A Distributed Detection Mechanism For Hypervisor Code Integrity

System virtualization is one of the vital technologies in the construction of the current multi-tenant cloud platform.It makes resources of the bare metal in the cloud obtain many advantages in terms of utilization,price,flexibility,and scalability.Hypervisor is the most important software layer in the system virtualization technology,and its code runs at the privileged execution level on a host.It is responsible for implementing fundamental management tasks between the upper guest virtual machine and the underlying bare metal,such as realizing resource mapping,scheduling and isolation.However,the security of Hypervisor is not directly guaranteed by its important management position in system virtualization technology.Hypervisor has a large attack surface due to its vulnerabilities.This makes potential attackers be able to utilize vulnerabilities and damage the Hypervisor code integrity,which further threatens the entire virtualized system.To mitigate the problems above,this paper conducts research and analysis,designing and implementing a distributed detection mechanism,called Outlier,oriented to the integrity of Hypervisor code.The distributed detection is performed by a detection cluster,which contains a group of hosts with the same Hypervisor.During the detection,Outlier first constructs the trust foundation for integrity checking in the detection cluster,and then measures the Hypervisor code integrity on each host.By comparing the detection results from each host,Outlier can discover any damage to the integrity of the Hypervisor code based on the differences.In addition,this paper analyzes the security brought by the Outlier and conducts experiment evaluations,which demonstrates that Outlier can reliably detect the integrity of the Hypervisor code,while only brings few overheads to virtualized systems.The main work of this paper is listed below.(1)Build a distributed detection protocol.This protocol is responsible for building the trust foundation for integrity checking in the detection cluster.On one hand,it borrows the idea of the Byzantine fault tolerance to make each host perform a consistent integrity check on the Hypervisor code.On the other hand,it constructs a distributed verification method to measure the security of the integrity checking execution on each host.(2)Build an integrity checking mechanism.This mechanism is built in the same address space as the Hypervisor.It uses a hash method for integrity measurement and is responsible for generating the integrity checking result of the Hypervisor code.(3)Perform a security analysis.This paper analyzes the security brought by the Outlier from the perspectives of correctness,effectiveness,and limitation.(4)Implement a prototype of Outlier.This paper implements a Outlier prototype based on the Xen virtualization technology.Through experimental analysis,this paper conducts a comprehensive evaluation of Outlier's distributed detection from the dimensions of CPU overhead,network overhead,detection time,and detection results.