Visible to the public On the Effectiveness of Virtualization Based Memory Isolation on Multicore Platforms

TitleOn the Effectiveness of Virtualization Based Memory Isolation on Multicore Platforms
Publication TypeConference Paper
Year of Publication2017
AuthorsZhao, S., Ding, X.
Conference Name2017 IEEE European Symposium on Security and Privacy (EuroS P)
ISBN Number978-1-5090-5762-7
Keywordsaddress mapping validation, BitVisor, FIMCE, fully isolated microcomputing environment, Hardware, Instruction sets, Kernel, memory isolation security, Metrics, Multicore Computing, multicore computing security, multicore platforms, Multicore processing, multicore setting, multiprocessing systems, page table maintenance, pubcrawl, resilience, Resiliency, Scalability, security, security of data, security primitive, software maintenance, storage management, thread identification, Virtual machine monitors, virtualisation, virtualization based memory isolation, XMHF

Virtualization based memory isolation has been widely used as a security primitive in many security systems. This paper firstly provides an in-depth analysis of its effectiveness in the multicore setting, a first in the literature. Our study reveals that memory isolation by itself is inadequate for security. Due to the fundamental design choices in hardware, it faces several challenging issues including page table maintenance, address mapping validation and thread identification. As demonstrated by our attacks implemented on XMHF and BitVisor, these issues undermine the security of memory isolation. Next, we propose a new isolation approach that is immune to the aforementioned problems. In our design, the hypervisor constructs a fully isolated micro computing environment (FIMCE) that exposes a minimal attack surface to an untrusted OS on a multicore platform. By virtue of its architectural niche, FIMCE offers stronger assurance and greater versatility than memory isolation. We have built a prototype of FIMCE and measured its performance. To show the benefits of using FIMCE as a building block, we have also implemented several practical applications which cannot be securely realized by using memory isolation alone.

Citation Keyzhao_effectiveness_2017