CAREER: Bridging the Semantic Gap in Virtualization-based Security Solutions via Collaboration between Guest OS and Virtual Machine

职业:通过来宾操作系统和虚拟机之间的协作弥合基于虚拟化的安全解决方案中的语义差距

基本信息

  • 批准号:
    1149730
  • 负责人:
  • 金额:
    $ 40.45万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
    Continuing Grant
  • 财政年份:
    2012
  • 资助国家:
    美国
  • 起止时间:
    2012-03-01 至 2014-11-30
  • 项目状态:
    已结题

项目摘要

In the last ten years virtual machines (VMs) have been extensively used for security-related applications, such as intrusion detection systems, malicious software (malware) analyzers and secure logging and replay of system execution. A VM is high-level software designed to emulate a computer's hardware. In the traditional usage model, security solutions are placed in a VM layer, which has complete control of the system resources. The guest operating system (OS) is considered to be easily compromised by malware and runs unaware of virtualization. The cost of this approach is the semantic gap problem, which hinders the development and widespread deployment of virtualization-based security solutions: there is significant difference between the state observed by the guest OS (high level semantic information) and by the VM (low level semantic information). The guest OS works on abstractions such as processes and files, while the VM can only see lower-level abstractions, such as CPU and main memory. To obtain information about the guest OS state these virtualization solutions use a technique called introspection, by which the guest OS state is inspected from the outside (VM layer), usually by trying build a map of the OS layout to an area of memory where these solutions can analyze it. We propose a new way to perform introspection, by having the guest OS, traditionally unaware of virtualization, actively collaborate with a VM layer underneath it by requesting services and communicating data and information as equal peers in different levels of abstraction. Our approach allows for stronger and more fine-grained and flexible security approaches to be developed and it is no less secure than the traditional model, as introspection tools also depend on the OS data and code to be untampered to report correct results.We will design, implement and make available to the research community this collaborative architecture between a guest OS and a VM layer and employ such architecture to counter various types of kernel-level malware. The goal is to increase the cost for attackers by refining trust/integrity values for subjects and objects at OS/VM layers by leveraging social trust. In this architecture guest OS and a VM actively collaborate requesting services and exchanging data and information through special instructions protected from tampering. This will open up possibilities for malware analysis and defense that are not currently possible (due to the semantic gap problem) including, preventing the actions from privacy-invasion malware like keyloggers, mitigating certain types of DoS attacks in the kernel and return-oriented rootkits, increasing the costs for attackers by leveraging social trust to refine integrity levels and restrict systems resources based on them, just to name a few. This research will also lead to the creation of a cyber security laboratory at Bowdoin, a liberal arts college located in Maine.
在过去的十年中,虚拟机(VM)已经被广泛用于安全相关的应用,诸如入侵检测系统、恶意软件(malware)分析器以及系统执行的安全记录和重放。虚拟机是设计用于模拟计算机硬件的高级软件。在传统的使用模型中,安全解决方案被放置在VM层中,该VM层对系统资源具有完全控制权。来宾操作系统(OS)被认为很容易受到恶意软件的危害,并且在运行时不知道虚拟化。这种方法的代价是语义差距问题,这阻碍了基于虚拟化的安全解决方案的开发和广泛部署:客户操作系统(高级语义信息)和VM(低级语义信息)观察到的状态之间存在显着差异。客户机操作系统处理进程和文件等抽象,而虚拟机只能看到较低级别的抽象,如CPU和主存。为了获得关于客户操作系统状态的信息,这些虚拟化解决方案使用称为内省的技术,通过该技术,从外部检查客户操作系统状态(虚拟机层),通常是通过尝试构建操作系统布局到这些解决方案可以分析它的内存区域的映射。我们提出了一种新的方法来执行内省,通过让客户操作系统,传统上不知道虚拟化,通过请求服务和在不同抽象级别上作为平等对等体传递数据和信息,与其下的VM层积极协作。我们的方法允许开发更强大,更细粒度和更灵活的安全方法,并且它的安全性不低于传统模型,因为内省工具也依赖于操作系统数据和代码未被篡改以报告正确的结果。实现并向研究团体提供客户OS和VM层之间的这种协作架构,并采用这种架构来对抗各种类型的内核级恶意软件其目标是通过利用社会信任来改进OS/VM层主体和对象的信任/完整性值,从而增加攻击者的成本。在这种体系结构中,客户操作系统和虚拟机通过防止篡改的特殊指令主动协作请求服务并交换数据和信息。这将为目前不可能的恶意软件分析和防御开辟可能性(由于语义差距问题),包括防止键盘记录器等隐私入侵恶意软件的行为,减轻内核中某些类型的DoS攻击和返回导向的rootkit,通过利用社会信任来提高完整性级别并限制基于它们的系统资源来增加攻击者的成本,仅举几例。这项研究还将导致在位于缅因州的文科学院鲍登建立一个网络安全实验室。

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Daniela Oliveira其他文献

PROGRAMA DE PÓS-GRADUAÇÃO EM LETRAS
研究生课程
  • DOI:
  • 发表时间:
    2008
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Daniela Oliveira;Rosa
  • 通讯作者:
    Rosa
The number of rational points of a class of superelliptic curves
一类超椭圆曲线有理点的个数
  • DOI:
    10.1016/j.ffa.2023.102266
  • 发表时间:
    2022
  • 期刊:
  • 影响因子:
    0
  • 作者:
    José Alves Oliveira;Daniela Oliveira;F. E. B. Martínez
  • 通讯作者:
    F. E. B. Martínez
Avaliação ultraestrutural do colágeno do ligamento colateral medial associado ao ligamento oblíquo da articulação do cotovelo de cão SRD após ensaio de tração - DOI: 10.4025/actascibiolsci.v27i2.1324
Avaliação ultraestrutural do colágeno do ligamento colágeno do ligamento colágeno do ligamento colágeno do ligamento de ligamento da articulação do cotovelo de cão SRD após ensaio de tração - DOI: 10.4025/actascibiolsci.v27i2.1324
  • DOI:
  • 发表时间:
    2005
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Daniela Oliveira;S. M. B. Artoni;A. Shimano;M. R. Pacheco;J. R. Rossi;M. L. Araújo
  • 通讯作者:
    M. L. Araújo
Ostéomalacie hypophosphatémique induite par l’administration de fer injectable
  • DOI:
    10.1016/j.rhum.2023.06.006
  • 发表时间:
    2023-10-01
  • 期刊:
  • 影响因子:
  • 作者:
    Beatriz Samões;Bruna Silva;Ana Martins;Daniela Oliveira;Frederico Rajão Martins;Diogo Fonseca;Lúcia Costa;Miguel Bernardes
  • 通讯作者:
    Miguel Bernardes
Historical diagnosis about neonatal screening for sickle cell disease
新生儿镰状细胞病筛查的历史诊断
  • DOI:
  • 发表时间:
    2010
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Daniela Oliveira;W. Rodrigues;M. Ferreira;P. Pereira;Mariona Bustamante;E. Márcia;Saraiva Campos;Carlos Marcelino de Oliveira
  • 通讯作者:
    Carlos Marcelino de Oliveira

Daniela Oliveira的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Daniela Oliveira', 18)}}的其他基金

Intergovernmental Personnel Award: Daniela Oliveira
政府间人才奖:丹妮拉·奥利维拉
  • 批准号:
    2128814
  • 财政年份:
    2021
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Intergovernmental Personnel Award
A Workshop US-Brazil on Cyber Security and Privacy
美国-巴西网络安全和隐私研讨会
  • 批准号:
    1552059
  • 财政年份:
    2015
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Standard Grant
TWC: Medium: Collaborative: Developer Crowdsourcing: Capturing, Understanding, and Addressing Security-related Blind Spots in APIs
TWC:媒介:协作:开发者众包:捕获、理解和解决 API 中与安全相关的盲点
  • 批准号:
    1513572
  • 财政年份:
    2015
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Standard Grant
EAGER: Age-Targeted Automated Cueing Against Cyber Social Engineering Attacks
EAGER:针对网络社会工程攻击的针对年龄的自动提示
  • 批准号:
    1450624
  • 财政年份:
    2014
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Standard Grant
CAREER: Bridging the Semantic Gap in Virtualization-based Security Solutions via Collaboration between Guest OS and Virtual Machine
职业:通过来宾操作系统和虚拟机之间的协作弥合基于虚拟化的安全解决方案中的语义差距
  • 批准号:
    1464801
  • 财政年份:
    2014
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Continuing Grant

相似海外基金

Bridging the meaning gap: A computational approach to semantic variation
弥合意义差距:语义变异的计算方法
  • 批准号:
    DP240101873
  • 财政年份:
    2024
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Discovery Projects
Collaborative Research: RI: Medium: Bridging the Semantic-Metric Gap via Multinocular Image Integration
合作研究:RI:Medium:通过多目图像集成弥合语义度量差距
  • 批准号:
    2312746
  • 财政年份:
    2023
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Standard Grant
Collaborative Research: RI: Medium: Bridging the Semantic-Metric Gap via Multinocular Image Integration
合作研究:RI:Medium:通过多目图像集成弥合语义度量差距
  • 批准号:
    2312747
  • 财政年份:
    2023
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Standard Grant
Collaborative Research: RI: Medium: Bridging the Semantic-Metric Gap via Multinocular Image Integration
合作研究:RI:Medium:通过多目图像集成弥合语义度量差距
  • 批准号:
    2312745
  • 财政年份:
    2023
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Standard Grant
Bridging the Semantic Gap Between Research Eligibility Criteria and Clinical Data
弥合研究资格标准和临床数据之间的语义差距
  • 批准号:
    9755488
  • 财政年份:
    2017
  • 资助金额:
    $ 40.45万
  • 项目类别:
Bridging the Semantic Gap Between Research Eligibility Criteria and Clinical Data
弥合研究资格标准和临床数据之间的语义差距
  • 批准号:
    9983140
  • 财政年份:
    2017
  • 资助金额:
    $ 40.45万
  • 项目类别:
Bridging the Semantic Gap Between Research Eligibility Criteria and Clinical Data
弥合研究资格标准和临床数据之间的语义差距
  • 批准号:
    9332989
  • 财政年份:
    2017
  • 资助金额:
    $ 40.45万
  • 项目类别:
CAREER: Bridging the Semantic Gap in Virtualization-based Security Solutions via Collaboration between Guest OS and Virtual Machine
职业:通过来宾操作系统和虚拟机之间的协作弥合基于虚拟化的安全解决方案中的语义差距
  • 批准号:
    1464801
  • 财政年份:
    2014
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Continuing Grant
Bridging semantic gap for multi-cultural collaboration
弥合多文化协作的语义差距
  • 批准号:
    23500193
  • 财政年份:
    2011
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Grant-in-Aid for Scientific Research (C)
CDI Type II: Bridging the Computational Semantic Gap: A Demand-Driven Framework for Portal-Based Chemistry, Astronomy and Neurobiology
CDI II 型:弥合计算语义差距:基于门户的化学、天文学和神经生物学的需求驱动框架
  • 批准号:
    1125087
  • 财政年份:
    2011
  • 资助金额:
    $ 40.45万
  • 项目类别:
    Standard Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了