Publicação
Ontology-driven metamodeling towards hypervisor design automation: runtime security and data integrity
| Resumo: | One of the most popular cyber-attack vectors to compromise computer systems is related to memory corruption. Memory corruption is one of the most prevalent and devastating vulnerabilities. The widespread adoption of virtualization technology in embedded systems generally and naively accepts Virtual Machine Manager (VMM) or hypervisor software as the Trusted Computing Base (TCB). As a software component, vulnerabilities can still be present, allowing attackers to subvert it alike Operating Systems (OSs). Virtualization empowers mixed-criticality embedded systems by executing critical and non-critical tasks under the same hardware. Therefore, security and safety are critical in their design as attacks on real-time embedded systems software can put lives in danger and/or cause enormous financial losses. Disregarding code-injection attacks, memory corruption exploits consist of: control- and noncontrol- data attacks. In practice, code-injection attacks are prevented with a W E policy which defines memory regions either as writable or executable, as Memory Protection Unit (MMU) hardware is now commonly available. Throughout this work, the focus is mainly on non-controldata attacks. Nevertheless, control-data attacks are also tackled with Control-Flow Integrity (CFI) enforcement. This thesis uncovers a tailor-made security solution enforcing data integrity in the μRTZVisor VMM, according to a specification devised by the developer. The Zynq-7000 System on Chip (SoC) was leveraged to isolate a remote integrity monitor from the hypervisor, in a separate core. Through compile-time instrumentation, execution traces are collected, recording updates to critical static variables on μRTZVisor. The monitor audits these traces by searching for violations of data integrity rules, concurrently to hypervisor’s execution. Automating the deployment of the devised security mechanism is required to facilitate its adoption. Using ontologies for knowledge representation, information related to the security mechanism and the data aspect of the μRTZVisor software is modeled into a specifically designed meta-model. Ontologies uniformize knowledge representation and aid maintainability. By inserting the modeling efforts into the SeML modeling infrastructure, code generation capabilities are leveraged to generate implementation-specific files. |
|---|---|
| Autores principais: | Lopes, José Pedro Silva |
| Assunto: | Security Data integrity Ontologies Remote monitor Embedded Memory vulnerabilities ARM Meta-model Hypervisor SeML μRTZVisor CFI Segurança Integridade de dados Ontologias Monitor Sistemas embebidos Vulnerabilidades de memória Meta-modelo Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
| Ano: | 2017 |
| País: | Portugal |
| Tipo de documento: | dissertação de mestrado |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Universidade do Minho |
| Idioma: | inglês |
| Origem: | RepositóriUM - Universidade do Minho |
| Resumo: | One of the most popular cyber-attack vectors to compromise computer systems is related to memory corruption. Memory corruption is one of the most prevalent and devastating vulnerabilities. The widespread adoption of virtualization technology in embedded systems generally and naively accepts Virtual Machine Manager (VMM) or hypervisor software as the Trusted Computing Base (TCB). As a software component, vulnerabilities can still be present, allowing attackers to subvert it alike Operating Systems (OSs). Virtualization empowers mixed-criticality embedded systems by executing critical and non-critical tasks under the same hardware. Therefore, security and safety are critical in their design as attacks on real-time embedded systems software can put lives in danger and/or cause enormous financial losses. Disregarding code-injection attacks, memory corruption exploits consist of: control- and noncontrol- data attacks. In practice, code-injection attacks are prevented with a W E policy which defines memory regions either as writable or executable, as Memory Protection Unit (MMU) hardware is now commonly available. Throughout this work, the focus is mainly on non-controldata attacks. Nevertheless, control-data attacks are also tackled with Control-Flow Integrity (CFI) enforcement. This thesis uncovers a tailor-made security solution enforcing data integrity in the μRTZVisor VMM, according to a specification devised by the developer. The Zynq-7000 System on Chip (SoC) was leveraged to isolate a remote integrity monitor from the hypervisor, in a separate core. Through compile-time instrumentation, execution traces are collected, recording updates to critical static variables on μRTZVisor. The monitor audits these traces by searching for violations of data integrity rules, concurrently to hypervisor’s execution. Automating the deployment of the devised security mechanism is required to facilitate its adoption. Using ontologies for knowledge representation, information related to the security mechanism and the data aspect of the μRTZVisor software is modeled into a specifically designed meta-model. Ontologies uniformize knowledge representation and aid maintainability. By inserting the modeling efforts into the SeML modeling infrastructure, code generation capabilities are leveraged to generate implementation-specific files. |
|---|