Tesi etd-09012021-161432 |
Link copiato negli appunti
Tipo di tesi
Tesi di laurea magistrale
Autore
SUSINI, LORENZO
URN
etd-09012021-161432
Titolo
Hypervisor-based guest agent protection
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
COMPUTER ENGINEERING
Relatori
relatore Lettieri, Giuseppe
relatore Perazzo, Pericle
relatore Perazzo, Pericle
Parole chiave
- KVM
- linux
- linux kernel
- QEMU
- security
- virtualization
Data inizio appello
24/09/2021
Consultabilità
Completa
Riassunto
Nowadays, cloud computing is gaining more and more popularity. People use cloud-related services every day. Virtualization is one of the most important enabling technology for this new kind of computing. CPUs are often equipped with features aiming to simplify hypervisor's tasks, such as running multiple virtual machines on the same physical one. The isolation guarantees offered by virtualization can be exploited to add a layer of security to a running guest system, both to its operating system and the applications running on it. Researchers in the past tried to achieve the same goal with systems which are completely outside the virtual machine, or totally inside it. The former approach suffers from the semantic gap problem, deriving from the difficulty to reconstruct semantic information from raw and low-level data. The latter, instead, cannot easily protect itself from attackers, since it is difficult to do it from the same privilege level. This work tries to follow a hybrid approach, running security critical and monitoring code inside the guest kernel and at the same time protecting and enforcing its execution from the hypervisor. A secured paravirtualized channel is then used to extract meaningful guest's data, which can then be examined to detect intrusions or enforce further security related policies.
File
Nome file | Dimensione |
---|---|
lorenzo_...hesis.pdf | 1.40 Mb |
Contatta l’autore |