Virtual Machine Monitor-based Hiding Method for Access to Debug Registers

Masaya Sato; Hideo Taniguchi; Ryosuke Nakamura

doi:10.1109/CANDAR51075.2020.00036

Virtual Machine Monitor-based Hiding Method for Access to Debug Registers

Masaya Sato, Hideo Taniguchi, Ryosuke Nakamura

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

To secure a guest operating system running on a virtual machine (VM), a monitoring method using hardware breakpoints by a virtual machine monitor is required. However, debug registers are visible to guest operating systems; thus, malicious programs on a guest operating system can detect or disable the monitoring method. This paper presents a method to hide access to debug registers from programs running on a VM. Our proposed method detects programs’ access to debug registers and disguises the access as having succeeded. The register’s actual value is not visible or modifiable to programs, so the monitoring method is hidden. This paper presents the basic design and evaluation results of our method.

Original language	English
Title of host publication	Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	209-214
Number of pages	6
ISBN (Electronic)	9781728182216
DOIs	https://doi.org/10.1109/CANDAR51075.2020.00036
Publication status	Published - Nov 2020
Event	8th International Symposium on Computing and Networking, CANDAR 2020 - Virtual, Naha, Japan Duration: Nov 24 2020 → Nov 27 2020

Publication series

Name	Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020

Conference

Conference	8th International Symposium on Computing and Networking, CANDAR 2020
Country/Territory	Japan
City	Virtual, Naha
Period	11/24/20 → 11/27/20

Keywords

Debug register
System security
Virtual machine monitor

ASJC Scopus subject areas

Artificial Intelligence
Computational Theory and Mathematics
Computer Networks and Communications
Computer Science Applications
Software

Access to Document

10.1109/CANDAR51075.2020.00036

Cite this

Sato, M., Taniguchi, H., & Nakamura, R. (2020). Virtual Machine Monitor-based Hiding Method for Access to Debug Registers. In Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020 (pp. 209-214). Article 09394353 (Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR51075.2020.00036

Virtual Machine Monitor-based Hiding Method for Access to Debug Registers. / Sato, Masaya; Taniguchi, Hideo; Nakamura, Ryosuke.
Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020. Institute of Electrical and Electronics Engineers Inc., 2020. p. 209-214 09394353 (Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sato, M, Taniguchi, H & Nakamura, R 2020, Virtual Machine Monitor-based Hiding Method for Access to Debug Registers. in Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020., 09394353, Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020, Institute of Electrical and Electronics Engineers Inc., pp. 209-214, 8th International Symposium on Computing and Networking, CANDAR 2020, Virtual, Naha, Japan, 11/24/20. https://doi.org/10.1109/CANDAR51075.2020.00036

Sato M, Taniguchi H, Nakamura R. Virtual Machine Monitor-based Hiding Method for Access to Debug Registers. In Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020. Institute of Electrical and Electronics Engineers Inc. 2020. p. 209-214. 09394353. (Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020). doi: 10.1109/CANDAR51075.2020.00036

Sato, Masaya ; Taniguchi, Hideo ; Nakamura, Ryosuke. / Virtual Machine Monitor-based Hiding Method for Access to Debug Registers. Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020. Institute of Electrical and Electronics Engineers Inc., 2020. pp. 209-214 (Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020).

@inproceedings{dd912877861547e8939f6400f1c270b2,

title = "Virtual Machine Monitor-based Hiding Method for Access to Debug Registers",

abstract = "To secure a guest operating system running on a virtual machine (VM), a monitoring method using hardware breakpoints by a virtual machine monitor is required. However, debug registers are visible to guest operating systems; thus, malicious programs on a guest operating system can detect or disable the monitoring method. This paper presents a method to hide access to debug registers from programs running on a VM. Our proposed method detects programs{\textquoteright} access to debug registers and disguises the access as having succeeded. The register{\textquoteright}s actual value is not visible or modifiable to programs, so the monitoring method is hidden. This paper presents the basic design and evaluation results of our method.",

keywords = "Debug register, System security, Virtual machine monitor",

author = "Masaya Sato and Hideo Taniguchi and Ryosuke Nakamura",

note = "Funding Information: ACKNOWLEDGMENT This work was partially supported by JSPS KAKENHI grant numbers JP18K18051 and JP19H04109. Publisher Copyright: {\textcopyright} 2020 IEEE; 8th International Symposium on Computing and Networking, CANDAR 2020 ; Conference date: 24-11-2020 Through 27-11-2020",

year = "2020",

month = nov,

doi = "10.1109/CANDAR51075.2020.00036",

language = "English",

series = "Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "209--214",

booktitle = "Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020",

}

TY - GEN

T1 - Virtual Machine Monitor-based Hiding Method for Access to Debug Registers

AU - Sato, Masaya

AU - Taniguchi, Hideo

AU - Nakamura, Ryosuke

PY - 2020/11

Y1 - 2020/11

N2 - To secure a guest operating system running on a virtual machine (VM), a monitoring method using hardware breakpoints by a virtual machine monitor is required. However, debug registers are visible to guest operating systems; thus, malicious programs on a guest operating system can detect or disable the monitoring method. This paper presents a method to hide access to debug registers from programs running on a VM. Our proposed method detects programs’ access to debug registers and disguises the access as having succeeded. The register’s actual value is not visible or modifiable to programs, so the monitoring method is hidden. This paper presents the basic design and evaluation results of our method.

AB - To secure a guest operating system running on a virtual machine (VM), a monitoring method using hardware breakpoints by a virtual machine monitor is required. However, debug registers are visible to guest operating systems; thus, malicious programs on a guest operating system can detect or disable the monitoring method. This paper presents a method to hide access to debug registers from programs running on a VM. Our proposed method detects programs’ access to debug registers and disguises the access as having succeeded. The register’s actual value is not visible or modifiable to programs, so the monitoring method is hidden. This paper presents the basic design and evaluation results of our method.

KW - Debug register

KW - System security

KW - Virtual machine monitor

UR - http://www.scopus.com/inward/record.url?scp=85104622779&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85104622779&partnerID=8YFLogxK

U2 - 10.1109/CANDAR51075.2020.00036

DO - 10.1109/CANDAR51075.2020.00036

M3 - Conference contribution

AN - SCOPUS:85104622779

T3 - Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020

SP - 209

EP - 214

BT - Proceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 8th International Symposium on Computing and Networking, CANDAR 2020

Y2 - 24 November 2020 through 27 November 2020

ER -

Virtual Machine Monitor-based Hiding Method for Access to Debug Registers

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this