HyperForce: Hypervisor-enForced Execution of Security-Critical Code

TL;DR

HyperForce is a hybrid framework that enhances the performance of security-critical code execution in hypervisors while maintaining strong security guarantees, outperforming previous in-hypervisor solutions.

Contribution

HyperForce introduces a hybrid approach combining in-guest and in-hypervisor security mechanisms to improve performance without compromising security.

Findings

Significantly reduces performance overhead compared to previous in-hypervisor systems.

Successfully re-implemented a rootkit detection system demonstrating performance benefits.

Maintains security and integrity guarantees similar to traditional in-hypervisor approaches.

Abstract

The sustained popularity of the cloud and cloud-related services accelerate the evolution of virtualization-enabling technologies. Modern off-the-shelf computers are already equipped with specialized hardware that enables a hypervisor to manage the simultaneous execution of multiple operating systems. Researchers have proposed security mechanisms that operate within such a hypervisor to protect the \textit{virtualized} operating systems from attacks. These mechanisms improve in security over previous techniques since the defense system is no longer part of an operating system's attack surface. However, due to constant transitions between the hypervisor and the operating systems, these countermeasures typically incur a significant performance overhead. In this paper we present HyperForce, a framework which allows the deployment of security-critical code in a way that significantly outperforms previous \textit{in-hypervisor} systems while maintaining similar guarantees with respect to security and integrity. HyperForce is a hybrid system which combines the performance of an \textit{in-guest} security mechanism with the security of in-hypervisor one. We evaluate our framework by using it to re-implement an invariance-based rootkit detection system and show the performance benefits of a HyperForce-utilizing countermeasure.