Semantic view re-creation for the secure monitoring of virtual machines

Carbone, Martim

28 June 2012

The insecurity of modern-day software has created the need for security monitoring applications. Two serious deficiencies are commonly found in these applications. First, the absence of isolation from the system being monitored allows malicious software to tamper with them. Second, the lack of secure and reliable monitoring primitives in the operating system makes them easy to be evaded. A technique known as Virtual Machine Introspection attempts to solve these problems by leveraging the isolation and mediation properties of full-system virtualization. A problem known as semantic gap, however, occurs as a result of the low-level separation enforced by the hypervisor. This thesis proposes and investigates novel techniques to overcome the semantic gap, advancing the state-of-the-art on the syntactic and semantic view re-creation for applications that conduct passive and active monitoring of virtual machines. First, we propose a new technique for reconstructing a syntactic view of the guest OS kernel's heap state by applying a combination of static code and dynamic memory analysis. Our key contribution is the accuracy and completeness of our analysis. We also propose a new technique that allows out-of-VM applications to invoke and securely execute API functions inside the monitored guest's kernel, eliminating the need for the application to know details of the guest's internals. Our key contribution is the ability to overcome the semantic gap in a robust and secure manner. Finally, we propose a new virtualization-based event monitoring technique based on the interception of kernel data modifications. Our key contribution is the ability to monitor operating system events in a general and secure fashion.

Semantic gap

Secure monitoring

Introspection

Systems security

Virtual machines

Virtualization

Computer networks Security measures

Virtual computer systems

Computer architecture

Using ARM TrustZone for Secure Resource Monitoring of IoT Devices Running Contiki-NG / Använda ARM TrustZone för säker resursövervakning av IoT-enheter som kör Contiki-NG

Georgiou, Nikolaos

January 2023

The rapid development of Internet of Things (IoT) devices has brought unparalleled convenience and efficiency to our daily lives. However, with this exponential growth comes the pressing need to address the critical security challenges posed by these interconnected devices. IoT devices are typically resource-constrained, lacking the robust computing power and memory capacity of traditional computing systems, which often leads to a lack of adequate security mechanisms and leaves them vulnerable to various attacks. This master’s thesis contributes by investigating a secure mechanism that utilizes the hardware isolation provided by the TrustZone technology found in ARM’s Cortex-M processors. TrustZone is a hardware-based security extension in ARM processors that enables a secure, isolated environment for executing sensitive code alongside a regular, non-secure operating system. This thesis uses this mechanism and implements a Trusted Execution Environment (TEE) in the secure environment of TrustZone that monitors the resource usage of applications running in the non-secure operating system. The aim of the TEE is to monitor the network communication and the CPU usage of the applications running on the IoT device, protecting its integrity and detecting any abnormal behavior. The implementation is done inside the Contiki-NG operating system, a well-known operating system designed for constrained IoT devices. The thesis conducts a comprehensive evaluation of the developed security solution through extensive experiments using two micro-benchmarks. It analyzes the impact of the security mechanism on various aspects of the IoT device, such as runtime overhead, energy consumption, and memory requirements, while taking into account the resource constraints. Furthermore, the effectiveness of the security solution in identifying malicious activities and abnormal behaviors is thoroughly assessed. The findings demonstrate that the TrustZone-based security mechanism introduces relatively minimal overhead to the device’s operation, making it a viable option for IoT devices that can accommodate such slight performance impacts. The research sheds light on the critical issue of IoT device security, emphasizing the need for tailored solutions that consider the resource constraints of these devices. It presents an alternative solution that utilizes TrustZone’s hardware isolation to effectively monitor the applications running in IoT devices and opens a new approach to securing such kinds of devices. / Den snabba utvecklingen av Internet of Things (IoT)-enheter har gett oöverträffad bekvämlighet och effektivitet i våra dagliga liv. Men med denna exponentiella tillväxt kommer det trängande behovet att ta itu med de kritiska säkerhetsutmaningarna som dessa sammankopplade enheter utgör. IoT-enheter är vanligtvis resursbegränsade och saknar den robusta datorkraften och minneskapaciteten hos traditionella datorsystem, vilket ofta leder till brist på adekvata säkerhetsmekanismer och gör dem sårbara för olika attacker. Denna rapport bidrar genom att undersöka en säker mekanism som använder hårdvaruisoleringen som tillhandahålls av TrustZone-teknologin som finns i ARMs Cortex-M-processorer. TrustZone är ett hårdvarubaserad säkerhetstillägg i ARM-processorer som möjliggör en säker, isolerad miljö för exekvering av känslig kod tillsammans med ett vanligt, osäkrat operativsystem. Denna rapport använder denna mekanism och implementerar ett Trusted Execution Environment (TEE) i den säkra miljön i TrustZone som övervakar resursanvändningen av applikationer som körs i det osäkra operativsystemet. Syftet med TEE är att övervaka nätverkskommunikationen och CPU-användningen för de applikationer som körs på IoT-enheten, skydda dess integritet och upptäcka eventuellt onormalt beteende. Implementeringen görs i operativsystemet Contiki-NG, ett välkänt operativsystem designat för begränsade IoT-enheter. Rapporten genomför en omfattande utvärdering av den utvecklade säkerhetslösningen genom omfattande experiment med två mikroriktmärken. Den analyserar effekten av säkerhetsmekanismen på olika aspekter av IoTenheten, såsom overhead under drift, energiförbrukning och minneskrav, samtidigt som resursbegränsningarna tas i beaktande. Dessutom utvärderas effektiviteten grundligt hos säkerhetslösningen för att identifiera skadliga aktiviteter och onormala beteenden. Resultaten visar att den TrustZonebaserade säkerhetsmekanismen introducerar relativt minimal overhead för enhetens drift, vilket gör det till ett genomförbart alternativ för IoT-enheter som kan hantera en liten prestandapåverkan. Forskningen belyser den kritiska frågan om IoT-enhetssäkerhet och betonar behovet av skräddarsydda lösningar som tar hänsyn till dessa enheters resursbegränsningar. Den presenterar en alternativ lösning som använder TrustZones hårdvaruisolering för att effektivt övervaka applikationer som körs i IoT-enheter och öppnar ett nytt tillvägagångssätt för att säkra sådana typer av enheter.

ARM TrustZone

Internet Of Things

Trusted Execution Environment

Secure monitoring

Contiki-NG

ARM TrustZone

Internet Of Things

Trusted Execution Environment

Säker övervakning

Contiki-NG

Computer and Information Sciences

Data- och informationsvetenskap