学位论文详细信息
Process-level Isolation using Virtualization
Security;Rootkit;Sandbox;Virtualization
Thakwani, Ashish ; Peng Ning, Committee Member,Xuxian Jiang, Committee Member,Vincent W. Freeh, Committee Chair,Thakwani, Ashish ; Peng Ning ; Committee Member ; Xuxian Jiang ; Committee Member ; Vincent W. Freeh ; Committee Chair
University:North Carolina State University
关键词: Security;    Rootkit;    Sandbox;    Virtualization;   
Others  :  https://repository.lib.ncsu.edu/bitstream/handle/1840.16/2031/etd.pdf?sequence=1&isAllowed=y
美国|英语
来源: null
PDF
【 摘 要 】

We presents dfork, a new abstraction for performance and security isolation of processes. Whereas the normal fork system call provides a private address space for a child process, dfork leverages virtualization and other techniques to also provide a separate kernel and file system container. Further, unlike many existing virtualization-based approaches, dfork can be used recursively with no cumulative performance penalty, so an isolated process can itself spawn further isolated subprocesses. In contrast to existing software sandbox approaches, our system does not require an a priori policy in order to provide strong security guarantees. Finally, we show that the dfork approach is hypervisor agnostic--our implementation works under both the bare-metal Xen hypervisor and the OS-hosted VMware Workstation hypervisor. We have implemented the dfork model under Linux in a system we call Isolar.This implementation creates Xen or VMware domains that are NFS booted from a union file system. The end result is an environment that can isolate the effects of malicious activity up to and including a complete takeover of the guest kernel, including kernel-level rootkits. Further, the user may elect to selectively commit changes to the underlying file system, accepting some changes, keeping some isolated, and discarding others entirely. This is especially useful in understanding and reverting changes made by an isolated kernel-level rootkit. This thesis discusses the dfork architecture, provides an example implementation, presents a quantitative analysis of the security and performance isolation provided, and gauges the performance impact of the implementation as a whole.

【 预 览 】
附件列表
Files Size Format View
Process-level Isolation using Virtualization 2804KB PDF download
  文献评价指标  
  下载次数:21次 浏览次数:37次