.3134648
M3 - Conference contribution
AN - SCOPUS:85038936091
T3 - ACM International Conference Proceeding Series
SP - 542
EP - 552
BT - Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017
PB - Association for Computing Machinery
Y2 - 4 December 2017 through 8 December 2017
ER -