| One of the most fundamental issues in computer security is protecting sensitive files from unauthorized access. Traditional file protection tools run inside the target operating system, which hosts sensitive files. This makes previous approaches vulnerable in face of a compromised OS. To address this limitation, recent approaches seek for a good isolation by putting file system into a dedicated virtual machine or by using a network file system. However, they suffer a sharp increase in trusted computing base size, which degrades their reliability.In this paper, we present a special purpose hypervisor aimed at protecting sensitive files in a compromised operating system. In this paper, we make the following two contributions:Firstly, We utilize both Bitvisor architecture and HAV to minmize TCB size of Filesafe, which is at least an order of magnitude smaller than that of contemporary virtualization environments.Secondly, We implement a special purpose hypervisor, which successfully protects sensitive files in a compromised system. It bridges the semantic gap between guest OS and hypervisor by reconstructing file hierarchy from raw data instead of relying on guest OS interface. By enforcing security policies created in hypervisor, it could prevent sensitive files from unauthorized access even if they have kernel privileges in guest OS.We have implemented a proof-of-concept prototype on Windows XP with FAT32 file system. Furthermore, we evaluate its performance and code size to demonstrate it is practical in real world scenarios. |
PDF Full Text Request