HyperWall: A Hypervisor for Detection and Prevention of Malicious Communication

Michael Kiperberg, Raz Ben Yehuda, Nezer J. Zaidenberg

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

Malicious programs vary widely in their functionality, from key-logging to disk encryption. However, most malicious programs communicate with their operators, thus revealing themselves to various security tools. The security tools incorporated within an operating system are vulnerable to attacks due to the large attack surface of the operating system kernel and modules. We present a kernel module that demonstrates how kernel-mode access can be used to bypass any security mechanism that is implemented in kernel-mode. External security tools, like firewalls, lack important information about the origin of the intercepted packets, thus their filtering policy is usually insufficient to prevent communication between the malicious program and its operator. We propose to use a thin hypervisor, which we call “HyperWall”, to prevent malicious communication. The proposed system is effective against an attacker who has gained access to kernel-mode. Our performance evaluation shows that the system incurs insignificant (≈ 1.64% on average) performance degradation in real-world applications.

Original languageEnglish
Title of host publicationNetwork and System Security - 14th International Conference, NSS 2020, Proceedings
EditorsMirosław Kutyłowski, Jun Zhang, Chao Chen
PublisherSpringer Science and Business Media Deutschland GmbH
Pages79-93
Number of pages15
ISBN (Print)9783030657444
DOIs
StatePublished - 2020
Externally publishedYes
Event14th International Conference on Network and System Security, NSS 2020 - Melbourne, Australia
Duration: 25 Nov 202027 Nov 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12570 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference14th International Conference on Network and System Security, NSS 2020
Country/TerritoryAustralia
CityMelbourne
Period25/11/2027/11/20

Keywords

  • Hypervisors
  • Network security
  • Trusted computing base
  • Virtual machine monitors

Fingerprint

Dive into the research topics of 'HyperWall: A Hypervisor for Detection and Prevention of Malicious Communication'. Together they form a unique fingerprint.

Cite this