Virtualization Based Security Framework (vBASE)

In general, computer security aims at providing confidentiality, integrity and availability to computing systems. Traditionally, researchers in the fields of computer security have used software and hardware mechanisms for implementing security in computing systems. Software only security approaches typically deal with application level and Operating System (OS) level security mechanisms. Though, softwareonly mechanisms are easy to implement and patch, they suffer from heavy false-positives and false-negatives, thus making them vulnerable to software attacks and untrustworthy. Hardware security solutions, such as ABYSS [10], AEGIS [9], Arc3D [5], Hide [12] and XOM [13], on the contrary, involve changes to the micro-architecture (typically adding new instruction sets, privilege levels etc.). These modified secure architectures deploy hardware mechanisms like memory encryption to provide confidentiality and memory authentication to ensure the integrity of the applications. However, adopting these secure architectures involves changes to the micro-architecture. Also, since the fabrication cycle is long (usually 5 years), testing these architectures is a time consuming process and therefore adopting these architectures as a security solution becomes infeasible. Virtualization Technology introduces a software abstraction layer or virtualization layer (virtualization software) between the hardware and the operating system. This software abstraction layer is known as a Virtual Machine Monitor (VMM) [2] or the hypervisor. Virtualization has the power to emulate any required hardware features and project it to the OS. This feature of virtualization makes it much easier to incorporate security mechanisms within the virtualization layer. Also virtualization is supported by almost all the hardware vendors. Thus the security of the system can be increased without incurring excessive costs and performance overheads. Hence with this motivation, we propose a virtualization based security framework (vBASE).