A4 Article in conference proceedings
HyperWall : A Hypervisor for Detection and Prevention of Malicious Communication (2020)
Kiperberg, M., Ben Yehuda, R., & Zaidenberg, N. J. (2020). HyperWall : A Hypervisor for Detection and Prevention of Malicious Communication. In M. Kutyłowski, J. Zhang, & C. Chen (Eds.), Network and System Security : 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings (pp. 79-93). Springer. Lecture Notes in Computer Science, 12570. https://doi.org/10.1007/978-3-030-65745-1_5
JYU authors or editors
Publication details
All authors or editors: Kiperberg, Michael; Ben Yehuda, Raz; Zaidenberg, Nezer J.
Parent publication: Network and System Security : 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings
Parent publication editors: Kutyłowski, Miroslaw; Zhang, Jun; Chen, Chao
Conference:
- International Conference on Network and System Security
Place and date of conference: Online/ Melbourne, Australia, 25.-27.11.2020
ISBN: 978-3-030-65744-4
eISBN: 978-3-030-65745-1
Journal or series: Lecture Notes in Computer Science
ISSN: 0302-9743
eISSN: 1611-3349
Publication year: 2020
Number in series: 12570
Pages range: 79-93
Number of pages in the book: 448
Publisher: Springer
Place of Publication: Cham
Publication country: Switzerland
Publication language: English
DOI: https://doi.org/10.1007/978-3-030-65745-1_5
Publication open access: Not open
Publication channel open access:
Abstract
Malicious programs vary widely in their functionality, from key-logging to disk encryption. However, most malicious programs communicate with their operators, thus revealing themselves to various security tools. The security tools incorporated within an operating system are vulnerable to attacks due to the large attack surface of the operating system kernel and modules. We present a kernel module that demonstrates how kernel-mode access can be used to bypass any security mechanism that is implemented in kernel-mode. External security tools, like firewalls, lack important information about the origin of the intercepted packets, thus their filtering policy is usually insufficient to prevent communication between the malicious program and its operator. We propose to use a thin hypervisor, which we call “HyperWall”, to prevent malicious communication. The proposed system is effective against an attacker who has gained access to kernel-mode. Our performance evaluation shows that the system incurs insignificant (≈1.64% on average) performance degradation in real-world applications.
Keywords: data security; virtualisation; malware
Free keywords: Virtual machine monitors; Hypervisors; Trusted computing base; Network security
Contributing organizations
Ministry reporting: Yes
Reporting Year: 2021
JUFO rating: 1
