A4 Article in conference proceedings
HyperWall : A Hypervisor for Detection and Prevention of Malicious Communication (2020)


Kiperberg, M., Ben Yehuda, R., & Zaidenberg, N. J. (2020). HyperWall : A Hypervisor for Detection and Prevention of Malicious Communication. In M. Kutyłowski, J. Zhang, & C. Chen (Eds.), Network and System Security : 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings (pp. 79-93). Springer. Lecture Notes in Computer Science, 12570. https://doi.org/10.1007/978-3-030-65745-1_5


JYU authors or editors


Publication details

All authors or editors: Kiperberg, Michael; Ben Yehuda, Raz; Zaidenberg, Nezer J.

Parent publication: Network and System Security : 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings

Parent publication editors: Kutyłowski, Miroslaw; Zhang, Jun; Chen, Chao

Conference:

  • International Conference on Network and System Security

Place and date of conference: Online/ Melbourne, Australia, 25.-27.11.2020

ISBN: 978-3-030-65744-4

eISBN: 978-3-030-65745-1

Journal or series: Lecture Notes in Computer Science

ISSN: 0302-9743

eISSN: 1611-3349

Publication year: 2020

Number in series: 12570

Pages range: 79-93

Number of pages in the book: 448

Publisher: Springer

Place of Publication: Cham

Publication country: Switzerland

Publication language: English

DOI: https://doi.org/10.1007/978-3-030-65745-1_5

Publication open access: Not open

Publication channel open access:


Abstract

Malicious programs vary widely in their functionality, from key-logging to disk encryption. However, most malicious programs communicate with their operators, thus revealing themselves to various security tools. The security tools incorporated within an operating system are vulnerable to attacks due to the large attack surface of the operating system kernel and modules. We present a kernel module that demonstrates how kernel-mode access can be used to bypass any security mechanism that is implemented in kernel-mode. External security tools, like firewalls, lack important information about the origin of the intercepted packets, thus their filtering policy is usually insufficient to prevent communication between the malicious program and its operator. We propose to use a thin hypervisor, which we call “HyperWall”, to prevent malicious communication. The proposed system is effective against an attacker who has gained access to kernel-mode. Our performance evaluation shows that the system incurs insignificant (≈1.64% on average) performance degradation in real-world applications.


Keywords: data security; virtualisation; malware

Free keywords: Virtual machine monitors; Hypervisors; Trusted computing base; Network security


Contributing organizations


Ministry reporting: Yes

Reporting Year: 2021

JUFO rating: 1


Last updated on 2022-19-08 at 19:32