CAREER: Bridging the Semantic Gap in Virtualization-based Security Solutions via Collaboration between Guest OS and Virtual Machine

职业:通过来宾操作系统和虚拟机之间的协作弥合基于虚拟化的安全解决方案中的语义差距

基本信息

  • 批准号:
    1464801
  • 负责人:
  • 金额:
    $ 22.68万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
    Continuing Grant
  • 财政年份:
    2014
  • 资助国家:
    美国
  • 起止时间:
    2014-07-01 至 2019-02-28
  • 项目状态:
    已结题

项目摘要

In the last ten years virtual machines (VMs) have been extensively used for security-related applications, such as intrusion detection systems, malicious software (malware) analyzers and secure logging and replay of system execution. A VM is high-level software designed to emulate a computer's hardware. In the traditional usage model, security solutions are placed in a VM layer, which has complete control of the system resources. The guest operating system (OS) is considered to be easily compromised by malware and runs unaware of virtualization. The cost of this approach is the semantic gap problem, which hinders the development and widespread deployment of virtualization-based security solutions: there is significant difference between the state observed by the guest OS (high level semantic information) and by the VM (low level semantic information). The guest OS works on abstractions such as processes and files, while the VM can only see lower-level abstractions, such as CPU and main memory. To obtain information about the guest OS state these virtualization solutions use a technique called introspection, by which the guest OS state is inspected from the outside (VM layer), usually by trying build a map of the OS layout to an area of memory where these solutions can analyze it. We propose a new way to perform introspection, by having the guest OS, traditionally unaware of virtualization, actively collaborate with a VM layer underneath it by requesting services and communicating data and information as equal peers in different levels of abstraction. Our approach allows for stronger and more fine-grained and flexible security approaches to be developed and it is no less secure than the traditional model, as introspection tools also depend on the OS data and code to be untampered to report correct results.We will design, implement and make available to the research community this collaborative architecture between a guest OS and a VM layer and employ such architecture to counter various types of kernel-level malware. The goal is to increase the cost for attackers by refining trust/integrity values for subjects and objects at OS/VM layers by leveraging social trust. In this architecture guest OS and a VM actively collaborate requesting services and exchanging data and information through special instructions protected from tampering. This will open up possibilities for malware analysis and defense that are not currently possible (due to the semantic gap problem) including, preventing the actions from privacy-invasion malware like keyloggers, mitigating certain types of DoS attacks in the kernel and return-oriented rootkits, increasing the costs for attackers by leveraging social trust to refine integrity levels and restrict systems resources based on them, just to name a few. This research will also lead to the creation of a cyber security laboratory at Bowdoin, a liberal arts college located in Maine.
在过去的十年中,虚拟机被广泛用于与安全相关的应用,如入侵检测系统、恶意软件(恶意软件)分析器以及系统执行的安全记录和重放。VM是为模拟计算机硬件而设计的高级软件。在传统的使用模式中,安全解决方案被放置在虚拟机层中,该层拥有对系统资源的完全控制。来宾操作系统(OS)被认为很容易受到恶意软件的危害,并且在不知道虚拟化的情况下运行。这种方法的代价是语义鸿沟问题,这阻碍了基于虚拟化的安全解决方案的开发和广泛部署:来宾操作系统(高级语义信息)和VM(低级语义信息)观察到的状态存在显著差异。来宾操作系统处理进程和文件等抽象概念,而VM只能看到较低级别的抽象概念,如CPU和主存。为了获取有关来宾操作系统状态的信息,这些虚拟化解决方案使用一种称为自省的技术,通过该技术从外部(虚拟机层)检查来宾操作系统状态,通常是通过尝试将操作系统布局映射到这些解决方案可以分析它的内存区域。我们提出了一种执行自省的新方法,通过让传统上不知道虚拟化的来宾操作系统通过请求服务并在不同抽象级别中作为平等对等方通信数据和信息,主动与其下面的VM层协作。我们的方法允许开发更强大、更细粒度和更灵活的安全方法,它的安全性不亚于传统模型,因为自检工具还依赖于未被篡改的操作系统数据和代码来报告正确的结果。我们将设计、实现并向研究社区提供这种来宾操作系统和虚拟机层之间的协作架构,并使用这种架构来对抗各种类型的内核级恶意软件。其目标是通过利用社会信任在OS/VM层提炼主体和对象的信任/完整性值,从而增加攻击者的成本。在该体系结构中,客户操作系统和虚拟机通过防止篡改的特殊指令主动协作,请求服务并交换数据和信息。这将为恶意软件分析和防御打开可能性,这是目前不可能的(由于语义差距问题),包括防止来自键盘记录器等侵犯隐私的恶意软件的操作,减轻内核中某些类型的DoS攻击和面向返回的rootkit,通过利用社会信任来优化完整性级别并限制基于这些级别的系统资源,从而增加攻击者的成本,仅举几例。这项研究还将导致在位于缅因州的文理学院鲍登创建一个网络安全实验室。

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Daniela Oliveira其他文献

PROGRAMA DE PÓS-GRADUAÇÃO EM LETRAS
研究生课程
  • DOI:
  • 发表时间:
    2008
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Daniela Oliveira;Rosa
  • 通讯作者:
    Rosa
The number of rational points of a class of superelliptic curves
一类超椭圆曲线有理点的个数
  • DOI:
    10.1016/j.ffa.2023.102266
  • 发表时间:
    2022
  • 期刊:
  • 影响因子:
    0
  • 作者:
    José Alves Oliveira;Daniela Oliveira;F. E. B. Martínez
  • 通讯作者:
    F. E. B. Martínez
Avaliação ultraestrutural do colágeno do ligamento colateral medial associado ao ligamento oblíquo da articulação do cotovelo de cão SRD após ensaio de tração - DOI: 10.4025/actascibiolsci.v27i2.1324
Avaliação ultraestrutural do colágeno do ligamento colágeno do ligamento colágeno do ligamento colágeno do ligamento de ligamento da articulação do cotovelo de cão SRD após ensaio de tração - DOI: 10.4025/actascibiolsci.v27i2.1324
  • DOI:
  • 发表时间:
    2005
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Daniela Oliveira;S. M. B. Artoni;A. Shimano;M. R. Pacheco;J. R. Rossi;M. L. Araújo
  • 通讯作者:
    M. L. Araújo
Ostéomalacie hypophosphatémique induite par l’administration de fer injectable
  • DOI:
    10.1016/j.rhum.2023.06.006
  • 发表时间:
    2023-10-01
  • 期刊:
  • 影响因子:
  • 作者:
    Beatriz Samões;Bruna Silva;Ana Martins;Daniela Oliveira;Frederico Rajão Martins;Diogo Fonseca;Lúcia Costa;Miguel Bernardes
  • 通讯作者:
    Miguel Bernardes
Historical diagnosis about neonatal screening for sickle cell disease
新生儿镰状细胞病筛查的历史诊断
  • DOI:
  • 发表时间:
    2010
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Daniela Oliveira;W. Rodrigues;M. Ferreira;P. Pereira;Mariona Bustamante;E. Márcia;Saraiva Campos;Carlos Marcelino de Oliveira
  • 通讯作者:
    Carlos Marcelino de Oliveira

Daniela Oliveira的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Daniela Oliveira', 18)}}的其他基金

Intergovernmental Personnel Award: Daniela Oliveira
政府间人才奖:丹妮拉·奥利维拉
  • 批准号:
    2128814
  • 财政年份:
    2021
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Intergovernmental Personnel Award
A Workshop US-Brazil on Cyber Security and Privacy
美国-巴西网络安全和隐私研讨会
  • 批准号:
    1552059
  • 财政年份:
    2015
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Standard Grant
TWC: Medium: Collaborative: Developer Crowdsourcing: Capturing, Understanding, and Addressing Security-related Blind Spots in APIs
TWC:媒介:协作:开发者众包:捕获、理解和解决 API 中与安全相关的盲点
  • 批准号:
    1513572
  • 财政年份:
    2015
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Standard Grant
EAGER: Age-Targeted Automated Cueing Against Cyber Social Engineering Attacks
EAGER:针对网络社会工程攻击的针对年龄的自动提示
  • 批准号:
    1450624
  • 财政年份:
    2014
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Standard Grant
CAREER: Bridging the Semantic Gap in Virtualization-based Security Solutions via Collaboration between Guest OS and Virtual Machine
职业:通过来宾操作系统和虚拟机之间的协作弥合基于虚拟化的安全解决方案中的语义差距
  • 批准号:
    1149730
  • 财政年份:
    2012
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Continuing Grant

相似海外基金

Bridging the meaning gap: A computational approach to semantic variation
弥合意义差距:语义变异的计算方法
  • 批准号:
    DP240101873
  • 财政年份:
    2024
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Discovery Projects
Collaborative Research: RI: Medium: Bridging the Semantic-Metric Gap via Multinocular Image Integration
合作研究:RI:Medium:通过多目图像集成弥合语义度量差距
  • 批准号:
    2312746
  • 财政年份:
    2023
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Standard Grant
Collaborative Research: RI: Medium: Bridging the Semantic-Metric Gap via Multinocular Image Integration
合作研究:RI:Medium:通过多目图像集成弥合语义度量差距
  • 批准号:
    2312747
  • 财政年份:
    2023
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Standard Grant
Collaborative Research: RI: Medium: Bridging the Semantic-Metric Gap via Multinocular Image Integration
合作研究:RI:Medium:通过多目图像集成弥合语义度量差距
  • 批准号:
    2312745
  • 财政年份:
    2023
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Standard Grant
Bridging the Semantic Gap Between Research Eligibility Criteria and Clinical Data
弥合研究资格标准和临床数据之间的语义差距
  • 批准号:
    9983140
  • 财政年份:
    2017
  • 资助金额:
    $ 22.68万
  • 项目类别:
Bridging the Semantic Gap Between Research Eligibility Criteria and Clinical Data
弥合研究资格标准和临床数据之间的语义差距
  • 批准号:
    9755488
  • 财政年份:
    2017
  • 资助金额:
    $ 22.68万
  • 项目类别:
Bridging the Semantic Gap Between Research Eligibility Criteria and Clinical Data
弥合研究资格标准和临床数据之间的语义差距
  • 批准号:
    9332989
  • 财政年份:
    2017
  • 资助金额:
    $ 22.68万
  • 项目类别:
CAREER: Bridging the Semantic Gap in Virtualization-based Security Solutions via Collaboration between Guest OS and Virtual Machine
职业:通过来宾操作系统和虚拟机之间的协作弥合基于虚拟化的安全解决方案中的语义差距
  • 批准号:
    1149730
  • 财政年份:
    2012
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Continuing Grant
Bridging semantic gap for multi-cultural collaboration
弥合多文化协作的语义差距
  • 批准号:
    23500193
  • 财政年份:
    2011
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Grant-in-Aid for Scientific Research (C)
CDI Type II: Bridging the Computational Semantic Gap: A Demand-Driven Framework for Portal-Based Chemistry, Astronomy and Neurobiology
CDI II 型:弥合计算语义差距:基于门户的化学、天文学和神经生物学的需求驱动框架
  • 批准号:
    1125087
  • 财政年份:
    2011
  • 资助金额:
    $ 22.68万
  • 项目类别:
    Standard Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了