News Archives

RSS Feed

  • UNM
  • >Home
  • >News
  • >2012
  • >May
  • >OS-Virtual Machine Collaboration: Improving Introspection to Bridge the Semantic Gap

OS-Virtual Machine Collaboration: Improving Introspection to Bridge the Semantic Gap

May 4, 2012

  • Date: Friday, May 4, 2012 
  • Time: 4:00 pm — 5:00 pm 
  • Place: Centennial Engineering Center B146 (in the basement)

Daniela Oliveira
Bowdoin College 

In the last ten years virtual machines (VMs) have been extensively used for security-related applications, such as intrusion detection systems, malicious software (malware) analyzers and secure logging and replay of system execution. A VM is high-level software designed to emulate a computer’s hardware. In the traditional usage model, security solutions are placed in a VM layer, which has complete control of the system resources. The guest operating system (OS) is considered to be easily compromised by malware and runs unaware of virtualization. The cost of this approach is the semantic gap problem, which hinders the development and widespread deployment of virtualization-based security solutions: there is significant difference between the state observed by the guest OS (high level semantic information) and by the VM (low level semantic information). The guest OS works on abstractions such as processes and files, while the VM can only see lower-level abstractions, such as CPU and main memory. To obtain information about the guest OS state these virtualization solutions use a technique called introspection, by which the guest OS state is inspected from the outside (VM layer), usually by trying build a map of the OS layout to an area of memory where these solutions can analyze it. We propose a new way to perform introspection, by having the guest OS, traditionally unaware of virtualization, actively collaborate with a VM layer underneath it by requesting services and communicating data and information as equal peers in different levels of abstraction. Our approach allows for stronger and more fine-grained and flexible security approaches to be developed and it is no less secure than the traditional model, as introspection tools also depend on the OS data and code to be untampered to report correct results.

 

Bio: Daniela Oliveira is an Assistant Professor in the Department of Computer Science at Bowdoin College. She received her PhD in Computer Science in 2010 from the University of California at Davis where she specialized in computer security and operating systems. Her current research focuses on employing virtual machine and operating systems collaboration to protect OS kernels against compromise. She is also interested in leveraging social trust to help distinguishing benign and malicious pieces of data. She is the recipient of the NSF CAREER Award 2012.