Paper ACM

Presentation pdf

TF-BIV: Transparent and Fine-grained Binary Integrity Verification in the Cloud

With the emergence of virtualization technologies, various services have been migrated to the cloud. Beyond the tenants' own security controls implemented in the virtual machine (VM), the binary integrity verification mechanism in the virtual machine manager (VMM) provides stronger protections against malware. Unfortunately, none of existing integrity verification mechanisms in the cloud provides complete transparency and fine-grained efficiency. Some schemes selectively check the integrity of sensitive binaries, but they require modifications to the VMs (e.g., integrating monitoring libraries) to trigger verification. Others, although need no modification to the VMs, have to enforce checking on all the binaries, because they cannot distinguish binary images for the sensitive processes from the binaries for insensitive ones, leading to significant performance overheads. In this paper, we present TF-BIV, a transparent and fine-grained binary integrity verification scheme, which does not require any modification or software/driver installation in the VM. TF-BIV identifies the sensitive processes at the creation, and checks the integrity of the binaries (including the guest OS kernel and the dependant binaries) related to these processes. The provided transparency and efficiency are achieved by leveraging existing hardware virtualization supports (i.e., Intel extended page table) and debugging features (i.e., monitor trap flag). We have implemented the TF-BIV prototype based on QEMU-KVM. To demonstrate the usability of TF-BIV, we adopted it for cloud-based cryptographic services, to achieve the strict invoking controls. In addition to the password-based authentication, TF-BIV further achieves process-level authorization to the invokers. Intensive evaluation shows that TF-BIV implements the designed binary integrity verification with only about 3.6% performance overhead.