TY - GEN
T1 - HyperWall
T2 - 14th International Conference on Network and System Security, NSS 2020
AU - Kiperberg, Michael
AU - Yehuda, Raz Ben
AU - Zaidenberg, Nezer J.
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - Malicious programs vary widely in their functionality, from key-logging to disk encryption. However, most malicious programs communicate with their operators, thus revealing themselves to various security tools. The security tools incorporated within an operating system are vulnerable to attacks due to the large attack surface of the operating system kernel and modules. We present a kernel module that demonstrates how kernel-mode access can be used to bypass any security mechanism that is implemented in kernel-mode. External security tools, like firewalls, lack important information about the origin of the intercepted packets, thus their filtering policy is usually insufficient to prevent communication between the malicious program and its operator. We propose to use a thin hypervisor, which we call “HyperWall”, to prevent malicious communication. The proposed system is effective against an attacker who has gained access to kernel-mode. Our performance evaluation shows that the system incurs insignificant (≈ 1.64% on average) performance degradation in real-world applications.
AB - Malicious programs vary widely in their functionality, from key-logging to disk encryption. However, most malicious programs communicate with their operators, thus revealing themselves to various security tools. The security tools incorporated within an operating system are vulnerable to attacks due to the large attack surface of the operating system kernel and modules. We present a kernel module that demonstrates how kernel-mode access can be used to bypass any security mechanism that is implemented in kernel-mode. External security tools, like firewalls, lack important information about the origin of the intercepted packets, thus their filtering policy is usually insufficient to prevent communication between the malicious program and its operator. We propose to use a thin hypervisor, which we call “HyperWall”, to prevent malicious communication. The proposed system is effective against an attacker who has gained access to kernel-mode. Our performance evaluation shows that the system incurs insignificant (≈ 1.64% on average) performance degradation in real-world applications.
KW - Hypervisors
KW - Network security
KW - Trusted computing base
KW - Virtual machine monitors
UR - http://www.scopus.com/inward/record.url?scp=85098249366&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-65745-1_5
DO - 10.1007/978-3-030-65745-1_5
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85098249366
SN - 9783030657444
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 79
EP - 93
BT - Network and System Security - 14th International Conference, NSS 2020, Proceedings
A2 - Kutyłowski, Mirosław
A2 - Zhang, Jun
A2 - Chen, Chao
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 25 November 2020 through 27 November 2020
ER -