| ¡¡ | Chinese Journal of Computers Full Text |
| Title | A Isolated Execution Model Based on Local Virtualization Technology |
| Authors | WEN Yan WANG Huai-Min |
| Address | (School of Computer, National University of Defense Technology, Changsha 410073) |
| Year | 2008 |
| Issue | No.10(1768¡ª1779) |
| Abstract & Background | Abstract Isolation is a mechanism that has been applied to allow the isolated code running while shields the rest of the system from their effects. However, under the PC platforms, existing isolated execution approaches cannot achieve both the OS isolation and the functionality benefits of the isolated untrusted applications. To address this problem, this paper proposes a novel isolated execution model called Secure Virtual Execution Environment (SVEE). There are two key features in SVEE. Firstly£¬it fulfills the OS isolation by implementing a hosted virtual machine as the container of untrusted programs. Secondly£¬it can reuse the preinstalled applications of the host OS and faithfully reproduce the behavior of the isolated applications, as if they were running on the underlying host OS natively. As a result, SVEE guarantees security against potential malicious code without negating the functionality benefits provided by benign programs. Functional evaluation illustrates the effectiveness of the approach, while the performance evaluation shows that compute-intensive benchmarks run essentially at native speed on SVEE virtual machine, reaching 91.23%~97.88%. Keywords intrusion isolation; isolated execution; virtual execution environment; security; virtual machine Background On PC platforms, users often download and execute freeware/shareware to benefit from the rich software resource on the Internet. In spite of the high risk of executing untrusted programs, a significant fraction of users seem to be willing to take this risk in order to benefit from the functionality offered by these code. In order to defend against potential malicious code, some host-based mechanisms were introduced to enhance the host security, i.e., access control, virus detection, and so on. But access control can be fooled by authorized but malicious users, masqueraders, and misfeasors. Although virus detection and similar technologies can be deployed to detect widely prevalent malicious codes, they are limited not only in theory but in practice. In theory it is undecidable whether an arbitrary program contains a computer virus, and in practice it is also very difficult to accurately analyze the polymorphic or metamorphic virus code. Sandboxing is another approach. However, the main drawback of sandboxing-based approaches is the difficulty in policy selection. Too often, sandboxing tools incorporate highly restrictive policies that preclude execution of most useful applications. Isolated execution is a more promising approach to bound the damage caused by undetected or detected intrusions during their latencies without negating the functionality benefits of untrusted code. But on PC platforms, existing isolation approaches cannot achieve both the OS isolation and execution environment reproduction. The former is a prerequisite to make the system be immune to privileged (kernel-mode) malicious code, and the latter is necessary for reusing the preinstalled software and reproducing the behavior of untrusted code because the behavior of an application is usually determined by the execution environment. To address this problem, the authors propose and implement a new local-booted virtual machine, namely Safe Virtual Execution Environment (SVEE). The untrusted code container of SVEE is a hosted system virtual machine, which boots not from a newly installed OS image but just from the underlying preinstalled host OS. In other words, SVEE loads another instance of the host OS. In this local-booted OS, no privileged operations will be restricted. Hence, the accurate behavior reproduction of untrusted code is assured while the host OS, acting as the trusted applications¡¯ container, is shielded from the effects of these untrusted code. In this local-booted OS, all the preinstalled software, maybe in size of several GBytes, can be reused directly. Thus, SVEE achieves both OS isolation and the behavior reproduction of untrusted applications. The focus of this paper is on the architecture and implementation of execution environment reproduction, viz. the local-booting technology. The authors introduce Volume Snapshot technology to solve the file system conflicts due to sharing volumes between host OS and SVEE. In addition, they settle the deadlock problem induced by the snapshot Copy-On-Write operations for the file system using global locks. They also implement the dynamic OS migration for local-booted virtual machine. |